Module org.snmp4j
Package org.snmp4j.transport.tls

Class TLSTMUtil

  • public class TLSTMUtil
extends java.lang.Object
    The TLSTMUtil class implements common functions for TLSTM and DTLSTM.
    Since:
    3.0
    Version:
    3.6.0

    • Constructor Summary

      Constructors 
      Constructor Description
      TLSTMUtil()  

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      protected static void addCRLCertStore​(java.lang.String crlFilePath, java.security.cert.PKIXBuilderParameters pkixBuilderParameters)
      Return the initialization parameters for a TrustManager for doing cert path validation with CRL revocation based on a CRL file.
      static java.security.cert.PKIXRevocationChecker createDefaultPKIXRevocationChecker()
      Creates a default revocation checker with CRL check only (no OCSP) and check is limited to end entity only.
      static javax.net.ssl.SSLContext createSSLContext​(java.lang.String protocol, java.lang.String keyStore, java.lang.String keyStorePassword, java.lang.String trustStore, java.lang.String trustStorePassword, TransportStateReference transportStateReference, TLSTMTrustManagerFactory trustManagerFactory, boolean useClientMode, TlsTmSecurityCallback<java.security.cert.X509Certificate> securityCallback, java.lang.String localCertificateAlias, java.security.cert.PKIXRevocationChecker pkixRevocationChecker, java.lang.String crlURI)  
      private static void filterCertificates​(java.security.KeyStore ks, TransportStateReference transportStateReference, TlsTmSecurityCallback<java.security.cert.X509Certificate> securityCallback, java.lang.String localCertificateAlias)  
      static OctetString getFingerprint​(java.security.cert.X509Certificate cert)  
      static OctetString getIpAddressFromSubjAltName​(java.util.Collection<java.util.List<?>> altNames)  
      static java.lang.Object getSubjAltName​(java.util.Collection<java.util.List<?>> subjAltNames, int type)  
      private static java.util.Collection<? extends java.security.cert.CRL> getX509CRLs​(java.lang.String crlUrl)  
      static boolean isMatchingFingerprint​(java.security.cert.X509Certificate[] x509Certificates, OctetString fingerprint, boolean useClientMode, CounterSupport tlstmCounters, LogAdapter logger, java.lang.Object eventSource)
      Checks if any of the certificates in the provided array matches the given fingerprint.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • MD_SHA_PREFIX_LENGTH

        private static final int MD_SHA_PREFIX_LENGTH

    • Constructor Detail

      • TLSTMUtil

        public TLSTMUtil()

    • Method Detail

      • getFingerprint

        public static OctetString getFingerprint​(java.security.cert.X509Certificate cert)

      • isMatchingFingerprint

        public static boolean isMatchingFingerprint​(java.security.cert.X509Certificate[] x509Certificates,
                                            OctetString fingerprint,
                                            boolean useClientMode,
                                            CounterSupport tlstmCounters,
                                            LogAdapter logger,
                                            java.lang.Object eventSource)
                                     throws java.security.cert.CertificateException
        Checks if any of the certificates in the provided array matches the given fingerprint. If the fingerprint to match is null or zero length, false will be returned, because a matching cannot be performed.
        Parameters:
        x509Certificates - the certificates to match.
        fingerprint - the searched fingerprint
        useClientMode - defines if server or client mode is active to emit the right counter events.
        tlstmCounters - the counters to increase on matching
        logger - where to log
        eventSource - the source object for events emitted by the matching.
        Returns:
        true if there is a match, false if matching could not be performed due to null or zero length fingerprint
        Throws:
        java.security.cert.CertificateException - if there is no matching, but fingerprint is non-null and has a length greater than zero.

      • getSubjAltName

        public static java.lang.Object getSubjAltName​(java.util.Collection<java.util.List<?>> subjAltNames,
                                              int type)

      • getIpAddressFromSubjAltName

        public static OctetString getIpAddressFromSubjAltName​(java.util.Collection<java.util.List<?>> altNames)

      • createSSLContext

        public static javax.net.ssl.SSLContext createSSLContext​(java.lang.String protocol,
                                                        java.lang.String keyStore,
                                                        java.lang.String keyStorePassword,
                                                        java.lang.String trustStore,
                                                        java.lang.String trustStorePassword,
                                                        TransportStateReference transportStateReference,
                                                        TLSTMTrustManagerFactory trustManagerFactory,
                                                        boolean useClientMode,
                                                        TlsTmSecurityCallback<java.security.cert.X509Certificate> securityCallback,
                                                        java.lang.String localCertificateAlias,
                                                        java.security.cert.PKIXRevocationChecker pkixRevocationChecker,
                                                        java.lang.String crlURI)
                                                 throws java.security.GeneralSecurityException
        Throws:
        java.security.GeneralSecurityException

      • createDefaultPKIXRevocationChecker

        public static java.security.cert.PKIXRevocationChecker createDefaultPKIXRevocationChecker()
        Creates a default revocation checker with CRL check only (no OCSP) and check is limited to end entity only.
        Returns:
        a simple revocation checker to be used with #setPKIXRevocationChecker(PKIXRevocationChecker).
        Since:
        3.6.0

      • addCRLCertStore

        protected static void addCRLCertStore​(java.lang.String crlFilePath,
                                      java.security.cert.PKIXBuilderParameters pkixBuilderParameters)
        Return the initialization parameters for a TrustManager for doing cert path validation with CRL revocation based on a CRL file. Currently, only the default PKIX is supported.
        Parameters:
        crlFilePath - the path to the CRL file that provides the CRL collection for checking revocation.
        pkixBuilderParameters - the PKIXBuilderParameters to modify.
        Since:
        3.6.0

      • getX509CRLs

        private static java.util.Collection<? extends java.security.cert.CRL> getX509CRLs​(java.lang.String crlUrl)

      • filterCertificates

        private static void filterCertificates​(java.security.KeyStore ks,
                                       TransportStateReference transportStateReference,
                                       TlsTmSecurityCallback<java.security.cert.X509Certificate> securityCallback,
                                       java.lang.String localCertificateAlias)