Package org.opensaml.security.x509.tls.impl

Class ThreadLocalX509TrustEngineSupport

java.lang.Object

org.opensaml.security.x509.tls.impl.ThreadLocalX509TrustEngineSupport

public final class ThreadLocalX509TrustEngineSupport
extends Object

Support class for centralizing evaluation of a certificate chain using trust engine and criteria from ThreadLocalX509TrustEngineContext.

Field Summary

Fields

Modifier and Type	Field	Description
private static final org.slf4j.Logger	LOG	Logger.

Constructor Summary

Constructors

Modifier	Constructor	Description
private	ThreadLocalX509TrustEngineSupport()	Constructor.

Method Summary

Modifier and Type	Method	Description
static void	evaluate(X509Certificate[] chain)	Perform trust evaluation on the specified certificate chain using the current data in ThreadLocalX509TrustEngineContext.
static void	evaluate(SSLSocket sslSocket)	Perform trust evaluation on the specified SSLSocket using the current data in ThreadLocalX509TrustEngineContext.
private static X509Credential	extractCredential(X509Certificate[] chain)	Extract the server TLS X509Credential from the supplied SSLSocket.
private static boolean	performTrustEval(X509Certificate[] chain, TrustEngine<? super X509Credential> trustEngine, CriteriaSet criteriaSet)	Perform trust evaluation on the specified certificate chain using the supplied trust engine and criteria.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

LOG

@Nonnull
private static final org.slf4j.Logger LOG

Logger.

Constructor Details

ThreadLocalX509TrustEngineSupport

private ThreadLocalX509TrustEngineSupport()

Constructor.

Method Details

evaluate

public static void evaluate(@Nonnull
 SSLSocket sslSocket)
                     throws SSLPeerUnverifiedException

Perform trust evaluation on the specified SSLSocket using the current data in ThreadLocalX509TrustEngineContext.

Parameters:

sslSocket - the socket whose certificates are to be evaluated

Throws:

SSLPeerUnverifiedException - if the certificate chain was not trusted by the supplied TrustEngine

evaluate

public static void evaluate(@Nonnull
 X509Certificate[] chain)
                     throws CertificateException

Perform trust evaluation on the specified certificate chain using the current data in ThreadLocalX509TrustEngineContext.

Parameters:

chain - the certificate chain to be evaluated

Throws:

CertificateException - if the certificate chain is not trusted by the supplied TrustEngine

performTrustEval

private static boolean performTrustEval(@Nonnull
 X509Certificate[] chain,
 @Nonnull
 TrustEngine<? super X509Credential> trustEngine,
 @Nonnull
 CriteriaSet criteriaSet)
                                 throws CertificateException

Perform trust evaluation on the specified certificate chain using the supplied trust engine and criteria.

Parameters:

chain - the certificate chain to be evaluated

trustEngine - the trust engine

criteriaSet - the criteria set

Returns:

true if certificate was established as trusted, false if not

Throws:

CertificateException - if the trust of the certificate

extractCredential

@Nonnull
private static X509Credential extractCredential(@Nonnull @NotEmpty
 X509Certificate[] chain)
                                         throws CertificateException

Extract the server TLS X509Credential from the supplied SSLSocket.

Parameters:

chain - the chain of X509 certificates

Returns:

an X509Credential representing the entity certificate as well as the supplied supporting intermediate certificate chain (if any)

Throws:

CertificateException - if credential data can not be extracted from the socket