Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
Jitsi: the OpenSource Java VoIP and Instant Messaging client.
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

net.java.sip.communicator.impl.certificate
Class CertificateServiceImpl

java.lang.Object
  extended by net.java.sip.communicator.impl.certificate.CertificateServiceImpl
All Implemented Interfaces:
PropertyChangeListener, EventListener, CertificateService
public class CertificateServiceImpl
extends Object
implements CertificateService, PropertyChangeListener

Implementation of the CertificateService. It asks the user to trust a certificate when the automatic verification fails.

Author:
Ingo Bauersachs

Nested Class Summary
protected  class CertificateServiceImpl.BrowserLikeHostnameMatcher
           
protected  class CertificateServiceImpl.EMailAddressMatcher
           
 
Field Summary
 
Fields inherited from interface net.java.sip.communicator.service.certificate.CertificateService
DO_NOT_TRUST, PNAME_ALWAYS_TRUST, PNAME_CLIENTAUTH_CERTCONFIG_BASE, PNAME_NO_USER_INTERACTION, PNAME_TRUSTSTORE_FILE, PNAME_TRUSTSTORE_PASSWORD, PNAME_TRUSTSTORE_TYPE, TRUST_ALWAYS, TRUST_THIS_SESSION_ONLY
 
Constructor Summary
CertificateServiceImpl()
          Initializes a new CertificateServiceImpl instance.
 
Method Summary
 void addCertificateToTrust(Certificate cert, String trustFor, int trustMode)
          Adds a certificate to the local trust store.
 List<CertificateConfigEntry> getClientAuthCertificateConfigs()
          Returns all saved CertificateConfigEntrys.
 SSLContext getSSLContext()
          Get an SSL Context that validates certificates based on the JRE default check and asks the user when the JRE check fails.
 SSLContext getSSLContext(KeyManager[] keyManagers, X509TrustManager trustManager)
          Get an SSL Context with the specified trustmanager.
 SSLContext getSSLContext(String clientCertConfig, X509TrustManager trustManager)
          Get an SSL Context with the specified trustmanager.
 SSLContext getSSLContext(X509TrustManager trustManager)
          Get an SSL Context with the specified trustmanager.
 List<KeyStoreType> getSupportedKeyStoreTypes()
          Gets a list of all supported KeyStore types.
 X509TrustManager getTrustManager(Iterable<String> identitiesToTest)
          Creates a trustmanager that validates the certificate based on the JRE default check and asks the user when the JRE check fails.
 X509TrustManager getTrustManager(Iterable<String> identitiesToTest, CertificateMatcher clientVerifier, CertificateMatcher serverVerifier)
          Creates a trustmanager that validates the certificate based on the JRE default check and asks the user when the JRE check fails.
 X509TrustManager getTrustManager(String identityToTest)
           
 X509TrustManager getTrustManager(String identityToTest, CertificateMatcher clientVerifier, CertificateMatcher serverVerifier)
           
 void propertyChange(PropertyChangeEvent evt)
           
 void removeClientAuthCertificateConfig(String id)
          Deletes a saved CertificateConfigEntry.
 void setClientAuthCertificateConfig(CertificateConfigEntry e)
          Saves or updates the passed CertificateConfigEntry to the config.
protected  int verify(X509Certificate[] chain, String message)
          Asks the user whether he trusts the supplied chain of certificates.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

CertificateServiceImpl

public CertificateServiceImpl()
Initializes a new CertificateServiceImpl instance.

Method Detail

propertyChange

public void propertyChange(PropertyChangeEvent evt)
Specified by:
propertyChange in interface PropertyChangeListener

getSupportedKeyStoreTypes

public List<KeyStoreType> getSupportedKeyStoreTypes()
Description copied from interface: CertificateService
Gets a list of all supported KeyStore types.

Specified by:
getSupportedKeyStoreTypes in interface CertificateService
Returns:
a list of all supported KeyStore types.

getClientAuthCertificateConfigs

public List<CertificateConfigEntry> getClientAuthCertificateConfigs()
Description copied from interface: CertificateService
Returns all saved CertificateConfigEntrys.

Specified by:
getClientAuthCertificateConfigs in interface CertificateService
Returns:
List of the saved authentication configurations.

setClientAuthCertificateConfig

public void setClientAuthCertificateConfig(CertificateConfigEntry e)
Description copied from interface: CertificateService
Saves or updates the passed CertificateConfigEntry to the config. If CertificateConfigEntry.getId() returns null, a new entry is created.

Specified by:
setClientAuthCertificateConfig in interface CertificateService
Parameters:
e - The @see CertificateConfigEntry to save or update.

removeClientAuthCertificateConfig

public void removeClientAuthCertificateConfig(String id)
Description copied from interface: CertificateService
Deletes a saved CertificateConfigEntry.

Specified by:
removeClientAuthCertificateConfig in interface CertificateService
Parameters:
id - The ID (CertificateConfigEntry.getId()) of the entry to delete.

addCertificateToTrust

public void addCertificateToTrust(Certificate cert,
                                  String trustFor,
                                  int trustMode)
                           throws CertificateException
Description copied from interface: CertificateService
Adds a certificate to the local trust store.

Specified by:
addCertificateToTrust in interface CertificateService
Parameters:
cert - The certificate to add to the trust store.
trustMode - Whether to trust the certificate permanently or only for the current session.
Throws:
CertificateException - when the thumbprint could not be calculated

getSSLContext

public SSLContext getSSLContext()
                         throws GeneralSecurityException
Description copied from interface: CertificateService
Get an SSL Context that validates certificates based on the JRE default check and asks the user when the JRE check fails. CAUTION: Only the certificate itself is validated, no check is performed whether it is valid for a specific server or client.

Specified by:
getSSLContext in interface CertificateService
Returns:
An SSL context based on a user confirming trust manager.
Throws:
GeneralSecurityException

getSSLContext

public SSLContext getSSLContext(X509TrustManager trustManager)
                         throws GeneralSecurityException
Description copied from interface: CertificateService
Get an SSL Context with the specified trustmanager.

Specified by:
getSSLContext in interface CertificateService
Parameters:
trustManager - The trustmanager that will be used by the created SSLContext
Returns:
An SSL context based on the supplied trust manager.
Throws:
GeneralSecurityException

getSSLContext

public SSLContext getSSLContext(String clientCertConfig,
                                X509TrustManager trustManager)
                         throws GeneralSecurityException
Description copied from interface: CertificateService
Get an SSL Context with the specified trustmanager.

Specified by:
getSSLContext in interface CertificateService
Parameters:
clientCertConfig - The ID of a client certificate configuration entry that is to be used when the server asks for a client TLS certificate
trustManager - The trustmanager that will be used by the created SSLContext
Returns:
An SSL context based on the supplied trust manager.
Throws:
GeneralSecurityException

getSSLContext

public SSLContext getSSLContext(KeyManager[] keyManagers,
                                X509TrustManager trustManager)
                         throws GeneralSecurityException
Description copied from interface: CertificateService
Get an SSL Context with the specified trustmanager.

Specified by:
getSSLContext in interface CertificateService
Parameters:
keyManagers - The key manager(s) to be used for client authentication
trustManager - The trustmanager that will be used by the created SSLContext
Returns:
An SSL context based on the supplied trust manager.
Throws:
GeneralSecurityException

getTrustManager

public X509TrustManager getTrustManager(Iterable<String> identitiesToTest)
                                 throws GeneralSecurityException
Description copied from interface: CertificateService
Creates a trustmanager that validates the certificate based on the JRE default check and asks the user when the JRE check fails. When null is passed as the identityToTest then no check is performed whether the certificate is valid for a specific server or client. The passed identities are checked by applying a behavior similar to the on regular browsers use.

Specified by:
getTrustManager in interface CertificateService
Parameters:
identitiesToTest - when not null, the values are assumed to be hostnames for invocations of checkServerTrusted and e-mail addresses for invocations of checkClientTrusted
Returns:
TrustManager to use in an SSLContext
Throws:
GeneralSecurityException

getTrustManager

public X509TrustManager getTrustManager(String identityToTest)
                                 throws GeneralSecurityException
Specified by:
getTrustManager in interface CertificateService
Parameters:
identityToTest - when not null, the value is assumed to be a hostname for invocations of checkServerTrusted and an e-mail address for invocations of checkClientTrusted
Returns:
TrustManager to use in an SSLContext
Throws:
GeneralSecurityException
See Also:
CertificateService.getTrustManager(Iterable)

getTrustManager

public X509TrustManager getTrustManager(String identityToTest,
                                        CertificateMatcher clientVerifier,
                                        CertificateMatcher serverVerifier)
                                 throws GeneralSecurityException
Specified by:
getTrustManager in interface CertificateService
Parameters:
identityToTest - The identity to match against the supplied verifiers.
clientVerifier - The verifier to use in calls to checkClientTrusted
serverVerifier - The verifier to use in calls to checkServerTrusted
Returns:
TrustManager to use in an SSLContext
Throws:
GeneralSecurityException
See Also:
CertificateService.getTrustManager(Iterable, CertificateMatcher, CertificateMatcher)

getTrustManager

public X509TrustManager getTrustManager(Iterable<String> identitiesToTest,
                                        CertificateMatcher clientVerifier,
                                        CertificateMatcher serverVerifier)
                                 throws GeneralSecurityException
Description copied from interface: CertificateService
Creates a trustmanager that validates the certificate based on the JRE default check and asks the user when the JRE check fails. When null is passed as the identityToTest then no check is performed whether the certificate is valid for a specific server or client.

Specified by:
getTrustManager in interface CertificateService
Parameters:
identitiesToTest - The identities to match against the supplied verifiers.
clientVerifier - The verifier to use in calls to checkClientTrusted
serverVerifier - The verifier to use in calls to checkServerTrusted
Returns:
TrustManager to use in an SSLContext
Throws:
GeneralSecurityException

verify

protected int verify(X509Certificate[] chain,
                     String message)
Asks the user whether he trusts the supplied chain of certificates.

Parameters:
chain - The chain of the certificates to check with user.
message - A text that describes why the verification failed.
Returns:
The result of the user interaction. One of CertificateService.DO_NOT_TRUST, CertificateService.TRUST_THIS_SESSION_ONLY, CertificateService.TRUST_ALWAYS
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
Jitsi: the OpenSource Java VoIP and Instant Messaging client.
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Jitsi, the OpenSource Java VoIP and Instant Messaging client.
Distributable under LGPL license.