|
||||||||||
PREV NEXT | FRAMES NO FRAMES |
SocketFactoryCreator.connectWithHostnameChecking(SSLSocket, HostnameMismatchCallback)
instead. This class is not perfect as the HandshakeCompletedListener
is invoked (at least in reference JDK)
in a separate thread, what can easily lead to a situation when the connection is opened and made available,
before this implementation finishes checking.X509CertChainValidator
.X509Credential
implementations.PKIXCertPathReviewer
with additional support for proxy certificates.PKIXCertPathReviewer
errors to
ValidationError
.X509CertChainValidator
implementation which always fails or accepts certificates,
basing on the constructor argument.PEMReader
class from the BC library.CertPathValidatorUtilities
plus in some
cases fixes bugs plus produces errors in the desired format.PasswordFinder
which uses a password
provided to the constructor.FixedBCPKIXCertPathReviewer
.
ExtPKIXParameters
object.
PlainCRLStoreSpi
(its subclass) should be used.
KeyManager
implementation which always returns the only key and certificate
which is available in the configured X509Credential
object.RevocationChecker
using CRLs, the RFC3280CertPathUtilitiesHelper
.InputStream
s which can be used to read
a private key and certificate in DER PKCS8 format.
ValidatorParamsExt.ValidatorParamsExt()
).
OpensslCertChainValidator
eu.emi.security.authn.x509.proxy
package.NamespacePolicy
object.NamespacePolicy
objects.CertPath
and PKIXParameters
params
PEMReader
class so it can read correctly also
PEM files with a garbage at the beginning
and minor syntax violations which occur more then often in the wild.FlexiblePEMReader
object.
FlexiblePEMReader
object.
ProxyCertInfoExtension
object from the
provided certificate.
X509Credential.getKeyStore()
method.
X509Credential.getKeyStore()
method.
X509Credential.getKeyStore()
method.
X509Credential.getKeyStore()
method,
with the alias returned by the X509Credential.getKeyAlias()
method.
X509Credential.getKeyStore()
method,
with the alias returned by the X509Credential.getKeyAlias()
method.
X509Credential.getKeyStore()
method,
with the alias returned by the X509Credential.getKeyAlias()
method.
SSLServerSocketFactory
configured to check
client certificates with a provided validator.
SocketFactoryCreator.getServerSocketFactory(X509Credential, X509CertChainValidator, SecureRandom)
using SecureRandom
implementation as the last argument.
SSLSocketFactory
configured to check
servers' certificates with a provided validator.
SocketFactoryCreator.getSocketFactory(X509Credential, X509CertChainValidator, SecureRandom)
using SecureRandom
implementation as the last argument.
Set
of the most-trusted CAs.
X500Principal
object from a RFC 2253 string.
NamespacePolicy
object.NamespacePolicy
objects.CertPath
and PKIXParameters
params
KeyStore
as a truststore.ValidatorParamsExt.ValidatorParamsExt()
).
BCStyle
with additional recognized attribute names, to make
it fully compatible with what the internal OpenJDK implementation supports
when parsing string RFC 2253 DNs.TrustAnchorStore
which load JDK's KeyStore
from a file.TrustAnchorStore
which uses JDK's KeyStore
as a in-memory storage.PrivateKey
and X509Certificate
chain as a X509Credential
.KeyStore
as a truststore.ValidatorParamsExt.ValidatorParamsExt()
).
KeyStore
class utility helpersCertificateUtils.loadPEMKeystore(InputStream, char[], char[])
but this version allows for providing input
key's encryption password only when needed.
NamespacePolicy
objects.PKIXCertPathBuilderSpi
.StoreUpdateListener
s.OCSPClientImpl
.OCSPCheckingMode.IF_AVAILABLE
.
OCSPParametes.DEFAULT_TIMEOUT
), and cache (OCSPParametes.DEFAULT_CACHE
and
no disk persistence of cached responses), prefers local responders,
do not sign requests and do not use nonce.
OCSPParametes.DEFAULT_TIMEOUT
), prefers local responders,
do not sign requests and do not use nonce.
RevocationChecker
using CRLs, the OCSPVerifier
OCSPParametes
to perform OCSP calls using
OCSPCachingClient
and returns the final response.ValidatorParams.ValidatorParams()
).
InputStream
which can be used to read
a private key and certificate in PEM keystore format, i.e.
PEMCredential.PEMCredential(String, char[])
but this version allows for providing
decryption key only when needed.
InputStream
which can be used to read
a private key and certificate in PEM keystore format, i.e.
PEMCredential.PEMCredential(InputStream, char[])
but this version allows for providing
decryption key only when needed.
InputStream
s which can be used to read
a private key and certificate in PEM format.
PEMCredential.PEMCredential(InputStream, InputStream, char[])
but password is retrieved on demand.
Reader
s which can be used to read
a private key and certificate in PEM format.
PEMCredential.PEMCredential(Reader, Reader, char[])
but password is retrieved on demand.
PEMReader
class from the BC library.PlainCRLStoreSpi
.X500Principal
class by
replacing attribute names unknown by the X500Principal
with OIDs.
ProxyGenerator
.ProxyCertificate
interface.ProxyCSRGenerator
.InputStream
implementation that reads a character stream from a Reader
and transforms it to a byte stream using a specified charset encoding.ReaderInputStream
.
ReaderInputStream
.
ReaderInputStream
.
ReaderInputStream
with a default input buffer size of
1024 characters.
ReaderInputStream
.
ReaderInputStream
with a default input buffer size of
1024 characters.
ReaderInputStream
that uses the default character encoding
with a default input buffer size of 1024 characters.
CrlCheckingMode.IF_VALID
and default OCSPParametes
.
RevocationParameters.RevocationParameters()
and CRLParameters.CRLParameters()
).
RevocationParametersExt.RevocationParametersExt(CrlCheckingMode, CRLParameters, OCSPParametes)
instead
RFC3280CertPathUtilities
.CertificateUtils.savePEMKeystore(OutputStream, KeyStore, String, String, char[], char[], boolean)
with the last argument equal to false.
CertificateUtils.savePEMKeystore(OutputStream, KeyStore, String, String, char[], char[], boolean)
.
CertificateUtils.savePrivateKey(OutputStream, PrivateKey, Encoding, String, char[], boolean)
with
the last argument equal to false
X509CertChainValidator
.TrustManager
which uses a configured X509CertChainValidator
to validate certificates.CertPath
ProxyType
.
X500Principal
to X500Name
with the JavaAndBCStyle
style.
ValidationError
X509CertChainValidator
implementations.X509CertChainValidator
implementations
which use RevocationParametersExt
X509CertChainValidator
interface with some additional methods
which are commonly provided by the most validator implementations, but are not
strictly required for the sole validation.
|
||||||||||
PREV NEXT | FRAMES NO FRAMES |