Mercurial Hosting > luan

annotate src/org/eclipse/jetty/util/security/CertificateValidator.java @ 820:8e9db0bbf4f9

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
remove org.eclipse.jetty.util.log and upgrade slf4j
author Franklin Schmidt <fschmidt@gmail.com>
date Tue, 13 Sep 2016 23:13:06 -0600
parents 3428c60d7cfc
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1 //
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
2 // ========================================================================
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
3 // Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd.
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
4 // ------------------------------------------------------------------------
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
5 // All rights reserved. This program and the accompanying materials
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
6 // are made available under the terms of the Eclipse Public License v1.0
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
7 // and Apache License v2.0 which accompanies this distribution.
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
8 //
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
9 // The Eclipse Public License is available at
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
10 // http://www.eclipse.org/legal/epl-v10.html
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
11 //
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
12 // The Apache License v2.0 is available at
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
13 // http://www.opensource.org/licenses/apache2.0.php
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
14 //
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
15 // You may elect to redistribute this code under either of these licenses.
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
16 // ========================================================================
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
17 //
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
18
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
19 package org.eclipse.jetty.util.security;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
20
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
21 import java.security.GeneralSecurityException;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
22 import java.security.InvalidParameterException;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
23 import java.security.KeyStore;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
24 import java.security.KeyStoreException;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
25 import java.security.Security;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
26 import java.security.cert.CRL;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
27 import java.security.cert.CertPathBuilder;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
28 import java.security.cert.CertPathBuilderResult;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
29 import java.security.cert.CertPathValidator;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
30 import java.security.cert.CertStore;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
31 import java.security.cert.Certificate;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
32 import java.security.cert.CertificateException;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
33 import java.security.cert.CollectionCertStoreParameters;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
34 import java.security.cert.PKIXBuilderParameters;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
35 import java.security.cert.X509CertSelector;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
36 import java.security.cert.X509Certificate;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
37 import java.util.ArrayList;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
38 import java.util.Collection;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
39 import java.util.Enumeration;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
40 import java.util.concurrent.atomic.AtomicLong;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
41
820
8e9db0bbf4f9 remove org.eclipse.jetty.util.log and upgrade slf4j
Franklin Schmidt <fschmidt@gmail.com>
parents: 802
diff changeset
42 import org.slf4j.Logger;
8e9db0bbf4f9 remove org.eclipse.jetty.util.log and upgrade slf4j
Franklin Schmidt <fschmidt@gmail.com>
parents: 802
diff changeset
43 import org.slf4j.LoggerFactory;
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
44
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
45 /**
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
46 * Convenience class to handle validation of certificates, aliases and keystores
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
47 *
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
48 * Allows specifying Certificate Revocation List (CRL), as well as enabling
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
49 * CRL Distribution Points Protocol (CRLDP) certificate extension support,
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
50 * and also enabling On-Line Certificate Status Protocol (OCSP) support.
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
51 *
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
52 * IMPORTANT: at least one of the above mechanisms *MUST* be configured and
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
53 * operational, otherwise certificate validation *WILL FAIL* unconditionally.
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
54 */
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
55 public class CertificateValidator
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
56 {
820
8e9db0bbf4f9 remove org.eclipse.jetty.util.log and upgrade slf4j
Franklin Schmidt <fschmidt@gmail.com>
parents: 802
diff changeset
57 private static final Logger LOG = LoggerFactory.getLogger(CertificateValidator.class);
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
58 private static AtomicLong __aliasCount = new AtomicLong();
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
59
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
60 private KeyStore _trustStore;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
61 private Collection<? extends CRL> _crls;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
62
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
63 /** Maximum certification path length (n - number of intermediate certs, -1 for unlimited) */
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
64 private int _maxCertPathLength = -1;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
65 /** CRL Distribution Points (CRLDP) support */
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
66 private boolean _enableCRLDP = false;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
67 /** On-Line Certificate Status Protocol (OCSP) support */
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
68 private boolean _enableOCSP = false;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
69 /** Location of OCSP Responder */
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
70 private String _ocspResponderURL;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
71
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
72 /**
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
73 * creates an instance of the certificate validator
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
74 *
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
75 * @param trustStore
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
76 * @param crls
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
77 */
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
78 public CertificateValidator(KeyStore trustStore, Collection<? extends CRL> crls)
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
79 {
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
80 if (trustStore == null)
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
81 {
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
82 throw new InvalidParameterException("TrustStore must be specified for CertificateValidator.");
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
83 }
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
84
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
85 _trustStore = trustStore;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
86 _crls = crls;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
87 }
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
88
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
89 /**
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
90 * validates all aliases inside of a given keystore
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
91 *
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
92 * @param keyStore
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
93 * @throws CertificateException
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
94 */
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
95 public void validate( KeyStore keyStore ) throws CertificateException
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
96 {
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
97 try
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
98 {
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
99 Enumeration<String> aliases = keyStore.aliases();
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
100
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
101 for ( ; aliases.hasMoreElements(); )
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
102 {
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
103 String alias = aliases.nextElement();
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
104
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
105 validate(keyStore,alias);
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
106 }
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
107
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
108 }
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
109 catch ( KeyStoreException kse )
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
110 {
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
111 throw new CertificateException("Unable to retrieve aliases from keystore", kse);
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
112 }
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
113 }
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
114
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
115
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
116 /**
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
117 * validates a specific alias inside of the keystore being passed in
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
118 *
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
119 * @param keyStore
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
120 * @param keyAlias
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
121 * @return the keyAlias if valid
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
122 * @throws CertificateException
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
123 */
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
124 public String validate(KeyStore keyStore, String keyAlias) throws CertificateException
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
125 {
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
126 String result = null;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
127
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
128 if (keyAlias != null)
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
129 {
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
130 try
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
131 {
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
132 validate(keyStore, keyStore.getCertificate(keyAlias));
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
133 }
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
134 catch (KeyStoreException kse)
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
135 {
820
8e9db0bbf4f9 remove org.eclipse.jetty.util.log and upgrade slf4j
Franklin Schmidt <fschmidt@gmail.com>
parents: 802
diff changeset
136 LOG.debug("",kse);
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
137 throw new CertificateException("Unable to validate certificate" +
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
138 " for alias [" + keyAlias + "]: " + kse.getMessage(), kse);
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
139 }
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
140 result = keyAlias;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
141 }
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
142
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
143 return result;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
144 }
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
145
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
146 /**
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
147 * validates a specific certificate inside of the keystore being passed in
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
148 *
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
149 * @param keyStore
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
150 * @param cert
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
151 * @throws CertificateException
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
152 */
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
153 public void validate(KeyStore keyStore, Certificate cert) throws CertificateException
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
154 {
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
155 Certificate[] certChain = null;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
156
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
157 if (cert != null && cert instanceof X509Certificate)
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
158 {
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
159 ((X509Certificate)cert).checkValidity();
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
160
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
161 String certAlias = null;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
162 try
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
163 {
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
164 if (keyStore == null)
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
165 {
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
166 throw new InvalidParameterException("Keystore cannot be null");
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
167 }
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
168
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
169 certAlias = keyStore.getCertificateAlias((X509Certificate)cert);
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
170 if (certAlias == null)
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
171 {
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
172 certAlias = "JETTY" + String.format("%016X",__aliasCount.incrementAndGet());
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
173 keyStore.setCertificateEntry(certAlias, cert);
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
174 }
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
175
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
176 certChain = keyStore.getCertificateChain(certAlias);
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
177 if (certChain == null || certChain.length == 0)
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
178 {
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
179 throw new IllegalStateException("Unable to retrieve certificate chain");
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
180 }
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
181 }
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
182 catch (KeyStoreException kse)
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
183 {
820
8e9db0bbf4f9 remove org.eclipse.jetty.util.log and upgrade slf4j
Franklin Schmidt <fschmidt@gmail.com>
parents: 802
diff changeset
184 LOG.debug("",kse);
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
185 throw new CertificateException("Unable to validate certificate" +
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
186 (certAlias == null ? "":" for alias [" +certAlias + "]") + ": " + kse.getMessage(), kse);
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
187 }
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
188
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
189 validate(certChain);
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
190 }
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
191 }
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
192
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
193 public void validate(Certificate[] certChain) throws CertificateException
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
194 {
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
195 try
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
196 {
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
197 ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>();
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
198 for (Certificate item : certChain)
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
199 {
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
200 if (item == null)
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
201 continue;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
202
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
203 if (!(item instanceof X509Certificate))
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
204 {
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
205 throw new IllegalStateException("Invalid certificate type in chain");
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
206 }
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
207
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
208 certList.add((X509Certificate)item);
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
209 }
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
210
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
211 if (certList.isEmpty())
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
212 {
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
213 throw new IllegalStateException("Invalid certificate chain");
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
214
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
215 }
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
216
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
217 X509CertSelector certSelect = new X509CertSelector();
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
218 certSelect.setCertificate(certList.get(0));
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
219
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
220 // Configure certification path builder parameters
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
221 PKIXBuilderParameters pbParams = new PKIXBuilderParameters(_trustStore, certSelect);
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
222 pbParams.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList)));
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
223
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
224 // Set maximum certification path length
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
225 pbParams.setMaxPathLength(_maxCertPathLength);
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
226
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
227 // Enable revocation checking
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
228 pbParams.setRevocationEnabled(true);
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
229
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
230 // Set static Certificate Revocation List
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
231 if (_crls != null && !_crls.isEmpty())
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
232 {
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
233 pbParams.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(_crls)));
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
234 }
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
235
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
236 // Enable On-Line Certificate Status Protocol (OCSP) support
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
237 if (_enableOCSP)
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
238 {
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
239 Security.setProperty("ocsp.enable","true");
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
240 }
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
241 // Enable Certificate Revocation List Distribution Points (CRLDP) support
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
242 if (_enableCRLDP)
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
243 {
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
244 System.setProperty("com.sun.security.enableCRLDP","true");
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
245 }
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
246
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
247 // Build certification path
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
248 CertPathBuilderResult buildResult = CertPathBuilder.getInstance("PKIX").build(pbParams);
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
249
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
250 // Validate certification path
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
251 CertPathValidator.getInstance("PKIX").validate(buildResult.getCertPath(),pbParams);
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
252 }
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
253 catch (GeneralSecurityException gse)
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
254 {
820
8e9db0bbf4f9 remove org.eclipse.jetty.util.log and upgrade slf4j
Franklin Schmidt <fschmidt@gmail.com>
parents: 802
diff changeset
255 LOG.debug("",gse);
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
256 throw new CertificateException("Unable to validate certificate: " + gse.getMessage(), gse);
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
257 }
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
258 }
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
259
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
260 public KeyStore getTrustStore()
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
261 {
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
262 return _trustStore;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
263 }
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
264
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
265 public Collection<? extends CRL> getCrls()
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
266 {
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
267 return _crls;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
268 }
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
269
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
270 /**
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
271 * @return Maximum number of intermediate certificates in
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
272 * the certification path (-1 for unlimited)
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
273 */
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
274 public int getMaxCertPathLength()
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
275 {
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
276 return _maxCertPathLength;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
277 }
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
278
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
279 /* ------------------------------------------------------------ */
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
280 /**
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
281 * @param maxCertPathLength
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
282 * maximum number of intermediate certificates in
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
283 * the certification path (-1 for unlimited)
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
284 */
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
285 public void setMaxCertPathLength(int maxCertPathLength)
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
286 {
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
287 _maxCertPathLength = maxCertPathLength;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
288 }
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
289
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
290 /* ------------------------------------------------------------ */
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
291 /**
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
292 * @return true if CRL Distribution Points support is enabled
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
293 */
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
294 public boolean isEnableCRLDP()
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
295 {
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
296 return _enableCRLDP;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
297 }
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
298
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
299 /* ------------------------------------------------------------ */
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
300 /** Enables CRL Distribution Points Support
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
301 * @param enableCRLDP true - turn on, false - turns off
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
302 */
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
303 public void setEnableCRLDP(boolean enableCRLDP)
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
304 {
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
305 _enableCRLDP = enableCRLDP;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
306 }
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
307
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
308 /* ------------------------------------------------------------ */
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
309 /**
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
310 * @return true if On-Line Certificate Status Protocol support is enabled
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
311 */
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
312 public boolean isEnableOCSP()
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
313 {
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
314 return _enableOCSP;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
315 }
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
316
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
317 /* ------------------------------------------------------------ */
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
318 /** Enables On-Line Certificate Status Protocol support
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
319 * @param enableOCSP true - turn on, false - turn off
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
320 */
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
321 public void setEnableOCSP(boolean enableOCSP)
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
322 {
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
323 _enableOCSP = enableOCSP;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
324 }
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
325
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
326 /* ------------------------------------------------------------ */
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
327 /**
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
328 * @return Location of the OCSP Responder
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
329 */
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
330 public String getOcspResponderURL()
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
331 {
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
332 return _ocspResponderURL;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
333 }
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
334
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
335 /* ------------------------------------------------------------ */
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
336 /** Set the location of the OCSP Responder.
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
337 * @param ocspResponderURL location of the OCSP Responder
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
338 */
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
339 public void setOcspResponderURL(String ocspResponderURL)
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
340 {
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
341 _ocspResponderURL = ocspResponderURL;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
342 }
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
343 }