com.ehsbe.commons.gui.util
Class JxInvalidCertHandler

java.lang.Object
  com.ehsbe.commons.gui.util.JxInvalidCertHandler

All Implemented Interfaces:

InvalidCertHandler

public class JxInvalidCertHandler
extends Object
implements InvalidCertHandler

A GUI based example implementation of an InvalidCertHandler, which might be used with a LocalTrustManager to ask the user, what to do with unknown certificates as well as to store acceptions permanently.

Version:

$Revision$

Author:

Jens Elkner

Constructor Summary

JxInvalidCertHandler()
Create a handler, which initially has no acceptions for unknown certificates defined.

JxInvalidCertHandler(File certBundlePath)
Create a handler, which accepts all certificates listed in the given file automatically.

JxInvalidCertHandler(InputStream bundleStream)
Create a handler, which accepts all certificates listed in the given file automatically.

Method Summary

boolean	accept(X509Certificate[] chain, CertificateException ex) Handles the invalid certificate chain and corresponding exception.
File	getCertBundlePath() Get the cert bundle file, which has been used to populate the internal list of certificates, which should be accepted automatically.
Set<X509Certificate>	getPermanentCerts() Get all certificates marked as always accept automatically (permanent).
Set<X509Certificate>	getSessionOnlyCerts() Get all certificates marked as accept for this session only (temporary).
boolean	hasChanged() Check, whether the list of permanent certificates has been changed since construction or last save operation.
void	reset() Remove all certificates from internal lists and sets the cert bundle path back to null.
void	save() Save all as permamnently accepted certificates, but only if the set of certificates has been changed since last save/setCertBundle(File) and a cert bundle path has been set.
void	save(File certBundlePath) Save all as permamnently accepted certificates to the given file.
void	save(OutputStream out) Save all as permamnently accepted certificates to the given stream.
void	setCertBundle(File certBundlePath) Set the list of X.509 certificates, which should be accepted automatically to all certificates contained in the given bundle.
void	setCertBundle(InputStream in) Set the list of X.509 certificates, which should be accepted automatically (i.e. permanently) to all certificates contained in the given bundle.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

JxInvalidCertHandler

public JxInvalidCertHandler()

Create a handler, which initially has no acceptions for unknown certificates defined.

JxInvalidCertHandler

public JxInvalidCertHandler(File certBundlePath)
                     throws CertificateException,
                            IOException

Create a handler, which accepts all certificates listed in the given file automatically.

Parameters:

certBundlePath - a bundle of X509 certificates

Throws:

IOException

CertificateException

See Also:

setCertBundle(File)

JxInvalidCertHandler

public JxInvalidCertHandler(InputStream bundleStream)
                     throws CertificateException,
                            IOException

Create a handler, which accepts all certificates listed in the given file automatically.

Parameters:

bundleStream - a stream of X509 certificates

Throws:

IOException

CertificateException

See Also:

setCertBundle(InputStream)

Method Detail

accept

public boolean accept(X509Certificate[] chain,
                      CertificateException ex)

Handles the invalid certificate chain and corresponding exception.

Specified by:

accept in interface InvalidCertHandler

Parameters:

chain - certificate chain, which could not be validated.

ex - exception thrown during validation.

Returns:

true if the calling trust manager entity should add the first certificate in the chain (aka client or server certificate) to its trusted certificate list.

setCertBundle

public void setCertBundle(File certBundlePath)
                   throws CertificateException,
                          IOException

Set the list of X.509 certificates, which should be accepted automatically to all certificates contained in the given bundle.

The bundle is expected to be a concatenation of Base64 DER encoded (aka PEM encoded) X.509 certificates, i.e. each certificate is enclosed between a "-----BEGIN CERTIFICATE-----" and a "-----END CERTIFICATE-----" line. See also openssl x509 -in file -inform PEM -text . The file itself is US-ASCII formated.

Parameters:

certBundlePath - path name of the X.509 certificate bundle to load. Ignored if null.

Throws:

CertificateException - if no Provider can be found, which supports X.509 certificates.

IOException - if the resource can not be found or a read error occures when reading the resource stream.

See Also:

CertificateFactory.generateCertificate(InputStream)

setCertBundle

public void setCertBundle(InputStream in)
                   throws CertificateException,
                          IOException

Set the list of X.509 certificates, which should be accepted automatically (i.e. permanently) to all certificates contained in the given bundle. Clears the internal cert bundle path as well as the session certifcate aka temporary.

The bundle is expected to be a concatenation of Base64 DER encoded (aka PEM encoded) X.509 certificates, i.e. each certificate is enclosed between a "-----BEGIN CERTIFICATE-----" and a "-----END CERTIFICATE-----" line. See also openssl x509 -in file -inform PEM -text . The file itself is US-ASCII formated.

Parameters:

in - the stream of X.509 certificate bundle to load.

Throws:

CertificateException - if no Provider can be found, which supports X.509 certificates.

IOException - if the resource can not be found or a read error occures when reading the resource stream.

See Also:

getCertBundlePath(), getPermanentCerts(), getSessionOnlyCerts(), CertificateFactory.generateCertificate(InputStream)

getCertBundlePath

public File getCertBundlePath()

Get the cert bundle file, which has been used to populate the internal list of certificates, which should be accepted automatically.

Returns:

null if not set, the cert bundle file otherwise.

save

public void save()
          throws IOException

Save all as permamnently accepted certificates, but only if the set of certificates has been changed since last save/setCertBundle(File) and a cert bundle path has been set.

Throws:

IOException

See Also:

setCertBundle(File), getCertBundlePath()

save

public void save(File certBundlePath)
          throws IOException

Save all as permamnently accepted certificates to the given file.

Parameters:

certBundlePath - where to save permanently accepted certificates. Does nothing if null.

Throws:

IOException - if an write error occurs

save

public void save(OutputStream out)
          throws IOException,
                 CertificateEncodingException

Save all as permamnently accepted certificates to the given stream.

Parameters:

out - where to save permanently accepted certificates. Does nothing if null.

Throws:

IOException - if an write error occurs

CertificateEncodingException

getPermanentCerts

public Set<X509Certificate> getPermanentCerts()

Get all certificates marked as always accept automatically (permanent). All of them will be saved on request.

Returns:

a possible empty unmodifiable set

getSessionOnlyCerts

public Set<X509Certificate> getSessionOnlyCerts()

Get all certificates marked as accept for this session only (temporary). All of them will be NOT saved on request.

Returns:

a possible empty unmodifiable set

reset

public void reset()

Remove all certificates from internal lists and sets the cert bundle path back to null.

hasChanged

public boolean hasChanged()

Check, whether the list of permanent certificates has been changed since construction or last save operation.

Returns:

true if changed.