org.eclipse.californium.scandium.dtls.x509

Class BridgeCertificateVerifier

java.lang.Object

org.eclipse.californium.scandium.dtls.x509.BridgeCertificateVerifier

All Implemented Interfaces:

NewAdvancedCertificateVerifier

public class BridgeCertificateVerifier
extends Object
implements NewAdvancedCertificateVerifier

Adapter to use custom implementations of the deprecated certificate verifier until having them migrated. Delegates certificate verification to provided CertificateVerifier and TrustedRpkStore.

Since:

2.5

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	BridgeCertificateVerifier.Builder

Field Summary

Fields

Modifier and Type	Field and Description
protected org.slf4j.Logger	LOGGER

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	BridgeCertificateVerifier(CertificateVerifier x509verifier, TrustedRpkStore rpkVerifier, List<CertificateType> supportedCertificateTypes) Create delegating certificate verifier for x509 and RPK.

Method Summary

Methods

Modifier and Type	Method and Description
static BridgeCertificateVerifier.Builder	builder()
List<X500Principal>	getAcceptedIssuers() Return an list of certificate authorities which are trusted for authenticating peers.
List<CertificateType>	getSupportedCertificateType() Get the list of supported certificate types in order of preference.
void	setResultHandler(HandshakeResultHandler resultHandler) Set the handler for asynchronous handshake results.
CertificateVerificationResult	verifyCertificate(ConnectionId cid, ServerNames serverName, Boolean clientUsage, boolean truncateCertificatePath, CertificateMessage message, DTLSSession session) Validates the X.509 certificate chain provided by the the peer as part of the certificate message.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

LOGGER

protected final org.slf4j.Logger LOGGER

Constructor Detail

BridgeCertificateVerifier

protected BridgeCertificateVerifier(CertificateVerifier x509verifier,
                         TrustedRpkStore rpkVerifier,
                         List<CertificateType> supportedCertificateTypes)

Create delegating certificate verifier for x509 and RPK.

Parameters:

x509verifier - x509 certificate verifier to delegate verification.

rpkVerifier - RPK certificate verifier to delegate verification.

supportedCertificateTypes - list of supported certificate type in order of preference.

Throws:

IllegalArgumentException - if both verifier are null.

NullPointerException - if the list of supported certificate types is null

Method Detail

getSupportedCertificateType

public List<CertificateType> getSupportedCertificateType()

Description copied from interface: NewAdvancedCertificateVerifier

Get the list of supported certificate types in order of preference.

Specified by:

getSupportedCertificateType in interface NewAdvancedCertificateVerifier

Returns:

the list of supported certificate types.

verifyCertificate

public CertificateVerificationResult verifyCertificate(ConnectionId cid,
                                              ServerNames serverName,
                                              Boolean clientUsage,
                                              boolean truncateCertificatePath,
                                              CertificateMessage message,
                                              DTLSSession session)

Description copied from interface: NewAdvancedCertificateVerifier

Validates the X.509 certificate chain provided by the the peer as part of the certificate message.

Specified by:

verifyCertificate in interface NewAdvancedCertificateVerifier

Parameters:

cid - connection ID

serverName - indicated server names.

clientUsage - indicator to check certificate usage. null don't check key usage, true, check key usage for client, false for server.

truncateCertificatePath - true truncate certificate path at a trusted certificate before validation.

message - certificate message to be validated

session - dtls session to be used for validation

Returns:

certificate verification result, or null, if result is provided asynchronous.

getAcceptedIssuers

public List<X500Principal> getAcceptedIssuers()

Description copied from interface: NewAdvancedCertificateVerifier

Return an list of certificate authorities which are trusted for authenticating peers.

Specified by:

getAcceptedIssuers in interface NewAdvancedCertificateVerifier

Returns:

a non-null (possibly empty) list of accepted CA issuers.

setResultHandler

public void setResultHandler(HandshakeResultHandler resultHandler)

Description copied from interface: NewAdvancedCertificateVerifier

Set the handler for asynchronous handshake results. Called during initialization of the DTLSConnector. Synchronous implementations may just ignore this using an empty implementation.

Specified by:

setResultHandler in interface NewAdvancedCertificateVerifier

Parameters:

resultHandler - handler for asynchronous master secret results. This handler MUST NOT be called from the thread calling NewAdvancedCertificateVerifier.verifyCertificate(ConnectionId, ServerNames, Boolean, boolean, CertificateMessage, DTLSSession), instead just return the result there.

builder

public static BridgeCertificateVerifier.Builder builder()