org.snmp4j.transport.tls
Class DefaultTlsTmSecurityCallback

java.lang.Object
  extended by org.snmp4j.transport.tls.DefaultTlsTmSecurityCallback
All Implemented Interfaces:
TlsTmSecurityCallback<java.security.cert.X509Certificate>

public class DefaultTlsTmSecurityCallback
extends java.lang.Object
implements TlsTmSecurityCallback<java.security.cert.X509Certificate>

The DefaultTlsTmSecurityCallback resolves the tmSecurityName for incoming requests through a mapping table based on the peer certificates, resolves the local certificate alias through a mapping table based on the target address and accepts peer certificates based on a list of trusted peer and issuer certificates.

Since:
2.0
Author:
Frank Fock

Constructor Summary
DefaultTlsTmSecurityCallback()
           
 
Method Summary
 void addAcceptedIssuerDN(java.lang.String issuerDN)
           
 void addAcceptedSubjectDN(java.lang.String subjectDN)
           
 void addLocalCertMapping(Address address, java.lang.String certAlias)
           
 void addSecurityNameMapping(OctetString fingerprint, SecurityNameMapping.CertMappingType type, OctetString data, OctetString securityName)
           
 java.lang.String getLocalCertificateAlias(Address targetAddress)
          Gets the local certificate alias to be used for the supplied target address.
 OctetString getSecurityName(java.security.cert.X509Certificate[] peerCertificateChain)
          Gets the tmSecurityName (see RFC 5953) from the certificate chain of the communication peer that needs to be authenticated.
 boolean isAcceptedIssuer(java.security.cert.X509Certificate issuerCertificate)
          Check if the supplied issuer certificate is accepted as server.
 boolean isClientCertificateAccepted(java.security.cert.X509Certificate peerEndCertificate)
          Check if the supplied peer end certificate is accepted as client.
 boolean isServerCertificateAccepted(java.security.cert.X509Certificate[] peerCertificateChain)
          Check if the supplied peer certificate chain is accepted as server.
 boolean removeAcceptedIssuerDN(java.lang.String issuerDN)
           
 boolean removeAcceptedSubjectDN(java.lang.String subjectDN)
           
 java.lang.String removeLocalCertMapping(Address address)
           
 OctetString removeSecurityNameMapping(OctetString fingerprint, SecurityNameMapping.CertMappingType type, OctetString data)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

DefaultTlsTmSecurityCallback

public DefaultTlsTmSecurityCallback()
Method Detail

getSecurityName

public OctetString getSecurityName(java.security.cert.X509Certificate[] peerCertificateChain)
Description copied from interface: TlsTmSecurityCallback
Gets the tmSecurityName (see RFC 5953) from the certificate chain of the communication peer that needs to be authenticated.

Specified by:
getSecurityName in interface TlsTmSecurityCallback<java.security.cert.X509Certificate>
Parameters:
peerCertificateChain - an array of Certificates with the peer's own certificate first followed by any CA authorities.
Returns:
the tmSecurityName as defined by RFC 5953.

isClientCertificateAccepted

public boolean isClientCertificateAccepted(java.security.cert.X509Certificate peerEndCertificate)
Description copied from interface: TlsTmSecurityCallback
Check if the supplied peer end certificate is accepted as client.

Specified by:
isClientCertificateAccepted in interface TlsTmSecurityCallback<java.security.cert.X509Certificate>
Parameters:
peerEndCertificate - a client Certificate instance to check acceptance for.
Returns:
true if the certificate is accepted.

isServerCertificateAccepted

public boolean isServerCertificateAccepted(java.security.cert.X509Certificate[] peerCertificateChain)
Description copied from interface: TlsTmSecurityCallback
Check if the supplied peer certificate chain is accepted as server.

Specified by:
isServerCertificateAccepted in interface TlsTmSecurityCallback<java.security.cert.X509Certificate>
Parameters:
peerCertificateChain - a server Certificate chain to check acceptance for.
Returns:
true if the certificate chain is accepted.

isAcceptedIssuer

public boolean isAcceptedIssuer(java.security.cert.X509Certificate issuerCertificate)
Description copied from interface: TlsTmSecurityCallback
Check if the supplied issuer certificate is accepted as server.

Specified by:
isAcceptedIssuer in interface TlsTmSecurityCallback<java.security.cert.X509Certificate>
Parameters:
issuerCertificate - an issuer Certificate instance to check acceptance for.
Returns:
true if the certificate is accepted.

getLocalCertificateAlias

public java.lang.String getLocalCertificateAlias(Address targetAddress)
Description copied from interface: TlsTmSecurityCallback
Gets the local certificate alias to be used for the supplied target address.

Specified by:
getLocalCertificateAlias in interface TlsTmSecurityCallback<java.security.cert.X509Certificate>
Parameters:
targetAddress - a target address or null if the default local certificate alias needs to be retrieved.
Returns:
the requested local certificate alias, if known. Otherwise null is returned which could cause a protocol violation if the local key store contains more than one certificate.

addSecurityNameMapping

public void addSecurityNameMapping(OctetString fingerprint,
                                   SecurityNameMapping.CertMappingType type,
                                   OctetString data,
                                   OctetString securityName)

removeSecurityNameMapping

public OctetString removeSecurityNameMapping(OctetString fingerprint,
                                             SecurityNameMapping.CertMappingType type,
                                             OctetString data)

addAcceptedIssuerDN

public void addAcceptedIssuerDN(java.lang.String issuerDN)

removeAcceptedIssuerDN

public boolean removeAcceptedIssuerDN(java.lang.String issuerDN)

addAcceptedSubjectDN

public void addAcceptedSubjectDN(java.lang.String subjectDN)

removeAcceptedSubjectDN

public boolean removeAcceptedSubjectDN(java.lang.String subjectDN)

addLocalCertMapping

public void addLocalCertMapping(Address address,
                                java.lang.String certAlias)

removeLocalCertMapping

public java.lang.String removeLocalCertMapping(Address address)

Copyright 2005-2011 Frank Fock (SNMP4J.org)

Copyright © 2011 SNMP4J.org. All Rights Reserved.