|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.freshcookies.security.cert.Trustee
public class Trustee
Utility class that performs common certificate trust operations, such as writing to disk, updating the trust database and printing verbose certficate info.
This class requires privileges to run with a SecurityManager. At a mimumum, this ProtectionDomain and preceding callers must be granted the following permissions:
java.util.PropertyPermission "javax.net.ssl.trustStore", "read"
java.util.PropertyPermission "java.home", "read"
java.io.FilePermission "${java.home}/lib/security/cacerts", "read"
In addition, if the method saveCertificate(X509Certificate)
is called, this ProtectionDomain and all preceding callers must also be
granted these additional permissions:
java.lang.RuntimePermission "writeFileDescriptor"
java.io.FilePermission "${user.dir}/*.cer", "write"
The commit()
method requires that this ProtectionDomain and
all preceding callers be granted these additional permisions:
java.lang.RuntimePermission "writeFileDescriptor"
java.io.FilePermission "${java.home}/lib/security/cacerts", "write"
None of the methods in this class perform their actions inside
doPrivileged
blocks, so all SecurityException
errors
are propagated to callers.
Constructor Summary | |
---|---|
Trustee()
Constructs a new Trustee instance, and initializes the system certificate authority (CA) keystore and SSL trust manager. |
Method Summary | |
---|---|
boolean |
commit()
Writes the trust store to disk. |
static java.lang.String |
getAlias(java.security.cert.X509Certificate cert)
Calculates an alias for a certificate by trying the common name, organizational unit, DC and serial number in succession. |
static java.lang.String |
getCertificateInfo(java.security.cert.X509Certificate cert)
Returns a string containing verbose certificate information. |
void |
saveCertificate(java.security.cert.X509Certificate cert)
Saves an X.509 certificate as a binary file in the current directory. |
boolean |
trustCACertificate(java.security.cert.X509Certificate cert)
Adds a supplied CA certificate to the system certificate trust store as a "trusted CA certificate". |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public Trustee()
java.lang.SecurityException
- when the SecurityManager is running, and the current
policy does not grant this ProtectionDomain and preceding callers all of the following
permissions:
java.util.PropertyPermission "javax.net.ssl.trustStore", "read"
java.util.PropertyPermission "java.home" "read"
java.io.FilePermission "${java.home}/lib/security/cacerts", "read"
Method Detail |
---|
public static java.lang.String getAlias(java.security.cert.X509Certificate cert)
cert
- the certificate
public static java.lang.String getCertificateInfo(java.security.cert.X509Certificate cert)
keytool
program.
cert
- the certificate to examinepublic boolean trustCACertificate(java.security.cert.X509Certificate cert) throws java.security.KeyStoreException
Adds a supplied CA certificate to the system certificate trust store as a "trusted CA certificate". This is equivalent to the following command-line action:
keytool -import -trustcacerts -keystore $JAVA_HOME/lib/security/cacerts -file certificate
Note: a useful argument for debugging is -Djavax.net.debug=all
.
cert
- the certificate to add to the trust store
true
if successfully added; false
if
not
java.security.KeyStoreException
- if the CA alias ould not be added to the trust storepublic boolean commit()
true
if the commit succeeds; false
if
not
java.lang.SecurityException
- when the SecurityManager is running, and the current policy does
not grant this ProtectionDomain and preceding callers all of the following
permissions: java.lang.RuntimePermission "writeFileDescriptor"
java.io.FilePermission "${java.home}/lib/security/cacerts", "write"
public void saveCertificate(java.security.cert.X509Certificate cert) throws java.io.IOException, java.security.cert.CertificateEncodingException
.cer
. This suffix is sufficiently
cross-platform that Mac OS X and Windows users alike can simply
double-click on the file to install it using the respective certificate
management tool.
cert
- the certificate to save
java.io.IOException
- if the file could not be written
java.security.cert.CertificateEncodingException
- if the certificate could not be properly encoded
java.lang.SecurityException
- when the SecurityManager is running, and the current policy does
not grant this ProtectionDomain and preceding callers all of the following
permissions: java.lang.RuntimePermission "writeFileDescriptor"
java.io.FilePermission "${user.dir}/*.cer", "write"
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |