org.apache.directory.server.ldap.replication

Class ReplicationTrustManager

java.lang.Object

org.apache.directory.server.ldap.replication.ReplicationTrustManager

All Implemented Interfaces:

TrustManager, X509TrustManager

public class ReplicationTrustManager
extends Object
implements X509TrustManager

A X509TrustManager implementation used by the replication subsystem. This implementation doesn't require the certificates to be stored in a file, instead it parses the given certificates of replica peers using Bouncycastle's X509CertParser and stores them in the in-memory KeyStore. The SunX509 TrustManagerFactory is then initialized using this KeyStore and the resulting X509TrustManager present in this factory's TrustManagers will be used internally to perform the certificate verification

Author:

Apache Directory Project

Method Summary

Methods

Modifier and Type	Method and Description
static void	addCertificate(String certAlias, byte[] certificate) stores the given certificate into the keystore with the given alias name
static void	addCertificates(Map<String,byte[]> aliasCertMap) loads the given map of [alias-name, certificate-data] entries into the keystore to be used by the trust manager
void	checkClientTrusted(X509Certificate[] chain, String authType)
void	checkServerTrusted(X509Certificate[] chain, String authType)
X509Certificate[]	getAcceptedIssuers()
static ReplicationTrustManager	getInstance() returns the singleton instance of ReplicationTrustManager, note that this return instance can only be used after calling the addCertificates(Map) method

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

addCertificates

public static void addCertificates(Map<String,byte[]> aliasCertMap)
                            throws Exception

loads the given map of [alias-name, certificate-data] entries into the keystore to be used by the trust manager

Parameters:

aliasCertMap - the map of [alias-name, certificate-data] entries

Throws:

Exception - in case of any issues related to certificate data parsing

addCertificate

public static void addCertificate(String certAlias,
                  byte[] certificate)
                           throws Exception

stores the given certificate into the keystore with the given alias name

Parameters:

certAlias - the alias name to be used for this certificate

certificate - the X509 certificate data

Throws:

Exception - in case of any issues related to certificate data parsing

getInstance

public static ReplicationTrustManager getInstance()

returns the singleton instance of ReplicationTrustManager, note that this return instance can only be used after calling the addCertificates(Map) method

Returns:

the instance of the ReplicationTrustManager

checkClientTrusted

public void checkClientTrusted(X509Certificate[] chain,
                      String authType)
                        throws CertificateException

Specified by:

checkClientTrusted in interface X509TrustManager

Throws:

CertificateException

checkServerTrusted

public void checkServerTrusted(X509Certificate[] chain,
                      String authType)
                        throws CertificateException

Specified by:

checkServerTrusted in interface X509TrustManager

Throws:

CertificateException

getAcceptedIssuers

public X509Certificate[] getAcceptedIssuers()

Specified by:

getAcceptedIssuers in interface X509TrustManager