Package io.netty.internal.tcnative
Class CertificateVerifier
- java.lang.Object
-
- io.netty.internal.tcnative.CertificateVerifier
-
public abstract class CertificateVerifier extends java.lang.Object
Is called during handshake and hooked into openssl viaSSL_CTX_set_cert_verify_callback
. IMPORTANT: Implementations of this interface should be static as it is stored as a global reference via JNI. This means if you use an inner / anonymous class to implement this and also depend on the finalizer of the class to free up the SSLContext the finalizer will never run as the object is never GC, due the hard reference to the enclosing class. This will most likely result in a memory leak.
-
-
Field Summary
-
Constructor Summary
Constructors Constructor Description CertificateVerifier()
-
Method Summary
All Methods Static Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description static boolean
isValid(int errorCode)
Returns true if the givenerrorCode
is valid,false
otherwise.abstract int
verify(long ssl, byte[][] x509, java.lang.String authAlgorithm)
Returnstrue
if the passed in certificate chain could be verified and so the handshake should be successful,false
otherwise.
-
-
-
Field Detail
-
X509_V_OK
public static final int X509_V_OK
-
X509_V_ERR_UNSPECIFIED
public static final int X509_V_ERR_UNSPECIFIED
-
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT
public static final int X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT
-
X509_V_ERR_UNABLE_TO_GET_CRL
public static final int X509_V_ERR_UNABLE_TO_GET_CRL
-
X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE
public static final int X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE
-
X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE
public static final int X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE
-
X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY
public static final int X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY
-
X509_V_ERR_CERT_SIGNATURE_FAILURE
public static final int X509_V_ERR_CERT_SIGNATURE_FAILURE
-
X509_V_ERR_CRL_SIGNATURE_FAILURE
public static final int X509_V_ERR_CRL_SIGNATURE_FAILURE
-
X509_V_ERR_CERT_NOT_YET_VALID
public static final int X509_V_ERR_CERT_NOT_YET_VALID
-
X509_V_ERR_CERT_HAS_EXPIRED
public static final int X509_V_ERR_CERT_HAS_EXPIRED
-
X509_V_ERR_CRL_NOT_YET_VALID
public static final int X509_V_ERR_CRL_NOT_YET_VALID
-
X509_V_ERR_CRL_HAS_EXPIRED
public static final int X509_V_ERR_CRL_HAS_EXPIRED
-
X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD
public static final int X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD
-
X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD
public static final int X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD
-
X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD
public static final int X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD
-
X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD
public static final int X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD
-
X509_V_ERR_OUT_OF_MEM
public static final int X509_V_ERR_OUT_OF_MEM
-
X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
public static final int X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
-
X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
public static final int X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
-
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
public static final int X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
-
X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
public static final int X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
-
X509_V_ERR_CERT_CHAIN_TOO_LONG
public static final int X509_V_ERR_CERT_CHAIN_TOO_LONG
-
X509_V_ERR_CERT_REVOKED
public static final int X509_V_ERR_CERT_REVOKED
-
X509_V_ERR_INVALID_CA
public static final int X509_V_ERR_INVALID_CA
-
X509_V_ERR_PATH_LENGTH_EXCEEDED
public static final int X509_V_ERR_PATH_LENGTH_EXCEEDED
-
X509_V_ERR_INVALID_PURPOSE
public static final int X509_V_ERR_INVALID_PURPOSE
-
X509_V_ERR_CERT_UNTRUSTED
public static final int X509_V_ERR_CERT_UNTRUSTED
-
X509_V_ERR_CERT_REJECTED
public static final int X509_V_ERR_CERT_REJECTED
-
X509_V_ERR_SUBJECT_ISSUER_MISMATCH
public static final int X509_V_ERR_SUBJECT_ISSUER_MISMATCH
-
X509_V_ERR_AKID_SKID_MISMATCH
public static final int X509_V_ERR_AKID_SKID_MISMATCH
-
X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH
public static final int X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH
-
X509_V_ERR_KEYUSAGE_NO_CERTSIGN
public static final int X509_V_ERR_KEYUSAGE_NO_CERTSIGN
-
X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER
public static final int X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER
-
X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION
public static final int X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION
-
X509_V_ERR_KEYUSAGE_NO_CRL_SIGN
public static final int X509_V_ERR_KEYUSAGE_NO_CRL_SIGN
-
X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION
public static final int X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION
-
X509_V_ERR_INVALID_NON_CA
public static final int X509_V_ERR_INVALID_NON_CA
-
X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED
public static final int X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED
-
X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE
public static final int X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE
-
X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED
public static final int X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED
-
X509_V_ERR_INVALID_EXTENSION
public static final int X509_V_ERR_INVALID_EXTENSION
-
X509_V_ERR_INVALID_POLICY_EXTENSION
public static final int X509_V_ERR_INVALID_POLICY_EXTENSION
-
X509_V_ERR_NO_EXPLICIT_POLICY
public static final int X509_V_ERR_NO_EXPLICIT_POLICY
-
X509_V_ERR_DIFFERENT_CRL_SCOPE
public static final int X509_V_ERR_DIFFERENT_CRL_SCOPE
-
X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE
public static final int X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE
-
X509_V_ERR_UNNESTED_RESOURCE
public static final int X509_V_ERR_UNNESTED_RESOURCE
-
X509_V_ERR_PERMITTED_VIOLATION
public static final int X509_V_ERR_PERMITTED_VIOLATION
-
X509_V_ERR_EXCLUDED_VIOLATION
public static final int X509_V_ERR_EXCLUDED_VIOLATION
-
X509_V_ERR_SUBTREE_MINMAX
public static final int X509_V_ERR_SUBTREE_MINMAX
-
X509_V_ERR_APPLICATION_VERIFICATION
public static final int X509_V_ERR_APPLICATION_VERIFICATION
-
X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE
public static final int X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE
-
X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX
public static final int X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX
-
X509_V_ERR_UNSUPPORTED_NAME_SYNTAX
public static final int X509_V_ERR_UNSUPPORTED_NAME_SYNTAX
-
X509_V_ERR_CRL_PATH_VALIDATION_ERROR
public static final int X509_V_ERR_CRL_PATH_VALIDATION_ERROR
-
X509_V_ERR_PATH_LOOP
public static final int X509_V_ERR_PATH_LOOP
-
X509_V_ERR_SUITE_B_INVALID_VERSION
public static final int X509_V_ERR_SUITE_B_INVALID_VERSION
-
X509_V_ERR_SUITE_B_INVALID_ALGORITHM
public static final int X509_V_ERR_SUITE_B_INVALID_ALGORITHM
-
X509_V_ERR_SUITE_B_INVALID_CURVE
public static final int X509_V_ERR_SUITE_B_INVALID_CURVE
-
X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM
public static final int X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM
-
X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED
public static final int X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED
-
X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256
public static final int X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256
-
X509_V_ERR_HOSTNAME_MISMATCH
public static final int X509_V_ERR_HOSTNAME_MISMATCH
-
X509_V_ERR_EMAIL_MISMATCH
public static final int X509_V_ERR_EMAIL_MISMATCH
-
X509_V_ERR_IP_ADDRESS_MISMATCH
public static final int X509_V_ERR_IP_ADDRESS_MISMATCH
-
X509_V_ERR_DANE_NO_MATCH
public static final int X509_V_ERR_DANE_NO_MATCH
-
ERRORS
private static final java.util.Set<java.lang.Integer> ERRORS
-
-
Method Detail
-
isValid
public static boolean isValid(int errorCode)
Returns true if the givenerrorCode
is valid,false
otherwise.
-
verify
public abstract int verify(long ssl, byte[][] x509, java.lang.String authAlgorithm)
Returnstrue
if the passed in certificate chain could be verified and so the handshake should be successful,false
otherwise.- Parameters:
ssl
- the SSL instancex509
- theX509
certificate chainauthAlgorithm
- the auth algorithm- Returns:
- verified
true
if verified successful,false
otherwise
-
-