@Override public X509Certificate[] getAcceptedIssuers() { TlsTmSecurityCallback<X509Certificate> callback = tlstm.getSecurityCallback(); X509Certificate[] accepted = trustManager.getAcceptedIssuers(); if ((accepted != null) && (callback != null)) { ArrayList<X509Certificate> acceptedIssuers = new ArrayList<X509Certificate>(accepted.length); for (X509Certificate cert : accepted) { if (callback.isAcceptedIssuer(cert)) { acceptedIssuers.add(cert); } } return acceptedIssuers.toArray(new X509Certificate[acceptedIssuers.size()]); } return accepted; }
private void postCheckServerTrusted(X509Certificate[] x509Certificates) throws CertificateException { TlsTmSecurityCallback<X509Certificate> callback = tlstm.getSecurityCallback(); if (useClientMode && (callback != null)) { if (!callback.isServerCertificateAccepted(x509Certificates)) { logger.info("Server is NOT trusted with certificate '"+ Arrays.asList(x509Certificates)+"'"); throw new CertificateException("Server's certificate is not trusted by this application (although it was trusted by the JRE): "+ Arrays.asList(x509Certificates)); } } }
private boolean checkClientTrustedIntern(X509Certificate[] x509Certificates) { if ((tmStateReference != null) && (tmStateReference.getCertifiedIdentity() != null)) { OctetString fingerprint = tmStateReference.getCertifiedIdentity().getClientFingerprint(); if (isMatchingFingerprint(x509Certificates, fingerprint)) { return true; } } TlsTmSecurityCallback<X509Certificate> callback = tlstm.getSecurityCallback(); if (!useClientMode && (callback != null)) { if (callback.isClientCertificateAccepted(x509Certificates[0])) { if (logger.isInfoEnabled()) { logger.info("Client is trusted with certificate '"+x509Certificates[0]+"'"); } return true; } } return false; }