Package org.apache.tomcat.jni
Interface CertificateVerifier
-
public interface CertificateVerifier
Is called during handshake and hooked into openssl viaSSL_CTX_set_cert_verify_callback
. IMPORTANT: Implementations of this interface should be static as it is stored as a global reference via JNI. This means if you use an inner / anonymous class to implement this and also depend on the finalizer of the class to free up the SSLContext the finalizer will never run as the object is never GC, due the hard reference to the enclosing class. This will most likely result in a memory leak.
-
-
Field Summary
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description int
verify(long ssl, byte[][] x509, String authAlgorithm)
Returnstrue
if the passed in certificate chain could be verified and so the handshake should be successful,false
otherwise.
-
-
-
Field Detail
-
X509_V_OK
static final int X509_V_OK
- See Also:
- Constant Field Values
-
X509_V_ERR_UNSPECIFIED
static final int X509_V_ERR_UNSPECIFIED
- See Also:
- Constant Field Values
-
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT
static final int X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT
- See Also:
- Constant Field Values
-
X509_V_ERR_UNABLE_TO_GET_CRL
static final int X509_V_ERR_UNABLE_TO_GET_CRL
- See Also:
- Constant Field Values
-
X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE
static final int X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE
- See Also:
- Constant Field Values
-
X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE
static final int X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE
- See Also:
- Constant Field Values
-
X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY
static final int X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY
- See Also:
- Constant Field Values
-
X509_V_ERR_CERT_SIGNATURE_FAILURE
static final int X509_V_ERR_CERT_SIGNATURE_FAILURE
- See Also:
- Constant Field Values
-
X509_V_ERR_CRL_SIGNATURE_FAILURE
static final int X509_V_ERR_CRL_SIGNATURE_FAILURE
- See Also:
- Constant Field Values
-
X509_V_ERR_CERT_NOT_YET_VALID
static final int X509_V_ERR_CERT_NOT_YET_VALID
- See Also:
- Constant Field Values
-
X509_V_ERR_CERT_HAS_EXPIRED
static final int X509_V_ERR_CERT_HAS_EXPIRED
- See Also:
- Constant Field Values
-
X509_V_ERR_CRL_NOT_YET_VALID
static final int X509_V_ERR_CRL_NOT_YET_VALID
- See Also:
- Constant Field Values
-
X509_V_ERR_CRL_HAS_EXPIRED
static final int X509_V_ERR_CRL_HAS_EXPIRED
- See Also:
- Constant Field Values
-
X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD
static final int X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD
- See Also:
- Constant Field Values
-
X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD
static final int X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD
- See Also:
- Constant Field Values
-
X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD
static final int X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD
- See Also:
- Constant Field Values
-
X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD
static final int X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD
- See Also:
- Constant Field Values
-
X509_V_ERR_OUT_OF_MEM
static final int X509_V_ERR_OUT_OF_MEM
- See Also:
- Constant Field Values
-
X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
static final int X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
- See Also:
- Constant Field Values
-
X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
static final int X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
- See Also:
- Constant Field Values
-
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
static final int X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
- See Also:
- Constant Field Values
-
X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
static final int X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
- See Also:
- Constant Field Values
-
X509_V_ERR_CERT_CHAIN_TOO_LONG
static final int X509_V_ERR_CERT_CHAIN_TOO_LONG
- See Also:
- Constant Field Values
-
X509_V_ERR_CERT_REVOKED
static final int X509_V_ERR_CERT_REVOKED
- See Also:
- Constant Field Values
-
X509_V_ERR_INVALID_CA
static final int X509_V_ERR_INVALID_CA
- See Also:
- Constant Field Values
-
X509_V_ERR_PATH_LENGTH_EXCEEDED
static final int X509_V_ERR_PATH_LENGTH_EXCEEDED
- See Also:
- Constant Field Values
-
X509_V_ERR_INVALID_PURPOSE
static final int X509_V_ERR_INVALID_PURPOSE
- See Also:
- Constant Field Values
-
X509_V_ERR_CERT_UNTRUSTED
static final int X509_V_ERR_CERT_UNTRUSTED
- See Also:
- Constant Field Values
-
X509_V_ERR_CERT_REJECTED
static final int X509_V_ERR_CERT_REJECTED
- See Also:
- Constant Field Values
-
X509_V_ERR_SUBJECT_ISSUER_MISMATCH
static final int X509_V_ERR_SUBJECT_ISSUER_MISMATCH
- See Also:
- Constant Field Values
-
X509_V_ERR_AKID_SKID_MISMATCH
static final int X509_V_ERR_AKID_SKID_MISMATCH
- See Also:
- Constant Field Values
-
X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH
static final int X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH
- See Also:
- Constant Field Values
-
X509_V_ERR_KEYUSAGE_NO_CERTSIGN
static final int X509_V_ERR_KEYUSAGE_NO_CERTSIGN
- See Also:
- Constant Field Values
-
X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER
static final int X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER
- See Also:
- Constant Field Values
-
X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION
static final int X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION
- See Also:
- Constant Field Values
-
X509_V_ERR_KEYUSAGE_NO_CRL_SIGN
static final int X509_V_ERR_KEYUSAGE_NO_CRL_SIGN
- See Also:
- Constant Field Values
-
X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION
static final int X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION
- See Also:
- Constant Field Values
-
X509_V_ERR_INVALID_NON_CA
static final int X509_V_ERR_INVALID_NON_CA
- See Also:
- Constant Field Values
-
X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED
static final int X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED
- See Also:
- Constant Field Values
-
X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE
static final int X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE
- See Also:
- Constant Field Values
-
X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED
static final int X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED
- See Also:
- Constant Field Values
-
X509_V_ERR_INVALID_EXTENSION
static final int X509_V_ERR_INVALID_EXTENSION
- See Also:
- Constant Field Values
-
X509_V_ERR_INVALID_POLICY_EXTENSION
static final int X509_V_ERR_INVALID_POLICY_EXTENSION
- See Also:
- Constant Field Values
-
X509_V_ERR_NO_EXPLICIT_POLICY
static final int X509_V_ERR_NO_EXPLICIT_POLICY
- See Also:
- Constant Field Values
-
X509_V_ERR_DIFFERENT_CRL_SCOPE
static final int X509_V_ERR_DIFFERENT_CRL_SCOPE
- See Also:
- Constant Field Values
-
X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE
static final int X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE
- See Also:
- Constant Field Values
-
X509_V_ERR_UNNESTED_RESOURCE
static final int X509_V_ERR_UNNESTED_RESOURCE
- See Also:
- Constant Field Values
-
X509_V_ERR_PERMITTED_VIOLATION
static final int X509_V_ERR_PERMITTED_VIOLATION
- See Also:
- Constant Field Values
-
X509_V_ERR_EXCLUDED_VIOLATION
static final int X509_V_ERR_EXCLUDED_VIOLATION
- See Also:
- Constant Field Values
-
X509_V_ERR_SUBTREE_MINMAX
static final int X509_V_ERR_SUBTREE_MINMAX
- See Also:
- Constant Field Values
-
X509_V_ERR_APPLICATION_VERIFICATION
static final int X509_V_ERR_APPLICATION_VERIFICATION
- See Also:
- Constant Field Values
-
X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE
static final int X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE
- See Also:
- Constant Field Values
-
X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX
static final int X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX
- See Also:
- Constant Field Values
-
X509_V_ERR_UNSUPPORTED_NAME_SYNTAX
static final int X509_V_ERR_UNSUPPORTED_NAME_SYNTAX
- See Also:
- Constant Field Values
-
X509_V_ERR_CRL_PATH_VALIDATION_ERROR
static final int X509_V_ERR_CRL_PATH_VALIDATION_ERROR
- See Also:
- Constant Field Values
-
X509_V_ERR_PATH_LOOP
static final int X509_V_ERR_PATH_LOOP
- See Also:
- Constant Field Values
-
X509_V_ERR_SUITE_B_INVALID_VERSION
static final int X509_V_ERR_SUITE_B_INVALID_VERSION
- See Also:
- Constant Field Values
-
X509_V_ERR_SUITE_B_INVALID_ALGORITHM
static final int X509_V_ERR_SUITE_B_INVALID_ALGORITHM
- See Also:
- Constant Field Values
-
X509_V_ERR_SUITE_B_INVALID_CURVE
static final int X509_V_ERR_SUITE_B_INVALID_CURVE
- See Also:
- Constant Field Values
-
X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM
static final int X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM
- See Also:
- Constant Field Values
-
X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED
static final int X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED
- See Also:
- Constant Field Values
-
X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256
static final int X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256
- See Also:
- Constant Field Values
-
X509_V_ERR_HOSTNAME_MISMATCH
static final int X509_V_ERR_HOSTNAME_MISMATCH
- See Also:
- Constant Field Values
-
X509_V_ERR_EMAIL_MISMATCH
static final int X509_V_ERR_EMAIL_MISMATCH
- See Also:
- Constant Field Values
-
X509_V_ERR_IP_ADDRESS_MISMATCH
static final int X509_V_ERR_IP_ADDRESS_MISMATCH
- See Also:
- Constant Field Values
-
X509_V_ERR_DANE_NO_MATCH
static final int X509_V_ERR_DANE_NO_MATCH
- See Also:
- Constant Field Values
-
-
Method Detail
-
verify
int verify(long ssl, byte[][] x509, String authAlgorithm)
Returnstrue
if the passed in certificate chain could be verified and so the handshake should be successful,false
otherwise.- Parameters:
ssl
- the SSL instancex509
- theX509
certificate chainauthAlgorithm
- the auth algorithm- Returns:
- verified
true
if verified successful,false
otherwise
-
-