/** * Create an SSLSocketfactory from the credentials in the specified Subject. This method extracts * a X509CertificateChain from the public credentials and uses the certificate chain and private * key found there to set up a KeyStore for the SSLSocketFactory. * * @param s * @return an SSLSocketFactory, or null if no X509CertificateChain can be found */ public static SSLSocketFactory getSocketFactory(Subject s) { X509CertificateChain chain = null; if (s != null) { Set<X509CertificateChain> certs = s.getPublicCredentials(X509CertificateChain.class); for (X509CertificateChain cc : certs) { if (cc.getKey() != null) { chain = cc; break; } } } if (chain == null) return null; return getSocketFactory(chain); }
/** * Checks whether the subject's certificate credentials are valid at a given date. If date is * missing, current time is used as reference. * * @param subject Subject to check * @param date Date the certificate is verified against. If null, the credentials are verified * against current time. * @throws CertificateException Subject has no associated certificate credentials or there is a * problem with the existing certificate. * @throws CertificateExpiredException Certificate is expired. * @throws CertificateNotYetValidException Certificate not valid yet. */ public static void validateSubject(Subject subject, Date date) throws CertificateException, CertificateExpiredException, CertificateNotYetValidException { if (subject != null) { Set<X509CertificateChain> certs = subject.getPublicCredentials(X509CertificateChain.class); if (certs.size() == 0) { // subject without certs throw new CertificateException("No certificates associated with subject"); } X509CertificateChain chain = certs.iterator().next(); for (X509Certificate c : chain.getChain()) { if (date != null) { c.checkValidity(date); } else { c.checkValidity(); } } } }
public static SSLSocketFactory getSocketFactory(X509CertificateChain chain) { KeyStore ts = null; KeyStore ks = null; if (chain != null) ks = getKeyStore(chain.getChain(), chain.getPrivateKey()); return getSocketFactory(ks, ts); }