|
|||||||||
| PREV NEXT | FRAMES NO FRAMES | ||||||||
SURFCAInitDialog receives an
ActionEvent.
TrustCert.
KeyManager for the given CryptoStore
parameter.
SURFCAHttps.AUTH_URL_PROPERTY.
"https://knikker.surfnet.nl/onlineca/x509.php?hash=" or just
"?hash=" as its value.
SURFCAInitDialog.actionPerformed(ActionEvent).
SURFCAInitDialog.actionPerformed(ActionEvent).
SURFCAInitDialog.actionPerformed(ActionEvent).
CardLayout),
changed using SURFCAInitDialog.actionPerformed(ActionEvent).
String representation of the given
byte[] array.
SerialPanel is taken from here.
CAConnection to the url specified by
String CA_URL.
CAHttps, this is the same as CAHttps.CAHttps(boolean) with the value true.
CAHttps with or without creating a
Certificate Signing Request (CSR) in the internal CryptoStore.
CAHttps and changes
stdout/stdin to the streams specified.
CAHttps, changes
stdout/stdin to the streams specified, with or without
creating a Certificate Signing Request (CSR) in the
internal CryptoStore.
HttpsURLConnection, can be retrieved using CAHttps.getCAHttpsCertNo().
HttxURLConnection, can be retrieved using CAHttps.getCAHttxCertNo().
CertPanel)
and a panel with buttons to set or reset the default SSLSocketFactory for HttpsURLConnection
and/or HttxURLConnection (SerialPanel).CAPanel with a CertPanel and one or more
SerialPanel for HttpsURLConnection and/or
HttxURLConnection.
CardLayout),
changed using SURFCAInitDialog.actionPerformed(ActionEvent).
CAPanel in a popup window; this contains
information about the CAHttps.CryptoStore.keyStore containing the privatekey
and certificate.
SURFCAHttps.CERT_URL_PROPERTY.
"https://knikker.surfnet.nl/onlineca/x509.php" as
its value.
X509Certificate chain.certFactory is needed to make a CertPath object
from a X509Certificate[]CAHttps.CertPanel, containing a table with information
about the certificate in given caHttps.
certValidator is doing the actual validation, initialized
at startup using CertChainChecker.initCertValidator().
String describing the error causing the chain validation to
fail.
Date represention of the latest
notBefore.
notBefore or -1 for unset.
notBefore.
Date represention of the earliest
notAfter.
notAfter or -1 for unset.
notAfter.
hostName.
TrustManagerImpl.setHostname(String).
null for unset),
can be set using HttxURLConnection.setClientExpireDate(Date).
HttxURLConnection.setExpire(String).
HttxURLConnection.setExpireWarnTime(String).
PKCS12Https.PKCS12Communicator to be used, can be set using PKCS12Https.setCommunicator(String).
SURFCAHttps.SURFCACommunicator to be used for this instance, either
equal to SURFCAHttps.defaultComm or set using the constructor SURFCAHttps.SURFCAHttps(SURFCACommunicator).
HttxURLConnection.HttxClientCommunicator used for communication about client
certificate expiry, can be set using HttxURLConnection.setCommunicator(String).
TrustManagerImpl.TrustCommunicator to be used, can be set using TrustManagerImpl.setCommunicator(String).
PKCS12Https.PKCS12Communicator to use:
"nl.nikhef.slcshttps.comm".
SURFCAHttps.SURFCACommunicator to use:
"nl.nikhef.slcshttps.comm".
HttxURLConnection.setCommunicator(String).
HttxURLConnection.setCommunicator(String).
TrustManagerImpl.setCommunicator(String).
HttxURLConnection.
Status.
Status.
SSLSocketFactory for a
given CryptoStore containing a client certificate and corresponding
private key, this is the input needed for setting up Client Side
authentication during SSL setup.CryptoSSL, initializing
the CryptoSSL.keyManagers field using the given CryptoStore, while
using the default TrustManager.
CryptoSSL, initializing
the CryptoSSL.keyManagers field using the given CryptoStore,
parameter and the CryptoSSL.trustManagers field using the given
TrustManager.
CSR), certificate.
PrivateKey/PublicKey), certificate signing request
(CSR) and a KeyStore containg the signed X509Certificate.CryptoStore, using a RSA keylength
keyLen.
CryptoStore, using a default RSA keylength
1024.
CryptoStore.CSRinit() or CryptoStore.CSRinit(String), can be obtained using CryptoStore.getCSR().
subjectDN.
CSR.DUMMY_DN (="C=X, O=Y, CN=Z").
CSR) for the given
DN.
CSR) with a default DN.
SURFCAHttps.SURFCACommunicator to be used for new instances of
SURFCAHttps, can be set using SURFCAHttps.setCommunicator(String).
SSLSocketFactory for a HttpsURLConnection, so that we can revert to it.
SSLSocketFactory for a HttxURLConnection, so that we can revert to it.
SSLSocketFactory, is initialized with an empty set of
KeyManager and a TrustManagerImpl.
KeyStore which was stored with
the given alias.
KeyStore which was stored with
the default alias CryptoStore.CERT_ALIAS.
HttxURLConnection, which also resets
the hostname and portnumber for the TrustManagerImpl.
HttpsURLConnection to
stringURL and dump the server response to stdout.
TrustCerts, which are
considered equal when their server certificate (first in chain) is equal.
X509Certificate.
Throwable.getMessage()
from e (when non-null).
Throwable.getMessage() from e (if
non-null).
Throwable.getMessage() from
e (when non-null) on stderr.
Exception (when non-null).
true when one of the certificates in the chain is
expired.
HttxURLConnection.EXPIRETIMEPROP, can be overridden using HttxURLConnection.setExpire(String).
HttxURLConnection.EXPIREPROP, can be overridden using
HttxURLConnection.setExpireWarnTime(String).
javax.swing.filechooser.FileNameExtensionFilter which is only
available in JDK1.6 onwards.FileNameExtFilter with the specified
description and file name extensions.
JFileChooser.String describing all the errors for given
alias, using its stored Status.
JPanel containing the activate/deactivate buttons.
JPanel with two cards (a single and a double
button card) in a CardLayout, containing the different buttons
for the textcards.
SSLSocketFactory in setting up a HttpsURLConnection.
SSLSocketFactory in setting up a HttxURLConnection.
JPanel with all the different textcards (CardLayout).
X509Certificate from the open connection,
expecting content-type "application/pkix-cert".
X509Certificate currently in the
internal CryptoStore.
X509Certificate which was stored with given
alias, if this alias is for a KeyEntry (which comes with a certificate chain), the first certificate
in the chain is returned.
X509Certificate which was stored using the default
CryptoStore.CERT_ALIAS alias, if this alias is for a KeyEntry (which comes with a certificate
chain), the first certificate in the chain is returned.
CertPath object for the given array of X509Certificate.
Date of the client side certificate,
null for no certificate.
PKCS12Https.PKCS12Communicator used for user interaction.
SURFCAHttps.SURFCACommunicator used for user
interaction.
HttxURLConnection.HttxClientCommunicator used for user
interaction.
TrustManagerImpl.TrustCommunicator used for user interaction.
CSR.
URLConnection.getDefaultAllowUserInteraction().
HostnameVerifier for
HttxURLConnection.
SSLSocketFactory for
HttxURLConnection.
SURFCAInitDialog.
String array, one for each error for the current
connection, using the data in the TrustCert.status field.
JFileChooser) in the default
directory for the user.
JFileChooser) in the specified
directory.
stdout and ConsoleTools.readLine().
URLConnection.getFileNameMap().
HttpURLConnection.getFollowRedirects().
HostnameVerifier for
HttxURLConnection.
HostnameChecker instance of the right type.
KeyManager[] array which can be used for, for example,
setting up SSL connections.
CAHttps.maskHttps.
String array, one for each known alias, each
containing a list of all the errors for that alias.
length from the set
[a-zA-Z0-9].
JPasswordField.
ConsoleTools.getPassword(String).
InputStream.
String form, note that the output
is only stored when it couldn't be interpreted as X509Certificate.
responseCode.
CAHttps for
either HttxURLConnection (when
httx is true) or
HttpsURLConnection (otherwise).
BigInteger certificate serial number
into a String of the form 89:ab:12.
CAHttps.showSuccess.
PKCS12Https.showSuccess.
SURFCAHttps.showSuccess.
SSLSocketFactory, which provides both key and trust
material during the setting up of an SSL session.
CAHttps.
CAHttps.useHttps.
CAHttps.useHttx.
URLConnection.guessContentTypeFromName(String).
URLConnection.guessContentTypeFromStream(InputStream).
URL.
HostnameChecker for type
checkType.
HostnameChecker used for checking the hostnames.
HostnameVerifier, is initialized to a trivial one, since
all functionality is in the TrustManagerImpl.
HttpURLConnection or HttpsURLConnection.
HttxURLConnection and/or HttpsURLConnection.
HttxURLConnection.HttxClientCommunicator using
popup windows.HttpsURLConnection that can use a TrustManager that not only can check the certificate chain but also the
hostname against the server certificate.HttxURLConnection from given HttpURLConnection or HttpsURLConnection (a subclass of the
former).
HttxURLConnection to url.
HttxURLConnection communication about client
certificate expiration.stdio/stderr for I/O.X509Certificate and keypair from an existing PKCS12
KeyStore protected with password.
CryptoSSL.keyManagers field using the give CryptoStore and the CryptoSSL.trustManagers field to use the default
TrustManager.
CryptoSSL.keyManagers and CryptoSSL.trustManagers fields
using the given CryptoStore and TrustManager parameters.
CertificateFactory.
CertPathValidator.
path denotes a directory, entering the password
and reading in the PKCS12 file.
path denotes a directory reading in the PKCS12
file using the specified password.
CSR via a HTTP GET to a URL, constructed using
the property "nl.nikhef.slcshttps.AUTH_URL", using a webbrowser, which then
redirects via Shibboleth to a Shibboleth IdP.
CSR via a HTTP GET to a URL, constructed using
the parameter authURL using a webbrowser, which then
redirects via Shibboleth to a Shibboleth IdP.
PKIXBuilderParameters for CertPathValidator.
DefaultTableModel.isCellEditable(int,int), always
returning false.
src is an IPv4 address.
src is an IPv6 address.
KeyManagers to be used for client side
authentication.
X509Certificate and corresponding
PrivateKey.
mask.
CAPanel, what is actually
shown by this SerialPanel is determined by the parameter in
SerialPanel.SerialPanel(CAHttps,boolean), masking means: show only Httx
status, but update both Https and Httx.
X509Certificate against the given
expectedName.
true when the hostname is valid for the certificate.
nl.nikhef.slcshttps and nl.nikhef.slcshttps.trust.DefaultTableModel except the default
is NOT to allow editing of the cells.NonEditableDefaultTableModel.
NonEditableDefaultTableModel with
rowCount rows and columnCount columns.
true when one of the certificates in the chain is
not yet valid.
CAHttps instance passed into the constructor, used when
initialization fails or is aborted, to revert.
HttxURLConnection for given
url.
java.awt.Desktop.getDesktop().browse(new URI(url)) method,
if that fails the action is platform dependent.
JOptionPane.
CryptoStore.keyStore, initialized in constructor to a
random value.
CryptoStore.password is 16.
java.io.Console.readPassword().String.
abstract CAHttps for importing a
PKCS12 file from disk.PKCS12Https.
PKCS12Https communication with the user.stdio/stderr for I/O.PKCS12Https.PKCS12Communicator using popup
windows.KeyStore which will hold the contents of the file.
PKIXParameters used by the CertChainChecker.certValidator, they use
the CertChainChecker.trustStore and are initialized at startup using CertChainChecker.initPKIXParameters().
URL.
String string to the opened URL using a HTTP POST with
content-type "application/x-www-form-urlencoded".
System.in).
TrustCert.
SSLSocketFactory for HttpsURLConnection to its startup default.
SSLSocketFactory for HttxURLConnection to its startup default.
SSLSocketFactory for HttpsURLConnection and/or HttpsURLConnection to their startup
defaults.
response is filled by CAConnection.storeResponse() when CAConnection.getCert() fails and can be retrieved using CAConnection.getResponse().
responseCode is set after posting data by
CAConnection.postString(String).
responseMessage is set after posting data by
CAConnection.postString(String).
SURFCAPopupComm.error(String,Exception) except that it is called
when an error occurs that might be fixed by the user.
SURFCAHttps.StdioComm.error(String,Exception) except that it is called
when an error occurs that might be fixed by the user.
SURFCAHttps.SURFCACommunicator.error(String,Exception) except that it is
called when an error occurs that might be fixed by the user.
Exception (when non-null) giving the user
the option to choose to retry.
SerialPanel.actButton and SerialPanel.deactButton.
SSLSocketFactory for HttpsURLConnection
or HttxURLConnection and and buttons to
change it.SerialPanel for either Httx or Https,
depending on the value of httx.
TrustCert.
Date of the client side certificate,
null for no certificate.
PKCS12Https.PKCS12Communicator to use for user interaction, it
checks whether the requested method is possible, otherwise use the
default.
SURFCAHttps.SURFCACommunicator to use for user interaction,
the actual communicator used for new instances of
SURFCAHttps can be overriden using the constructor SURFCAHttps.SURFCAHttps(SURFCACommunicator).
HttxURLConnection.HttxClientCommunicator based on
commInput.
TrustManagerImpl.TrustCommunicator based on
commInput.
URLConnection.setContentHandlerFactory(ContentHandlerFactory).
URLConnection.setDefaultAllowUserInteraction(boolean).
SSLSocketFactory for
HttxURLConnection.
URLConnection.setFileNameMap(FileNameMap).
HttpURLConnection.setFollowRedirects(boolean).
SSLSocketFactory for HttpsURLConnection such that it uses the certificate for client side
authentication.
SSLSocketFactory for HttxURLConnection such that it uses the certificate for client side
authentication.
CAHttps.showSuccess.
PKCS12Https.showSuccess.
SURFCAHttps.showSuccess.
SSLSocketFactory for HttxURLConnection and/or HttpsURLConnection such that they use
the certificate for client side authentication.
CAPanel,
what is actually shown by this SerialPanel is determined by
the parameter in SerialPanel.SerialPanel(CAHttps,boolean).
CAPanel for given
caHttps.
CAPanel, what is actually
shown by this SerialPanel is determined by the parameter in
SerialPanel.SerialPanel(CAHttps,boolean).
true.
CryptoStore.
X509Certificate x509Cert in the internal
CryptoStore.keyStore, using the constant alias CryptoStore.CERT_ALIAS and
random password CryptoStore.password.
pkcs12Store loaded in PKCS12Https.initialize() and putting it in the internal CryptoStore.
pkcs12Store loaded in PKCS12Https.initialize() and putting it in the internal CryptoStore;
it optionally sets the SSLSocketFactory.
pkcs12Store loaded in PKCS12Https.initialize() and putting it in the
internal CryptoStore; uses password for the
import password.
pkcs12Store loaded in PKCS12Https.initialize() and putting it in the internal CryptoStore; it
optionally sets the SSLSocketFactory and uses
password for the import password.
pkcs12Store loaded in PKCS12Https.initialize() and putting it in the internal CryptoStore; it
optionally sets the SSLSocketFactory and uses
passwordCharArr for the import password.
String
field CAConnection.response.
PKCS12Https.getShowSuccess() equals
true it will show a confirmation popup.
SURFCAInitDialog, for which it sets an appropriate text about the
Subject DN.
SURFCAHttps.getShowSuccess() equals
true, it will then show a confirmation popup.
PKCS12Https.getShowSuccess() equals
true it will print a confirmation.
SURFCAHttps.getShowSuccess() equals true, it
will then print a confirmation.
CAHttps, which is an instance of SURFCAHttps, but initially will be equal to the CAHttps
that is passed to the constructor; it can be retrieved using SURFCAInitDialog.getSURFCAHttps().
abstract CAHttps for obtaining a
certificate from the SURFnet online CA.SURFCAHttps object, which includes
creation of a Certificate Signing Request (CSR).
SURFCAHttps object and will use
communicator for communication with the user.
SURFCAHttps object and changes
stdout/stdin to the streams specified.
SURFCAHttps.SURFCACommunicator using simple text via
stdin/stderr/stdout.SURFCAHttps communication with the user.JDialog guiding the user through the
online CA handshake for a SURFCAHttps using a CardLayout.SURFCAInitDialog, which sets up the dialog for
the first stage, the next stages are reached using actions via SURFCAInitDialog.actionPerformed(ActionEvent).
SURFCAHttps.SURFCACommunicator which is needed since all communication is done
through the SURFCAInitDialog.SURFCAHttps.SURFCACommunicator using popup windows instead of
the default SURFCAHttps.StdioComm.TestSURFCA.main(String[]) method to test
SURFCAHttps and PKCS12Https.FileNameExtFilter.
TrustCert.
TrustCert from a X509Certificate
chain.
X509TrustManager which asks the user for
confirmation when something is wrong and in this process also checks whether
the hostname is valid for the certificate chain.TrustManagerImpl.
TrustManagerImpl and sets the global
hostName.
hostName
and portNumber.
stdio/stderr for I/O.TrustManagerImpl communication with the user.TrustManagers which provide authentication of
server side.
TrustManagerImpl.TrustCommunicator using popup
windows.KeyStore with trusted certificates, initialized at class
initialization using CertChainChecker.getCacertsKeyStore().
URL of the connection.
httx.
https.
X509Certificate chain.
X509Certificate chain for given date.
X509Certificate, either set using
constructor TrustCert.TrustCert(X509Certificate[]) or using
TrustCert.setCertChain(X509Certificate[]).
X509Certificate, either set
using constructor TrustCert.TrustCert(X509Certificate[]) or using
TrustCert.setCertChain(X509Certificate[]).
|
|||||||||
| PREV NEXT | FRAMES NO FRAMES | ||||||||
| nl.nikhef.slcshttps | Mischa Sallé - msalle(AT)nikhef.nl |