public abstract class CertificateVerifier
extends java.lang.Object
SSL_CTX_set_cert_verify_callback.
IMPORTANT: Implementations of this interface should be static as it is stored as a global reference via JNI. This
means if you use an inner / anonymous class to implement this and also depend on the finalizer of the
class to free up the SSLContext the finalizer will never run as the object is never GC, due the hard
reference to the enclosing class. This will most likely result in a memory leak.| 构造器和说明 |
|---|
CertificateVerifier() |
| 限定符和类型 | 方法和说明 |
|---|---|
static boolean |
isValid(int errorCode)
Returns
errorCode is valid, false otherwise. |
abstract int |
verify(long ssl,
byte[][] x509,
java.lang.String authAlgorithm)
Returns
true if the passed in certificate chain could be verified and so the handshake
should be successful, false otherwise. |
public static final int X509_V_OK
public static final int X509_V_ERR_UNSPECIFIED
public static final int X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT
public static final int X509_V_ERR_UNABLE_TO_GET_CRL
public static final int X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE
public static final int X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE
public static final int X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY
public static final int X509_V_ERR_CERT_SIGNATURE_FAILURE
public static final int X509_V_ERR_CRL_SIGNATURE_FAILURE
public static final int X509_V_ERR_CERT_NOT_YET_VALID
public static final int X509_V_ERR_CERT_HAS_EXPIRED
public static final int X509_V_ERR_CRL_NOT_YET_VALID
public static final int X509_V_ERR_CRL_HAS_EXPIRED
public static final int X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD
public static final int X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD
public static final int X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD
public static final int X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD
public static final int X509_V_ERR_OUT_OF_MEM
public static final int X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
public static final int X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
public static final int X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
public static final int X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
public static final int X509_V_ERR_CERT_CHAIN_TOO_LONG
public static final int X509_V_ERR_CERT_REVOKED
public static final int X509_V_ERR_INVALID_CA
public static final int X509_V_ERR_PATH_LENGTH_EXCEEDED
public static final int X509_V_ERR_INVALID_PURPOSE
public static final int X509_V_ERR_CERT_UNTRUSTED
public static final int X509_V_ERR_CERT_REJECTED
public static final int X509_V_ERR_SUBJECT_ISSUER_MISMATCH
public static final int X509_V_ERR_AKID_SKID_MISMATCH
public static final int X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH
public static final int X509_V_ERR_KEYUSAGE_NO_CERTSIGN
public static final int X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER
public static final int X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION
public static final int X509_V_ERR_KEYUSAGE_NO_CRL_SIGN
public static final int X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION
public static final int X509_V_ERR_INVALID_NON_CA
public static final int X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED
public static final int X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE
public static final int X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED
public static final int X509_V_ERR_INVALID_EXTENSION
public static final int X509_V_ERR_INVALID_POLICY_EXTENSION
public static final int X509_V_ERR_NO_EXPLICIT_POLICY
public static final int X509_V_ERR_DIFFERENT_CRL_SCOPE
public static final int X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE
public static final int X509_V_ERR_UNNESTED_RESOURCE
public static final int X509_V_ERR_PERMITTED_VIOLATION
public static final int X509_V_ERR_EXCLUDED_VIOLATION
public static final int X509_V_ERR_SUBTREE_MINMAX
public static final int X509_V_ERR_APPLICATION_VERIFICATION
public static final int X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE
public static final int X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX
public static final int X509_V_ERR_UNSUPPORTED_NAME_SYNTAX
public static final int X509_V_ERR_CRL_PATH_VALIDATION_ERROR
public static final int X509_V_ERR_PATH_LOOP
public static final int X509_V_ERR_SUITE_B_INVALID_VERSION
public static final int X509_V_ERR_SUITE_B_INVALID_ALGORITHM
public static final int X509_V_ERR_SUITE_B_INVALID_CURVE
public static final int X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM
public static final int X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED
public static final int X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256
public static final int X509_V_ERR_HOSTNAME_MISMATCH
public static final int X509_V_ERR_EMAIL_MISMATCH
public static final int X509_V_ERR_IP_ADDRESS_MISMATCH
public static final int X509_V_ERR_DANE_NO_MATCH
public static boolean isValid(int errorCode)
errorCode is valid, false otherwise.public abstract int verify(long ssl,
byte[][] x509,
java.lang.String authAlgorithm)
true if the passed in certificate chain could be verified and so the handshake
should be successful, false otherwise.ssl - the SSL instancex509 - the X509 certificate chainauthAlgorithm - the auth algorithmtrue if verified successful, false otherwise