Interface CertificateVerifier


  • public interface CertificateVerifier
    Is called during handshake and hooked into openssl via SSL_CTX_set_cert_verify_callback. IMPORTANT: Implementations of this interface should be static as it is stored as a global reference via JNI. This means if you use an inner / anonymous class to implement this and also depend on the finalizer of the class to free up the SSLContext the finalizer will never run as the object is never GC, due the hard reference to the enclosing class. This will most likely result in a memory leak.
    • Field Detail

      • X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT

        static final int X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT
        See Also:
        Constant Field Values
      • X509_V_ERR_UNABLE_TO_GET_CRL

        static final int X509_V_ERR_UNABLE_TO_GET_CRL
        See Also:
        Constant Field Values
      • X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE

        static final int X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE
        See Also:
        Constant Field Values
      • X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE

        static final int X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE
        See Also:
        Constant Field Values
      • X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY

        static final int X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY
        See Also:
        Constant Field Values
      • X509_V_ERR_CERT_SIGNATURE_FAILURE

        static final int X509_V_ERR_CERT_SIGNATURE_FAILURE
        See Also:
        Constant Field Values
      • X509_V_ERR_CRL_SIGNATURE_FAILURE

        static final int X509_V_ERR_CRL_SIGNATURE_FAILURE
        See Also:
        Constant Field Values
      • X509_V_ERR_CERT_NOT_YET_VALID

        static final int X509_V_ERR_CERT_NOT_YET_VALID
        See Also:
        Constant Field Values
      • X509_V_ERR_CERT_HAS_EXPIRED

        static final int X509_V_ERR_CERT_HAS_EXPIRED
        See Also:
        Constant Field Values
      • X509_V_ERR_CRL_NOT_YET_VALID

        static final int X509_V_ERR_CRL_NOT_YET_VALID
        See Also:
        Constant Field Values
      • X509_V_ERR_CRL_HAS_EXPIRED

        static final int X509_V_ERR_CRL_HAS_EXPIRED
        See Also:
        Constant Field Values
      • X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD

        static final int X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD
        See Also:
        Constant Field Values
      • X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD

        static final int X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD
        See Also:
        Constant Field Values
      • X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD

        static final int X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD
        See Also:
        Constant Field Values
      • X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD

        static final int X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD
        See Also:
        Constant Field Values
      • X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT

        static final int X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
        See Also:
        Constant Field Values
      • X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN

        static final int X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
        See Also:
        Constant Field Values
      • X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY

        static final int X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
        See Also:
        Constant Field Values
      • X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE

        static final int X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
        See Also:
        Constant Field Values
      • X509_V_ERR_CERT_CHAIN_TOO_LONG

        static final int X509_V_ERR_CERT_CHAIN_TOO_LONG
        See Also:
        Constant Field Values
      • X509_V_ERR_PATH_LENGTH_EXCEEDED

        static final int X509_V_ERR_PATH_LENGTH_EXCEEDED
        See Also:
        Constant Field Values
      • X509_V_ERR_INVALID_PURPOSE

        static final int X509_V_ERR_INVALID_PURPOSE
        See Also:
        Constant Field Values
      • X509_V_ERR_SUBJECT_ISSUER_MISMATCH

        static final int X509_V_ERR_SUBJECT_ISSUER_MISMATCH
        See Also:
        Constant Field Values
      • X509_V_ERR_AKID_SKID_MISMATCH

        static final int X509_V_ERR_AKID_SKID_MISMATCH
        See Also:
        Constant Field Values
      • X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH

        static final int X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH
        See Also:
        Constant Field Values
      • X509_V_ERR_KEYUSAGE_NO_CERTSIGN

        static final int X509_V_ERR_KEYUSAGE_NO_CERTSIGN
        See Also:
        Constant Field Values
      • X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER

        static final int X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER
        See Also:
        Constant Field Values
      • X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION

        static final int X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION
        See Also:
        Constant Field Values
      • X509_V_ERR_KEYUSAGE_NO_CRL_SIGN

        static final int X509_V_ERR_KEYUSAGE_NO_CRL_SIGN
        See Also:
        Constant Field Values
      • X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION

        static final int X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION
        See Also:
        Constant Field Values
      • X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED

        static final int X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED
        See Also:
        Constant Field Values
      • X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE

        static final int X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE
        See Also:
        Constant Field Values
      • X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED

        static final int X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED
        See Also:
        Constant Field Values
      • X509_V_ERR_INVALID_EXTENSION

        static final int X509_V_ERR_INVALID_EXTENSION
        See Also:
        Constant Field Values
      • X509_V_ERR_INVALID_POLICY_EXTENSION

        static final int X509_V_ERR_INVALID_POLICY_EXTENSION
        See Also:
        Constant Field Values
      • X509_V_ERR_NO_EXPLICIT_POLICY

        static final int X509_V_ERR_NO_EXPLICIT_POLICY
        See Also:
        Constant Field Values
      • X509_V_ERR_DIFFERENT_CRL_SCOPE

        static final int X509_V_ERR_DIFFERENT_CRL_SCOPE
        See Also:
        Constant Field Values
      • X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE

        static final int X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE
        See Also:
        Constant Field Values
      • X509_V_ERR_UNNESTED_RESOURCE

        static final int X509_V_ERR_UNNESTED_RESOURCE
        See Also:
        Constant Field Values
      • X509_V_ERR_PERMITTED_VIOLATION

        static final int X509_V_ERR_PERMITTED_VIOLATION
        See Also:
        Constant Field Values
      • X509_V_ERR_EXCLUDED_VIOLATION

        static final int X509_V_ERR_EXCLUDED_VIOLATION
        See Also:
        Constant Field Values
      • X509_V_ERR_APPLICATION_VERIFICATION

        static final int X509_V_ERR_APPLICATION_VERIFICATION
        See Also:
        Constant Field Values
      • X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE

        static final int X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE
        See Also:
        Constant Field Values
      • X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX

        static final int X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX
        See Also:
        Constant Field Values
      • X509_V_ERR_UNSUPPORTED_NAME_SYNTAX

        static final int X509_V_ERR_UNSUPPORTED_NAME_SYNTAX
        See Also:
        Constant Field Values
      • X509_V_ERR_CRL_PATH_VALIDATION_ERROR

        static final int X509_V_ERR_CRL_PATH_VALIDATION_ERROR
        See Also:
        Constant Field Values
      • X509_V_ERR_SUITE_B_INVALID_VERSION

        static final int X509_V_ERR_SUITE_B_INVALID_VERSION
        See Also:
        Constant Field Values
      • X509_V_ERR_SUITE_B_INVALID_ALGORITHM

        static final int X509_V_ERR_SUITE_B_INVALID_ALGORITHM
        See Also:
        Constant Field Values
      • X509_V_ERR_SUITE_B_INVALID_CURVE

        static final int X509_V_ERR_SUITE_B_INVALID_CURVE
        See Also:
        Constant Field Values
      • X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM

        static final int X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM
        See Also:
        Constant Field Values
      • X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED

        static final int X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED
        See Also:
        Constant Field Values
      • X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256

        static final int X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256
        See Also:
        Constant Field Values
      • X509_V_ERR_HOSTNAME_MISMATCH

        static final int X509_V_ERR_HOSTNAME_MISMATCH
        See Also:
        Constant Field Values
      • X509_V_ERR_IP_ADDRESS_MISMATCH

        static final int X509_V_ERR_IP_ADDRESS_MISMATCH
        See Also:
        Constant Field Values
    • Method Detail

      • verify

        int verify​(long ssl,
                   byte[][] x509,
                   String authAlgorithm)
        Returns true if the passed in certificate chain could be verified and so the handshake should be successful, false otherwise.
        Parameters:
        ssl - the SSL instance
        x509 - the X509 certificate chain
        authAlgorithm - the auth algorithm
        Returns:
        verified true if verified successful, false otherwise