Package org.eclipse.osgi.service.security

Class TrustEngine

  • public abstract class TrustEngine
extends Object
    A TrustEngine is used to establish the authenticity of a Certificate chain.

    Clients may implement this interface.

    Since:
    3.4

    • Constructor Detail

      • TrustEngine

        public TrustEngine()

    • Method Detail

      • findTrustAnchor

        public abstract Certificate findTrustAnchor​(Certificate[] chain)
                                     throws IOException
        Returns the certificate trust anchor contained in the specified chain which was used to establish the authenticity of the chain. If no trust anchor is found in the chain then null is returned.
        Parameters:
        chain - - a complete or incomplete certificate chain, implementations *MAY* complete chains
        Returns:
        - the certificate trust anchor used to establish authenticity
        Throws:
        IOException - if there is a problem connecting to the backing store

      • addTrustAnchor

        public String addTrustAnchor​(Certificate anchor,
                             String alias)
                      throws IOException,
                             GeneralSecurityException
        Add a trust anchor point to this trust engine. A trust anchor implies that a certificate, and any of its children, is to be considered trusted. If null is used as the alias then an alias will be generated based on the trust anchor certificate.
        Parameters:
        anchor - - the certificate to add as an anchor point
        alias - - a unique and human-readable 'friendly name' which can be used to reference the certificate. A null value may be used.
        Returns:
        the alias used to store the entry
        Throws:
        IOException - if there is a problem connecting to the backing store
        GeneralSecurityException - if there is a certificate problem
        IllegalArgumentException - if the alias or anchor already exist in this trust engine

      • doAddTrustAnchor

        protected abstract String doAddTrustAnchor​(Certificate anchor,
                                           String alias)
                                    throws IOException,
                                           GeneralSecurityException
        Add a trust anchor point to this trust engine. A trust anchor implies that a certificate, and any of its children, is to be considered trusted. If null is used as the alias then an alias will be generated based on the trust anchor certificate.
        Parameters:
        anchor - - the certificate to add as an anchor point
        alias - - a unique and human-readable 'friendly name' which can be used to reference the certificate. A null value may be used.
        Returns:
        the alias used to store the entry
        Throws:
        IOException - if there is a problem connecting to the backing store
        GeneralSecurityException - if there is a certificate problem
        IllegalArgumentException - if the alias or anchor already exist in this trust engine

      • removeTrustAnchor

        public void removeTrustAnchor​(String alias)
                       throws IOException,
                              GeneralSecurityException
        Remove a trust anchor point from the engine, based on the human readable "friendly name"
        Parameters:
        alias - - the name of the trust anchor
        Throws:
        IOException - if there is a problem connecting to the backing store
        GeneralSecurityException - if there is a certificate problem

      • doRemoveTrustAnchor

        protected abstract void doRemoveTrustAnchor​(String alias)
                                     throws IOException,
                                            GeneralSecurityException
        Remove a trust anchor point from the engine, based on the human readable "friendly name"
        Parameters:
        alias - - the name of the trust anchor
        Throws:
        IOException - if there is a problem connecting to the backing store
        GeneralSecurityException - if there is a certificate problem

      • isReadOnly

        public abstract boolean isReadOnly()
        Return a value indicate whether this trust engine is read-only.
        Returns:
        true if this trust engine is read-only false otherwise.

      • getName

        public abstract String getName()
        Return a representation string of this trust engine
        Returns:
        a string