net.snowflake.client.core

Class SFTrustManager

java.lang.Object

javax.net.ssl.X509ExtendedTrustManager

net.snowflake.client.core.SFTrustManager

All Implemented Interfaces:

TrustManager, X509TrustManager

public class SFTrustManager
extends X509ExtendedTrustManager

SFTrustManager is a composite of TrustManager of the default JVM TrustManager and Snowflake OCSP revocation status checker. Use this when initializing SSLContext object.

 TrustManager[] trustManagers = {new SFTrustManager()};
 SSLContext sslContext = SSLContext.getInstance("TLS");
 sslContext.init(null, trustManagers, null);
 

Field Summary

Fields

Modifier and Type	Field and Description
static String	SF_OCSP_EVENT_TYPE_REVOKED_CERTIFICATE_ERROR OCSP event types
static String	SF_OCSP_EVENT_TYPE_VALIDATION_ERROR
static String	SF_OCSP_RESPONSE_CACHE_SERVER_ENABLED
static String	SF_OCSP_RESPONSE_CACHE_SERVER_URL Test System Parameters.
static String	SF_OCSP_TEST_INJECT_UNKNOWN_STATUS
static String	SF_OCSP_TEST_INJECT_VALIDITY_ERROR
static String	SF_OCSP_TEST_INVALID_SIGNING_CERT
static String	SF_OCSP_TEST_NO_OCSP_RESPONDER_URL
static String	SF_OCSP_TEST_OCSP_RESPONDER_TIMEOUT
static String	SF_OCSP_TEST_OCSP_RESPONSE_CACHE_SERVER_TIMEOUT
static String	SF_OCSP_TEST_RESPONDER_URL

Method Summary

Modifier and Type	Method and Description
void	checkClientTrusted(X509Certificate[] chain, String authType)
void	checkClientTrusted(X509Certificate[] chain, String authType, Socket socket)
void	checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine sslEngine)
void	checkServerTrusted(X509Certificate[] chain, String authType)
void	checkServerTrusted(X509Certificate[] chain, String authType, Socket socket)
void	checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine sslEngine)
static void	cleanTestSystemParameters()
static void	deleteCache() Deletes OCSP response cache file from disk.
X509Certificate[]	getAcceptedIssuers()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

SF_OCSP_RESPONSE_CACHE_SERVER_URL

public static final String SF_OCSP_RESPONSE_CACHE_SERVER_URL

Test System Parameters. Not used in the production

See Also:

Constant Field Values

SF_OCSP_RESPONSE_CACHE_SERVER_ENABLED

public static final String SF_OCSP_RESPONSE_CACHE_SERVER_ENABLED

See Also:

Constant Field Values

SF_OCSP_TEST_INJECT_VALIDITY_ERROR

public static final String SF_OCSP_TEST_INJECT_VALIDITY_ERROR

See Also:

Constant Field Values

SF_OCSP_TEST_INJECT_UNKNOWN_STATUS

public static final String SF_OCSP_TEST_INJECT_UNKNOWN_STATUS

See Also:

Constant Field Values

SF_OCSP_TEST_RESPONDER_URL

public static final String SF_OCSP_TEST_RESPONDER_URL

See Also:

Constant Field Values

SF_OCSP_TEST_OCSP_RESPONSE_CACHE_SERVER_TIMEOUT

public static final String SF_OCSP_TEST_OCSP_RESPONSE_CACHE_SERVER_TIMEOUT

See Also:

Constant Field Values

SF_OCSP_TEST_OCSP_RESPONDER_TIMEOUT

public static final String SF_OCSP_TEST_OCSP_RESPONDER_TIMEOUT

See Also:

Constant Field Values

SF_OCSP_TEST_INVALID_SIGNING_CERT

public static final String SF_OCSP_TEST_INVALID_SIGNING_CERT

See Also:

Constant Field Values

SF_OCSP_TEST_NO_OCSP_RESPONDER_URL

public static final String SF_OCSP_TEST_NO_OCSP_RESPONDER_URL

See Also:

Constant Field Values

SF_OCSP_EVENT_TYPE_REVOKED_CERTIFICATE_ERROR

public static String SF_OCSP_EVENT_TYPE_REVOKED_CERTIFICATE_ERROR

OCSP event types

SF_OCSP_EVENT_TYPE_VALIDATION_ERROR

public static String SF_OCSP_EVENT_TYPE_VALIDATION_ERROR

Method Detail

deleteCache

public static void deleteCache()

Deletes OCSP response cache file from disk.

cleanTestSystemParameters

public static void cleanTestSystemParameters()

checkClientTrusted

public void checkClientTrusted(X509Certificate[] chain,
                               String authType)
                        throws CertificateException

Throws:

CertificateException

checkServerTrusted

public void checkServerTrusted(X509Certificate[] chain,
                               String authType)
                        throws CertificateException

Throws:

CertificateException

checkClientTrusted

public void checkClientTrusted(X509Certificate[] chain,
                               String authType,
                               Socket socket)
                        throws CertificateException

Specified by:

checkClientTrusted in class X509ExtendedTrustManager

Throws:

CertificateException

checkClientTrusted

public void checkClientTrusted(X509Certificate[] chain,
                               String authType,
                               SSLEngine sslEngine)
                        throws CertificateException

Specified by:

checkClientTrusted in class X509ExtendedTrustManager

Throws:

CertificateException

checkServerTrusted

public void checkServerTrusted(X509Certificate[] chain,
                               String authType,
                               Socket socket)
                        throws CertificateException

Specified by:

checkServerTrusted in class X509ExtendedTrustManager

Throws:

CertificateException

checkServerTrusted

public void checkServerTrusted(X509Certificate[] chain,
                               String authType,
                               SSLEngine sslEngine)
                        throws CertificateException

Specified by:

checkServerTrusted in class X509ExtendedTrustManager

Throws:

CertificateException

getAcceptedIssuers

public X509Certificate[] getAcceptedIssuers()