Package org.graylog2.security
Class DefaultX509TrustManager
java.lang.Object
javax.net.ssl.X509ExtendedTrustManager
org.graylog2.security.DefaultX509TrustManager
- All Implemented Interfaces:
TrustManager
,X509TrustManager
-
Constructor Summary
ConstructorDescriptionDefaultX509TrustManager
(String host, KeyStore keyStore) DefaultX509TrustManager
(List<String> hosts) Create a X509TrustManager that verifies the certificate chain and checks whether the cert matches one of the given hosts in the list.DefaultX509TrustManager
(List<String> hosts, KeyStore keyStore) Create a X509TrustManager that verifies the certificate chain and checks whether the cert matches one of the given hosts in the list. -
Method Summary
Modifier and TypeMethodDescriptionvoid
checkClientTrusted
(X509Certificate[] x509Certificates, String s) void
checkClientTrusted
(X509Certificate[] x509Certificates, String s, Socket socket) void
checkClientTrusted
(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) void
checkServerTrusted
(X509Certificate[] x509Certificates, String s) void
checkServerTrusted
(X509Certificate[] x509Certificates, String s, Socket socket) void
checkServerTrusted
(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine)
-
Constructor Details
-
DefaultX509TrustManager
-
DefaultX509TrustManager
public DefaultX509TrustManager(List<String> hosts) throws NoSuchAlgorithmException, KeyStoreException Create a X509TrustManager that verifies the certificate chain and checks whether the cert matches one of the given hosts in the list.Note: ANY matching host from the list is accepted.
E.g.: Given a host list [A,B], the server B is allowed to offer a certificate issued to A- Parameters:
hosts
- The hosts to check the certificate subject against- Throws:
NoSuchAlgorithmException
KeyStoreException
-
DefaultX509TrustManager
public DefaultX509TrustManager(String host, KeyStore keyStore) throws NoSuchAlgorithmException, KeyStoreException -
DefaultX509TrustManager
public DefaultX509TrustManager(List<String> hosts, KeyStore keyStore) throws NoSuchAlgorithmException, KeyStoreException Create a X509TrustManager that verifies the certificate chain and checks whether the cert matches one of the given hosts in the list.Note: ANY matching host from the list is accepted.
E.g.: Given a host list [A,B], the server B is allowed to offer a certificate issued to A- Parameters:
hosts
- The hosts to check the certificate subject againstkeyStore
- The trusted KeyStore- Throws:
NoSuchAlgorithmException
KeyStoreException
-
-
Method Details
-
getAcceptedIssuers
-
checkServerTrusted
public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException - Throws:
CertificateException
-
checkServerTrusted
public void checkServerTrusted(X509Certificate[] x509Certificates, String s, Socket socket) throws CertificateException - Specified by:
checkServerTrusted
in classX509ExtendedTrustManager
- Throws:
CertificateException
-
checkServerTrusted
public void checkServerTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) throws CertificateException - Specified by:
checkServerTrusted
in classX509ExtendedTrustManager
- Throws:
CertificateException
-
checkClientTrusted
public void checkClientTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) throws CertificateException - Specified by:
checkClientTrusted
in classX509ExtendedTrustManager
- Throws:
CertificateException
-
checkClientTrusted
public void checkClientTrusted(X509Certificate[] x509Certificates, String s, Socket socket) throws CertificateException - Specified by:
checkClientTrusted
in classX509ExtendedTrustManager
- Throws:
CertificateException
-
checkClientTrusted
public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException - Throws:
CertificateException
-