Package com.browserup.bup.mitm.util

Class TrustUtil

  • public class TrustUtil
extends java.lang.Object
    Utility class for interacting with the default trust stores on this JVM.

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static java.security.cert.X509Certificate[] EMPTY_CERTIFICATE_ARRAY
      Empty X509 certificate array, useful for indicating an empty root CA trust store.

    • Constructor Summary

      Constructors 
      Constructor Description
      TrustUtil()  

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static java.util.List<java.security.cert.X509Certificate> extractTrustedCertificateEntries​(java.security.KeyStore trustStore)
      Extracts the KeyStore.TrustedCertificateEntrys from the specified KeyStore.
      static java.security.cert.X509Certificate[] getBuiltinTrustedCAs()
      Returns the built-in list of trusted CAs.
      static javax.net.ssl.X509TrustManager getDefaultJavaTrustManager()
      Returns a new instance of the default TrustManager for this JVM.
      static java.security.cert.X509Certificate[] getJavaTrustedCAs()
      Returns the list of root CAs trusted by default in this JVM, according to the TrustManager returned by getDefaultJavaTrustManager().
      static java.security.cert.X509Certificate readSingleX509Certificate​(java.lang.String x509CertificateAsPem)
      Parses a single PEM-encoded X509 certificate into an X509Certificate.
      static java.security.cert.X509Certificate[] readX509CertificatesFromPem​(java.lang.String pemEncodedCAs)
      Parses a String containing zero or more PEM-encoded X509 certificates into an array of X509Certificate.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • EMPTY_CERTIFICATE_ARRAY

        public static final java.security.cert.X509Certificate[] EMPTY_CERTIFICATE_ARRAY
        Empty X509 certificate array, useful for indicating an empty root CA trust store.

    • Constructor Detail

      • TrustUtil

        public TrustUtil()

    • Method Detail

      • getBuiltinTrustedCAs

        public static java.security.cert.X509Certificate[] getBuiltinTrustedCAs()
        Returns the built-in list of trusted CAs. This is a copy of cURL's list (https://curl.haxx.se/ca/cacert.pem), which is ultimately derived from Firefox/NSS' list of trusted CAs.
        Returns:
        X509Certificate[]

      • getJavaTrustedCAs

        public static java.security.cert.X509Certificate[] getJavaTrustedCAs()
        Returns the list of root CAs trusted by default in this JVM, according to the TrustManager returned by getDefaultJavaTrustManager().
        Returns:
        X509Certificate[]

      • readX509CertificatesFromPem

        public static java.security.cert.X509Certificate[] readX509CertificatesFromPem​(java.lang.String pemEncodedCAs)
        Parses a String containing zero or more PEM-encoded X509 certificates into an array of X509Certificate. Everything outside of BEGIN CERTIFICATE and END CERTIFICATE lines will be ignored.
        Parameters:
        pemEncodedCAs - a String containing PEM-encoded certficiates
        Returns:
        array containing certificates in the String

      • readSingleX509Certificate

        public static java.security.cert.X509Certificate readSingleX509Certificate​(java.lang.String x509CertificateAsPem)
        Parses a single PEM-encoded X509 certificate into an X509Certificate.
        Parameters:
        x509CertificateAsPem - PEM-encoded X509 certificate
        Returns:
        parsed Java X509Certificate

      • getDefaultJavaTrustManager

        public static javax.net.ssl.X509TrustManager getDefaultJavaTrustManager()
        Returns a new instance of the default TrustManager for this JVM. Uses the default JVM trust store, which is generally the cacerts file in JAVA_HOME/jre/lib/security, but this can be overridden using JVM parameters.
        Returns:
        X509TrustManager

      • extractTrustedCertificateEntries

        public static java.util.List<java.security.cert.X509Certificate> extractTrustedCertificateEntries​(java.security.KeyStore trustStore)
        Extracts the KeyStore.TrustedCertificateEntrys from the specified KeyStore. All other entry types, including private keys, will be ignored.
        Parameters:
        trustStore - keystore containing trusted certificate entries
        Returns:
        the trusted certificate entries in the specified keystore