Package org.graylog2.security
Class DefaultX509TrustManager
java.lang.Object
javax.net.ssl.X509ExtendedTrustManager
org.graylog2.security.DefaultX509TrustManager
- All Implemented Interfaces:
TrustManager,X509TrustManager
-
Constructor Summary
ConstructorsConstructorDescriptionDefaultX509TrustManager(String host, KeyStore keyStore) DefaultX509TrustManager(List<String> hosts) Create a X509TrustManager that verifies the certificate chain and checks whether the cert matches one of the given hosts in the list.DefaultX509TrustManager(List<String> hosts, KeyStore keyStore) Create a X509TrustManager that verifies the certificate chain and checks whether the cert matches one of the given hosts in the list. -
Method Summary
Modifier and TypeMethodDescriptionvoidcheckClientTrusted(X509Certificate[] x509Certificates, String s) voidcheckClientTrusted(X509Certificate[] x509Certificates, String s, Socket socket) voidcheckClientTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) voidcheckServerTrusted(X509Certificate[] x509Certificates, String s) voidcheckServerTrusted(X509Certificate[] x509Certificates, String s, Socket socket) voidcheckServerTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine)
-
Constructor Details
-
DefaultX509TrustManager
-
DefaultX509TrustManager
public DefaultX509TrustManager(List<String> hosts) throws NoSuchAlgorithmException, KeyStoreException Create a X509TrustManager that verifies the certificate chain and checks whether the cert matches one of the given hosts in the list.Note: ANY matching host from the list is accepted.
E.g.: Given a host list [A,B], the server B is allowed to offer a certificate issued to A- Parameters:
hosts- The hosts to check the certificate subject against- Throws:
NoSuchAlgorithmExceptionKeyStoreException
-
DefaultX509TrustManager
public DefaultX509TrustManager(String host, KeyStore keyStore) throws NoSuchAlgorithmException, KeyStoreException -
DefaultX509TrustManager
public DefaultX509TrustManager(List<String> hosts, KeyStore keyStore) throws NoSuchAlgorithmException, KeyStoreException Create a X509TrustManager that verifies the certificate chain and checks whether the cert matches one of the given hosts in the list.Note: ANY matching host from the list is accepted.
E.g.: Given a host list [A,B], the server B is allowed to offer a certificate issued to A- Parameters:
hosts- The hosts to check the certificate subject againstkeyStore- The trusted KeyStore- Throws:
NoSuchAlgorithmExceptionKeyStoreException
-
-
Method Details
-
getAcceptedIssuers
-
checkServerTrusted
public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException - Throws:
CertificateException
-
checkServerTrusted
public void checkServerTrusted(X509Certificate[] x509Certificates, String s, Socket socket) throws CertificateException - Specified by:
checkServerTrustedin classX509ExtendedTrustManager- Throws:
CertificateException
-
checkServerTrusted
public void checkServerTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) throws CertificateException - Specified by:
checkServerTrustedin classX509ExtendedTrustManager- Throws:
CertificateException
-
checkClientTrusted
public void checkClientTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) throws CertificateException - Specified by:
checkClientTrustedin classX509ExtendedTrustManager- Throws:
CertificateException
-
checkClientTrusted
public void checkClientTrusted(X509Certificate[] x509Certificates, String s, Socket socket) throws CertificateException - Specified by:
checkClientTrustedin classX509ExtendedTrustManager- Throws:
CertificateException
-
checkClientTrusted
public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException - Throws:
CertificateException
-