Class PublicKeyMatchingX509ExtendedTrustManager
java.lang.Object
javax.net.ssl.X509ExtendedTrustManager
org.jenkinsci.remoting.protocol.cert.PublicKeyMatchingX509ExtendedTrustManager
- All Implemented Interfaces:
TrustManager
,X509TrustManager
An
X509ExtendedTrustManager
that trusts any chain where the initial certificate was issued for a specific
set of trusted PublicKey
s.- Since:
- 3.0
-
Constructor Summary
ConstructorDescriptionPublicKeyMatchingX509ExtendedTrustManager
(boolean strictClient, boolean strictServer, PublicKey... publicKeys) Creates aTrustManager
that will only trust certificate chains where the first certificate'sCertificate.getPublicKey()
is in the list of trusted public keys.PublicKeyMatchingX509ExtendedTrustManager
(PublicKey... publicKeys) Creates aTrustManager
that will only trust certificate chains where the first certificate'sCertificate.getPublicKey()
is in the list of trusted public keys. -
Method Summary
Modifier and TypeMethodDescriptionboolean
Adds a trustedPublicKey
.void
checkClientTrusted
(X509Certificate[] chain, String authType) void
checkClientTrusted
(X509Certificate[] chain, String authType, Socket socket) void
checkClientTrusted
(X509Certificate[] chain, String authType, SSLEngine engine) void
checkServerTrusted
(X509Certificate[] chain, String authType) void
checkServerTrusted
(X509Certificate[] chain, String authType, Socket socket) void
checkServerTrusted
(X509Certificate[] chain, String authType, SSLEngine engine) void
clear()
Clears the trusted public keys.boolean
Check if aPublicKey
is trusted.boolean
Removes a trustedPublicKey
.
-
Constructor Details
-
PublicKeyMatchingX509ExtendedTrustManager
Creates aTrustManager
that will only trust certificate chains where the first certificate'sCertificate.getPublicKey()
is in the list of trusted public keys.- Parameters:
publicKeys
- the initial list of trusted public keys.
-
PublicKeyMatchingX509ExtendedTrustManager
public PublicKeyMatchingX509ExtendedTrustManager(boolean strictClient, boolean strictServer, PublicKey... publicKeys) Creates aTrustManager
that will only trust certificate chains where the first certificate'sCertificate.getPublicKey()
is in the list of trusted public keys. ThestrictClient
andstrictServer
options are useful when establishing trust between two unknown systems and encryption is required before the initial trust can be established and the list of trusted keys populated.- Parameters:
strictClient
- set this tofalse
if you want to accept connections from clients before you have trusted any public keys.strictServer
- set this tofalse
if you want to connect to servers before you have trusted any public keys.publicKeys
- the initial list of trusted public keys.
-
-
Method Details
-
add
Adds a trustedPublicKey
.- Parameters:
publicKey
- the key to trust.- Returns:
true
if this instance did not already trust the specified public key
-
remove
Removes a trustedPublicKey
.- Parameters:
publicKey
- the key to trust.- Returns:
true
if this instance trusted the specified public key
-
isTrusted
Check if aPublicKey
is trusted.- Parameters:
publicKey
- the key to check.- Returns:
true
if this instance trusts the specified public key.
-
clear
public void clear()Clears the trusted public keys. -
checkClientTrusted
public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException - Specified by:
checkClientTrusted
in classX509ExtendedTrustManager
- Throws:
CertificateException
-
checkServerTrusted
public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException - Specified by:
checkServerTrusted
in classX509ExtendedTrustManager
- Throws:
CertificateException
-
checkClientTrusted
public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException - Specified by:
checkClientTrusted
in classX509ExtendedTrustManager
- Throws:
CertificateException
-
checkServerTrusted
public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException - Specified by:
checkServerTrusted
in classX509ExtendedTrustManager
- Throws:
CertificateException
-
checkClientTrusted
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException - Throws:
CertificateException
-
checkServerTrusted
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException - Throws:
CertificateException
-
getAcceptedIssuers
-