Package org.jenkinsci.remoting.protocol.cert

Class PublicKeyMatchingX509ExtendedTrustManager

java.lang.Object

javax.net.ssl.X509ExtendedTrustManager

org.jenkinsci.remoting.protocol.cert.PublicKeyMatchingX509ExtendedTrustManager

All Implemented Interfaces:

TrustManager, X509TrustManager

public class PublicKeyMatchingX509ExtendedTrustManager
extends X509ExtendedTrustManager

An X509ExtendedTrustManager that trusts any chain where the initial certificate was issued for a specific set of trusted PublicKeys.

Since:

3.0

Constructor Summary

Constructors

Constructor	Description
PublicKeyMatchingX509ExtendedTrustManager(boolean strictClient, boolean strictServer, PublicKey... publicKeys)	Creates a TrustManager that will only trust certificate chains where the first certificate's Certificate.getPublicKey() is in the list of trusted public keys.
PublicKeyMatchingX509ExtendedTrustManager(PublicKey... publicKeys)	Creates a TrustManager that will only trust certificate chains where the first certificate's Certificate.getPublicKey() is in the list of trusted public keys.

Method Summary

Modifier and Type	Method	Description
boolean	add(PublicKey publicKey)	Adds a trusted PublicKey.
void	checkClientTrusted(X509Certificate[] chain, String authType)
void	checkClientTrusted(X509Certificate[] chain, String authType, Socket socket)
void	checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine)
void	checkServerTrusted(X509Certificate[] chain, String authType)
void	checkServerTrusted(X509Certificate[] chain, String authType, Socket socket)
void	checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine)
void	clear()	Clears the trusted public keys.
X509Certificate[]	getAcceptedIssuers()
boolean	isTrusted(PublicKey publicKey)	Check if a PublicKey is trusted.
boolean	remove(PublicKey publicKey)	Removes a trusted PublicKey.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

PublicKeyMatchingX509ExtendedTrustManager

public PublicKeyMatchingX509ExtendedTrustManager(PublicKey... publicKeys)

Creates a TrustManager that will only trust certificate chains where the first certificate's Certificate.getPublicKey() is in the list of trusted public keys.

Parameters:

publicKeys - the initial list of trusted public keys.

PublicKeyMatchingX509ExtendedTrustManager

public PublicKeyMatchingX509ExtendedTrustManager(boolean strictClient,
 boolean strictServer,
 PublicKey... publicKeys)

Creates a TrustManager that will only trust certificate chains where the first certificate's Certificate.getPublicKey() is in the list of trusted public keys. The strictClient and strictServer options are useful when establishing trust between two unknown systems and encryption is required before the initial trust can be established and the list of trusted keys populated.

Parameters:

strictClient - set this to false if you want to accept connections from clients before you have trusted any public keys.

strictServer - set this to false if you want to connect to servers before you have trusted any public keys.

publicKeys - the initial list of trusted public keys.

Method Details

add

public boolean add(@NonNull
 PublicKey publicKey)

Adds a trusted PublicKey.

Parameters:

publicKey - the key to trust.

Returns:

true if this instance did not already trust the specified public key

remove

public boolean remove(PublicKey publicKey)

Removes a trusted PublicKey.

Parameters:

publicKey - the key to trust.

Returns:

true if this instance trusted the specified public key

isTrusted

public boolean isTrusted(PublicKey publicKey)

Check if a PublicKey is trusted.

Parameters:

publicKey - the key to check.

Returns:

true if this instance trusts the specified public key.

clear

public void clear()

Clears the trusted public keys.

checkClientTrusted

public void checkClientTrusted(X509Certificate[] chain,
 String authType,
 Socket socket)
                        throws CertificateException

Specified by:

checkClientTrusted in class X509ExtendedTrustManager

Throws:

CertificateException

checkServerTrusted

public void checkServerTrusted(X509Certificate[] chain,
 String authType,
 Socket socket)
                        throws CertificateException

Specified by:

checkServerTrusted in class X509ExtendedTrustManager

Throws:

CertificateException

checkClientTrusted

public void checkClientTrusted(X509Certificate[] chain,
 String authType,
 SSLEngine engine)
                        throws CertificateException

Specified by:

checkClientTrusted in class X509ExtendedTrustManager

Throws:

CertificateException

checkServerTrusted

public void checkServerTrusted(X509Certificate[] chain,
 String authType,
 SSLEngine engine)
                        throws CertificateException

Specified by:

checkServerTrusted in class X509ExtendedTrustManager

Throws:

CertificateException

checkClientTrusted

public void checkClientTrusted(X509Certificate[] chain,
 String authType)
                        throws CertificateException

Throws:

CertificateException

checkServerTrusted

public void checkServerTrusted(X509Certificate[] chain,
 String authType)
                        throws CertificateException

Throws:

CertificateException

getAcceptedIssuers

public X509Certificate[] getAcceptedIssuers()