Class PublicKeyMatchingX509ExtendedTrustManager
- java.lang.Object
-
- javax.net.ssl.X509ExtendedTrustManager
-
- org.jenkinsci.remoting.protocol.cert.PublicKeyMatchingX509ExtendedTrustManager
-
- All Implemented Interfaces:
TrustManager
,X509TrustManager
public class PublicKeyMatchingX509ExtendedTrustManager extends X509ExtendedTrustManager
AnX509ExtendedTrustManager
that trusts any chain where the initial certificate was issued for a specific set of trustedPublicKey
s.- Since:
- 3.0
-
-
Constructor Summary
Constructors Constructor Description PublicKeyMatchingX509ExtendedTrustManager(boolean strictClient, boolean strictServer, PublicKey... publicKeys)
Creates aTrustManager
that will only trust certificate chains where the first certificate'sCertificate.getPublicKey()
is in the list of trusted public keys.PublicKeyMatchingX509ExtendedTrustManager(PublicKey... publicKeys)
Creates aTrustManager
that will only trust certificate chains where the first certificate'sCertificate.getPublicKey()
is in the list of trusted public keys.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
add(PublicKey publicKey)
Adds a trustedPublicKey
.void
checkClientTrusted(X509Certificate[] chain, String authType)
void
checkClientTrusted(X509Certificate[] chain, String authType, Socket socket)
void
checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine)
void
checkServerTrusted(X509Certificate[] chain, String authType)
void
checkServerTrusted(X509Certificate[] chain, String authType, Socket socket)
void
checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine)
void
clear()
Clears the trusted public keys.X509Certificate[]
getAcceptedIssuers()
boolean
isTrusted(PublicKey publicKey)
Check if aPublicKey
is trusted.boolean
remove(PublicKey publicKey)
Removes a trustedPublicKey
.
-
-
-
Constructor Detail
-
PublicKeyMatchingX509ExtendedTrustManager
public PublicKeyMatchingX509ExtendedTrustManager(PublicKey... publicKeys)
Creates aTrustManager
that will only trust certificate chains where the first certificate'sCertificate.getPublicKey()
is in the list of trusted public keys.- Parameters:
publicKeys
- the initial list of trusted public keys.
-
PublicKeyMatchingX509ExtendedTrustManager
public PublicKeyMatchingX509ExtendedTrustManager(boolean strictClient, boolean strictServer, PublicKey... publicKeys)
Creates aTrustManager
that will only trust certificate chains where the first certificate'sCertificate.getPublicKey()
is in the list of trusted public keys. ThestrictClient
andstrictServer
options are useful when establishing trust between two unknown systems and encryption is required before the initial trust can be established and the list of trusted keys populated.- Parameters:
strictClient
- set this tofalse
if you want to accept connections from clients before you have trusted any public keys.strictServer
- set this tofalse
if you want to connect to servers before you have trusted any public keys.publicKeys
- the initial list of trusted public keys.
-
-
Method Detail
-
add
public boolean add(@NonNull PublicKey publicKey)
Adds a trustedPublicKey
.- Parameters:
publicKey
- the key to trust.- Returns:
true
if this instance did not already trust the specified public key
-
remove
public boolean remove(PublicKey publicKey)
Removes a trustedPublicKey
.- Parameters:
publicKey
- the key to trust.- Returns:
true
if this instance trusted the specified public key
-
isTrusted
public boolean isTrusted(PublicKey publicKey)
Check if aPublicKey
is trusted.- Parameters:
publicKey
- the key to check.- Returns:
true
if this instance trusts the specified public key.
-
clear
public void clear()
Clears the trusted public keys.
-
checkClientTrusted
public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException
- Specified by:
checkClientTrusted
in classX509ExtendedTrustManager
- Throws:
CertificateException
-
checkServerTrusted
public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException
- Specified by:
checkServerTrusted
in classX509ExtendedTrustManager
- Throws:
CertificateException
-
checkClientTrusted
public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException
- Specified by:
checkClientTrusted
in classX509ExtendedTrustManager
- Throws:
CertificateException
-
checkServerTrusted
public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException
- Specified by:
checkServerTrusted
in classX509ExtendedTrustManager
- Throws:
CertificateException
-
checkClientTrusted
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException
- Throws:
CertificateException
-
checkServerTrusted
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException
- Throws:
CertificateException
-
getAcceptedIssuers
public X509Certificate[] getAcceptedIssuers()
-
-