Package org.openhab.core.io.net.http
Class PEMTrustManager
- java.lang.Object
-
- javax.net.ssl.X509ExtendedTrustManager
-
- org.openhab.core.io.net.http.PEMTrustManager
-
- All Implemented Interfaces:
TrustManager,X509TrustManager
@NonNullByDefault public final class PEMTrustManager extends X509ExtendedTrustManager
ThePEMTrustManageris aX509ExtendedTrustManagerimplementation which loads a certificate in PEM format and validates it against the servers certificate.- Author:
- Christoph Weitkamp - Initial contribution
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static classPEMTrustManager.CertificateInstantiationException
-
Field Summary
Fields Modifier and Type Field Description static StringBEGIN_CERTstatic StringEND_CERT
-
Constructor Summary
Constructors Constructor Description PEMTrustManager(String pemCert)Creates aPEMTrustManagerinstance by passing the PEM certificate asString.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description voidcheckClientTrusted(X509Certificate @Nullable [] chain, @Nullable String authType)voidcheckClientTrusted(X509Certificate @Nullable [] chain, @Nullable String authType, @Nullable Socket socket)voidcheckClientTrusted(X509Certificate @Nullable [] chain, @Nullable String authType, @Nullable SSLEngine engine)voidcheckServerTrusted(X509Certificate @Nullable [] chain, @Nullable String authType)voidcheckServerTrusted(X509Certificate @Nullable [] chain, @Nullable String authType, @Nullable Socket socket)voidcheckServerTrusted(X509Certificate @Nullable [] chain, @Nullable String authType, @Nullable SSLEngine engine)booleanequals(@Nullable Object obj)X509Certificate[]getAcceptedIssuers()static PEMTrustManagergetInstanceFromFile(String path)Creates aPEMTrustManagerinstance by reading the PEM certificate from the given file.static PEMTrustManagergetInstanceFromServer(String url)Creates aPEMTrustManagerinstance by downloading the PEM certificate from the given server.static PEMTrustManagergetInstanceFromServer(URL url)Creates aPEMTrustManagerinstance by downloading the PEM certificate from the given server.inthashCode()
-
-
-
Field Detail
-
BEGIN_CERT
public static final String BEGIN_CERT
- See Also:
- Constant Field Values
-
END_CERT
public static final String END_CERT
- See Also:
- Constant Field Values
-
-
Constructor Detail
-
PEMTrustManager
public PEMTrustManager(String pemCert) throws CertificateException
Creates aPEMTrustManagerinstance by passing the PEM certificate asString. The PEM format typically starts with"-----BEGIN CERTIFICATE-----"and ends with"-----END CERTIFICATE-----". The base 64 encoded certificate information are placed in between.- Parameters:
pemCert- the PEM certificate- Throws:
CertificateException
-
-
Method Detail
-
getInstanceFromFile
public static PEMTrustManager getInstanceFromFile(String path) throws FileNotFoundException, CertificateException
Creates aPEMTrustManagerinstance by reading the PEM certificate from the given file. This is useful if you have a private CA certificate stored in a file. Be aware that the certificate is read once at the start of the system. There is no automatic refresh e.g. if the certificate will expire.- Parameters:
path- path to the PEM file- Returns:
- a
PEMTrustManagerinstance - Throws:
FileNotFoundExceptionPEMTrustManager.CertificateInstantiationExceptionCertificateException
-
getInstanceFromServer
public static PEMTrustManager getInstanceFromServer(String url) throws MalformedURLException, CertificateException
Creates aPEMTrustManagerinstance by downloading the PEM certificate from the given server. This is useful if you have to deal with self-signed certificates which may differ on each server. This method pins the certificate on first connection with the server ("trust on first use") by using a trust all connection and retrieves the servers certificate chain. Be aware that the certificate is downloaded once at the start of the system. There is no automatic refresh e.g. if the certificate will expire.- Parameters:
url- url of the server- Returns:
- a
PEMTrustManagerinstance - Throws:
MalformedURLExceptionPEMTrustManager.CertificateInstantiationExceptionCertificateException
-
getInstanceFromServer
public static PEMTrustManager getInstanceFromServer(URL url) throws CertificateException
Creates aPEMTrustManagerinstance by downloading the PEM certificate from the given server. This is useful if you have to deal with self-signed certificates which may differ on each server. This method pins the certificate on first connection with the server ("trust on first use") by using a trust all connection and retrieves the servers certificate chain. Be aware that the certificate is downloaded once at the start of the system. There is no automatic refresh e.g. if the certificate will expire.- Parameters:
url- url of the server- Returns:
- a
PEMTrustManagerinstance - Throws:
PEMTrustManager.CertificateInstantiationExceptionCertificateException
-
checkClientTrusted
public void checkClientTrusted(X509Certificate @Nullable [] chain, @Nullable String authType) throws CertificateException
- Throws:
CertificateException
-
checkServerTrusted
public void checkServerTrusted(X509Certificate @Nullable [] chain, @Nullable String authType) throws CertificateException
- Throws:
CertificateException
-
getAcceptedIssuers
public X509Certificate[] getAcceptedIssuers()
-
checkClientTrusted
public void checkClientTrusted(X509Certificate @Nullable [] chain, @Nullable String authType, @Nullable Socket socket) throws CertificateException
- Specified by:
checkClientTrustedin classX509ExtendedTrustManager- Throws:
CertificateException
-
checkClientTrusted
public void checkClientTrusted(X509Certificate @Nullable [] chain, @Nullable String authType, @Nullable SSLEngine engine) throws CertificateException
- Specified by:
checkClientTrustedin classX509ExtendedTrustManager- Throws:
CertificateException
-
checkServerTrusted
public void checkServerTrusted(X509Certificate @Nullable [] chain, @Nullable String authType, @Nullable Socket socket) throws CertificateException
- Specified by:
checkServerTrustedin classX509ExtendedTrustManager- Throws:
CertificateException
-
checkServerTrusted
public void checkServerTrusted(X509Certificate @Nullable [] chain, @Nullable String authType, @Nullable SSLEngine engine) throws CertificateException
- Specified by:
checkServerTrustedin classX509ExtendedTrustManager- Throws:
CertificateException
-
-