Package org.openhab.core.io.net.http
Class PEMTrustManager
- java.lang.Object
-
- javax.net.ssl.X509ExtendedTrustManager
-
- org.openhab.core.io.net.http.PEMTrustManager
-
- All Implemented Interfaces:
TrustManager
,X509TrustManager
@NonNullByDefault public final class PEMTrustManager extends X509ExtendedTrustManager
ThePEMTrustManager
is aX509ExtendedTrustManager
implementation which loads a certificate in PEM format and validates it against the servers certificate.- Author:
- Christoph Weitkamp - Initial contribution
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
PEMTrustManager.CertificateInstantiationException
-
Field Summary
Fields Modifier and Type Field Description static String
BEGIN_CERT
static String
END_CERT
-
Constructor Summary
Constructors Constructor Description PEMTrustManager(String pemCert)
Creates aPEMTrustManager
instance by passing the PEM certificate asString
.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description void
checkClientTrusted(X509Certificate @Nullable [] chain, @Nullable String authType)
void
checkClientTrusted(X509Certificate @Nullable [] chain, @Nullable String authType, @Nullable Socket socket)
void
checkClientTrusted(X509Certificate @Nullable [] chain, @Nullable String authType, @Nullable SSLEngine engine)
void
checkServerTrusted(X509Certificate @Nullable [] chain, @Nullable String authType)
void
checkServerTrusted(X509Certificate @Nullable [] chain, @Nullable String authType, @Nullable Socket socket)
void
checkServerTrusted(X509Certificate @Nullable [] chain, @Nullable String authType, @Nullable SSLEngine engine)
boolean
equals(@Nullable Object obj)
X509Certificate[]
getAcceptedIssuers()
static PEMTrustManager
getInstanceFromFile(String path)
Creates aPEMTrustManager
instance by reading the PEM certificate from the given file.static PEMTrustManager
getInstanceFromServer(String url)
Creates aPEMTrustManager
instance by downloading the PEM certificate from the given server.static PEMTrustManager
getInstanceFromServer(URL url)
Creates aPEMTrustManager
instance by downloading the PEM certificate from the given server.int
hashCode()
-
-
-
Field Detail
-
BEGIN_CERT
public static final String BEGIN_CERT
- See Also:
- Constant Field Values
-
END_CERT
public static final String END_CERT
- See Also:
- Constant Field Values
-
-
Constructor Detail
-
PEMTrustManager
public PEMTrustManager(String pemCert) throws CertificateException
Creates aPEMTrustManager
instance by passing the PEM certificate asString
. The PEM format typically starts with"-----BEGIN CERTIFICATE-----"
and ends with"-----END CERTIFICATE-----"
. The base 64 encoded certificate information are placed in between.- Parameters:
pemCert
- the PEM certificate- Throws:
CertificateException
-
-
Method Detail
-
getInstanceFromFile
public static PEMTrustManager getInstanceFromFile(String path) throws FileNotFoundException, CertificateException
Creates aPEMTrustManager
instance by reading the PEM certificate from the given file. This is useful if you have a private CA certificate stored in a file. Be aware that the certificate is read once at the start of the system. There is no automatic refresh e.g. if the certificate will expire.- Parameters:
path
- path to the PEM file- Returns:
- a
PEMTrustManager
instance - Throws:
FileNotFoundException
PEMTrustManager.CertificateInstantiationException
CertificateException
-
getInstanceFromServer
public static PEMTrustManager getInstanceFromServer(String url) throws MalformedURLException, CertificateException
Creates aPEMTrustManager
instance by downloading the PEM certificate from the given server. This is useful if you have to deal with self-signed certificates which may differ on each server. This method pins the certificate on first connection with the server ("trust on first use") by using a trust all connection and retrieves the servers certificate chain. Be aware that the certificate is downloaded once at the start of the system. There is no automatic refresh e.g. if the certificate will expire.- Parameters:
url
- url of the server- Returns:
- a
PEMTrustManager
instance - Throws:
MalformedURLException
PEMTrustManager.CertificateInstantiationException
CertificateException
-
getInstanceFromServer
public static PEMTrustManager getInstanceFromServer(URL url) throws CertificateException
Creates aPEMTrustManager
instance by downloading the PEM certificate from the given server. This is useful if you have to deal with self-signed certificates which may differ on each server. This method pins the certificate on first connection with the server ("trust on first use") by using a trust all connection and retrieves the servers certificate chain. Be aware that the certificate is downloaded once at the start of the system. There is no automatic refresh e.g. if the certificate will expire.- Parameters:
url
- url of the server- Returns:
- a
PEMTrustManager
instance - Throws:
PEMTrustManager.CertificateInstantiationException
CertificateException
-
checkClientTrusted
public void checkClientTrusted(X509Certificate @Nullable [] chain, @Nullable String authType) throws CertificateException
- Throws:
CertificateException
-
checkServerTrusted
public void checkServerTrusted(X509Certificate @Nullable [] chain, @Nullable String authType) throws CertificateException
- Throws:
CertificateException
-
getAcceptedIssuers
public X509Certificate[] getAcceptedIssuers()
-
checkClientTrusted
public void checkClientTrusted(X509Certificate @Nullable [] chain, @Nullable String authType, @Nullable Socket socket) throws CertificateException
- Specified by:
checkClientTrusted
in classX509ExtendedTrustManager
- Throws:
CertificateException
-
checkClientTrusted
public void checkClientTrusted(X509Certificate @Nullable [] chain, @Nullable String authType, @Nullable SSLEngine engine) throws CertificateException
- Specified by:
checkClientTrusted
in classX509ExtendedTrustManager
- Throws:
CertificateException
-
checkServerTrusted
public void checkServerTrusted(X509Certificate @Nullable [] chain, @Nullable String authType, @Nullable Socket socket) throws CertificateException
- Specified by:
checkServerTrusted
in classX509ExtendedTrustManager
- Throws:
CertificateException
-
checkServerTrusted
public void checkServerTrusted(X509Certificate @Nullable [] chain, @Nullable String authType, @Nullable SSLEngine engine) throws CertificateException
- Specified by:
checkServerTrusted
in classX509ExtendedTrustManager
- Throws:
CertificateException
-
-