Package org.openhab.core.io.net.http
Class PEMTrustManager
java.lang.Object
javax.net.ssl.X509ExtendedTrustManager
org.openhab.core.io.net.http.PEMTrustManager
- All Implemented Interfaces:
TrustManager,X509TrustManager
The
PEMTrustManager is a X509ExtendedTrustManager implementation which loads a certificate in
PEM format and validates it against the servers certificate.- Author:
- Christoph Weitkamp - Initial contribution
-
Nested Class Summary
Nested Classes -
Field Summary
Fields -
Constructor Summary
ConstructorsConstructorDescriptionPEMTrustManager(String pemCert) Creates aPEMTrustManagerinstance by passing the PEM certificate asString. -
Method Summary
Modifier and TypeMethodDescriptionvoidcheckClientTrusted(X509Certificate @Nullable [] chain, @Nullable String authType) voidcheckClientTrusted(X509Certificate @Nullable [] chain, @Nullable String authType, @Nullable Socket socket) voidcheckClientTrusted(X509Certificate @Nullable [] chain, @Nullable String authType, @Nullable SSLEngine engine) voidcheckServerTrusted(X509Certificate @Nullable [] chain, @Nullable String authType) voidcheckServerTrusted(X509Certificate @Nullable [] chain, @Nullable String authType, @Nullable Socket socket) voidcheckServerTrusted(X509Certificate @Nullable [] chain, @Nullable String authType, @Nullable SSLEngine engine) booleanstatic PEMTrustManagergetInstanceFromFile(String path) Creates aPEMTrustManagerinstance by reading the PEM certificate from the given file.static PEMTrustManagerCreates aPEMTrustManagerinstance by downloading the PEM certificate from the given server.static PEMTrustManagergetInstanceFromServer(URL url) Creates aPEMTrustManagerinstance by downloading the PEM certificate from the given server.inthashCode()
-
Field Details
-
BEGIN_CERT
- See Also:
-
END_CERT
- See Also:
-
-
Constructor Details
-
PEMTrustManager
Creates aPEMTrustManagerinstance by passing the PEM certificate asString. The PEM format typically starts with"-----BEGIN CERTIFICATE-----"and ends with"-----END CERTIFICATE-----". The base 64 encoded certificate information are placed in between.- Parameters:
pemCert- the PEM certificate- Throws:
PEMTrustManager.CertificateInstantiationExceptionCertificateParsingExceptionCertificateException
-
-
Method Details
-
getInstanceFromFile
public static PEMTrustManager getInstanceFromFile(String path) throws FileNotFoundException, CertificateException Creates aPEMTrustManagerinstance by reading the PEM certificate from the given file. This is useful if you have a private CA certificate stored in a file. Be aware that the certificate is read once at the start of the system. There is no automatic refresh e.g. if the certificate will expire.- Parameters:
path- path to the PEM file- Returns:
- a
PEMTrustManagerinstance - Throws:
FileNotFoundExceptionPEMTrustManager.CertificateInstantiationExceptionCertificateException
-
getInstanceFromServer
public static PEMTrustManager getInstanceFromServer(String url) throws MalformedURLException, CertificateException Creates aPEMTrustManagerinstance by downloading the PEM certificate from the given server. This is useful if you have to deal with self-signed certificates which may differ on each server. This method pins the certificate on first connection with the server ("trust on first use") by using a trust all connection and retrieves the servers certificate chain. Be aware that the certificate is downloaded once at the start of the system. There is no automatic refresh e.g. if the certificate will expire.- Parameters:
url- url of the server- Returns:
- a
PEMTrustManagerinstance - Throws:
MalformedURLExceptionPEMTrustManager.CertificateInstantiationExceptionCertificateException
-
getInstanceFromServer
Creates aPEMTrustManagerinstance by downloading the PEM certificate from the given server. This is useful if you have to deal with self-signed certificates which may differ on each server. This method pins the certificate on first connection with the server ("trust on first use") by using a trust all connection and retrieves the servers certificate chain. Be aware that the certificate is downloaded once at the start of the system. There is no automatic refresh e.g. if the certificate will expire.- Parameters:
url- url of the server- Returns:
- a
PEMTrustManagerinstance - Throws:
PEMTrustManager.CertificateInstantiationExceptionCertificateException
-
checkClientTrusted
public void checkClientTrusted(X509Certificate @Nullable [] chain, @Nullable String authType) throws CertificateException - Throws:
CertificateException
-
checkServerTrusted
public void checkServerTrusted(X509Certificate @Nullable [] chain, @Nullable String authType) throws CertificateException - Throws:
CertificateException
-
getAcceptedIssuers
-
checkClientTrusted
public void checkClientTrusted(X509Certificate @Nullable [] chain, @Nullable String authType, @Nullable Socket socket) throws CertificateException - Specified by:
checkClientTrustedin classX509ExtendedTrustManager- Throws:
CertificateException
-
checkClientTrusted
public void checkClientTrusted(X509Certificate @Nullable [] chain, @Nullable String authType, @Nullable SSLEngine engine) throws CertificateException - Specified by:
checkClientTrustedin classX509ExtendedTrustManager- Throws:
CertificateException
-
checkServerTrusted
public void checkServerTrusted(X509Certificate @Nullable [] chain, @Nullable String authType, @Nullable Socket socket) throws CertificateException - Specified by:
checkServerTrustedin classX509ExtendedTrustManager- Throws:
CertificateException
-
checkServerTrusted
public void checkServerTrusted(X509Certificate @Nullable [] chain, @Nullable String authType, @Nullable SSLEngine engine) throws CertificateException - Specified by:
checkServerTrustedin classX509ExtendedTrustManager- Throws:
CertificateException
-
hashCode
public int hashCode() -
equals
-