Package org.jboss.netty.handler.ssl.util
Class FingerprintTrustManagerFactory
- java.lang.Object
-
- javax.net.ssl.TrustManagerFactory
-
- org.jboss.netty.handler.ssl.util.SimpleTrustManagerFactory
-
- org.jboss.netty.handler.ssl.util.FingerprintTrustManagerFactory
-
public final class FingerprintTrustManagerFactory extends SimpleTrustManagerFactory
AnTrustManagerFactory
that trusts an X.509 certificate whose SHA1 checksum matches.NOTE: Never use this
TrustManagerFactory
in production unless you are not sure what you are exactly doing with it.The SHA1 checksum of an X.509 certificate is calculated from its DER encoded format. You can get the fingerprint of an X.509 certificate using the
openssl
command. For example:$ openssl x509 -fingerprint -sha1 -in my_certificate.crt SHA1 Fingerprint=4E:85:10:55:BC:7B:12:08:D1:EA:0A:12:C9:72:EE:F3:AA:B2:C7:CB -----BEGIN CERTIFICATE----- MIIBqjCCAROgAwIBAgIJALiT3Nvp0kvmMA0GCSqGSIb3DQEBBQUAMBYxFDASBgNV BAMTC2V4YW1wbGUuY29tMCAXDTcwMDEwMTAwMDAwMFoYDzk5OTkxMjMxMjM1OTU5 WjAWMRQwEgYDVQQDEwtleGFtcGxlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw gYkCgYEAnadvODG0QCiHhaFZlLHtr5gLIkDQS8ErZ//KfqeCHTC/KJsl3xYFk0zG aCv2FcmkOlokm77qV8qOW2DZdND7WuYzX6nLVuLb+GYxZ7b45iMAbAajvGh8jc9U o07fUIahGqTDAIAGCWsoLUOQ9nMzO/8GRHcXJAeQ2MGY2VpCcv0CAwEAATANBgkq hkiG9w0BAQUFAAOBgQBpRCnmjmNM0D7yrpkUJpBTNiqinhKLbeOvPWm+YmdInUUs LoMu0mZ1IANemLwqbwJJ76fknngeB+YuVAj46SurvVCV6ekwHcbgpW1u063IRwKk tQhOBO0HQxldUS4+4MYv/kuvnKkbjfgh5qfWw89Kx4kD+cycpP4yPtgDGk8ZMA== -----END CERTIFICATE-----
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from class org.jboss.netty.handler.ssl.util.SimpleTrustManagerFactory
SimpleTrustManagerFactory.SimpleTrustManagerFactorySpi
-
-
Field Summary
Fields Modifier and Type Field Description private static java.util.regex.Pattern
FINGERPRINT_PATTERN
private static java.util.regex.Pattern
FINGERPRINT_STRIP_PATTERN
private byte[][]
fingerprints
private static int
SHA1_BYTE_LEN
private static int
SHA1_HEX_LEN
private static java.lang.ThreadLocal<java.security.MessageDigest>
tlmd
private javax.net.ssl.TrustManager
tm
-
Constructor Summary
Constructors Constructor Description FingerprintTrustManagerFactory(byte[]... fingerprints)
Creates a new instance.FingerprintTrustManagerFactory(java.lang.Iterable<java.lang.String> fingerprints)
Creates a new instance.FingerprintTrustManagerFactory(java.lang.String... fingerprints)
Creates a new instance.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description protected javax.net.ssl.TrustManager[]
engineGetTrustManagers()
Returns one trust manager for each type of trust material.protected void
engineInit(java.security.KeyStore keyStore)
Initializes this factory with a source of certificate authorities and related trust material.protected void
engineInit(javax.net.ssl.ManagerFactoryParameters managerFactoryParameters)
Initializes this factory with a source of provider-specific key material.private static byte[][]
toFingerprintArray(java.lang.Iterable<java.lang.String> fingerprints)
-
-
-
Field Detail
-
FINGERPRINT_PATTERN
private static final java.util.regex.Pattern FINGERPRINT_PATTERN
-
FINGERPRINT_STRIP_PATTERN
private static final java.util.regex.Pattern FINGERPRINT_STRIP_PATTERN
-
SHA1_BYTE_LEN
private static final int SHA1_BYTE_LEN
- See Also:
- Constant Field Values
-
SHA1_HEX_LEN
private static final int SHA1_HEX_LEN
- See Also:
- Constant Field Values
-
tlmd
private static final java.lang.ThreadLocal<java.security.MessageDigest> tlmd
-
tm
private final javax.net.ssl.TrustManager tm
-
fingerprints
private final byte[][] fingerprints
-
-
Constructor Detail
-
FingerprintTrustManagerFactory
public FingerprintTrustManagerFactory(java.lang.Iterable<java.lang.String> fingerprints)
Creates a new instance.- Parameters:
fingerprints
- a list of SHA1 fingerprints in heaxdecimal form
-
FingerprintTrustManagerFactory
public FingerprintTrustManagerFactory(java.lang.String... fingerprints)
Creates a new instance.- Parameters:
fingerprints
- a list of SHA1 fingerprints in heaxdecimal form
-
FingerprintTrustManagerFactory
public FingerprintTrustManagerFactory(byte[]... fingerprints)
Creates a new instance.- Parameters:
fingerprints
- a list of SHA1 fingerprints
-
-
Method Detail
-
toFingerprintArray
private static byte[][] toFingerprintArray(java.lang.Iterable<java.lang.String> fingerprints)
-
engineInit
protected void engineInit(java.security.KeyStore keyStore) throws java.lang.Exception
Description copied from class:SimpleTrustManagerFactory
Initializes this factory with a source of certificate authorities and related trust material.- Specified by:
engineInit
in classSimpleTrustManagerFactory
- Throws:
java.lang.Exception
- See Also:
TrustManagerFactorySpi.engineInit(KeyStore)
-
engineInit
protected void engineInit(javax.net.ssl.ManagerFactoryParameters managerFactoryParameters) throws java.lang.Exception
Description copied from class:SimpleTrustManagerFactory
Initializes this factory with a source of provider-specific key material.- Specified by:
engineInit
in classSimpleTrustManagerFactory
- Throws:
java.lang.Exception
- See Also:
TrustManagerFactorySpi.engineInit(ManagerFactoryParameters)
-
engineGetTrustManagers
protected javax.net.ssl.TrustManager[] engineGetTrustManagers()
Description copied from class:SimpleTrustManagerFactory
Returns one trust manager for each type of trust material.- Specified by:
engineGetTrustManagers
in classSimpleTrustManagerFactory
- See Also:
TrustManagerFactorySpi.engineGetTrustManagers()
-
-