trustManager = new PublicKeyMatchingX509ExtendedTrustManager(false, true); TrustManager[] trustManagers = {trustManager};
/** * {@inheritDoc} */ @Override public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException { validateAuthType(authType); validateChain(chain); checkPublicKey(true, chain); }
KeyUtils.fingerprint(endpoint.getPublicKey())) ); PublicKeyMatchingX509ExtendedTrustManager delegate = new PublicKeyMatchingX509ExtendedTrustManager(); RSAPublicKey publicKey = endpoint.getPublicKey(); if (publicKey != null) { delegate.add(publicKey);
@Test(expected = IllegalArgumentException.class) public void checkServerTrusted1_nullNonNull() throws Exception { instance.checkServerTrusted(null, "RSA", new Socket()); }
@Test(expected = IllegalArgumentException.class) public void checkClientTrusted_nullNonNull() throws Exception { instance.checkClientTrusted(null, "RSA"); }
/** * Checks that the chain is trusted. * * @param chain the chain to check. * @throws CertificateException if the chain is not trusted. */ private void checkPublicKey(boolean client, X509Certificate[] chain) throws CertificateException { PublicKey chainKey = chain[0].getPublicKey(); byte[] chainKeyEncoded = chainKey.getEncoded(); if (chainKeyEncoded == null) { throw new CertificateException( String.format("Public key of the first certificate in chain (subject: '%s') " + "(algorithm: '%s'; format: '%s') does not support binary encoding", chain[0].getSubjectDN(), chainKey.getAlgorithm(), chainKey.getFormat())); } synchronized (publicKeys) { if (publicKeys.isEmpty() ? (client ? !strictClient : !strictServer) : isTrusted(chainKey)) { return; } } throw new CertificateException( String.format("Public key of the first certificate in chain (subject: %s) " + "is not in the list of trusted keys", chain[0].getSubjectDN())); }
@Test public void getAcceptedIssuers() throws Exception { assertThat(instance.getAcceptedIssuers(), notNullValue()); }
/** * {@inheritDoc} */ @Override public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { validateAuthType(authType); validateChain(chain); checkPublicKey(false, chain); }
@Test(expected = IllegalArgumentException.class) public void checkServerTrusted_nullNonNull() throws Exception { instance.checkServerTrusted(null, "RSA"); }
@Test(expected = IllegalArgumentException.class) public void checkClientTrusted1_nullNonNull() throws Exception { instance.checkClientTrusted(null, "RSA", new Socket()); }
/** * {@inheritDoc} */ @Override public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException { validateAuthType(authType); validateChain(chain); checkPublicKey(false, chain); }
trustManager = new PublicKeyMatchingX509ExtendedTrustManager(false, true); TrustManager[] trustManagers = {trustManager};
@Test(expected = IllegalArgumentException.class) public void checkServerTrusted2_nullNonNull() throws Exception { instance.checkServerTrusted(null, "RSA", (SSLEngine)null); }
@Test(expected = IllegalArgumentException.class) public void checkClientTrusted2_nullNonNull() throws Exception { instance.checkClientTrusted(null, "RSA", (SSLEngine)null); }
/** * {@inheritDoc} */ @Override public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { validateAuthType(authType); validateChain(chain); checkPublicKey(true, chain); }
new TrustManager[]{new PublicKeyMatchingX509ExtendedTrustManager(keyPair.getPublic())}, null);
@Test(expected = CertificateException.class) public void checkServerUntrusted1() throws Exception { instance.checkServerTrusted(new X509Certificate[]{altCert.certificate()}, "RSA", new Socket()); }
@Test(expected = IllegalArgumentException.class) public void checkClientTrusted1_nonNullNull() throws Exception { instance.checkClientTrusted(new X509Certificate[]{cert.certificate()}, null, new Socket()); }
/** * {@inheritDoc} */ @Override public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException { validateAuthType(authType); validateChain(chain); checkPublicKey(false, chain); }
@Test(expected = IllegalArgumentException.class) public void checkServerTrusted1_nonNullEmpty() throws Exception { instance.checkServerTrusted(new X509Certificate[]{cert.certificate()}, "", new Socket()); }