Java Code Examples for javax.net.ssl.X509TrustManager#checkServerTrusted()
The following examples show how to use
javax.net.ssl.X509TrustManager#checkServerTrusted() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: TrustManagers.java From scipio-erp with Apache License 2.0 | 8 votes |
|
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
for(X509TrustManager tm : startServerTms) {
try {
tm.checkServerTrusted(chain, authType);
return; // first found
} catch(CertificateException e) {
; // proceed
}
}
// last try
if (finalServerTm == null) {
throw new CertificateException("Cannot validate server certificate (no delegated trust managers for server check)");
}
finalServerTm.checkServerTrusted(chain, authType);
}
Example 2
| Source File: OkHttpRootTrustManager.java From TrustKit-Android with MIT License | 7 votes |
|
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
String host = mServerHostname.get();
DomainPinningPolicy serverConfig =
TrustKit.getInstance().getConfiguration().getPolicyForHostname(host);
X509TrustManager trustManager = TrustKit.getInstance().getTrustManager(host);
//The first check is needed for compatibility with the Platform default's implementation of
//the Trust Manager. For APIs 24 and greater, the Platform's default TrustManager states
//that it requires usage of the hostname-aware version of checkServerTrusted for app's that
//implement Android's network_security_config file. The 2nd check is to allow usage of the
//X509TrustManagerExtensions class. Any API below will default to the baseline trust manager.
if (serverConfig == null && Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) {
new X509TrustManagerExtensions(trustManager).checkServerTrusted(chain, authType, host);
} else {
trustManager.checkServerTrusted(chain, authType);
}
}
Example 3
| Source File: SSLContextInitializer.java From trufflesqueak with MIT License | 7 votes |
|
@Override
public void checkServerTrusted(final X509Certificate[] chain, final String authType)
throws CertificateException {
CertificateException lastError = null;
for (final X509TrustManager manager : managers) {
try {
manager.checkServerTrusted(chain, authType);
return;
} catch (final CertificateException e) {
lastError = e;
}
}
if (lastError != null) {
throw lastError;
}
}
Example 4
| Source File: MultiTrustManager.java From substitution-schedule-parser with Mozilla Public License 2.0 | 6 votes |
|
@Override
public void checkServerTrusted(final X509Certificate[] chain, final String authType) throws CertificateException
{
if (trustManagers.isEmpty()) {
throw new CertificateException("No trust managers installed!");
}
CertificateException ce = null;
for (X509TrustManager trustManager : trustManagers) {
try {
trustManager.checkServerTrusted(chain, authType);
return;
}
catch (CertificateException trustCe) {
ce = trustCe;
}
}
throw ce;
}
Example 5
| Source File: CompositeX509TrustManager.java From CompositeJKS with MIT License | 6 votes |
|
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
CertificateException lastError = null;
for (X509TrustManager trustManager : children) {
try {
trustManager.checkServerTrusted(chain, authType);
return;
} catch (CertificateException ex) {
lastError = ex;
}
}
if (lastError != null) {
throw lastError;
}
}
Example 6
| Source File: ReloadingX509TrustManager.java From hadoop with Apache License 2.0 | 5 votes |
|
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
X509TrustManager tm = trustManagerRef.get();
if (tm != null) {
tm.checkServerTrusted(chain, authType);
} else {
throw new CertificateException("Unknown server chain certificate: " +
chain[0].toString());
}
}
Example 7
| Source File: PartialTrustManager.java From drftpd with GNU General Public License v2.0 | 5 votes |
|
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
for (TrustManager manager : _defaultManagers) {
if (manager instanceof X509TrustManager) {
X509TrustManager x509Manager = (X509TrustManager) manager;
x509Manager.checkServerTrusted(chain, authType);
}
}
}
Example 8
| Source File: PartialTrustManager.java From drftpd with GNU General Public License v2.0 | 5 votes |
|
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
for (TrustManager manager : _defaultManagers) {
if (manager instanceof X509TrustManager) {
X509TrustManager x509Manager = (X509TrustManager) manager;
x509Manager.checkServerTrusted(chain, authType);
}
}
}
Example 9
| Source File: ReloadingX509TrustManager.java From big-c with Apache License 2.0 | 5 votes |
|
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
X509TrustManager tm = trustManagerRef.get();
if (tm != null) {
tm.checkServerTrusted(chain, authType);
} else {
throw new CertificateException("Unknown server chain certificate: " +
chain[0].toString());
}
}
Example 10
| Source File: CompositeX509TrustManager.java From zap-extensions with Apache License 2.0 | 5 votes |
|
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
for (X509TrustManager trustManager : trustManagers) {
try {
trustManager.checkServerTrusted(chain, authType);
return; // someone trusts them. success!
} catch (CertificateException e) {
// maybe someone else will trust them
}
}
throw new CertificateException("None of the TrustManagers trust this certificate chain");
}
Example 11
| Source File: KeyStoresTrustManager.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 5 votes |
|
@Override
public void checkServerTrusted(X509Certificate[] certificates, String authType) throws CertificateException {
CertificateException catchException = null;
for (X509TrustManager tm : trustManagers) {
try {
tm.checkServerTrusted(certificates, authType);
return;
} catch (CertificateException e) {
catchException = e;
}
}
throw catchException;
}
Example 12
| Source File: LdapClientTrustStoreManager.java From directory-fortress-core with Apache License 2.0 | 5 votes |
|
/**
* Determine if server certificate is to be trusted.
*
* @param x509Chain
* @param authNType
* @throws CertificateException
*/
public synchronized void checkServerTrusted( final X509Certificate[] x509Chain, final String authNType ) throws
CertificateException
{
for ( final X509TrustManager trustManager : getTrustManagers( x509Chain ) )
{
trustManager.checkServerTrusted( x509Chain, authNType );
}
}
Example 13
| Source File: LdapClientTrustStoreManager.java From directory-ldap-api with Apache License 2.0 | 5 votes |
|
/**
* Determine if server certificate is to be trusted.
*
* @param x509Chain The certificate chain
* @param authNType The key exchange algorithm being used
* @throws CertificateException If the trustManager cannot be found
*/
public synchronized void checkServerTrusted( X509Certificate[] x509Chain, String authNType ) throws
CertificateException
{
for ( X509TrustManager trustManager : getTrustManagers( x509Chain ) )
{
trustManager.checkServerTrusted( x509Chain, authNType );
}
}
Example 14
| Source File: FileTrustStoreSslSocketFactory.java From springboot-shiro-cas-mybatis with MIT License | 5 votes |
|
@Override
public void checkServerTrusted(final X509Certificate[] chain, final String authType) throws CertificateException {
for (final X509TrustManager trustManager : trustManagers) {
try {
trustManager.checkServerTrusted(chain, authType);
return;
} catch (final CertificateException e) {
LOGGER.debug(e.getMessage(), e);
}
}
throw new CertificateException("None of the TrustManagers trust this certificate chain");
}
Example 15
| Source File: CompositeTrustManager.java From tessera with Apache License 2.0 | 5 votes |
|
@Override
public void checkServerTrusted(X509Certificate[] serverCertificates, String authType) throws CertificateException {
for (TrustManager trustManager : trustManagers) {
try {
final X509TrustManager x509TrustManager = (X509TrustManager) trustManager;
x509TrustManager.checkServerTrusted(serverCertificates, authType);
return;
}
catch (CertificateException ex) {
//Ignore and move on to the next trust manager
}
}
throw new CertificateException("Certificate is not trusted by any of the trust managers");
}
Example 16
| Source File: SslContextTrustManagerTest.java From netty-4.1.22 with Apache License 2.0 | 5 votes |
|
/**
*
* @param caResources
* an array of paths to CA Certificates in PEM format to load
* from the classpath (relative to this class).
* @param eecResources
* an array of paths to Server Certificates in PEM format in to
* load from the classpath (relative to this class).
* @param expectations
* an array of expecting results for each EEC Server Certificate
* (the array is expected to have the same length the previous
* argument, and be arrange in matching order: true means
* expected to be valid, false otherwise.
*/
private static void runTests(String[] caResources, String[] eecResources,
boolean[] expectations) throws Exception {
X509TrustManager tm = getTrustManager(caResources);
X509Certificate[] eecCerts = loadCertCollection(eecResources);
for (int i = 0; i < eecResources.length; i++) {
X509Certificate eecCert = eecCerts[i];
assertNotNull("Cannot use cert " + eecResources[i], eecCert);
try {
tm.checkServerTrusted(new X509Certificate[] { eecCert }, "RSA");
if (!expectations[i]) {
fail(String.format(
"Certificate %s was expected not to be valid when using CAs %s, but its "
+ "verification passed.", eecResources[i],
Arrays.asList(caResources)));
}
} catch (CertificateException e) {
if (expectations[i]) {
fail(String.format(
"Certificate %s was expected to be valid when using CAs %s, but its "
+ "verification failed.", eecResources[i],
Arrays.asList(caResources)));
}
}
}
}
Example 17
| Source File: CelleryTrustManagerTest.java From cellery-security with Apache License 2.0 | 5 votes |
|
@Test(expectedExceptions = IllegalArgumentException.class)
public void testCheckServerTrustedEnableTM() throws Exception {
try {
System.setProperty(VALIDATE_SERVER_CERT, "true");
X509TrustManager celleryTrustManager = new CelleryTrustManager();
celleryTrustManager.checkServerTrusted(null, null);
} finally {
System.getProperties().remove(VALIDATE_SERVER_CERT);
}
}
Example 18
| Source File: TrustManagerTest.java From openjdk-jdk9 with GNU General Public License v2.0 | 4 votes |
|
public static void main(String[] args) throws Exception {
if (initSecmod() == false) {
return;
}
if ("sparc".equals(System.getProperty("os.arch")) == false) {
// we have not updated other platforms with the proper NSS libraries yet
System.out.println("Test currently works only on solaris-sparc, skipping");
return;
}
String configName = BASE + SEP + "fips.cfg";
Provider p = getSunPKCS11(configName);
System.out.println(p);
Security.addProvider(p);
Security.removeProvider("SunJSSE");
Provider jsse = new com.sun.net.ssl.internal.ssl.Provider(p);
Security.addProvider(jsse);
System.out.println(jsse.getInfo());
KeyStore ks = KeyStore.getInstance("PKCS11", p);
ks.load(null, "test12".toCharArray());
X509Certificate server = loadCertificate("certs/server.cer");
X509Certificate ca = loadCertificate("certs/ca.cer");
X509Certificate anchor = loadCertificate("certs/anchor.cer");
if (args.length > 1 && "sm".equals(args[0])) {
Policy.setPolicy(Policy.getInstance("JavaPolicy",
new URIParameter(new File(BASE, args[1]).toURI())));
System.setSecurityManager(new SecurityManager());
}
KeyStore trustStore = KeyStore.getInstance("JKS");
trustStore.load(null, null);
trustStore.setCertificateEntry("anchor", anchor);
TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");
tmf.init(trustStore);
X509TrustManager tm = (X509TrustManager)tmf.getTrustManagers()[0];
X509Certificate[] chain = {server, ca, anchor};
tm.checkServerTrusted(chain, "RSA");
System.out.println("OK");
}
Example 19
| Source File: SSLImplementation.java From tn5250j with GNU General Public License v2.0 | 4 votes |
|
public void checkServerTrusted(X509Certificate[] chain, String type)
throws CertificateException {
try {
for (int i = 0; i < userTrustManagers.length; i++) {
if (userTrustManagers[i] instanceof X509TrustManager) {
X509TrustManager trustManager = (X509TrustManager) userTrustManagers[i];
X509Certificate[] calist = trustManager
.getAcceptedIssuers();
if (calist.length > 0) {
trustManager.checkServerTrusted(chain, type);
} else {
throw new CertificateException(
"Empty list of accepted issuers (a.k.a. root CA list).");
}
}
}
return;
} catch (CertificateException ce) {
X509Certificate cert = chain[0];
String certInfo = "Version: " + cert.getVersion() + "\n";
certInfo = certInfo.concat("Serial Number: "
+ cert.getSerialNumber() + "\n");
certInfo = certInfo.concat("Signature Algorithm: "
+ cert.getSigAlgName() + "\n");
certInfo = certInfo.concat("Issuer: "
+ cert.getIssuerDN().getName() + "\n");
certInfo = certInfo.concat("Valid From: " + cert.getNotBefore()
+ "\n");
certInfo = certInfo
.concat("Valid To: " + cert.getNotAfter() + "\n");
certInfo = certInfo.concat("Subject DN: "
+ cert.getSubjectDN().getName() + "\n");
certInfo = certInfo.concat("Public Key: "
+ cert.getPublicKey().getFormat() + "\n");
int accept = JOptionPane
.showConfirmDialog(null, certInfo, "Unknown Certificate - Do you accept it?",
javax.swing.JOptionPane.YES_NO_OPTION);
if (accept != JOptionPane.YES_OPTION) {
throw new java.security.cert.CertificateException(
"Certificate Rejected");
}
int save = JOptionPane.showConfirmDialog(null,
"Remember this certificate?", "Save Certificate",
javax.swing.JOptionPane.YES_NO_OPTION);
if (save == JOptionPane.YES_OPTION) {
try {
userks.setCertificateEntry(cert.getSubjectDN().getName(),
cert);
userks.store(new FileOutputStream(userKsPath),
userksPassword);
} catch (Exception e) {
logger.error("Error saving certificate [" + e.getMessage()
+ "]");
e.printStackTrace();
}
}
}
}
Example 20
| Source File: CelleryTrustManagerTest.java From cellery-security with Apache License 2.0 | 4 votes |
|
@Test
public void testCheckServerTrustedWithoutEnableTM() throws Exception {
X509TrustManager celleryTrustManager = new CelleryTrustManager();
celleryTrustManager.checkServerTrusted(null, null);
}
