Package com.amazonaws.kinesisvideo.http
Class HostnameVerifyingX509ExtendedTrustManager
- java.lang.Object
-
- javax.net.ssl.X509ExtendedTrustManager
-
- com.amazonaws.kinesisvideo.http.HostnameVerifyingX509ExtendedTrustManager
-
- All Implemented Interfaces:
TrustManager,X509TrustManager
public class HostnameVerifyingX509ExtendedTrustManager extends X509ExtendedTrustManager
-
-
Constructor Summary
Constructors Constructor Description HostnameVerifyingX509ExtendedTrustManager(boolean clientSideHostnameVerificationEnabled)HostnameVerifyingX509ExtendedTrustManager(boolean clientSideHostnameVerificationEnabled, boolean skipHostAddressVerification)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description voidcheckClientTrusted(X509Certificate[] chain, String authType)voidcheckClientTrusted(X509Certificate[] chain, String authType, Socket socket)voidcheckClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine)voidcheckServerTrusted(X509Certificate[] chain, String authType)voidcheckServerTrusted(X509Certificate[] chain, String authType, Socket socket)voidcheckServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine)X509Certificate[]getAcceptedIssuers()voidperformHostVerification(String hostAddress, String hostName, X509Certificate certificate)Compares peer's hostname with the one stored in the provided client certificate.voidperformHostVerification(InetAddress inetAddress, X509Certificate certificate)Compares peer's hostname with the one stored in the provided client certificate.
-
-
-
Constructor Detail
-
HostnameVerifyingX509ExtendedTrustManager
public HostnameVerifyingX509ExtendedTrustManager(boolean clientSideHostnameVerificationEnabled)
-
HostnameVerifyingX509ExtendedTrustManager
public HostnameVerifyingX509ExtendedTrustManager(boolean clientSideHostnameVerificationEnabled, boolean skipHostAddressVerification)
-
-
Method Detail
-
getAcceptedIssuers
public X509Certificate[] getAcceptedIssuers()
-
checkClientTrusted
public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException
- Specified by:
checkClientTrustedin classX509ExtendedTrustManager- Throws:
CertificateException
-
checkServerTrusted
public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException
- Specified by:
checkServerTrustedin classX509ExtendedTrustManager- Throws:
CertificateException
-
checkClientTrusted
public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException
- Specified by:
checkClientTrustedin classX509ExtendedTrustManager- Throws:
CertificateException
-
checkServerTrusted
public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException
- Specified by:
checkServerTrustedin classX509ExtendedTrustManager- Throws:
CertificateException
-
checkClientTrusted
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException
- Throws:
CertificateException
-
checkServerTrusted
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException
- Throws:
CertificateException
-
performHostVerification
public void performHostVerification(InetAddress inetAddress, X509Certificate certificate) throws CertificateException
Compares peer's hostname with the one stored in the provided client certificate. Performs verification with the help of provided HostnameVerifier.- Parameters:
inetAddress- Peer's inet address.certificate- Peer's certificate- Throws:
CertificateException- Thrown if the provided certificate doesn't match the peer hostname.
-
performHostVerification
public void performHostVerification(String hostAddress, String hostName, X509Certificate certificate) throws CertificateException
Compares peer's hostname with the one stored in the provided client certificate. Performs verification with the help of provided HostnameVerifier. We attempt to perform verification using just the IP address first (skippable) and if that fails will attempt to perform a reverse DNS lookup and verify using the hostname.- Parameters:
hostAddress- Peer's host address.hostName- Peer's host name.certificate- Peer's certificate- Throws:
CertificateException- Thrown if the provided certificate doesn't match the peer hostname.
-
-