diff options
author | Bjørn Christian Seime <bjorn.christian@seime.no> | 2020-10-15 10:21:51 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-10-15 10:21:51 +0200 |
commit | 62cf53967da366797a54bb1d43c3825d4afae7a8 (patch) | |
tree | 5980a188ee158ab4fd87084521e76dfa3df85258 /security-utils | |
parent | c8602587ed7282e742cb0e174fe145b7f6041b18 (diff) |
Revert "Revert "Bjorncs/health check proxy https""
Diffstat (limited to 'security-utils')
-rw-r--r-- | security-utils/src/main/java/com/yahoo/security/tls/TrustAllX509TrustManager.java | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/TrustAllX509TrustManager.java b/security-utils/src/main/java/com/yahoo/security/tls/TrustAllX509TrustManager.java new file mode 100644 index 00000000000..d163366e686 --- /dev/null +++ b/security-utils/src/main/java/com/yahoo/security/tls/TrustAllX509TrustManager.java @@ -0,0 +1,27 @@ +// Copyright Verizon Media. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.security.tls; + +import javax.net.ssl.SSLEngine; +import javax.net.ssl.X509ExtendedTrustManager; +import java.net.Socket; +import java.security.cert.X509Certificate; + +/** + * A {@link X509ExtendedTrustManager} that accepts all server certificates. + * + * @author bjorncs + */ +public class TrustAllX509TrustManager extends X509ExtendedTrustManager { + @Override public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) { failWhenUsedOnServer(); } + @Override public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) { failWhenUsedOnServer(); } + @Override public void checkClientTrusted(X509Certificate[] chain, String authType) { failWhenUsedOnServer(); } + + @Override public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) {} + @Override public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) {} + @Override public void checkServerTrusted(X509Certificate[] chain, String authType) {} + @Override public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } + + private static void failWhenUsedOnServer() { + throw new IllegalStateException("TrustAllX509TrustManager cannot be used on server, only client"); + } +} |