diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2020-10-14 11:39:49 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2020-10-14 13:28:15 +0200 |
commit | 8d5d765692297fe333c5ba7c3bdba9ce506080cb (patch) | |
tree | 03f673b9a3603f13702bce113c5e816e30d3602b /security-utils | |
parent | e8cd64ce30cb9fb3917bb8619e91420e89120f06 (diff) |
Add trust manager that accepts any server certificate
Diffstat (limited to 'security-utils')
-rw-r--r-- | security-utils/src/main/java/com/yahoo/security/tls/TrustAllX509TrustManager.java | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/TrustAllX509TrustManager.java b/security-utils/src/main/java/com/yahoo/security/tls/TrustAllX509TrustManager.java new file mode 100644 index 00000000000..d163366e686 --- /dev/null +++ b/security-utils/src/main/java/com/yahoo/security/tls/TrustAllX509TrustManager.java @@ -0,0 +1,27 @@ +// Copyright Verizon Media. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.security.tls; + +import javax.net.ssl.SSLEngine; +import javax.net.ssl.X509ExtendedTrustManager; +import java.net.Socket; +import java.security.cert.X509Certificate; + +/** + * A {@link X509ExtendedTrustManager} that accepts all server certificates. + * + * @author bjorncs + */ +public class TrustAllX509TrustManager extends X509ExtendedTrustManager { + @Override public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) { failWhenUsedOnServer(); } + @Override public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) { failWhenUsedOnServer(); } + @Override public void checkClientTrusted(X509Certificate[] chain, String authType) { failWhenUsedOnServer(); } + + @Override public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) {} + @Override public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) {} + @Override public void checkServerTrusted(X509Certificate[] chain, String authType) {} + @Override public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } + + private static void failWhenUsedOnServer() { + throw new IllegalStateException("TrustAllX509TrustManager cannot be used on server, only client"); + } +} |