Package net.snowflake.client.core
Class SFTrustManager
- java.lang.Object
-
- javax.net.ssl.X509ExtendedTrustManager
-
- net.snowflake.client.core.SFTrustManager
-
- All Implemented Interfaces:
TrustManager,X509TrustManager
public class SFTrustManager extends X509ExtendedTrustManager
SFTrustManager is a composite of TrustManager of the default JVM TrustManager and Snowflake OCSP revocation status checker. Use this when initializing SSLContext object.TrustManager[] trustManagers = {new SFTrustManager()}; SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, trustManagers, null);
-
-
Field Summary
Fields Modifier and Type Field Description static StringSF_OCSP_EVENT_TYPE_REVOKED_CERTIFICATE_ERROROCSP event typesstatic StringSF_OCSP_EVENT_TYPE_VALIDATION_ERRORstatic StringSF_OCSP_RESPONSE_CACHE_SERVER_ENABLEDstatic StringSF_OCSP_RESPONSE_CACHE_SERVER_URLTest System Parameters.static StringSF_OCSP_TEST_INJECT_UNKNOWN_STATUSstatic StringSF_OCSP_TEST_INJECT_VALIDITY_ERRORstatic StringSF_OCSP_TEST_INVALID_SIGNING_CERTstatic StringSF_OCSP_TEST_NO_OCSP_RESPONDER_URLstatic StringSF_OCSP_TEST_OCSP_RESPONDER_TIMEOUTstatic StringSF_OCSP_TEST_OCSP_RESPONSE_CACHE_SERVER_TIMEOUTstatic StringSF_OCSP_TEST_RESPONDER_URL
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description voidcheckClientTrusted(X509Certificate[] chain, String authType)voidcheckClientTrusted(X509Certificate[] chain, String authType, Socket socket)voidcheckClientTrusted(X509Certificate[] chain, String authType, SSLEngine sslEngine)voidcheckServerTrusted(X509Certificate[] chain, String authType)voidcheckServerTrusted(X509Certificate[] chain, String authType, Socket socket)voidcheckServerTrusted(X509Certificate[] chain, String authType, SSLEngine sslEngine)static voidcleanTestSystemParameters()static voiddeleteCache()Deletes OCSP response cache file from disk.X509Certificate[]getAcceptedIssuers()
-
-
-
Field Detail
-
SF_OCSP_RESPONSE_CACHE_SERVER_URL
public static final String SF_OCSP_RESPONSE_CACHE_SERVER_URL
Test System Parameters. Not used in the production- See Also:
- Constant Field Values
-
SF_OCSP_RESPONSE_CACHE_SERVER_ENABLED
public static final String SF_OCSP_RESPONSE_CACHE_SERVER_ENABLED
- See Also:
- Constant Field Values
-
SF_OCSP_TEST_INJECT_VALIDITY_ERROR
public static final String SF_OCSP_TEST_INJECT_VALIDITY_ERROR
- See Also:
- Constant Field Values
-
SF_OCSP_TEST_INJECT_UNKNOWN_STATUS
public static final String SF_OCSP_TEST_INJECT_UNKNOWN_STATUS
- See Also:
- Constant Field Values
-
SF_OCSP_TEST_RESPONDER_URL
public static final String SF_OCSP_TEST_RESPONDER_URL
- See Also:
- Constant Field Values
-
SF_OCSP_TEST_OCSP_RESPONSE_CACHE_SERVER_TIMEOUT
public static final String SF_OCSP_TEST_OCSP_RESPONSE_CACHE_SERVER_TIMEOUT
- See Also:
- Constant Field Values
-
SF_OCSP_TEST_OCSP_RESPONDER_TIMEOUT
public static final String SF_OCSP_TEST_OCSP_RESPONDER_TIMEOUT
- See Also:
- Constant Field Values
-
SF_OCSP_TEST_INVALID_SIGNING_CERT
public static final String SF_OCSP_TEST_INVALID_SIGNING_CERT
- See Also:
- Constant Field Values
-
SF_OCSP_TEST_NO_OCSP_RESPONDER_URL
public static final String SF_OCSP_TEST_NO_OCSP_RESPONDER_URL
- See Also:
- Constant Field Values
-
SF_OCSP_EVENT_TYPE_REVOKED_CERTIFICATE_ERROR
public static String SF_OCSP_EVENT_TYPE_REVOKED_CERTIFICATE_ERROR
OCSP event types
-
SF_OCSP_EVENT_TYPE_VALIDATION_ERROR
public static String SF_OCSP_EVENT_TYPE_VALIDATION_ERROR
-
-
Method Detail
-
deleteCache
public static void deleteCache()
Deletes OCSP response cache file from disk.
-
cleanTestSystemParameters
public static void cleanTestSystemParameters()
-
checkClientTrusted
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException
- Throws:
CertificateException
-
checkServerTrusted
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException
- Throws:
CertificateException
-
checkClientTrusted
public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException
- Specified by:
checkClientTrustedin classX509ExtendedTrustManager- Throws:
CertificateException
-
checkClientTrusted
public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine sslEngine) throws CertificateException
- Specified by:
checkClientTrustedin classX509ExtendedTrustManager- Throws:
CertificateException
-
checkServerTrusted
public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException
- Specified by:
checkServerTrustedin classX509ExtendedTrustManager- Throws:
CertificateException
-
checkServerTrusted
public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine sslEngine) throws CertificateException
- Specified by:
checkServerTrustedin classX509ExtendedTrustManager- Throws:
CertificateException
-
getAcceptedIssuers
public X509Certificate[] getAcceptedIssuers()
-
-