@InterfaceAudience.Private public class HBaseTrustManager extends X509ExtendedTrustManager
Modifier and Type | Field and Description |
---|---|
private boolean |
allowReverseDnsLookup |
private boolean |
hostnameVerificationEnabled |
private HBaseHostnameVerifier |
hostnameVerifier |
private static org.slf4j.Logger |
LOG |
private X509ExtendedTrustManager |
x509ExtendedTrustManager |
Constructor and Description |
---|
HBaseTrustManager(X509ExtendedTrustManager x509ExtendedTrustManager,
boolean hostnameVerificationEnabled,
boolean allowReverseDnsLookup)
Instantiate a new HBaseTrustManager.
|
Modifier and Type | Method and Description |
---|---|
void |
checkClientTrusted(X509Certificate[] chain,
String authType) |
void |
checkClientTrusted(X509Certificate[] chain,
String authType,
Socket socket) |
void |
checkClientTrusted(X509Certificate[] chain,
String authType,
SSLEngine engine) |
void |
checkServerTrusted(X509Certificate[] chain,
String authType) |
void |
checkServerTrusted(X509Certificate[] chain,
String authType,
Socket socket) |
void |
checkServerTrusted(X509Certificate[] chain,
String authType,
SSLEngine engine) |
X509Certificate[] |
getAcceptedIssuers() |
private void |
performHostVerification(InetAddress inetAddress,
X509Certificate certificate)
Compares peer's hostname with the one stored in the provided client certificate.
|
private static final org.slf4j.Logger LOG
private final X509ExtendedTrustManager x509ExtendedTrustManager
private final boolean hostnameVerificationEnabled
private final boolean allowReverseDnsLookup
private final HBaseHostnameVerifier hostnameVerifier
HBaseTrustManager(X509ExtendedTrustManager x509ExtendedTrustManager, boolean hostnameVerificationEnabled, boolean allowReverseDnsLookup)
x509ExtendedTrustManager
- The trustmanager to use for
checkClientTrusted/checkServerTrusted logichostnameVerificationEnabled
- If true, this TrustManager should verify hostnames of peers
when checking trust.allowReverseDnsLookup
- If true, we will fall back on reverse dns if resolving of
host failspublic X509Certificate[] getAcceptedIssuers()
public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException
checkClientTrusted
in class X509ExtendedTrustManager
CertificateException
public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException
checkServerTrusted
in class X509ExtendedTrustManager
CertificateException
public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException
checkClientTrusted
in class X509ExtendedTrustManager
CertificateException
public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException
checkServerTrusted
in class X509ExtendedTrustManager
CertificateException
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException
CertificateException
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException
CertificateException
private void performHostVerification(InetAddress inetAddress, X509Certificate certificate) throws CertificateException
inetAddress
- Peer's inet address.certificate
- Peer's certificateCertificateException
- Thrown if the provided certificate doesn't match the peer
hostname.Copyright © 2007–2020 The Apache Software Foundation. All rights reserved.