net.lightbody.bmp.mitm.util

Class TrustUtil

java.lang.Object

net.lightbody.bmp.mitm.util.TrustUtil

public class TrustUtil
extends Object

Utility class for interacting with the default trust stores on this JVM.

Field Summary

Fields

Modifier and Type	Field and Description
static X509Certificate[]	EMPTY_CERTIFICATE_ARRAY Empty X509 certificate array, useful for indicating an empty root CA trust store.

Constructor Summary

Constructors

Constructor and Description
TrustUtil()

Method Summary

Modifier and Type	Method and Description
static List<X509Certificate>	extractTrustedCertificateEntries(KeyStore trustStore) Extracts the KeyStore.TrustedCertificateEntrys from the specified KeyStore.
static X509Certificate[]	getBuiltinTrustedCAs() Returns the built-in list of trusted CAs.
static X509TrustManager	getDefaultJavaTrustManager() Returns a new instance of the default TrustManager for this JVM.
static X509Certificate[]	getJavaTrustedCAs() Returns the list of root CAs trusted by default in this JVM, according to the TrustManager returned by getDefaultJavaTrustManager().
static X509Certificate	readSingleX509Certificate(String x509CertificateAsPem) Parses a single PEM-encoded X509 certificate into an X509Certificate.
static X509Certificate[]	readX509CertificatesFromPem(String pemEncodedCAs) Parses a String containing zero or more PEM-encoded X509 certificates into an array of X509Certificate.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

EMPTY_CERTIFICATE_ARRAY

public static final X509Certificate[] EMPTY_CERTIFICATE_ARRAY

Empty X509 certificate array, useful for indicating an empty root CA trust store.

Constructor Detail

TrustUtil

public TrustUtil()

Method Detail

getBuiltinTrustedCAs

public static X509Certificate[] getBuiltinTrustedCAs()

Returns the built-in list of trusted CAs. This is a copy of cURL's list (https://curl.haxx.se/ca/cacert.pem), which is ultimately derived from Firefox/NSS' list of trusted CAs.

getJavaTrustedCAs

public static X509Certificate[] getJavaTrustedCAs()

Returns the list of root CAs trusted by default in this JVM, according to the TrustManager returned by getDefaultJavaTrustManager().

readX509CertificatesFromPem

public static X509Certificate[] readX509CertificatesFromPem(String pemEncodedCAs)

Parses a String containing zero or more PEM-encoded X509 certificates into an array of X509Certificate. Everything outside of BEGIN CERTIFICATE and END CERTIFICATE lines will be ignored.

Parameters:

pemEncodedCAs - a String containing PEM-encoded certficiates

Returns:

array containing certificates in the String

readSingleX509Certificate

public static X509Certificate readSingleX509Certificate(String x509CertificateAsPem)

Parses a single PEM-encoded X509 certificate into an X509Certificate.

Parameters:

x509CertificateAsPem - PEM-encoded X509 certificate

Returns:

parsed Java X509Certificate

getDefaultJavaTrustManager

public static X509TrustManager getDefaultJavaTrustManager()

Returns a new instance of the default TrustManager for this JVM. Uses the default JVM trust store, which is generally the cacerts file in JAVA_HOME/jre/lib/security, but this can be overridden using JVM parameters.

extractTrustedCertificateEntries

public static List<X509Certificate> extractTrustedCertificateEntries(KeyStore trustStore)

Extracts the KeyStore.TrustedCertificateEntrys from the specified KeyStore. All other entry types, including private keys, will be ignored.

Parameters:

trustStore - keystore containing trusted certificate entries

Returns:

the trusted certificate entries in the specified keystore