Package org.miaixz.bus.http.secure
Class CertificatePinner
java.lang.Object
org.miaixz.bus.http.secure.CertificatePinner
限制哪些证书受信任。将证书固定起来可以防御对证书颁发机构的攻击。 它还可以防止通过应用程序用户知道或不知道的中间人证书颁发机构进行连接 固定证书限制了服务器团队更新其TLS证书的能力。通过固定证书,
您将承担额外的操作复杂性,并限制您在证书颁发机构之间迁移的能力。 未经服务器的TLS管理员许可,请勿使用证书固定! 如果
TrustManager不接受自签名证书,
则CertificatePinner不能用于pin自签名证书- Since:
- Java 17+
- Author:
- Kimi Liu
-
Nested Class Summary
Nested Classes -
Field Summary
Fields -
Method Summary
Modifier and TypeMethodDescriptionvoidcheck(String hostname, Certificate... peerCertificates) Deprecated.voidcheck(String hostname, List<Certificate> peerCertificates) 确认hostname所固定的证书中至少有一个位于peerCertificates中。booleaninthashCode()static Stringpin(Certificate certificate) Returns the SHA-256 ofcertificate's public key.withCertificateChainCleaner(CertificateChainCleaner certificateChainCleaner) Returns a certificate pinner that usescertificateChainCleaner.
-
Field Details
-
DEFAULT
-
-
Method Details
-
pin
Returns the SHA-256 ofcertificate's public key. In Http and earlier, this returned a SHA-1 hash of the public key. Both types are supported, but SHA-256 is preferred. -
equals
-
hashCode
-
check
public void check(String hostname, List<Certificate> peerCertificates) throws SSLPeerUnverifiedException 确认hostname所固定的证书中至少有一个位于peerCertificates中。 如果没有为hostname指定证书,则不执行任何操作。Httpd在成功的TLS握手之后调用它,但是在使用连接之前.- Parameters:
hostname- 主机名peerCertificates- 证书信息- Throws:
SSLPeerUnverifiedException- 如果peerCertificates与hostname所固定的证书不匹配
-
check
public void check(String hostname, Certificate... peerCertificates) throws SSLPeerUnverifiedException Deprecated.replaced withcheck(String, List).- Throws:
SSLPeerUnverifiedException
-
withCertificateChainCleaner
public CertificatePinner withCertificateChainCleaner(CertificateChainCleaner certificateChainCleaner) Returns a certificate pinner that usescertificateChainCleaner.
-
check(String, List).