Module bus.http
Package org.miaixz.bus.http.secure

Class BasicCertificateChainCleaner

java.lang.Object
org.miaixz.bus.http.secure.CertificateChainCleaner
org.miaixz.bus.http.secure.BasicCertificateChainCleaner
public class BasicCertificateChainCleaner extends CertificateChainCleaner
A certificate chain cleaner that builds a trust chain starting from a server certificate, following the chain of issuers until a trusted root certificate is found. This class duplicates the clean chain building that is performed by the TLS implementation. It is used when other mechanisms, such as those provided by the platform (e.g., on Android), are not available.
Since:
Java 17+
Author:
Kimi Liu

  • Constructor Details

    • BasicCertificateChainCleaner

      public BasicCertificateChainCleaner(TrustRootIndex trustRootIndex)
      Constructs a new BasicCertificateChainCleaner.
      Parameters:
      trustRootIndex - An index of trusted root certificates to use for building the chain.

  • Method Details

    • clean

      public List<Certificate> clean(List<Certificate> chain, String hostname) throws SSLPeerUnverifiedException
      Returns a cleaned chain for chain. This method throws if the complete chain to a trusted CA certificate cannot be constructed. This is unexpected unless the trust root index in this class has a different trust manager than what was used to establish chain.
      Specified by:
      clean in class CertificateChainCleaner
      Parameters:
      chain - The raw certificate chain from the peer.
      hostname - The hostname of the peer.
      Returns:
      A validated and cleaned certificate chain.
      Throws:
      SSLPeerUnverifiedException - if the chain cannot be validated.

    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object

    • equals

      public boolean equals(Object other)
      Overrides:
      equals in class Object