Module bus.http
Package org.miaixz.bus.http.secure

Class CertificateChainCleaner

java.lang.Object
org.miaixz.bus.http.secure.CertificateChainCleaner
Direct Known Subclasses:
BasicCertificateChainCleaner
public abstract class CertificateChainCleaner extends Object
Computes a clean certificate chain from the raw array provided by a TLS implementation. A cleaned chain is a list of certificates where the first element is the server's certificate, each certificate is signed by the one that follows, and the final certificate is a trusted CA. This class can be used to omit unexpected certificates and to find the trust anchor for certificate pinning.
Since:
Java 17+
Author:
Kimi Liu

  • Constructor Details

    • CertificateChainCleaner

      public CertificateChainCleaner()

  • Method Details

    • get

      public static CertificateChainCleaner get(X509TrustManager trustManager)
      Creates a CertificateChainCleaner that uses the platform's default trust manager.
      Parameters:
      trustManager - The trust manager to use.
      Returns:
      A new platform-specific CertificateChainCleaner.

    • get

      public static CertificateChainCleaner get(X509Certificate... caCerts)
      Creates a CertificateChainCleaner that uses a custom set of CA certificates.
      Parameters:
      caCerts - The custom set of trusted CA certificates.
      Returns:
      A new CertificateChainCleaner.

    • clean

      public abstract List<Certificate> clean(List<Certificate> chain, String hostname) throws SSLPeerUnverifiedException
      Takes a raw certificate chain and returns a cleaned, validated chain up to a trusted root.
      Parameters:
      chain - The raw, possibly unordered, certificate chain from the peer.
      hostname - The hostname of the peer, used for verification.
      Returns:
      A list of certificates representing the validated chain.
      Throws:
      SSLPeerUnverifiedException - if the chain cannot be validated against a trusted root.