Module bus.http
Package org.miaixz.bus.http.secure

Class CertificatePinner

java.lang.Object
org.miaixz.bus.http.secure.CertificatePinner
public class CertificatePinner extends Object
Constrains which certificates are trusted. Certificate pinning increases security, but also limits your server team's abilities to update their TLS certificates. Do not use certificate pinning without the blessing of your server's TLS administrator!
Since:
Java 17+
Author:
Kimi Liu

  • Field Details

    • DEFAULT

      public static final CertificatePinner DEFAULT
      A default certificate pinner that trusts any certificate chain.

  • Method Details

    • pin

      public static String pin(Certificate certificate)
      Returns the SHA-256 of certificate's public key.
      Parameters:
      certificate - The certificate to hash.
      Returns:
      A string in the format "sha256/<base64-hash>".

    • equals

      public boolean equals(Object other)
      Overrides:
      equals in class Object

    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object

    • check

      public void check(String hostname, List<Certificate> peerCertificates) throws SSLPeerUnverifiedException
      Confirms that at least one of the certificates pinned for hostname is present in peerCertificates. This method is called after a successful TLS handshake, but before the connection is used.
      Parameters:
      hostname - The hostname of the peer.
      peerCertificates - The certificate chain presented by the peer.
      Throws:
      SSLPeerUnverifiedException - if peerCertificates does not match the certificates pinned for hostname.

    • withCertificateChainCleaner

      public CertificatePinner withCertificateChainCleaner(CertificateChainCleaner certificateChainCleaner)
      Returns a new certificate pinner that uses certificateChainCleaner.
      Parameters:
      certificateChainCleaner - The cleaner to use.
      Returns:
      a new CertificatePinner instance.