Package io.confluent.kafka.client.plugins.ssl

Class ConfluentTrustManager

java.lang.Object

javax.net.ssl.X509ExtendedTrustManager

io.confluent.kafka.client.plugins.ssl.ConfluentTrustManager

All Implemented Interfaces:

TrustManager, X509TrustManager

Direct Known Subclasses:

NetworkLinkTrustManager

public class ConfluentTrustManager
extends X509ExtendedTrustManager

A trust manager that verifies that the client invalid input: '&' server certificate presented during clientAuth belongs to confluent cloud and then delegates to the defaultTrustManager for general certificate chain validation. It first verifies that the subjectAltName is CCloud host and if missing it verifies the subject belongs to confluent cloud.

Constructor Summary

Constructors

Constructor	Description
ConfluentTrustManager(Map<String,?> configs, X509ExtendedTrustManager defaultTrustManager)

Method Summary

Modifier and Type	Method	Description
void	checkClientTrusted(X509Certificate[] x509Certificates, String authType)
void	checkClientTrusted(X509Certificate[] x509Certificates, String authType, Socket socket)
void	checkClientTrusted(X509Certificate[] x509Certificates, String authType, SSLEngine sslEngine)
void	checkServerTrusted(X509Certificate[] x509Certificates, String authType)
void	checkServerTrusted(X509Certificate[] x509Certificates, String authType, Socket socket)
void	checkServerTrusted(X509Certificate[] x509Certificates, String authType, SSLEngine sslEngine)
X509Certificate[]	getAcceptedIssuers()

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

ConfluentTrustManager

public ConfluentTrustManager(Map<String,?> configs,
 X509ExtendedTrustManager defaultTrustManager)

Method Details

checkClientTrusted

public void checkClientTrusted(X509Certificate[] x509Certificates,
 String authType,
 Socket socket)
                        throws CertificateException

Specified by:

checkClientTrusted in class X509ExtendedTrustManager

Throws:

CertificateException

checkServerTrusted

public void checkServerTrusted(X509Certificate[] x509Certificates,
 String authType,
 Socket socket)
                        throws CertificateException

Specified by:

checkServerTrusted in class X509ExtendedTrustManager

Throws:

CertificateException

checkClientTrusted

public void checkClientTrusted(X509Certificate[] x509Certificates,
 String authType,
 SSLEngine sslEngine)
                        throws CertificateException

Specified by:

checkClientTrusted in class X509ExtendedTrustManager

Throws:

CertificateException

checkServerTrusted

public void checkServerTrusted(X509Certificate[] x509Certificates,
 String authType,
 SSLEngine sslEngine)
                        throws CertificateException

Specified by:

checkServerTrusted in class X509ExtendedTrustManager

Throws:

CertificateException

checkClientTrusted

public void checkClientTrusted(X509Certificate[] x509Certificates,
 String authType)
                        throws CertificateException

Throws:

CertificateException

checkServerTrusted

public void checkServerTrusted(X509Certificate[] x509Certificates,
 String authType)
                        throws CertificateException

Throws:

CertificateException

getAcceptedIssuers

public X509Certificate[] getAcceptedIssuers()