FingerprintTrustManagerFactory Class — netty Architecture

Architecture documentation for the FingerprintTrustManagerFactory class in FingerprintTrustManagerFactory.java from the netty codebase.

Class java

Entity Profile

Dependency Diagram

graph TD
  397663e1_6b93_6b62_329a_d98a94a19073["FingerprintTrustManagerFactory"]
  fdf86e21_33e4_85d2_c422_701e82885034["FingerprintTrustManagerFactory.java"]
  397663e1_6b93_6b62_329a_d98a94a19073 -->|defined in| fdf86e21_33e4_85d2_c422_701e82885034
  d88f81b1_d6a8_ac63_873a_ab5dde519899["FingerprintTrustManagerFactoryBuilder()"]
  397663e1_6b93_6b62_329a_d98a94a19073 -->|method| d88f81b1_d6a8_ac63_873a_ab5dde519899
  034397c5_b1e9_b7b7_ff3e_7e7fb356437b["FingerprintTrustManagerFactory()"]
  397663e1_6b93_6b62_329a_d98a94a19073 -->|method| 034397c5_b1e9_b7b7_ff3e_7e7fb356437b
  2de20ffa_d347_1600_70a4_7fb4378c0511["toFingerprintArray()"]
  397663e1_6b93_6b62_329a_d98a94a19073 -->|method| 2de20ffa_d347_1600_70a4_7fb4378c0511
  f2ded512_eeee_a211_4fab_3b9c453ca996["engineInit()"]
  397663e1_6b93_6b62_329a_d98a94a19073 -->|method| f2ded512_eeee_a211_4fab_3b9c453ca996
  9234cdc7_430d_02b0_7af7_3f2c38d00ac3["engineGetTrustManagers()"]
  397663e1_6b93_6b62_329a_d98a94a19073 -->|method| 9234cdc7_430d_02b0_7af7_3f2c38d00ac3

Relationship Graph

Source Code

handler/src/main/java/io/netty/handler/ssl/util/FingerprintTrustManagerFactory.java lines 82–267

public final class FingerprintTrustManagerFactory extends SimpleTrustManagerFactory {

    private static final Pattern FINGERPRINT_PATTERN = Pattern.compile("^[0-9a-fA-F:]+$");
    private static final Pattern FINGERPRINT_STRIP_PATTERN = Pattern.compile(":");

    /**
     * Creates a builder for {@link FingerprintTrustManagerFactory}.
     *
     * @param algorithm a hash algorithm
     * @return a builder
     */
    public static FingerprintTrustManagerFactoryBuilder builder(String algorithm) {
        return new FingerprintTrustManagerFactoryBuilder(algorithm);
    }

    private final FastThreadLocal<MessageDigest> tlmd;

    private final TrustManager tm = new X509TrustManager() {

        @Override
        public void checkClientTrusted(X509Certificate[] chain, String s) throws CertificateException {
            checkTrusted("client", chain);
        }

        @Override
        public void checkServerTrusted(X509Certificate[] chain, String s) throws CertificateException {
            checkTrusted("server", chain);
        }

        private void checkTrusted(String type, X509Certificate[] chain) throws CertificateException {
            X509Certificate cert = chain[0];
            byte[] fingerprint = fingerprint(cert);
            boolean found = false;
            for (byte[] allowedFingerprint: fingerprints) {
                if (Arrays.equals(fingerprint, allowedFingerprint)) {
                    found = true;
                    break;
                }
            }

            if (!found) {
                throw new CertificateException(
                        type + " certificate with unknown fingerprint: " + cert.getSubjectDN());
            }
        }

        private byte[] fingerprint(X509Certificate cert) throws CertificateEncodingException {
            MessageDigest md = tlmd.get();
            md.reset();
            return md.digest(cert.getEncoded());
        }

        @Override
        public X509Certificate[] getAcceptedIssuers() {
            return EmptyArrays.EMPTY_X509_CERTIFICATES;
        }
    };

    private final byte[][] fingerprints;

    /**
     * Creates a new instance.
     *
     * @deprecated This deprecated constructor uses SHA-1 that is considered insecure.
     *      It is recommended to specify a stronger hash algorithm, such as SHA-256,
     *      by calling {@link FingerprintTrustManagerFactory#builder(String)} method.
     *
     * @param fingerprints a list of SHA1 fingerprints in hexadecimal form
     */
    @Deprecated
    public FingerprintTrustManagerFactory(Iterable<String> fingerprints) {
        this("SHA1", toFingerprintArray(fingerprints));
    }

    /**
     * Creates a new instance.
     *
     * @deprecated This deprecated constructor uses SHA-1 that is considered insecure.
     *      It is recommended to specify a stronger hash algorithm, such as SHA-256,
     *      by calling {@link FingerprintTrustManagerFactory#builder(String)} method.
     *

Defined In

handler/src/main/java/io/netty/handler/ssl/util/FingerprintTrustManagerFactory.java

Source

View on GitHub

Frequently Asked Questions

What is the FingerprintTrustManagerFactory class?

FingerprintTrustManagerFactory is a class in the netty codebase, defined in handler/src/main/java/io/netty/handler/ssl/util/FingerprintTrustManagerFactory.java.

Where is FingerprintTrustManagerFactory defined?

FingerprintTrustManagerFactory is defined in handler/src/main/java/io/netty/handler/ssl/util/FingerprintTrustManagerFactory.java at line 82.

Analyze Your Own Codebase

Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.

Try Supermodel Free