com.facebook.buck.artifact_cache

Class ClientCertificateHandler

java.lang.Object

com.facebook.buck.artifact_cache.ClientCertificateHandler

public class ClientCertificateHandler
extends Object

Holder and certificate parser for HTTPS client certificates.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	ClientCertificateHandler.CertificateInfo Holds response of parseCertificateChain

Constructor Summary

Constructors

Constructor and Description
ClientCertificateHandler(okhttp3.tls.HandshakeCertificates handshakeCertificates, Optional<HostnameVerifier> hostnameVerifier) Creates an instance of ClientCertificateHandler

Method Summary

Modifier and Type	Method and Description
static InputStream	filterPEMInputStream(InputStream inStream, String label) Filter an InputStream containing PEM sections into another InputStream just containing sections of a specific PEM block type
static Optional<ClientCertificateHandler>	fromConfiguration(ArtifactCacheBuckConfig config) Create a new ClientCertificateHandler based on client tls settings in configuration
static Optional<ClientCertificateHandler>	fromConfiguration(ArtifactCacheBuckConfig config, Optional<HostnameVerifier> hostnameVerifier) Create a new ClientCertificateHandler based on client tls settings in configuration, with optional HostnameVerifier to allow for ignoring hostname mismatches in tests
okhttp3.tls.HandshakeCertificates	getHandshakeCertificates()
Optional<HostnameVerifier>	getHostnameVerifier()
static Optional<ClientCertificateHandler.CertificateInfo>	parseCertificateChain(Optional<Path> certPathOptional, boolean required) Parses a PEM encoded X509 certificate chain from a file which may contain non-certificate sections after the certificate chain.
static com.google.common.collect.ImmutableList<X509Certificate>	parseCertificates(Optional<Path> certPathOptional, boolean required) Parses a file containing PEM encoded X509 certificates
static Optional<PrivateKey>	parsePrivateKey(Optional<Path> keyPathOptional, X509Certificate certificate, boolean required) Parse a PEM encoded private key, with the algorithm decided by certificate

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ClientCertificateHandler

public ClientCertificateHandler(okhttp3.tls.HandshakeCertificates handshakeCertificates,
                                Optional<HostnameVerifier> hostnameVerifier)

Creates an instance of ClientCertificateHandler

Parameters:

handshakeCertificates - If non-null, client certificates to use for http connections

hostnameVerifier - Used for testing to bypass hostname verification in integration tests. Should be null in production use.

Method Detail

fromConfiguration

public static Optional<ClientCertificateHandler> fromConfiguration(ArtifactCacheBuckConfig config)

Create a new ClientCertificateHandler based on client tls settings in configuration

fromConfiguration

public static Optional<ClientCertificateHandler> fromConfiguration(ArtifactCacheBuckConfig config,
                                                                   Optional<HostnameVerifier> hostnameVerifier)

Create a new ClientCertificateHandler based on client tls settings in configuration, with optional HostnameVerifier to allow for ignoring hostname mismatches in tests

filterPEMInputStream

public static InputStream filterPEMInputStream(InputStream inStream,
                                               String label)
                                        throws IOException

Filter an InputStream containing PEM sections into another InputStream just containing sections of a specific PEM block type

Parameters:

inStream - original input stream

label - PEM block label e.g. CERTIFICATE or PRIVATE KEY

Returns:

filtered inStream

Throws:

IOException

parsePrivateKey

public static Optional<PrivateKey> parsePrivateKey(Optional<Path> keyPathOptional,
                                                   X509Certificate certificate,
                                                   boolean required)

Parse a PEM encoded private key, with the algorithm decided by certificate

Parameters:

keyPathOptional - The path to a PEM encoded PKCS#8 private key

certificate - The corresponding public key. Used to determine key's algorithm

required - whether to throw or ignore on unset / missing private key

Throws:

{@link - HumanReadableException} on issues with private key

parseCertificateChain

public static Optional<ClientCertificateHandler.CertificateInfo> parseCertificateChain(Optional<Path> certPathOptional,
                                                                                       boolean required)

Parses a PEM encoded X509 certificate chain from a file which may contain non-certificate sections after the certificate chain. The actual certificate must be placed at the beginning of the file with the rest of the certificate chain following in order up to but not including the trusted root.

Parameters:

certPathOptional - The location of the certificate chain file

required - whether to throw or ignore on unset / missing / expired certificates

Throws:

{@link - HumanReadableException} on issues with certificate

parseCertificates

public static com.google.common.collect.ImmutableList<X509Certificate> parseCertificates(Optional<Path> certPathOptional,
                                                                                         boolean required)

Parses a file containing PEM encoded X509 certificates

Parameters:

certPathOptional - The location of the certificates file

required - whether to throw or ignore on unset / missing / expired certificates

Throws:

{@link - HumanReadableException} on issues with a certificate

getHandshakeCertificates

public okhttp3.tls.HandshakeCertificates getHandshakeCertificates()

getHostnameVerifier

public Optional<HostnameVerifier> getHostnameVerifier()