Module org.jetbrains.nativecerts

Package org.jetbrains.nativecerts.mac

Class SecurityFrameworkUtil

java.lang.Object

org.jetbrains.nativecerts.mac.SecurityFrameworkUtil

public class SecurityFrameworkUtil
extends Object

Get trusted certificates stored in corresponding keychains via Security frameworks APIs. for the other implementations, see root_cgo_darwin.go in Go and trust_store_mac.cc in Chromium

In the future it would be better to implement X509TrustManager on SecTrustEvaluateWithError instead of getting the trust chain manually. It's not yet investigated whether it is possible at all to integrate it into the SSL framework of JVM.

Field Summary

Fields

Modifier and Type	Field	Description
static final String	SERVER_POLICY_PROPERTY

Method Summary

Modifier and Type	Method	Description
static List<X509Certificate>	getSystemTrustedRoots()	Get trusted roots backed into macOS (system domain)
static @NotNull List<X509Certificate>	getTrustedCertificates(boolean systemDomain)
static List<X509Certificate>	getTrustedRoots()	Get trusted roots installed on admin and user level (domain)
static boolean	isTrustedRoot(SecurityFramework.SecCertificateRef certificateRef)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

SERVER_POLICY_PROPERTY

public static final String SERVER_POLICY_PROPERTY

See Also:

• Constant Field Values

Method Details

getTrustedRoots

public static List<X509Certificate> getTrustedRoots()

Get trusted roots installed on admin and user level (domain)

getSystemTrustedRoots

public static List<X509Certificate> getSystemTrustedRoots()

Get trusted roots backed into macOS (system domain)

getTrustedCertificates

@NotNull
public static @NotNull List<X509Certificate> getTrustedCertificates(boolean systemDomain)

isTrustedRoot

public static boolean isTrustedRoot(SecurityFramework.SecCertificateRef certificateRef)