CertificateChainCleaner

okhttp3.internal.tls

Class CertificateChainCleaner

java.lang.Object
- okhttp3.internal.tls.CertificateChainCleaner

```
public final class CertificateChainCleaner
extends Object
```
Computes the effective certificate chain from the raw array returned by Java's built in TLS APIs. Cleaning a chain returns a list of certificates where the first element is chain[0], each certificate is signed by the certificate that follows, and the last certificate is a trusted CA certificate.
Use of the chain cleaner is necessary to omit unexpected certificates that aren't relevant to the TLS handshake and to extract the trusted CA certificate for the benefit of certificate pinning.

This class includes code from Conscrypt's TrustManagerImpl and TrustedCertificateIndex.

Constructor Summary

Constructors

Constructor and Description
`CertificateChainCleaner(TrustRootIndex trustRootIndex)`

Method Summary

All Methods

Instance Methods

Concrete Methods
Modifier and Type	Method and Description
`List<Certificate>`	`clean(List<Certificate> chain)` Returns a cleaned chain for `chain`.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - CertificateChainCleaner
```
public CertificateChainCleaner(TrustRootIndex trustRootIndex)
```
- Method Detail
  - clean
```
public List<Certificate> clean(List<Certificate> chain)
                        throws SSLPeerUnverifiedException
```
    Returns a cleaned chain for chain.
    This method throws if the complete chain to a trusted CA certificate cannot be constructed. This is unexpected unless the trust root index in this class has a different trust manager than what was used to establish chain.
    
    Throws:
    
    SSLPeerUnverifiedException