Class TopologyRegistryTrustManager
- java.lang.Object
-
- com.unboundid.ldap.sdk.unboundidds.TopologyRegistryTrustManager
-
- All Implemented Interfaces:
java.io.Serializable
,javax.net.ssl.TrustManager
,javax.net.ssl.X509TrustManager
@ThreadSafety(level=COMPLETELY_THREADSAFE) public final class TopologyRegistryTrustManager extends java.lang.Object implements javax.net.ssl.X509TrustManager, java.io.Serializable
This class provides an implementation of an X.509 trust manager that can be used to trust certificates listed in the topology registry of a Ping Identity Directory Server instance. It will read the topology registry from the server's configuration file rather than communicating with it over LDAP, so it is only available for use when run from LDAP tools provided with the Ping Identity Directory Server.
NOTE: This class, and other classes within the
com.unboundid.ldap.sdk.unboundidds
package structure, are only supported for use against Ping Identity, UnboundID, and Nokia/Alcatel-Lucent 8661 server products. These classes provide support for proprietary functionality or for external specifications that are not considered stable or mature enough to be guaranteed to work in an interoperable way with other types of LDAP servers.- See Also:
- Serialized Form
-
-
Constructor Summary
Constructors Constructor Description TopologyRegistryTrustManager(TopologyRegistryTrustManagerProperties properties)
Creates a new instance of this trust manager with the provided properties.TopologyRegistryTrustManager(java.io.File configurationFile, long cacheDurationMillis)
Creates a new instance of this trust manager with the provided settings.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
checkClientTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType)
Checks to determine whether the provided client certificate chain should be trusted.void
checkServerTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType)
Checks to determine whether the provided server certificate chain should be trusted.java.security.cert.X509Certificate[]
getAcceptedIssuers()
Retrieves the accepted issuer certificates for this trust manager.long
getCacheDurationMillis()
Retrieves the maximum length of time in milliseconds that cached topology registry information should be considered valid.java.io.File
getConfigurationFile()
Retrieves the server configuration file from which the topology registry certificates will be read.boolean
ignoreIssuerCertificateValidityWindow()
Indicates whether to ignore the validity window for issuer certificates when determining whether to trust a certificate chain.boolean
ignorePeerCertificateValidityWindow()
Indicates whether to ignore the validity window for the peer certificate when determining whether to trust a certificate chain.boolean
requirePeerCertificateInTopologyRegistry()
Indicates whether to require the peer certificate itself to be included in the topology registry for a certificate chain to be trusted.java.lang.String
toString()
Retrieves a string representation of this topology registry trust manager instance.void
toString(java.lang.StringBuilder buffer)
Appends a string representation of this topology registry trust manager instance to the given buffer.
-
-
-
Constructor Detail
-
TopologyRegistryTrustManager
public TopologyRegistryTrustManager(@NotNull java.io.File configurationFile, long cacheDurationMillis)
Creates a new instance of this trust manager with the provided settings.- Parameters:
configurationFile
- The configuration file for the Ping Identity Directory Server instance that holds the topology registry data. It must not benull
.cacheDurationMillis
- The maximum length of time in milliseconds that previously loaded certificates may be cached. If this is less than or equal to zero, then certificates will not be cached.
-
TopologyRegistryTrustManager
public TopologyRegistryTrustManager(@NotNull TopologyRegistryTrustManagerProperties properties)
Creates a new instance of this trust manager with the provided properties.- Parameters:
properties
- The properties to use to create this trust manager. It must not benull
.
-
-
Method Detail
-
getConfigurationFile
@NotNull public java.io.File getConfigurationFile()
Retrieves the server configuration file from which the topology registry certificates will be read.- Returns:
- The server configuration file from which the topology registry certificates will be read.
-
getCacheDurationMillis
public long getCacheDurationMillis()
Retrieves the maximum length of time in milliseconds that cached topology registry information should be considered valid.- Returns:
- The maximum length of time in milliseconds that cached topology registry information should be considered valid, or zero if topology registry information should not be cached.
-
requirePeerCertificateInTopologyRegistry
public boolean requirePeerCertificateInTopologyRegistry()
Indicates whether to require the peer certificate itself to be included in the topology registry for a certificate chain to be trusted.- Returns:
true
if a certificate chain may only be trusted if the topology registry includes the peer certificate itself, orfalse
if a certificate chain may be trusted if the topology registry contains the peer certificate or any of its issuers.
-
ignorePeerCertificateValidityWindow
public boolean ignorePeerCertificateValidityWindow()
Indicates whether to ignore the validity window for the peer certificate when determining whether to trust a certificate chain.- Returns:
true
if a certificate chain may be considered trusted even if the current time is outside the peer certificate's validity window, orfalse
if a certificate chain may only be considered trusted if the current time is between thenotBefore
andnotAfter
timestamps for the peer certificate.
-
ignoreIssuerCertificateValidityWindow
public boolean ignoreIssuerCertificateValidityWindow()
Indicates whether to ignore the validity window for issuer certificates when determining whether to trust a certificate chain.- Returns:
true
if a certificate chain may be considered trusted even if the current time is outside the any issuer certificate's validity window, orfalse
if a certificate chain may only be considered trusted if the current time is between thenotBefore
andnotAfter
timestamps for all issuer certificates.
-
checkClientTrusted
public void checkClientTrusted(@NotNull java.security.cert.X509Certificate[] chain, @NotNull java.lang.String authType) throws java.security.cert.CertificateException
Checks to determine whether the provided client certificate chain should be trusted.- Specified by:
checkClientTrusted
in interfacejavax.net.ssl.X509TrustManager
- Parameters:
chain
- The client certificate chain for which to make the determination.authType
- The authentication type based on the client certificate.- Throws:
java.security.cert.CertificateException
- If the provided client certificate chain should not be trusted.
-
checkServerTrusted
public void checkServerTrusted(@NotNull java.security.cert.X509Certificate[] chain, @NotNull java.lang.String authType) throws java.security.cert.CertificateException
Checks to determine whether the provided server certificate chain should be trusted.- Specified by:
checkServerTrusted
in interfacejavax.net.ssl.X509TrustManager
- Parameters:
chain
- The server certificate chain for which to make the determination.authType
- The key exchange algorithm used.- Throws:
java.security.cert.CertificateException
- If the provided server certificate chain should not be trusted.
-
getAcceptedIssuers
@NotNull public java.security.cert.X509Certificate[] getAcceptedIssuers()
Retrieves the accepted issuer certificates for this trust manager.- Specified by:
getAcceptedIssuers
in interfacejavax.net.ssl.X509TrustManager
- Returns:
- The accepted issuer certificates for this trust manager, or an empty set of accepted issuers if a problem was encountered while initializing this trust manager.
-
toString
@NotNull public java.lang.String toString()
Retrieves a string representation of this topology registry trust manager instance.- Overrides:
toString
in classjava.lang.Object
- Returns:
- A string representation of this topology registry trust manager instance.
-
-