Class AggregateTrustManager

  • All Implemented Interfaces:
    javax.net.ssl.TrustManager, javax.net.ssl.X509TrustManager

    @NotMutable
    @ThreadSafety(level=COMPLETELY_THREADSAFE)
    public final class AggregateTrustManager
    extends java.lang.Object
    implements javax.net.ssl.X509TrustManager
    This class provides an SSL trust manager that has the ability to delegate the determination about whether to trust a given certificate to one or more other trust managers. It can be configured to use a logical AND (i.e., all associated trust managers must be satisfied) or a logical OR (i.e., at least one of the associated trust managers must be satisfied).
    • Constructor Summary

      Constructors 
      Constructor Description
      AggregateTrustManager​(boolean requireAllAccepted, java.util.Collection<javax.net.ssl.X509TrustManager> trustManagers)
      Creates a new aggregate trust manager with the provided information.
      AggregateTrustManager​(boolean requireAllAccepted, javax.net.ssl.X509TrustManager... trustManagers)
      Creates a new aggregate trust manager with the provided information.
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void checkClientTrusted​(java.security.cert.X509Certificate[] chain, java.lang.String authType)
      Checks to determine whether the provided client certificate chain should be trusted.
      void checkServerTrusted​(java.security.cert.X509Certificate[] chain, java.lang.String authType)
      Checks to determine whether the provided server certificate chain should be trusted.
      java.security.cert.X509Certificate[] getAcceptedIssuers()
      Retrieves the accepted issuer certificates for this trust manager.
      java.util.List<javax.net.ssl.X509TrustManager> getAssociatedTrustManagers()
      Retrieves the set of trust managers that will be used to perform the validation.
      boolean requireAllAccepted()
      Indicates whether all of the associated trust managers will be required to accept a given certificate for it to be considered acceptable.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Constructor Detail

      • AggregateTrustManager

        public AggregateTrustManager​(boolean requireAllAccepted,
                                     @NotNull
                                     javax.net.ssl.X509TrustManager... trustManagers)
        Creates a new aggregate trust manager with the provided information.
        Parameters:
        requireAllAccepted - Indicates whether all of the associated trust managers must accept a presented certificate for it to be allowed, or just at least one of them.
        trustManagers - The set of trust managers to use to make the determination. It must not be null or empty.
      • AggregateTrustManager

        public AggregateTrustManager​(boolean requireAllAccepted,
                                     @NotNull
                                     java.util.Collection<javax.net.ssl.X509TrustManager> trustManagers)
        Creates a new aggregate trust manager with the provided information.
        Parameters:
        requireAllAccepted - Indicates whether all of the associated trust managers must accept a presented certificate for it to be allowed, or just at least one of them.
        trustManagers - The set of trust managers to use to make the determination. It must not be null or empty.
    • Method Detail

      • requireAllAccepted

        public boolean requireAllAccepted()
        Indicates whether all of the associated trust managers will be required to accept a given certificate for it to be considered acceptable.
        Returns:
        true if all of the associated trust managers will be required to accept the provided certificate chain, or false if it will be acceptable for at least one trust manager to accept the chain even if one or more others do not.
      • getAssociatedTrustManagers

        @NotNull
        public java.util.List<javax.net.ssl.X509TrustManager> getAssociatedTrustManagers()
        Retrieves the set of trust managers that will be used to perform the validation.
        Returns:
        The set of trust managers that will be used to perform the validation.
      • checkClientTrusted

        public void checkClientTrusted​(@NotNull
                                       java.security.cert.X509Certificate[] chain,
                                       @NotNull
                                       java.lang.String authType)
                                throws java.security.cert.CertificateException
        Checks to determine whether the provided client certificate chain should be trusted.
        Specified by:
        checkClientTrusted in interface javax.net.ssl.X509TrustManager
        Parameters:
        chain - The client certificate chain for which to make the determination.
        authType - The authentication type based on the client certificate.
        Throws:
        java.security.cert.CertificateException - If the provided client certificate chain should not be trusted.
      • checkServerTrusted

        public void checkServerTrusted​(@NotNull
                                       java.security.cert.X509Certificate[] chain,
                                       @NotNull
                                       java.lang.String authType)
                                throws java.security.cert.CertificateException
        Checks to determine whether the provided server certificate chain should be trusted.
        Specified by:
        checkServerTrusted in interface javax.net.ssl.X509TrustManager
        Parameters:
        chain - The server certificate chain for which to make the determination.
        authType - The key exchange algorithm used.
        Throws:
        java.security.cert.CertificateException - If the provided server certificate chain should not be trusted.
      • getAcceptedIssuers

        @NotNull
        public java.security.cert.X509Certificate[] getAcceptedIssuers()
        Retrieves the accepted issuer certificates for this trust manager. This will always return an empty array.
        Specified by:
        getAcceptedIssuers in interface javax.net.ssl.X509TrustManager
        Returns:
        The accepted issuer certificates for this trust manager.