Package com.unboundid.util.ssl
Class TrustStoreTrustManager
- java.lang.Object
-
- com.unboundid.util.ssl.TrustStoreTrustManager
-
- All Implemented Interfaces:
java.io.Serializable
,javax.net.ssl.TrustManager
,javax.net.ssl.X509TrustManager
@NotMutable @ThreadSafety(level=COMPLETELY_THREADSAFE) public final class TrustStoreTrustManager extends java.lang.Object implements javax.net.ssl.X509TrustManager, java.io.Serializable
This class provides an SSL trust manager that will consult a specified trust store file to determine whether to trust a certificate that is presented to it. By default, it will use the default trust store format for the JVM (e.g., "JKS" for Sun-provided Java implementations), but alternate formats like PKCS12 may be used.- See Also:
- Serialized Form
-
-
Constructor Summary
Constructors Constructor Description TrustStoreTrustManager(TrustStoreTrustManagerProperties properties)
Creates a new instance of this trust store trust manager that will trust all certificates in the specified file with the specified constraints.TrustStoreTrustManager(java.io.File trustStoreFile)
Creates a new instance of this trust store trust manager that will trust all certificates in the specified file within the validity window.TrustStoreTrustManager(java.io.File trustStoreFile, char[] trustStorePIN, java.lang.String trustStoreFormat, boolean examineValidityDates)
Creates a new instance of this trust store trust manager that will trust all certificates in the specified file with the specified constraints.TrustStoreTrustManager(java.lang.String trustStoreFile)
Creates a new instance of this trust store trust manager that will trust all certificates in the specified file within the validity window.TrustStoreTrustManager(java.lang.String trustStoreFile, char[] trustStorePIN, java.lang.String trustStoreFormat, boolean examineValidityDates)
Creates a new instance of this trust store trust manager that will trust all certificates in the specified file with the specified constraints.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
checkClientTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType)
Checks to determine whether the provided client certificate chain should be trusted.void
checkServerTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType)
Checks to determine whether the provided server certificate chain should be trusted.boolean
examineValidityDates()
Indicate whether to reject certificates if the current time is outside the validity window for the certificate.java.security.cert.X509Certificate[]
getAcceptedIssuers()
Retrieves the accepted issuer certificates for this trust manager.java.lang.String
getTrustStoreFile()
Retrieves the path to the trust store file to use.java.lang.String
getTrustStoreFormat()
Retrieves the name of the trust store file format.
-
-
-
Constructor Detail
-
TrustStoreTrustManager
public TrustStoreTrustManager(@NotNull java.io.File trustStoreFile)
Creates a new instance of this trust store trust manager that will trust all certificates in the specified file within the validity window. It will use the default trust store format and will not provide a PIN when attempting to read the trust store.- Parameters:
trustStoreFile
- The path to the trust store file to use. It must not benull
.
-
TrustStoreTrustManager
public TrustStoreTrustManager(@NotNull java.lang.String trustStoreFile)
Creates a new instance of this trust store trust manager that will trust all certificates in the specified file within the validity window. It will use the default trust store format and will not provide a PIN when attempting to read the trust store.- Parameters:
trustStoreFile
- The path to the trust store file to use. It must not benull
.
-
TrustStoreTrustManager
public TrustStoreTrustManager(@NotNull java.io.File trustStoreFile, @Nullable char[] trustStorePIN, @Nullable java.lang.String trustStoreFormat, boolean examineValidityDates)
Creates a new instance of this trust store trust manager that will trust all certificates in the specified file with the specified constraints.- Parameters:
trustStoreFile
- The path to the trust store file to use. It must not benull
.trustStorePIN
- The PIN to use to access the contents of the trust store. It may benull
if no PIN is required.trustStoreFormat
- The format to use for the trust store. It may benull
if the default format should be used.examineValidityDates
- Indicates whether to reject certificates if the current time is outside the validity window for the certificate.
-
TrustStoreTrustManager
public TrustStoreTrustManager(@NotNull java.lang.String trustStoreFile, @Nullable char[] trustStorePIN, @Nullable java.lang.String trustStoreFormat, boolean examineValidityDates)
Creates a new instance of this trust store trust manager that will trust all certificates in the specified file with the specified constraints.- Parameters:
trustStoreFile
- The path to the trust store file to use. It must not benull
.trustStorePIN
- The PIN to use to access the contents of the trust store. It may benull
if no PIN is required.trustStoreFormat
- The format to use for the trust store. It may benull
if the default format should be used.examineValidityDates
- Indicates whether to reject certificates if the current time is outside the validity window for the certificate.
-
TrustStoreTrustManager
public TrustStoreTrustManager(@NotNull TrustStoreTrustManagerProperties properties)
Creates a new instance of this trust store trust manager that will trust all certificates in the specified file with the specified constraints.- Parameters:
properties
- The properties to use for this trust manager. It must not benull
.
-
-
Method Detail
-
getTrustStoreFile
@NotNull public java.lang.String getTrustStoreFile()
Retrieves the path to the trust store file to use.- Returns:
- The path to the trust store file to use.
-
getTrustStoreFormat
@NotNull public java.lang.String getTrustStoreFormat()
Retrieves the name of the trust store file format.- Returns:
- The name of the trust store file format.
-
examineValidityDates
public boolean examineValidityDates()
Indicate whether to reject certificates if the current time is outside the validity window for the certificate.- Returns:
true
if the certificate validity time should be examined and certificates should be rejected if they are expired or not yet valid, orfalse
if certificates should be accepted even outside of the validity window.
-
checkClientTrusted
public void checkClientTrusted(@NotNull java.security.cert.X509Certificate[] chain, @NotNull java.lang.String authType) throws java.security.cert.CertificateException
Checks to determine whether the provided client certificate chain should be trusted.- Specified by:
checkClientTrusted
in interfacejavax.net.ssl.X509TrustManager
- Parameters:
chain
- The client certificate chain for which to make the determination.authType
- The authentication type based on the client certificate.- Throws:
java.security.cert.CertificateException
- If the provided client certificate chain should not be trusted.
-
checkServerTrusted
public void checkServerTrusted(@NotNull java.security.cert.X509Certificate[] chain, @NotNull java.lang.String authType) throws java.security.cert.CertificateException
Checks to determine whether the provided server certificate chain should be trusted.- Specified by:
checkServerTrusted
in interfacejavax.net.ssl.X509TrustManager
- Parameters:
chain
- The server certificate chain for which to make the determination.authType
- The key exchange algorithm used.- Throws:
java.security.cert.CertificateException
- If the provided server certificate chain should not be trusted.
-
getAcceptedIssuers
@NotNull public java.security.cert.X509Certificate[] getAcceptedIssuers()
Retrieves the accepted issuer certificates for this trust manager. This will always return an empty array.- Specified by:
getAcceptedIssuers
in interfacejavax.net.ssl.X509TrustManager
- Returns:
- The accepted issuer certificates for this trust manager.
-
-