Package com.unboundid.util.ssl
Class AggregateTrustManager
- java.lang.Object
-
- com.unboundid.util.ssl.AggregateTrustManager
-
- All Implemented Interfaces:
javax.net.ssl.TrustManager
,javax.net.ssl.X509TrustManager
@NotMutable @ThreadSafety(level=COMPLETELY_THREADSAFE) public final class AggregateTrustManager extends java.lang.Object implements javax.net.ssl.X509TrustManager
This class provides an SSL trust manager that has the ability to delegate the determination about whether to trust a given certificate to one or more other trust managers. It can be configured to use a logical AND (i.e., all associated trust managers must be satisfied) or a logical OR (i.e., at least one of the associated trust managers must be satisfied).
-
-
Constructor Summary
Constructors Constructor Description AggregateTrustManager(boolean requireAllAccepted, java.util.Collection<javax.net.ssl.X509TrustManager> trustManagers)
Creates a new aggregate trust manager with the provided information.AggregateTrustManager(boolean requireAllAccepted, javax.net.ssl.X509TrustManager... trustManagers)
Creates a new aggregate trust manager with the provided information.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
checkClientTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType)
Checks to determine whether the provided client certificate chain should be trusted.void
checkServerTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType)
Checks to determine whether the provided server certificate chain should be trusted.java.security.cert.X509Certificate[]
getAcceptedIssuers()
Retrieves the accepted issuer certificates for this trust manager.java.util.List<javax.net.ssl.X509TrustManager>
getAssociatedTrustManagers()
Retrieves the set of trust managers that will be used to perform the validation.boolean
requireAllAccepted()
Indicates whether all of the associated trust managers will be required to accept a given certificate for it to be considered acceptable.
-
-
-
Constructor Detail
-
AggregateTrustManager
public AggregateTrustManager(boolean requireAllAccepted, @NotNull javax.net.ssl.X509TrustManager... trustManagers)
Creates a new aggregate trust manager with the provided information.- Parameters:
requireAllAccepted
- Indicates whether all of the associated trust managers must accept a presented certificate for it to be allowed, or just at least one of them.trustManagers
- The set of trust managers to use to make the determination. It must not benull
or empty.
-
AggregateTrustManager
public AggregateTrustManager(boolean requireAllAccepted, @NotNull java.util.Collection<javax.net.ssl.X509TrustManager> trustManagers)
Creates a new aggregate trust manager with the provided information.- Parameters:
requireAllAccepted
- Indicates whether all of the associated trust managers must accept a presented certificate for it to be allowed, or just at least one of them.trustManagers
- The set of trust managers to use to make the determination. It must not benull
or empty.
-
-
Method Detail
-
requireAllAccepted
public boolean requireAllAccepted()
Indicates whether all of the associated trust managers will be required to accept a given certificate for it to be considered acceptable.- Returns:
true
if all of the associated trust managers will be required to accept the provided certificate chain, orfalse
if it will be acceptable for at least one trust manager to accept the chain even if one or more others do not.
-
getAssociatedTrustManagers
@NotNull public java.util.List<javax.net.ssl.X509TrustManager> getAssociatedTrustManagers()
Retrieves the set of trust managers that will be used to perform the validation.- Returns:
- The set of trust managers that will be used to perform the validation.
-
checkClientTrusted
public void checkClientTrusted(@NotNull java.security.cert.X509Certificate[] chain, @NotNull java.lang.String authType) throws java.security.cert.CertificateException
Checks to determine whether the provided client certificate chain should be trusted.- Specified by:
checkClientTrusted
in interfacejavax.net.ssl.X509TrustManager
- Parameters:
chain
- The client certificate chain for which to make the determination.authType
- The authentication type based on the client certificate.- Throws:
java.security.cert.CertificateException
- If the provided client certificate chain should not be trusted.
-
checkServerTrusted
public void checkServerTrusted(@NotNull java.security.cert.X509Certificate[] chain, @NotNull java.lang.String authType) throws java.security.cert.CertificateException
Checks to determine whether the provided server certificate chain should be trusted.- Specified by:
checkServerTrusted
in interfacejavax.net.ssl.X509TrustManager
- Parameters:
chain
- The server certificate chain for which to make the determination.authType
- The key exchange algorithm used.- Throws:
java.security.cert.CertificateException
- If the provided server certificate chain should not be trusted.
-
getAcceptedIssuers
@NotNull public java.security.cert.X509Certificate[] getAcceptedIssuers()
Retrieves the accepted issuer certificates for this trust manager. This will always return an empty array.- Specified by:
getAcceptedIssuers
in interfacejavax.net.ssl.X509TrustManager
- Returns:
- The accepted issuer certificates for this trust manager.
-
-