Class PEMFileTrustManager

  • All Implemented Interfaces:
    java.io.Serializable, javax.net.ssl.TrustManager, javax.net.ssl.X509TrustManager

    @NotMutable
    @ThreadSafety(level=COMPLETELY_THREADSAFE)
    public final class PEMFileTrustManager
    extends java.lang.Object
    implements javax.net.ssl.X509TrustManager, java.io.Serializable
    This class provides an implementation of an X.509 trust manager that can obtain information about trusted issuers from one or more PEM files.
    See Also:
    Serialized Form
    • Constructor Summary

      Constructors 
      Constructor Description
      PEMFileTrustManager​(java.io.File... pemFiles)
      Creates a new PEM file trust manager that will read trusted certificate information from the specified PEM files.
      PEMFileTrustManager​(java.util.List<java.io.File> pemFiles)
      Creates a new PEM file trust manager that will read trusted certificate information from the specified PEM files.
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void checkClientTrusted​(java.security.cert.X509Certificate[] chain, java.lang.String authType)
      Determines whether the provided client certificate chain should be considered trusted based on the trusted certificate information read from PEM files.
      void checkServerTrusted​(java.security.cert.X509Certificate[] chain, java.lang.String authType)
      Determines whether the provided server certificate chain should be considered trusted based on the trusted certificate information read from PEM files.
      java.security.cert.X509Certificate[] getAcceptedIssuers()
      Retrieves an array of the issuer certificates that will be considered trusted.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Constructor Detail

      • PEMFileTrustManager

        public PEMFileTrustManager​(@NotNull
                                   java.io.File... pemFiles)
                            throws java.security.KeyStoreException
        Creates a new PEM file trust manager that will read trusted certificate information from the specified PEM files.
        Parameters:
        pemFiles - The PEM files from which to read the trusted certificate information. It must not be null or empty, and all files must exist. Each element may be a file (which may contain one or more PEM-formatted certificates) or a directory (in which case all of the files in that directory, including subdirectories will be recursively processed).
        Throws:
        java.security.KeyStoreException - If a problem occurs while trying to read or decode any of the certificates.
      • PEMFileTrustManager

        public PEMFileTrustManager​(@NotNull
                                   java.util.List<java.io.File> pemFiles)
                            throws java.security.KeyStoreException
        Creates a new PEM file trust manager that will read trusted certificate information from the specified PEM files.
        Parameters:
        pemFiles - The PEM files from which to read the trusted certificate information. It must not be null or empty, and all files must exist. Each element may be a file (which may contain one or more PEM-formatted certificates) or a directory (in which case all of the files in that directory, including subdirectories will be recursively processed).
        Throws:
        java.security.KeyStoreException - If a problem occurs while trying to read or decode any of the certificates.
    • Method Detail

      • checkClientTrusted

        public void checkClientTrusted​(@NotNull
                                       java.security.cert.X509Certificate[] chain,
                                       @NotNull
                                       java.lang.String authType)
                                throws java.security.cert.CertificateException
        Determines whether the provided client certificate chain should be considered trusted based on the trusted certificate information read from PEM files.
        Specified by:
        checkClientTrusted in interface javax.net.ssl.X509TrustManager
        Parameters:
        chain - The client certificate chain for which to make the determination. It must not be null or empty.
        authType - The type of authentication to use based on the client certificate. It must not be null.
        Throws:
        java.security.cert.CertificateException - If the provided certificate chain should not be considered trusted.
      • checkServerTrusted

        public void checkServerTrusted​(@NotNull
                                       java.security.cert.X509Certificate[] chain,
                                       @NotNull
                                       java.lang.String authType)
                                throws java.security.cert.CertificateException
        Determines whether the provided server certificate chain should be considered trusted based on the trusted certificate information read from PEM files.
        Specified by:
        checkServerTrusted in interface javax.net.ssl.X509TrustManager
        Parameters:
        chain - The server certificate chain for which to make the determination. It must not be null or empty.
        authType - The type of authentication to use based on the server certificate. It must not be null.
        Throws:
        java.security.cert.CertificateException - If the provided certificate chain should not be considered trusted.
      • getAcceptedIssuers

        @NotNull
        public java.security.cert.X509Certificate[] getAcceptedIssuers()
        Retrieves an array of the issuer certificates that will be considered trusted.
        Specified by:
        getAcceptedIssuers in interface javax.net.ssl.X509TrustManager
        Returns:
        An array of the issuer certificates that will be considered trusted, or an empty array if no issuers will be trusted.