public class ApplicationTrustManager extends X509ExtendedTrustManager
The constructor builds a TrustManager
from the KeyStore
which will be used as a primary source of
trust. If a certificate cannot be trusted using this primary trust manager, the certificate will be rejected unless
being trusted by the end user using acceptCertificate(X509Certificate[])
. At which point the server's
certificate will be added to an in-memory KeyStore
and will be trusted for the entire life-cycle of this
ApplicationTrustManager
.
Modifier and Type | Class and Description |
---|---|
static class |
ApplicationTrustManager.Cause
The enumeration for the different causes for which the trust manager can refuse to accept a certificate.
|
Constructor and Description |
---|
ApplicationTrustManager(KeyStore optionalKeystore)
The default constructor.
|
Modifier and Type | Method and Description |
---|---|
void |
acceptCertificate(X509Certificate[] chain)
This method is called when the user accepted a certificate.
|
void |
checkClientTrusted(X509Certificate[] chain,
String authType) |
void |
checkClientTrusted(X509Certificate[] chain,
String authType,
Socket socket) |
void |
checkClientTrusted(X509Certificate[] chain,
String authType,
SSLEngine engine) |
void |
checkServerTrusted(X509Certificate[] chain,
String authType) |
void |
checkServerTrusted(X509Certificate[] chain,
String authType,
Socket socket) |
void |
checkServerTrusted(X509Certificate[] chain,
String authType,
SSLEngine engine) |
ApplicationTrustManager |
createCopy()
Creates a copy of this ApplicationTrustManager.
|
X509Certificate[] |
getAcceptedIssuers() |
Exception |
getLastRefusedCause()
Returns the last cause for refusal of a certificate.
|
X509Certificate[] |
getLastRefusedChain()
Returns the certificate chain for the last refused certificate.
|
void |
resetLastRefusedItems()
This is a method used to set to null the different members that provide information about the last refused
certificate.
|
public ApplicationTrustManager(KeyStore optionalKeystore)
optionalKeystore
- The keystore to use for this trustmanager or null
if the default JVM trust manager must be
used.public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException
CertificateException
public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException
checkClientTrusted
in class X509ExtendedTrustManager
CertificateException
public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException
checkClientTrusted
in class X509ExtendedTrustManager
CertificateException
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException
CertificateException
public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException
checkServerTrusted
in class X509ExtendedTrustManager
CertificateException
public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException
checkServerTrusted
in class X509ExtendedTrustManager
CertificateException
public X509Certificate[] getAcceptedIssuers()
public void acceptCertificate(X509Certificate[] chain)
chain
- the certificate chain accepted by the user.public void resetLastRefusedItems()
public ApplicationTrustManager createCopy()
public Exception getLastRefusedCause()
public X509Certificate[] getLastRefusedChain()
Copyright 2010-2020 ForgeRock AS.