public final class ApplicationTrustManager extends X509ExtendedTrustManager
The constructor builds a TrustManager
from the KeyStore
which will be used
as a primary source of trust. If a certificate cannot be trusted using this primary trust manager, the certificate
will be rejected unless being trusted by the end user using acceptCertificate(X509Certificate[])
. At which
point the server's certificate will be added to an in-memory KeyStore
and will be trusted for the entire
life-cycle of this ApplicationTrustManager
.
Constructor and Description |
---|
ApplicationTrustManager(KeyStore optionalKeystore)
The default constructor.
|
Modifier and Type | Method and Description |
---|---|
void |
acceptCertificate(X509Certificate[] chain)
This method is called when the user accepted a certificate.
|
void |
checkClientTrusted(X509Certificate[] chain,
String authType) |
void |
checkClientTrusted(X509Certificate[] chain,
String authType,
Socket socket) |
void |
checkClientTrusted(X509Certificate[] chain,
String authType,
SSLEngine engine) |
void |
checkServerTrusted(X509Certificate[] chain,
String authType) |
void |
checkServerTrusted(X509Certificate[] chain,
String authType,
Socket socket) |
void |
checkServerTrusted(X509Certificate[] chain,
String authType,
SSLEngine engine) |
ApplicationTrustManager |
createCopy()
Creates a copy of this ApplicationTrustManager.
|
X509Certificate[] |
getAcceptedIssuers() |
Exception |
getLastRefusedCause()
Returns the last cause for refusal of a certificate.
|
X509Certificate[] |
getLastRefusedChain()
Returns the certificate chain for the last refused certificate.
|
void |
resetLastRefusedItems()
This is a method used to set to null the different members that provide information about the last refused
certificate.
|
public ApplicationTrustManager(KeyStore optionalKeystore)
optionalKeystore
- The keystore to use for this trustmanager or null
if the default JVM trust manager must be
used.public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException
CertificateException
public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException
checkClientTrusted
in class X509ExtendedTrustManager
CertificateException
public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException
checkClientTrusted
in class X509ExtendedTrustManager
CertificateException
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException
CertificateException
public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException
checkServerTrusted
in class X509ExtendedTrustManager
CertificateException
public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException
checkServerTrusted
in class X509ExtendedTrustManager
CertificateException
public X509Certificate[] getAcceptedIssuers()
public void acceptCertificate(X509Certificate[] chain)
chain
- the certificate chain accepted by the user.public void resetLastRefusedItems()
public ApplicationTrustManager createCopy()
public Exception getLastRefusedCause()
public X509Certificate[] getLastRefusedChain()
Copyright 2010-2018 ForgeRock AS.