public final class TrustManagers extends Object
Modifier and Type | Method and Description |
---|---|
static X509TrustManager |
checkHostName(String hostName,
X509TrustManager trustManager)
Wraps the provided
X509TrustManager by adding additional
validation which rejects certificate chains whose subject DN does not
match the specified host name pattern. |
static X509TrustManager |
checkUsingTrustStore(String file)
Creates a new
X509TrustManager which will use the named trust
store file to determine whether to trust a certificate. |
static X509TrustManager |
checkUsingTrustStore(String file,
char[] password,
String format)
Creates a new
X509TrustManager which will use the named trust
store file to determine whether to trust a certificate. |
static X509TrustManager |
checkValidityDates(X509TrustManager trustManager)
Wraps the provided
X509TrustManager by adding additional
validation which rejects certificate chains containing certificates which
have expired or are not yet valid. |
static X509TrustManager |
distrustAll()
Returns an
X509TrustManager which does not trust any
certificates. |
static X509TrustManager |
trustAll()
Returns an
X509TrustManager which trusts all certificates. |
public static X509TrustManager checkHostName(String hostName, X509TrustManager trustManager)
X509TrustManager
by adding additional
validation which rejects certificate chains whose subject DN does not
match the specified host name pattern. The pattern may contain
wild-cards, for example *.example.com
.hostName
- A host name which the RDN value contained in
certificate subject DNs must match.trustManager
- The trust manager to be wrapped.NullPointerException
- If trustManager
or hostNamePattern
was
null
.public static X509TrustManager checkUsingTrustStore(String file) throws GeneralSecurityException, IOException
X509TrustManager
which will use the named trust
store file to determine whether to trust a certificate. It will use the
default trust store format for the JVM (e.g. JKS
) and will not
use a password to open the trust store.file
- The trust store file name.X509TrustManager
which will use the named trust
store file to determine whether to trust a certificate.GeneralSecurityException
- If the trust store could not be loaded, perhaps due to
incorrect format, or missing algorithms.IOException
- If the trust store file could not be found or could not be
read.NullPointerException
- If file
was null
.public static X509TrustManager checkUsingTrustStore(String file, char[] password, String format) throws GeneralSecurityException, IOException
X509TrustManager
which will use the named trust
store file to determine whether to trust a certificate. It will use the
provided trust store format and password.file
- The trust store file name.password
- The trust store password, which may be null
.format
- The trust store format, which may be null
to indicate
that the default trust store format for the JVM (e.g.
JKS
) should be used.X509TrustManager
which will use the named trust
store file to determine whether to trust a certificate.GeneralSecurityException
- If the trust store could not be loaded, perhaps due to
incorrect format, or missing algorithms.IOException
- If the trust store file could not be found or could not be
read.NullPointerException
- If file
was null
.public static X509TrustManager checkValidityDates(X509TrustManager trustManager)
X509TrustManager
by adding additional
validation which rejects certificate chains containing certificates which
have expired or are not yet valid.trustManager
- The trust manager to be wrapped.NullPointerException
- If trustManager
was null
.public static X509TrustManager distrustAll()
X509TrustManager
which does not trust any
certificates.X509TrustManager
which does not trust any
certificates.public static X509TrustManager trustAll()
X509TrustManager
which trusts all certificates.X509TrustManager
which trusts all certificates.Copyright 2010-2017 ForgeRock AS.