TopologyRegistryTrustManager (UnboundID LDAP SDK for Java 7.0.1)

java.lang.Object
- com.unboundid.ldap.sdk.unboundidds.TopologyRegistryTrustManager

All Implemented Interfaces:

java.io.Serializable, javax.net.ssl.TrustManager, javax.net.ssl.X509TrustManager
```
@ThreadSafety(level=COMPLETELY_THREADSAFE)
public final class TopologyRegistryTrustManager
extends java.lang.Object
implements javax.net.ssl.X509TrustManager, java.io.Serializable
```
This class provides an implementation of an X.509 trust manager that can be used to trust certificates listed in the topology registry of a Ping Identity Directory Server instance. It will read the topology registry from the server's configuration file rather than communicating with it over LDAP, so it is only available for use when run from LDAP tools provided with the Ping Identity Directory Server.

NOTE: This class, and other classes within the com.unboundid.ldap.sdk.unboundidds package structure, are only supported for use against Ping Identity, UnboundID, and Nokia/Alcatel-Lucent 8661 server products. These classes provide support for proprietary functionality or for external specifications that are not considered stable or mature enough to be guaranteed to work in an interoperable way with other types of LDAP servers.

See Also:

Serialized Form

Constructor Summary

Constructors
Constructor and Description
`TopologyRegistryTrustManager(java.io.File configurationFile, long cacheDurationMillis)` Creates a new instance of this trust manager with the provided settings.
`TopologyRegistryTrustManager(TopologyRegistryTrustManagerProperties properties)` Creates a new instance of this trust manager with the provided properties.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`void`	`checkClientTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType)` Checks to determine whether the provided client certificate chain should be trusted.
`void`	`checkServerTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType)` Checks to determine whether the provided server certificate chain should be trusted.
`java.security.cert.X509Certificate[]`	`getAcceptedIssuers()` Retrieves the accepted issuer certificates for this trust manager.
`long`	`getCacheDurationMillis()` Retrieves the maximum length of time in milliseconds that cached topology registry information should be considered valid.
`java.io.File`	`getConfigurationFile()` Retrieves the server configuration file from which the topology registry certificates will be read.
`boolean`	`ignoreIssuerCertificateValidityWindow()` Indicates whether to ignore the validity window for issuer certificates when determining whether to trust a certificate chain.
`boolean`	`ignorePeerCertificateValidityWindow()` Indicates whether to ignore the validity window for the peer certificate when determining whether to trust a certificate chain.
`boolean`	`requirePeerCertificateInTopologyRegistry()` Indicates whether to require the peer certificate itself to be included in the topology registry for a certificate chain to be trusted.
`java.lang.String`	`toString()` Retrieves a string representation of this topology registry trust manager instance.
`void`	`toString(java.lang.StringBuilder buffer)` Appends a string representation of this topology registry trust manager instance to the given buffer.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

- Constructor Detail
  - TopologyRegistryTrustManager
```
public TopologyRegistryTrustManager(@NotNull
                                    java.io.File configurationFile,
                                    long cacheDurationMillis)
```
    Creates a new instance of this trust manager with the provided settings.
    
    Parameters:
    
    configurationFile - The configuration file for the Ping Identity Directory Server instance that holds the topology registry data. It must not be null.
    
    cacheDurationMillis - The maximum length of time in milliseconds that previously loaded certificates may be cached. If this is less than or equal to zero, then certificates will not be cached.
  - TopologyRegistryTrustManager
```
public TopologyRegistryTrustManager(@NotNull
                                    TopologyRegistryTrustManagerProperties properties)
```
    Creates a new instance of this trust manager with the provided properties.
    
    Parameters:
    
    properties - The properties to use to create this trust manager. It must not be null.
- Method Detail
  - getConfigurationFile
```
@NotNull
public java.io.File getConfigurationFile()
```
    Retrieves the server configuration file from which the topology registry certificates will be read.
    
    Returns:
    
    The server configuration file from which the topology registry certificates will be read.
  - getCacheDurationMillis
```
public long getCacheDurationMillis()
```
    Retrieves the maximum length of time in milliseconds that cached topology registry information should be considered valid.
    
    Returns:
    
    The maximum length of time in milliseconds that cached topology registry information should be considered valid, or zero if topology registry information should not be cached.
  - requirePeerCertificateInTopologyRegistry
```
public boolean requirePeerCertificateInTopologyRegistry()
```
    Indicates whether to require the peer certificate itself to be included in the topology registry for a certificate chain to be trusted.
    
    Returns:
    
    true if a certificate chain may only be trusted if the topology registry includes the peer certificate itself, or false if a certificate chain may be trusted if the topology registry contains the peer certificate or any of its issuers.
  - ignorePeerCertificateValidityWindow
```
public boolean ignorePeerCertificateValidityWindow()
```
    Indicates whether to ignore the validity window for the peer certificate when determining whether to trust a certificate chain.
    
    Returns:
    
    true if a certificate chain may be considered trusted even if the current time is outside the peer certificate's validity window, or false if a certificate chain may only be considered trusted if the current time is between the notBefore and notAfter timestamps for the peer certificate.
  - ignoreIssuerCertificateValidityWindow
```
public boolean ignoreIssuerCertificateValidityWindow()
```
    Indicates whether to ignore the validity window for issuer certificates when determining whether to trust a certificate chain.
    
    Returns:
    
    true if a certificate chain may be considered trusted even if the current time is outside the any issuer certificate's validity window, or false if a certificate chain may only be considered trusted if the current time is between the notBefore and notAfter timestamps for all issuer certificates.
  - checkClientTrusted
```
public void checkClientTrusted(@NotNull
                               java.security.cert.X509Certificate[] chain,
                               @NotNull
                               java.lang.String authType)
                        throws java.security.cert.CertificateException
```
    Checks to determine whether the provided client certificate chain should be trusted.
    
    Specified by:
    
    checkClientTrusted in interface javax.net.ssl.X509TrustManager
    
    Parameters:
    
    chain - The client certificate chain for which to make the determination.
    
    authType - The authentication type based on the client certificate.
    
    Throws:
    
    java.security.cert.CertificateException - If the provided client certificate chain should not be trusted.
  - checkServerTrusted
```
public void checkServerTrusted(@NotNull
                               java.security.cert.X509Certificate[] chain,
                               @NotNull
                               java.lang.String authType)
                        throws java.security.cert.CertificateException
```
    Checks to determine whether the provided server certificate chain should be trusted.
    
    Specified by:
    
    checkServerTrusted in interface javax.net.ssl.X509TrustManager
    
    Parameters:
    
    chain - The server certificate chain for which to make the determination.
    
    authType - The key exchange algorithm used.
    
    Throws:
    
    java.security.cert.CertificateException - If the provided server certificate chain should not be trusted.
  - getAcceptedIssuers
```
@NotNull
public java.security.cert.X509Certificate[] getAcceptedIssuers()
```
    Retrieves the accepted issuer certificates for this trust manager.
    
    Specified by:
    
    getAcceptedIssuers in interface javax.net.ssl.X509TrustManager
    
    Returns:
    
    The accepted issuer certificates for this trust manager, or an empty set of accepted issuers if a problem was encountered while initializing this trust manager.
  - toString
```
@NotNull
public java.lang.String toString()
```
    Retrieves a string representation of this topology registry trust manager instance.
    
    Overrides:
    
    toString in class java.lang.Object
    
    Returns:
    
    A string representation of this topology registry trust manager instance.
  - toString
```
public void toString(@NotNull
                     java.lang.StringBuilder buffer)
```
    Appends a string representation of this topology registry trust manager instance to the given buffer.
    
    Parameters:
    
    buffer - The buffer to which the string representation should be appended.

Class TopologyRegistryTrustManager

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

TopologyRegistryTrustManager

TopologyRegistryTrustManager

Method Detail

getConfigurationFile

getCacheDurationMillis

requirePeerCertificateInTopologyRegistry

ignorePeerCertificateValidityWindow

ignoreIssuerCertificateValidityWindow

checkClientTrusted

checkServerTrusted

getAcceptedIssuers

toString

toString