com.unboundid.util.ssl

Class AggregateTrustManager

java.lang.Object

com.unboundid.util.ssl.AggregateTrustManager

All Implemented Interfaces:

javax.net.ssl.TrustManager, javax.net.ssl.X509TrustManager

@NotMutable
 @ThreadSafety(level=COMPLETELY_THREADSAFE)
public final class AggregateTrustManager
extends java.lang.Object
implements javax.net.ssl.X509TrustManager

This class provides an SSL trust manager that has the ability to delegate the determination about whether to trust a given certificate to one or more other trust managers. It can be configured to use a logical AND (i.e., all associated trust managers must be satisfied) or a logical OR (i.e., at least one of the associated trust managers must be satisfied).

Constructor Summary

Constructors

Constructor and Description
AggregateTrustManager(boolean requireAllAccepted, java.util.Collection<javax.net.ssl.X509TrustManager> trustManagers) Creates a new aggregate trust manager with the provided information.
AggregateTrustManager(boolean requireAllAccepted, javax.net.ssl.X509TrustManager... trustManagers) Creates a new aggregate trust manager with the provided information.

Method Summary

Modifier and Type	Method and Description
void	checkClientTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType) Checks to determine whether the provided client certificate chain should be trusted.
void	checkServerTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType) Checks to determine whether the provided server certificate chain should be trusted.
java.security.cert.X509Certificate[]	getAcceptedIssuers() Retrieves the accepted issuer certificates for this trust manager.
java.util.List<javax.net.ssl.X509TrustManager>	getAssociatedTrustManagers() Retrieves the set of trust managers that will be used to perform the validation.
boolean	requireAllAccepted() Indicates whether all of the associated trust managers will be required to accept a given certificate for it to be considered acceptable.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AggregateTrustManager

public AggregateTrustManager(boolean requireAllAccepted,
                             @NotNull
                             javax.net.ssl.X509TrustManager... trustManagers)

Creates a new aggregate trust manager with the provided information.

Parameters:

requireAllAccepted - Indicates whether all of the associated trust managers must accept a presented certificate for it to be allowed, or just at least one of them.

trustManagers - The set of trust managers to use to make the determination. It must not be null or empty.

AggregateTrustManager

public AggregateTrustManager(boolean requireAllAccepted,
                             @NotNull
                             java.util.Collection<javax.net.ssl.X509TrustManager> trustManagers)

Creates a new aggregate trust manager with the provided information.

Parameters:

requireAllAccepted - Indicates whether all of the associated trust managers must accept a presented certificate for it to be allowed, or just at least one of them.

trustManagers - The set of trust managers to use to make the determination. It must not be null or empty.

Method Detail

requireAllAccepted

public boolean requireAllAccepted()

Indicates whether all of the associated trust managers will be required to accept a given certificate for it to be considered acceptable.

Returns:

true if all of the associated trust managers will be required to accept the provided certificate chain, or false if it will be acceptable for at least one trust manager to accept the chain even if one or more others do not.

getAssociatedTrustManagers

@NotNull
public java.util.List<javax.net.ssl.X509TrustManager> getAssociatedTrustManagers()

Retrieves the set of trust managers that will be used to perform the validation.

Returns:

The set of trust managers that will be used to perform the validation.

checkClientTrusted

public void checkClientTrusted(@NotNull
                               java.security.cert.X509Certificate[] chain,
                               @NotNull
                               java.lang.String authType)
                        throws java.security.cert.CertificateException

Checks to determine whether the provided client certificate chain should be trusted.

Specified by:

checkClientTrusted in interface javax.net.ssl.X509TrustManager

Parameters:

chain - The client certificate chain for which to make the determination.

authType - The authentication type based on the client certificate.

Throws:

java.security.cert.CertificateException - If the provided client certificate chain should not be trusted.

checkServerTrusted

public void checkServerTrusted(@NotNull
                               java.security.cert.X509Certificate[] chain,
                               @NotNull
                               java.lang.String authType)
                        throws java.security.cert.CertificateException

Checks to determine whether the provided server certificate chain should be trusted.

Specified by:

checkServerTrusted in interface javax.net.ssl.X509TrustManager

Parameters:

chain - The server certificate chain for which to make the determination.

authType - The key exchange algorithm used.

Throws:

java.security.cert.CertificateException - If the provided server certificate chain should not be trusted.

getAcceptedIssuers

@NotNull
public java.security.cert.X509Certificate[] getAcceptedIssuers()

Retrieves the accepted issuer certificates for this trust manager. This will always return an empty array.

Specified by:

getAcceptedIssuers in interface javax.net.ssl.X509TrustManager

Returns:

The accepted issuer certificates for this trust manager.