com.unboundid.util.ssl

Class PEMFileTrustManager

java.lang.Object

com.unboundid.util.ssl.PEMFileTrustManager

All Implemented Interfaces:

java.io.Serializable, javax.net.ssl.TrustManager, javax.net.ssl.X509TrustManager

@NotMutable
 @ThreadSafety(level=COMPLETELY_THREADSAFE)
public final class PEMFileTrustManager
extends java.lang.Object
implements javax.net.ssl.X509TrustManager, java.io.Serializable

This class provides an implementation of an X.509 trust manager that can obtain information about trusted issuers from one or more PEM files.

See Also:

Serialized Form

Constructor Summary

Constructors

Constructor and Description
PEMFileTrustManager(java.io.File... pemFiles) Creates a new PEM file trust manager that will read trusted certificate information from the specified PEM files.
PEMFileTrustManager(java.util.List<java.io.File> pemFiles) Creates a new PEM file trust manager that will read trusted certificate information from the specified PEM files.

Method Summary

Modifier and Type	Method and Description
void	checkClientTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType) Determines whether the provided client certificate chain should be considered trusted based on the trusted certificate information read from PEM files.
void	checkServerTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType) Determines whether the provided server certificate chain should be considered trusted based on the trusted certificate information read from PEM files.
java.security.cert.X509Certificate[]	getAcceptedIssuers() Retrieves an array of the issuer certificates that will be considered trusted.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

PEMFileTrustManager

public PEMFileTrustManager(@NotNull
                           java.io.File... pemFiles)
                    throws java.security.KeyStoreException

Creates a new PEM file trust manager that will read trusted certificate information from the specified PEM files.

Parameters:

pemFiles - The PEM files from which to read the trusted certificate information. It must not be null or empty, and all files must exist. Each element may be a file (which may contain one or more PEM-formatted certificates) or a directory (in which case all of the files in that directory, including subdirectories will be recursively processed).

Throws:

java.security.KeyStoreException - If a problem occurs while trying to read or decode any of the certificates.

PEMFileTrustManager

public PEMFileTrustManager(@NotNull
                           java.util.List<java.io.File> pemFiles)
                    throws java.security.KeyStoreException

Creates a new PEM file trust manager that will read trusted certificate information from the specified PEM files.

Parameters:

pemFiles - The PEM files from which to read the trusted certificate information. It must not be null or empty, and all files must exist. Each element may be a file (which may contain one or more PEM-formatted certificates) or a directory (in which case all of the files in that directory, including subdirectories will be recursively processed).

Throws:

java.security.KeyStoreException - If a problem occurs while trying to read or decode any of the certificates.

Method Detail

checkClientTrusted

public void checkClientTrusted(@NotNull
                               java.security.cert.X509Certificate[] chain,
                               @NotNull
                               java.lang.String authType)
                        throws java.security.cert.CertificateException

Determines whether the provided client certificate chain should be considered trusted based on the trusted certificate information read from PEM files.

Specified by:

checkClientTrusted in interface javax.net.ssl.X509TrustManager

Parameters:

chain - The client certificate chain for which to make the determination. It must not be null or empty.

authType - The type of authentication to use based on the client certificate. It must not be null.

Throws:

java.security.cert.CertificateException - If the provided certificate chain should not be considered trusted.

checkServerTrusted

public void checkServerTrusted(@NotNull
                               java.security.cert.X509Certificate[] chain,
                               @NotNull
                               java.lang.String authType)
                        throws java.security.cert.CertificateException

Determines whether the provided server certificate chain should be considered trusted based on the trusted certificate information read from PEM files.

Specified by:

checkServerTrusted in interface javax.net.ssl.X509TrustManager

Parameters:

chain - The server certificate chain for which to make the determination. It must not be null or empty.

authType - The type of authentication to use based on the server certificate. It must not be null.

Throws:

java.security.cert.CertificateException - If the provided certificate chain should not be considered trusted.

getAcceptedIssuers

@NotNull
public java.security.cert.X509Certificate[] getAcceptedIssuers()

Retrieves an array of the issuer certificates that will be considered trusted.

Specified by:

getAcceptedIssuers in interface javax.net.ssl.X509TrustManager

Returns:

An array of the issuer certificates that will be considered trusted, or an empty array if no issuers will be trusted.