PromptTrustManager (UnboundID LDAP SDK for Java 7.0.0)

java.lang.Object
- com.unboundid.util.ssl.PromptTrustManager

All Implemented Interfaces:

javax.net.ssl.TrustManager, javax.net.ssl.X509TrustManager
```
@NotMutable
 @ThreadSafety(level=COMPLETELY_THREADSAFE)
public final class PromptTrustManager
extends java.lang.Object
implements javax.net.ssl.X509TrustManager
```
This class provides an SSL trust manager that will interactively prompt the user to determine whether to trust any certificate that is presented to it. It provides the ability to cache information about certificates that had been previously trusted so that the user is not prompted about the same certificate repeatedly, and it can be configured to store trusted certificates in a file so that the trust information can be persisted.

Constructor Summary

Constructors
Constructor and Description
`PromptTrustManager()` Creates a new instance of this prompt trust manager.
`PromptTrustManager(java.lang.String acceptedCertsFile)` Creates a new instance of this prompt trust manager.
`PromptTrustManager(java.lang.String acceptedCertsFile, boolean examineValidityDates, java.util.Collection<java.lang.String> expectedAddresses, java.io.InputStream in, java.io.PrintStream out)` Creates a new instance of this prompt trust manager.
`PromptTrustManager(java.lang.String acceptedCertsFile, boolean examineValidityDates, java.io.InputStream in, java.io.PrintStream out)` Creates a new instance of this prompt trust manager.
`PromptTrustManager(java.lang.String acceptedCertsFile, boolean examineValidityDates, java.lang.String expectedAddress, java.io.InputStream in, java.io.PrintStream out)` Creates a new instance of this prompt trust manager.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`void`	`checkClientTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType)` Checks to determine whether the provided client certificate chain should be trusted.
`void`	`checkServerTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType)` Checks to determine whether the provided server certificate chain should be trusted.
`boolean`	`examineValidityDates()` Indicate whether to prompt about certificates contained in the cache if the current time is outside the validity window for the certificate.
`java.security.cert.X509Certificate[]`	`getAcceptedIssuers()` Retrieves the accepted issuer certificates for this trust manager.
`java.util.List<java.lang.String>`	`getExpectedAddresses()` Retrieves a list of the addresses that the client is expected to use to communicate with the server, if available.
`boolean`	`wouldPrompt(java.security.cert.X509Certificate[] chain)` Indicates whether this trust manager would interactively prompt the user about whether to trust the provided certificate chain.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - PromptTrustManager
```
public PromptTrustManager()
```
    Creates a new instance of this prompt trust manager. It will cache trust information in memory but not on disk.
  - PromptTrustManager
```
public PromptTrustManager(@Nullable
                          java.lang.String acceptedCertsFile)
```
    Creates a new instance of this prompt trust manager. It may optionally cache trust information on disk.
    
    Parameters:
    
    acceptedCertsFile - The path to a file in which the certificates that have been previously accepted will be cached. It may be null if the cache should only be maintained in memory.
  - PromptTrustManager
```
public PromptTrustManager(@Nullable
                          java.lang.String acceptedCertsFile,
                          boolean examineValidityDates,
                          @Nullable
                          java.io.InputStream in,
                          @Nullable
                          java.io.PrintStream out)
```
    Creates a new instance of this prompt trust manager. It may optionally cache trust information on disk, and may also be configured to examine or ignore validity dates.
    
    Parameters:
    
    acceptedCertsFile - The path to a file in which the certificates that have been previously accepted will be cached. It may be null if the cache should only be maintained in memory.
    
    examineValidityDates - Indicates whether to reject certificates if the current time is outside the validity window for the certificate.
    
    in - The input stream that will be used to read input from the user. If this is null then System.in will be used.
    
    out - The print stream that will be used to display the prompt to the user. If this is null then System.out will be used.
  - PromptTrustManager
```
public PromptTrustManager(@Nullable
                          java.lang.String acceptedCertsFile,
                          boolean examineValidityDates,
                          @Nullable
                          java.lang.String expectedAddress,
                          @Nullable
                          java.io.InputStream in,
                          @Nullable
                          java.io.PrintStream out)
```
    Creates a new instance of this prompt trust manager. It may optionally cache trust information on disk, and may also be configured to examine or ignore validity dates.
    
    Parameters:
    
    acceptedCertsFile - The path to a file in which the certificates that have been previously accepted will be cached. It may be null if the cache should only be maintained in memory.
    
    examineValidityDates - Indicates whether to reject certificates if the current time is outside the validity window for the certificate.
    
    expectedAddress - An optional address that the client is expected to use to connect to the target server. This may be null if no expected address is available, if this trust manager is only expected to be used to validate client certificates, or if no server address validation should be performed. If a non-null value is provided, then the trust manager may issue a warning if the certificate does not contain that address.
    
    in - The input stream that will be used to read input from the user. If this is null then System.in will be used.
    
    out - The print stream that will be used to display the prompt to the user. If this is null then System.out will be used.
  - PromptTrustManager
```
public PromptTrustManager(@Nullable
                          java.lang.String acceptedCertsFile,
                          boolean examineValidityDates,
                          @Nullable
                          java.util.Collection<java.lang.String> expectedAddresses,
                          @Nullable
                          java.io.InputStream in,
                          @Nullable
                          java.io.PrintStream out)
```
    Creates a new instance of this prompt trust manager. It may optionally cache trust information on disk, and may also be configured to examine or ignore validity dates.
    
    Parameters:
    
    acceptedCertsFile - The path to a file in which the certificates that have been previously accepted will be cached. It may be null if the cache should only be maintained in memory.
    
    examineValidityDates - Indicates whether to reject certificates if the current time is outside the validity window for the certificate.
    
    expectedAddresses - An optional collection of the addresses that the client is expected to use to connect to one of the target servers. This may be null or empty if no expected addresses are available, if this trust manager is only expected to be used to validate client certificates, or if no server address validation should be performed. If a non-empty collection is provided, then the trust manager may issue a warning if the certificate does not contain any of these addresses.
    
    in - The input stream that will be used to read input from the user. If this is null then System.in will be used.
    
    out - The print stream that will be used to display the prompt to the user. If this is null then System.out will be used.
- Method Detail
  - wouldPrompt
```
public boolean wouldPrompt(@NotNull
                           java.security.cert.X509Certificate[] chain)
```
    Indicates whether this trust manager would interactively prompt the user about whether to trust the provided certificate chain.
    
    Parameters:
    
    chain - The chain of certificates for which to make the determination.
    
    Returns:
    
    true if this trust manger would interactively prompt the user about whether to trust the certificate chain, or false if not (e.g., because the certificate is already known to be trusted).
  - examineValidityDates
```
public boolean examineValidityDates()
```
    Indicate whether to prompt about certificates contained in the cache if the current time is outside the validity window for the certificate.
    
    Returns:
    
    true if the certificate validity time should be examined for cached certificates and the user should be prompted if they are expired or not yet valid, or false if cached certificates should be accepted even outside of the validity window.
  - getExpectedAddresses
```
@NotNull
public java.util.List<java.lang.String> getExpectedAddresses()
```
    Retrieves a list of the addresses that the client is expected to use to communicate with the server, if available.
    
    Returns:
    
    A list of the addresses that the client is expected to use to communicate with the server, or an empty list if this is not available or applicable.
  - checkClientTrusted
```
public void checkClientTrusted(@NotNull
                               java.security.cert.X509Certificate[] chain,
                               @NotNull
                               java.lang.String authType)
                        throws java.security.cert.CertificateException
```
    Checks to determine whether the provided client certificate chain should be trusted.
    
    Specified by:
    
    checkClientTrusted in interface javax.net.ssl.X509TrustManager
    
    Parameters:
    
    chain - The client certificate chain for which to make the determination.
    
    authType - The authentication type based on the client certificate.
    
    Throws:
    
    java.security.cert.CertificateException - If the provided client certificate chain should not be trusted.
  - checkServerTrusted
```
public void checkServerTrusted(@NotNull
                               java.security.cert.X509Certificate[] chain,
                               @NotNull
                               java.lang.String authType)
                        throws java.security.cert.CertificateException
```
    Checks to determine whether the provided server certificate chain should be trusted.
    
    Specified by:
    
    checkServerTrusted in interface javax.net.ssl.X509TrustManager
    
    Parameters:
    
    chain - The server certificate chain for which to make the determination.
    
    authType - The key exchange algorithm used.
    
    Throws:
    
    java.security.cert.CertificateException - If the provided server certificate chain should not be trusted.
  - getAcceptedIssuers
```
@NotNull
public java.security.cert.X509Certificate[] getAcceptedIssuers()
```
    Retrieves the accepted issuer certificates for this trust manager. This will always return an empty array.
    
    Specified by:
    
    getAcceptedIssuers in interface javax.net.ssl.X509TrustManager
    
    Returns:
    
    The accepted issuer certificates for this trust manager.

Class PromptTrustManager

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

PromptTrustManager

PromptTrustManager

PromptTrustManager

PromptTrustManager

PromptTrustManager

Method Detail

wouldPrompt

examineValidityDates

getExpectedAddresses

checkClientTrusted

checkServerTrusted

getAcceptedIssuers