com.unboundid.util.ssl
Class AggregateTrustManager

java.lang.Object
  extended by com.unboundid.util.ssl.AggregateTrustManager
All Implemented Interfaces:
javax.net.ssl.TrustManager, javax.net.ssl.X509TrustManager

@NotMutable
@ThreadSafety(level=COMPLETELY_THREADSAFE)
public final class AggregateTrustManager
extends java.lang.Object
implements javax.net.ssl.X509TrustManager

This class provides an SSL trust manager that has the ability to delegate the determination about whether to trust a given certificate to one or more other trust managers. It can be configured to use a logical AND (i.e., all associated trust managers must be satisfied) or a logical OR (i.e., at least one of the associated trust managers must be satisfied).


Constructor Summary
AggregateTrustManager(boolean requireAllAccepted, java.util.Collection<javax.net.ssl.X509TrustManager> trustManagers)
          Creates a new aggregate trust manager with the provided information.
AggregateTrustManager(boolean requireAllAccepted, javax.net.ssl.X509TrustManager... trustManagers)
          Creates a new aggregate trust manager with the provided information.
 
Method Summary
 void checkClientTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType)
          Checks to determine whether the provided client certificate chain should be trusted.
 void checkServerTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType)
          Checks to determine whether the provided server certificate chain should be trusted.
 java.security.cert.X509Certificate[] getAcceptedIssuers()
          Retrieves the accepted issuer certificates for this trust manager.
 java.util.List<javax.net.ssl.X509TrustManager> getAssociatedTrustManagers()
          Retrieves the set of trust managers that will be used to perform the validation.
 boolean requireAllAccepted()
          Indicates whether all of the associated trust managers will be required to accept a given certificate for it to be considered acceptable.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

AggregateTrustManager

public AggregateTrustManager(boolean requireAllAccepted,
                             javax.net.ssl.X509TrustManager... trustManagers)
Creates a new aggregate trust manager with the provided information.

Parameters:
requireAllAccepted - Indicates whether all of the associated trust managers must accept a presented certificate for it to be allowed, or just at least one of them.
trustManagers - The set of trust managers to use to make the determination. It must not be null or empty.

AggregateTrustManager

public AggregateTrustManager(boolean requireAllAccepted,
                             java.util.Collection<javax.net.ssl.X509TrustManager> trustManagers)
Creates a new aggregate trust manager with the provided information.

Parameters:
requireAllAccepted - Indicates whether all of the associated trust managers must accept a presented certificate for it to be allowed, or just at least one of them.
trustManagers - The set of trust managers to use to make the determination. It must not be null or empty.
Method Detail

requireAllAccepted

public boolean requireAllAccepted()
Indicates whether all of the associated trust managers will be required to accept a given certificate for it to be considered acceptable.

Returns:
true if all of the associated trust managers will be required to accept the provided certificate chain, or false if it will be acceptable for at least one trust manager to accept the chain even if one or more others do not.

getAssociatedTrustManagers

public java.util.List<javax.net.ssl.X509TrustManager> getAssociatedTrustManagers()
Retrieves the set of trust managers that will be used to perform the validation.

Returns:
The set of trust managers that will be used to perform the validation.

checkClientTrusted

public void checkClientTrusted(java.security.cert.X509Certificate[] chain,
                               java.lang.String authType)
                        throws java.security.cert.CertificateException
Checks to determine whether the provided client certificate chain should be trusted.

Specified by:
checkClientTrusted in interface javax.net.ssl.X509TrustManager
Parameters:
chain - The client certificate chain for which to make the determination.
authType - The authentication type based on the client certificate.
Throws:
java.security.cert.CertificateException - If the provided client certificate chain should not be trusted.

checkServerTrusted

public void checkServerTrusted(java.security.cert.X509Certificate[] chain,
                               java.lang.String authType)
                        throws java.security.cert.CertificateException
Checks to determine whether the provided server certificate chain should be trusted.

Specified by:
checkServerTrusted in interface javax.net.ssl.X509TrustManager
Parameters:
chain - The server certificate chain for which to make the determination.
authType - The key exchange algorithm used.
Throws:
java.security.cert.CertificateException - If the provided server certificate chain should not be trusted.

getAcceptedIssuers

public java.security.cert.X509Certificate[] getAcceptedIssuers()
Retrieves the accepted issuer certificates for this trust manager. This will always return an empty array.

Specified by:
getAcceptedIssuers in interface javax.net.ssl.X509TrustManager
Returns:
The accepted issuer certificates for this trust manager.