|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectcom.unboundid.util.ssl.HostNameTrustManager
@NotMutable @ThreadSafety(level=COMPLETELY_THREADSAFE) public final class HostNameTrustManager
This class provides an SSL trust manager that will only accept certificates
whose hostname (as contained in the CN subject attribute or a subjectAltName
extension) matches an expected value. Only the dNSName, iPAddress, and
uniformResourceIdentifier subjectAltName formats are supported.
This implementation optionally supports wildcard certificates, which have a
hostname that starts with an asterisk followed by a period and domain or
subdomain. For example, "*.example.com" could be considered a match for
anything in the "example.com" domain. If wildcards are allowed, then only
the CN subject attribute and dNSName subjectAltName extension will be
examined, and only the leftmost element of a hostname may be a wildcard
character.
Note that no other elements of the certificate are examined, so it is
strongly recommended that this trust manager be used in an
AggregateTrustManager
in conjunction with other trust managers that
perform other forms of validation.
Constructor Summary | |
---|---|
HostNameTrustManager(boolean allowWildcards,
java.util.Collection<java.lang.String> acceptableHostNames)
Creates a new hostname trust manager with the provided information. |
|
HostNameTrustManager(boolean allowWildcards,
java.lang.String... acceptableHostNames)
Creates a new hostname trust manager with the provided information. |
Method Summary | |
---|---|
boolean |
allowWildcards()
Indicates whether wildcard certificates should be allowed, which may match multiple hosts in a given domain or subdomain. |
void |
checkClientTrusted(java.security.cert.X509Certificate[] chain,
java.lang.String authType)
Checks to determine whether the provided client certificate chain should be trusted. |
void |
checkServerTrusted(java.security.cert.X509Certificate[] chain,
java.lang.String authType)
Checks to determine whether the provided server certificate chain should be trusted. |
java.util.Set<java.lang.String> |
getAcceptableHostNames()
Retrieves the set of hostnames that will be considered acceptable. |
java.security.cert.X509Certificate[] |
getAcceptedIssuers()
Retrieves the accepted issuer certificates for this trust manager. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public HostNameTrustManager(boolean allowWildcards, java.lang.String... acceptableHostNames)
allowWildcards
- Indicates whether to allow wildcard
certificates which contain an asterisk as the
first component of a CN subject attribute or
dNSName subjectAltName extension.acceptableHostNames
- The set of hostnames and/or IP addresses that
will be considered acceptable. Only
certificates with a CN or subjectAltName value
that exactly matches one of these names
(ignoring differences in capitalization) will
be considered acceptable. It must not be
null
or empty.public HostNameTrustManager(boolean allowWildcards, java.util.Collection<java.lang.String> acceptableHostNames)
allowWildcards
- Indicates whether to allow wildcard
certificates which contain an asterisk as the
first component of a CN subject attribute or
dNSName subjectAltName extension.acceptableHostNames
- The set of hostnames and/or IP addresses that
will be considered acceptable. Only
certificates with a CN or subjectAltName value
that exactly matches one of these names
(ignoring differences in capitalization) will
be considered acceptable. It must not be
null
or empty.Method Detail |
---|
public boolean allowWildcards()
true
if wildcard certificates should be allowed, or
false
if not.public java.util.Set<java.lang.String> getAcceptableHostNames()
public void checkClientTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType) throws java.security.cert.CertificateException
checkClientTrusted
in interface javax.net.ssl.X509TrustManager
chain
- The client certificate chain for which to make the
determination.authType
- The authentication type based on the client certificate.
java.security.cert.CertificateException
- If the provided client certificate chain
should not be trusted.public void checkServerTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType) throws java.security.cert.CertificateException
checkServerTrusted
in interface javax.net.ssl.X509TrustManager
chain
- The server certificate chain for which to make the
determination.authType
- The key exchange algorithm used.
java.security.cert.CertificateException
- If the provided server certificate chain
should not be trusted.public java.security.cert.X509Certificate[] getAcceptedIssuers()
getAcceptedIssuers
in interface javax.net.ssl.X509TrustManager
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |