OpenfireX509TrustManager (Openfire 4.1.2 Javadoc)

java.lang.Object
- org.jivesoftware.openfire.keystore.OpenfireX509TrustManager

All Implemented Interfaces:

TrustManager, X509TrustManager
```
public class OpenfireX509TrustManager
extends Object
implements X509TrustManager
```
A Trust Manager implementation that adds Openfire-proprietary functionality.

Author:

Guus der Kinderen, guus.der.kinderen@gmail.com

Field Summary

Fields
Modifier and Type	Field and Description
`protected boolean`	`acceptSelfSigned` A boolean that indicates if this trust manager will allow self-signed certificates to be trusted.
`protected Set<X509Certificate>`	`trustedIssuers` The set of trusted issuers from the trust store.

Constructor Summary

Constructors
Constructor and Description

OpenfireX509TrustManager(KeyStore trustStore, boolean acceptSelfSigned, boolean checkValidity)

Constructors
Constructor and Description
`OpenfireX509TrustManager(KeyStore trustStore, boolean acceptSelfSigned, boolean checkValidity)`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`protected CertPath`	`checkChainTrusted(CertSelector selector, X509Certificate... chain)` Determine if the given partial or complete certificate chain can be trusted to represent the entity that is defined by the criteria specified by the 'selector' argument.
`void`	`checkClientTrusted(X509Certificate[] chain, String authType)`
`void`	`checkServerTrusted(X509Certificate[] chain, String authType)`
`X509Certificate[]`	`getAcceptedIssuers()`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - acceptSelfSigned
```
protected final boolean acceptSelfSigned
```
    A boolean that indicates if this trust manager will allow self-signed certificates to be trusted.
  - trustedIssuers
```
protected final Set<X509Certificate> trustedIssuers
```
    The set of trusted issuers from the trust store. Note that these certificates are not validated. It is assumed that this set can be long-lived. Time-based validation should occur close to the actual usage / invocation.
- Constructor Detail
  - OpenfireX509TrustManager
```
public OpenfireX509TrustManager(KeyStore trustStore,
                                boolean acceptSelfSigned,
                                boolean checkValidity)
                         throws NoSuchAlgorithmException,
                                KeyStoreException
```
    Throws:
    
    NoSuchAlgorithmException
    
    KeyStoreException
- Method Detail
  - checkClientTrusted
```
public void checkClientTrusted(X509Certificate[] chain,
                               String authType)
                        throws CertificateException
```
    Specified by:
    
    checkClientTrusted in interface X509TrustManager
    
    Throws:
    
    CertificateException
  - checkServerTrusted
```
public void checkServerTrusted(X509Certificate[] chain,
                               String authType)
                        throws CertificateException
```
    Specified by:
    
    checkServerTrusted in interface X509TrustManager
    
    Throws:
    
    CertificateException
  - getAcceptedIssuers
```
public X509Certificate[] getAcceptedIssuers()
```
    Specified by:
    
    getAcceptedIssuers in interface X509TrustManager
  - checkChainTrusted
```
protected CertPath checkChainTrusted(CertSelector selector,
                                     X509Certificate... chain)
                              throws InvalidAlgorithmParameterException,
                                     NoSuchAlgorithmException,
                                     CertPathBuilderException
```
    Determine if the given partial or complete certificate chain can be trusted to represent the entity that is defined by the criteria specified by the 'selector' argument. A (valid) partial chain is a chain that, combined with certificates from the trust store in this manager, can be completed to a full chain. Chains provided to this method do not need to be in any particular order. This implementation uses the trust anchors as represented by getAcceptedIssuers() to verify that the chain that is provided either includes a certificate from an accepted issuer, or is directly issued by one. Depending on the configuration of this class, other verification is done:
    - acceptSelfSigned: when true, any chain that has a length of one and is self-signed is considered as a 'trust anchor' (but is still subject to other checks, such as expiration checks).
    This method will either return a value, which indicates that the chain is trusted, or will throw an exception.
    Parameters:
    
    selector - Characteristics of the entity to be represented by the chain (cannot be null).
    
    chain - The certificate chain that is to be verified (cannot be null or empty).
    
    Returns:
    
    A trusted certificate path (never null).
    
    Throws:
    
    InvalidAlgorithmParameterException
    
    NoSuchAlgorithmException
    
    CertPathBuilderException

Class OpenfireX509TrustManager

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

acceptSelfSigned

trustedIssuers

Constructor Detail

OpenfireX509TrustManager

Method Detail

checkClientTrusted

checkServerTrusted

getAcceptedIssuers

checkChainTrusted