public class OpenfireX509TrustManager extends Object implements X509TrustManager
Modifier and Type | Field and Description |
---|---|
protected boolean |
acceptSelfSigned
A boolean that indicates if this trust manager will allow self-signed certificates to be trusted.
|
protected Set<X509Certificate> |
trustedIssuers
The set of trusted issuers from the trust store.
|
Constructor and Description |
---|
OpenfireX509TrustManager(KeyStore trustStore,
boolean acceptSelfSigned,
boolean checkValidity) |
Modifier and Type | Method and Description |
---|---|
protected CertPath |
checkChainTrusted(CertSelector selector,
X509Certificate... chain)
Determine if the given partial or complete certificate chain can be trusted to represent the entity that is
defined by the criteria specified by the 'selector' argument.
|
void |
checkClientTrusted(X509Certificate[] chain,
String authType) |
void |
checkServerTrusted(X509Certificate[] chain,
String authType) |
X509Certificate[] |
getAcceptedIssuers() |
protected final boolean acceptSelfSigned
protected final Set<X509Certificate> trustedIssuers
public OpenfireX509TrustManager(KeyStore trustStore, boolean acceptSelfSigned, boolean checkValidity) throws NoSuchAlgorithmException, KeyStoreException
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException
checkClientTrusted
in interface X509TrustManager
CertificateException
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException
checkServerTrusted
in interface X509TrustManager
CertificateException
public X509Certificate[] getAcceptedIssuers()
getAcceptedIssuers
in interface X509TrustManager
protected CertPath checkChainTrusted(CertSelector selector, X509Certificate... chain) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, CertPathBuilderException
getAcceptedIssuers()
to verify that the
chain that is provided either includes a certificate from an accepted issuer, or is directly issued by one.
Depending on the configuration of this class, other verification is done:
acceptSelfSigned
: when true, any chain that has a length of one and is self-signed is
considered as a 'trust anchor' (but is still subject to other checks, such as
expiration checks).selector
- Characteristics of the entity to be represented by the chain (cannot be null).chain
- The certificate chain that is to be verified (cannot be null or empty).InvalidAlgorithmParameterException
NoSuchAlgorithmException
CertPathBuilderException
Copyright © 2003-2008 Jive Software.