Package com.unboundid.util.ssl
Class PEMFileTrustManager
- java.lang.Object
-
- com.unboundid.util.ssl.PEMFileTrustManager
-
- All Implemented Interfaces:
java.io.Serializable
,javax.net.ssl.TrustManager
,javax.net.ssl.X509TrustManager
@NotMutable @ThreadSafety(level=COMPLETELY_THREADSAFE) public final class PEMFileTrustManager extends java.lang.Object implements javax.net.ssl.X509TrustManager, java.io.Serializable
This class provides an implementation of an X.509 trust manager that can obtain information about trusted issuers from one or more PEM files.- See Also:
- Serialized Form
-
-
Constructor Summary
Constructors Constructor Description PEMFileTrustManager(java.io.File... pemFiles)
Creates a new PEM file trust manager that will read trusted certificate information from the specified PEM files.PEMFileTrustManager(java.util.List<java.io.File> pemFiles)
Creates a new PEM file trust manager that will read trusted certificate information from the specified PEM files.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
checkClientTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType)
Determines whether the provided client certificate chain should be considered trusted based on the trusted certificate information read from PEM files.void
checkServerTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType)
Determines whether the provided server certificate chain should be considered trusted based on the trusted certificate information read from PEM files.java.security.cert.X509Certificate[]
getAcceptedIssuers()
Retrieves an array of the issuer certificates that will be considered trusted.
-
-
-
Constructor Detail
-
PEMFileTrustManager
public PEMFileTrustManager(@NotNull java.io.File... pemFiles) throws java.security.KeyStoreException
Creates a new PEM file trust manager that will read trusted certificate information from the specified PEM files.- Parameters:
pemFiles
- The PEM files from which to read the trusted certificate information. It must not benull
or empty, and all files must exist. Each element may be a file (which may contain one or more PEM-formatted certificates) or a directory (in which case all of the files in that directory, including subdirectories will be recursively processed).- Throws:
java.security.KeyStoreException
- If a problem occurs while trying to read or decode any of the certificates.
-
PEMFileTrustManager
public PEMFileTrustManager(@NotNull java.util.List<java.io.File> pemFiles) throws java.security.KeyStoreException
Creates a new PEM file trust manager that will read trusted certificate information from the specified PEM files.- Parameters:
pemFiles
- The PEM files from which to read the trusted certificate information. It must not benull
or empty, and all files must exist. Each element may be a file (which may contain one or more PEM-formatted certificates) or a directory (in which case all of the files in that directory, including subdirectories will be recursively processed).- Throws:
java.security.KeyStoreException
- If a problem occurs while trying to read or decode any of the certificates.
-
-
Method Detail
-
checkClientTrusted
public void checkClientTrusted(@NotNull java.security.cert.X509Certificate[] chain, @NotNull java.lang.String authType) throws java.security.cert.CertificateException
Determines whether the provided client certificate chain should be considered trusted based on the trusted certificate information read from PEM files.- Specified by:
checkClientTrusted
in interfacejavax.net.ssl.X509TrustManager
- Parameters:
chain
- The client certificate chain for which to make the determination. It must not benull
or empty.authType
- The type of authentication to use based on the client certificate. It must not benull
.- Throws:
java.security.cert.CertificateException
- If the provided certificate chain should not be considered trusted.
-
checkServerTrusted
public void checkServerTrusted(@NotNull java.security.cert.X509Certificate[] chain, @NotNull java.lang.String authType) throws java.security.cert.CertificateException
Determines whether the provided server certificate chain should be considered trusted based on the trusted certificate information read from PEM files.- Specified by:
checkServerTrusted
in interfacejavax.net.ssl.X509TrustManager
- Parameters:
chain
- The server certificate chain for which to make the determination. It must not benull
or empty.authType
- The type of authentication to use based on the server certificate. It must not benull
.- Throws:
java.security.cert.CertificateException
- If the provided certificate chain should not be considered trusted.
-
getAcceptedIssuers
@NotNull public java.security.cert.X509Certificate[] getAcceptedIssuers()
Retrieves an array of the issuer certificates that will be considered trusted.- Specified by:
getAcceptedIssuers
in interfacejavax.net.ssl.X509TrustManager
- Returns:
- An array of the issuer certificates that will be considered trusted, or an empty array if no issuers will be trusted.
-
-