public interface X509TrustManager extends TrustManager
Modifier and Type | Method and Description |
---|---|
void |
checkClientTrusted(X509Certificate[] chain,
String authType)
Given the partial or complete certificate chain provided by the
peer, build a certificate path to a trusted root and return if
it can be validated and is trusted for client SSL
authentication based on the authentication type.
|
void |
checkServerTrusted(X509Certificate[] chain,
String authType)
Given the partial or complete certificate chain provided by the
peer, build a certificate path to a trusted root and return if
it can be validated and is trusted for server SSL
authentication based on the authentication type.
|
X509Certificate[] |
getAcceptedIssuers()
Return an array of certificate authority certificates
which are trusted for authenticating peers.
|
void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException
The authentication type is determined by the actual certificate used. For instance, if RSAPublicKey is used, the authType should be "RSA". Checking is case-sensitive.
chain
- the peer certificate chainauthType
- the authentication type based on the client certificateIllegalArgumentException
- if null or zero-length chain
is passed in for the chain parameter or if null or zero-length
string is passed in for the authType parameterCertificateException
- if the certificate chain is not trusted
by this TrustManager.void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException
The authentication type is the key exchange algorithm portion of the cipher suites represented as a String, such as "RSA", "DHE_DSS". Note: for some exportable cipher suites, the key exchange algorithm is determined at run time during the handshake. For instance, for TLS_RSA_EXPORT_WITH_RC4_40_MD5, the authType should be RSA_EXPORT when an ephemeral RSA key is used for the key exchange, and RSA when the key from the server certificate is used. Checking is case-sensitive.
chain
- the peer certificate chainauthType
- the key exchange algorithm usedIllegalArgumentException
- if null or zero-length chain
is passed in for the chain parameter or if null or zero-length
string is passed in for the authType parameterCertificateException
- if the certificate chain is not trusted
by this TrustManager.X509Certificate[] getAcceptedIssuers()
Submit a bug or feature
For further API reference and developer documentation, see Java SE Documentation. That documentation contains more detailed, developer-targeted descriptions, with conceptual overviews, definitions of terms, workarounds, and working code examples.
Copyright © 1993, 2017, Oracle and/or its affiliates. All rights reserved. Use is subject to license terms. Also see the documentation redistribution policy.