KeyStoreTrustManager

public class KeyStoreTrustManager extends KeyStoreComponent implements X509TrustManager

This class implements the javax.net.ssl.X509TrustManager, which trusts a Certificate Chain if any of the certificate in the certificate chain is stored in the KeyStore.

Author:Bob P. Y. Koon

Constructors

KeyStoreTrustManager

public KeyStoreTrustManager()

Creates a new instance of KeyStoreTrustManger.

KeyStoreTrustManager

public KeyStoreTrustManager(KeyStoreManager keyman)

Creates a new instance of KeyStoreTrustManger.

Parameters:
  • keyman – the trusted key store manager.
Throws:
  • KeyStoreManagementException – if the specified key store manager is null.

KeyStoreTrustManager

public KeyStoreTrustManager(KeyStore keyStore)

Creates a new instance of KeyStoreTrustManger.

Parameters:
  • keyStore – the initialized trusted key store.
Throws:
  • KeyStoreManagementException – if the specified key store is null.

Methods

checkClientTrusted

public void checkClientTrusted(X509Certificate[] chain, String authType)

Checks if the client is trusted. It trusts the certificate chain if the embeded key store contains one of the certificate in the chain.

Parameters:
  • chain – the peer certificate chain.
  • authType – the key exchange algorithm used.
Throws:
  • IllegalArgumentException – if null or zero-length chain is passed in for the chain parameter or if null or zero-length string is passed in for the authType parameter.
  • CertificateException – if the certificate chain is not trusted by this TrustManager.

See also: javax.net.ssl.X509TrustManager.checkClientTrusted(java.security.cert.X509Certificate[],java.lang.String)

checkServerTrusted

public void checkServerTrusted(X509Certificate[] chain, String authType)

Checks if the server is trusted. It trusts the certificate chain if the embeded key store contains one of the certificate in the chain.

Parameters:
  • chain – the peer certificate chain.
  • authType – the key exchange algorithm used.
Throws:
  • IllegalArgumentException – if null or zero-length chain is passed in for the chain parameter or if null or zero-length string is passed in for the authType parameter.
  • CertificateException – if the certificate chain is not trusted by this TrustManager.

See also: javax.net.ssl.X509TrustManager.checkServerTrusted(java.security.cert.X509Certificate[],java.lang.String)

getAcceptedIssuers

public X509Certificate[] getAcceptedIssuers()

Returns an array of certificate authority certificates which are stored in the embeded key store.

Returns:a non-null (possibly empty) array of acceptable CA issuer certificates.