Package com.unboundid.ldap.sdk.unboundidds

Class TopologyRegistryTrustManager

java.lang.Object
com.unboundid.ldap.sdk.unboundidds.TopologyRegistryTrustManager
All Implemented Interfaces:
Serializable, TrustManager, X509TrustManager
@ThreadSafety(level=COMPLETELY_THREADSAFE) public final class TopologyRegistryTrustManager extends Object implements X509TrustManager, Serializable
This class provides an implementation of an X.509 trust manager that can be used to trust certificates listed in the topology registry of a Ping Identity Directory Server instance. It will read the topology registry from the server's configuration file rather than communicating with it over LDAP, so it is only available for use when run from LDAP tools provided with the Ping Identity Directory Server.
NOTE: This class, and other classes within the com.unboundid.ldap.sdk.unboundidds package structure, are only supported for use against Ping Identity, UnboundID, and Nokia/Alcatel-Lucent 8661 server products. These classes provide support for proprietary functionality or for external specifications that are not considered stable or mature enough to be guaranteed to work in an interoperable way with other types of LDAP servers.
See Also:

  • Constructor Details

    • TopologyRegistryTrustManager

      public TopologyRegistryTrustManager(@NotNull File configurationFile, long cacheDurationMillis)
      Creates a new instance of this trust manager with the provided settings.
      Parameters:
      configurationFile - The configuration file for the Ping Identity Directory Server instance that holds the topology registry data. It must not be null.
      cacheDurationMillis - The maximum length of time in milliseconds that previously loaded certificates may be cached. If this is less than or equal to zero, then certificates will not be cached.

    • TopologyRegistryTrustManager

      public TopologyRegistryTrustManager(@NotNull TopologyRegistryTrustManagerProperties properties)
      Creates a new instance of this trust manager with the provided properties.
      Parameters:
      properties - The properties to use to create this trust manager. It must not be null.

  • Method Details

    • getConfigurationFile

      @NotNull public File getConfigurationFile()
      Retrieves the server configuration file from which the topology registry certificates will be read.
      Returns:
      The server configuration file from which the topology registry certificates will be read.

    • getCacheDurationMillis

      public long getCacheDurationMillis()
      Retrieves the maximum length of time in milliseconds that cached topology registry information should be considered valid.
      Returns:
      The maximum length of time in milliseconds that cached topology registry information should be considered valid, or zero if topology registry information should not be cached.

    • requirePeerCertificateInTopologyRegistry

      public boolean requirePeerCertificateInTopologyRegistry()
      Indicates whether to require the peer certificate itself to be included in the topology registry for a certificate chain to be trusted.
      Returns:
      true if a certificate chain may only be trusted if the topology registry includes the peer certificate itself, or false if a certificate chain may be trusted if the topology registry contains the peer certificate or any of its issuers.

    • ignorePeerCertificateValidityWindow

      public boolean ignorePeerCertificateValidityWindow()
      Indicates whether to ignore the validity window for the peer certificate when determining whether to trust a certificate chain.
      Returns:
      true if a certificate chain may be considered trusted even if the current time is outside the peer certificate's validity window, or false if a certificate chain may only be considered trusted if the current time is between the notBefore and notAfter timestamps for the peer certificate.

    • ignoreIssuerCertificateValidityWindow

      public boolean ignoreIssuerCertificateValidityWindow()
      Indicates whether to ignore the validity window for issuer certificates when determining whether to trust a certificate chain.
      Returns:
      true if a certificate chain may be considered trusted even if the current time is outside the any issuer certificate's validity window, or false if a certificate chain may only be considered trusted if the current time is between the notBefore and notAfter timestamps for all issuer certificates.

    • checkClientTrusted

      public void checkClientTrusted(@NotNull X509Certificate[] chain, @NotNull String authType) throws CertificateException
      Checks to determine whether the provided client certificate chain should be trusted.
      Specified by:
      checkClientTrusted in interface X509TrustManager
      Parameters:
      chain - The client certificate chain for which to make the determination.
      authType - The authentication type based on the client certificate.
      Throws:
      CertificateException - If the provided client certificate chain should not be trusted.

    • checkServerTrusted

      public void checkServerTrusted(@NotNull X509Certificate[] chain, @NotNull String authType) throws CertificateException
      Checks to determine whether the provided server certificate chain should be trusted.
      Specified by:
      checkServerTrusted in interface X509TrustManager
      Parameters:
      chain - The server certificate chain for which to make the determination.
      authType - The key exchange algorithm used.
      Throws:
      CertificateException - If the provided server certificate chain should not be trusted.

    • getAcceptedIssuers

      @NotNull public X509Certificate[] getAcceptedIssuers()
      Retrieves the accepted issuer certificates for this trust manager.
      Specified by:
      getAcceptedIssuers in interface X509TrustManager
      Returns:
      The accepted issuer certificates for this trust manager, or an empty set of accepted issuers if a problem was encountered while initializing this trust manager.

    • toString

      @NotNull public String toString()
      Retrieves a string representation of this topology registry trust manager instance.
      Overrides:
      toString in class Object
      Returns:
      A string representation of this topology registry trust manager instance.

    • toString

      public void toString(@NotNull StringBuilder buffer)
      Appends a string representation of this topology registry trust manager instance to the given buffer.
      Parameters:
      buffer - The buffer to which the string representation should be appended.