Package com.unboundid.util.ssl

Class AggregateTrustManager

java.lang.Object
com.unboundid.util.ssl.AggregateTrustManager
All Implemented Interfaces:
TrustManager, X509TrustManager
@NotMutable @ThreadSafety(level=COMPLETELY_THREADSAFE) public final class AggregateTrustManager extends Object implements X509TrustManager
This class provides an SSL trust manager that has the ability to delegate the determination about whether to trust a given certificate to one or more other trust managers. It can be configured to use a logical AND (i.e., all associated trust managers must be satisfied) or a logical OR (i.e., at least one of the associated trust managers must be satisfied).

  • Constructor Details

    • AggregateTrustManager

      public AggregateTrustManager(boolean requireAllAccepted, @NotNull X509TrustManager... trustManagers)
      Creates a new aggregate trust manager with the provided information.
      Parameters:
      requireAllAccepted - Indicates whether all of the associated trust managers must accept a presented certificate for it to be allowed, or just at least one of them.
      trustManagers - The set of trust managers to use to make the determination. It must not be null or empty.

    • AggregateTrustManager

      public AggregateTrustManager(boolean requireAllAccepted, @NotNull Collection<X509TrustManager> trustManagers)
      Creates a new aggregate trust manager with the provided information.
      Parameters:
      requireAllAccepted - Indicates whether all of the associated trust managers must accept a presented certificate for it to be allowed, or just at least one of them.
      trustManagers - The set of trust managers to use to make the determination. It must not be null or empty.

  • Method Details

    • requireAllAccepted

      public boolean requireAllAccepted()
      Indicates whether all of the associated trust managers will be required to accept a given certificate for it to be considered acceptable.
      Returns:
      true if all of the associated trust managers will be required to accept the provided certificate chain, or false if it will be acceptable for at least one trust manager to accept the chain even if one or more others do not.

    • getAssociatedTrustManagers

      @NotNull public List<X509TrustManager> getAssociatedTrustManagers()
      Retrieves the set of trust managers that will be used to perform the validation.
      Returns:
      The set of trust managers that will be used to perform the validation.

    • checkClientTrusted

      public void checkClientTrusted(@NotNull X509Certificate[] chain, @NotNull String authType) throws CertificateException
      Checks to determine whether the provided client certificate chain should be trusted.
      Specified by:
      checkClientTrusted in interface X509TrustManager
      Parameters:
      chain - The client certificate chain for which to make the determination.
      authType - The authentication type based on the client certificate.
      Throws:
      CertificateException - If the provided client certificate chain should not be trusted.

    • checkServerTrusted

      public void checkServerTrusted(@NotNull X509Certificate[] chain, @NotNull String authType) throws CertificateException
      Checks to determine whether the provided server certificate chain should be trusted.
      Specified by:
      checkServerTrusted in interface X509TrustManager
      Parameters:
      chain - The server certificate chain for which to make the determination.
      authType - The key exchange algorithm used.
      Throws:
      CertificateException - If the provided server certificate chain should not be trusted.

    • getAcceptedIssuers

      @NotNull public X509Certificate[] getAcceptedIssuers()
      Retrieves the accepted issuer certificates for this trust manager. This will always return an empty array.
      Specified by:
      getAcceptedIssuers in interface X509TrustManager
      Returns:
      The accepted issuer certificates for this trust manager.