Package com.unboundid.util.ssl

Class PEMFileTrustManager

java.lang.Object
com.unboundid.util.ssl.PEMFileTrustManager
All Implemented Interfaces:
Serializable, TrustManager, X509TrustManager
@NotMutable @ThreadSafety(level=COMPLETELY_THREADSAFE) public final class PEMFileTrustManager extends Object implements X509TrustManager, Serializable
This class provides an implementation of an X.509 trust manager that can obtain information about trusted issuers from one or more PEM files.
See Also:

  • Constructor Details

    • PEMFileTrustManager

      public PEMFileTrustManager(@NotNull File... pemFiles) throws KeyStoreException
      Creates a new PEM file trust manager that will read trusted certificate information from the specified PEM files.
      Parameters:
      pemFiles - The PEM files from which to read the trusted certificate information. It must not be null or empty, and all files must exist. Each element may be a file (which may contain one or more PEM-formatted certificates) or a directory (in which case all of the files in that directory, including subdirectories will be recursively processed).
      Throws:
      KeyStoreException - If a problem occurs while trying to read or decode any of the certificates.

    • PEMFileTrustManager

      public PEMFileTrustManager(@NotNull List<File> pemFiles) throws KeyStoreException
      Creates a new PEM file trust manager that will read trusted certificate information from the specified PEM files.
      Parameters:
      pemFiles - The PEM files from which to read the trusted certificate information. It must not be null or empty, and all files must exist. Each element may be a file (which may contain one or more PEM-formatted certificates) or a directory (in which case all of the files in that directory, including subdirectories will be recursively processed).
      Throws:
      KeyStoreException - If a problem occurs while trying to read or decode any of the certificates.

  • Method Details

    • checkClientTrusted

      public void checkClientTrusted(@NotNull X509Certificate[] chain, @NotNull String authType) throws CertificateException
      Determines whether the provided client certificate chain should be considered trusted based on the trusted certificate information read from PEM files.
      Specified by:
      checkClientTrusted in interface X509TrustManager
      Parameters:
      chain - The client certificate chain for which to make the determination. It must not be null or empty.
      authType - The type of authentication to use based on the client certificate. It must not be null.
      Throws:
      CertificateException - If the provided certificate chain should not be considered trusted.

    • checkServerTrusted

      public void checkServerTrusted(@NotNull X509Certificate[] chain, @NotNull String authType) throws CertificateException
      Determines whether the provided server certificate chain should be considered trusted based on the trusted certificate information read from PEM files.
      Specified by:
      checkServerTrusted in interface X509TrustManager
      Parameters:
      chain - The server certificate chain for which to make the determination. It must not be null or empty.
      authType - The type of authentication to use based on the server certificate. It must not be null.
      Throws:
      CertificateException - If the provided certificate chain should not be considered trusted.

    • getAcceptedIssuers

      @NotNull public X509Certificate[] getAcceptedIssuers()
      Retrieves an array of the issuer certificates that will be considered trusted.
      Specified by:
      getAcceptedIssuers in interface X509TrustManager
      Returns:
      An array of the issuer certificates that will be considered trusted, or an empty array if no issuers will be trusted.