Package org.conscrypt

Class TrustManagerImpl

  • All Implemented Interfaces:
    TrustManager, X509TrustManager
    public final class TrustManagerImpl
extends Object
implements X509TrustManager
    TrustManager implementation. The implementation is based on CertPathValidator PKIX and CertificateFactory X509 implementations. This implementations should be provided by some certification provider.
    See Also:
    X509TrustManager

    • Constructor Detail

      • TrustManagerImpl

        public TrustManagerImpl​(KeyStore keyStore)
        Creates X509TrustManager based on a keystore
        Parameters:
        keyStore -

    • Method Detail

      • checkClientTrusted

        public void checkClientTrusted​(X509Certificate[] chain,
                               String authType)
                        throws CertificateException
        Description copied from interface: X509TrustManager
        Checks whether the specified certificate chain (partial or complete) can be validated and is trusted for client authentication for the specified authentication type.
        Specified by:
        checkClientTrusted in interface X509TrustManager
        Parameters:
        chain - the certificate chain to validate.
        authType - the authentication type used.
        Throws:
        CertificateException - if the certificate chain can't be validated or isn't trusted.

      • checkServerTrusted

        public void checkServerTrusted​(X509Certificate[] chain,
                               String authType)
                        throws CertificateException
        Description copied from interface: X509TrustManager
        Checks whether the specified certificate chain (partial or complete) can be validated and is trusted for server authentication for the specified key exchange algorithm.
        Specified by:
        checkServerTrusted in interface X509TrustManager
        Parameters:
        chain - the certificate chain to validate.
        authType - the key exchange algorithm name.
        Throws:
        CertificateException - if the certificate chain can't be validated or isn't trusted.

      • checkServerTrusted

        public List<X509Certificate> checkServerTrusted​(X509Certificate[] chain,
                                                String authType,
                                                String host)
                                         throws CertificateException
        Validates whether a server is trusted. If hostname is given and non-null it also checks if chain is pinned appropriately for that host. If null, it does not check for pinned certs. The return value is a list of the certificates used for making the trust decision.
        Throws:
        CertificateException

      • isUserAddedCertificate

        public boolean isUserAddedCertificate​(X509Certificate cert)

      • checkServerTrusted

        public List<X509Certificate> checkServerTrusted​(X509Certificate[] chain,
                                                String authType,
                                                SSLSession session)
                                         throws CertificateException
        Validates whether a server is trusted. If session is given and non-null it also checks if chain is pinned appropriately for that peer host. If null, it does not check for pinned certs. The return value is a list of the certificates used for making the trust decision.
        Throws:
        CertificateException

      • handleTrustStorageUpdate

        public void handleTrustStorageUpdate()

      • getAcceptedIssuers

        public X509Certificate[] getAcceptedIssuers()
        Description copied from interface: X509TrustManager
        Returns the list of certificate issuer authorities which are trusted for authentication of peers.
        Specified by:
        getAcceptedIssuers in interface X509TrustManager
        Returns:
        the list of certificate issuer authorities which are trusted for authentication of peers.