X509TrustManager
Stay organized with collections
Save and categorize content based on your preferences.
Known Indirect Subclasses
X509ExtendedTrustManager |
Extensions to the X509TrustManager interface to support
SSL/TLS connection sensitive trust management. |
|
Instance of this interface manage which X509 certificates
may be used to authenticate the remote side of a secure
socket. Decisions may be based on trusted certificate
authorities, certificate revocation lists, online
status checking or other means.
Public Method Summary
abstract
void
|
checkClientTrusted( X509Certificate[] chain, String authType)
Given the partial or complete certificate chain provided by the
peer, build a certificate path to a trusted root and return if
it can be validated and is trusted for client SSL
authentication based on the authentication type.
|
abstract
void
|
checkServerTrusted( X509Certificate[] chain, String authType)
Given the partial or complete certificate chain provided by the
peer, build a certificate path to a trusted root and return if
it can be validated and is trusted for server SSL
authentication based on the authentication type.
|
abstract
X509Certificate[]
|
getAcceptedIssuers()
Return an array of certificate authority certificates
which are trusted for authenticating peers.
|
Public Methods
public
abstract
void
checkClientTrusted
(X509Certificate[] chain, String authType)
Given the partial or complete certificate chain provided by the
peer, build a certificate path to a trusted root and return if
it can be validated and is trusted for client SSL
authentication based on the authentication type.
The authentication type is determined by the actual certificate
used. For instance, if RSAPublicKey is used, the authType
should be "RSA". Checking is case-sensitive.
Parameters
chain |
the peer certificate chain |
authType |
the authentication type based on the client certificate |
Throws
IllegalArgumentException |
if null or zero-length chain
is passed in for the chain parameter or if null or zero-length
string is passed in for the authType parameter |
CertificateException |
if the certificate chain is not trusted
by this TrustManager.
|
public
abstract
void
checkServerTrusted
(X509Certificate[] chain, String authType)
Given the partial or complete certificate chain provided by the
peer, build a certificate path to a trusted root and return if
it can be validated and is trusted for server SSL
authentication based on the authentication type.
The authentication type is the key exchange algorithm portion
of the cipher suites represented as a String, such as "RSA",
"DHE_DSS". Note: for some exportable cipher suites, the key
exchange algorithm is determined at run time during the
handshake. For instance, for TLS_RSA_EXPORT_WITH_RC4_40_MD5,
the authType should be RSA_EXPORT when an ephemeral RSA key is
used for the key exchange, and RSA when the key from the server
certificate is used. Checking is case-sensitive.
Parameters
chain |
the peer certificate chain |
authType |
the key exchange algorithm used |
Throws
IllegalArgumentException |
if null or zero-length chain
is passed in for the chain parameter or if null or zero-length
string is passed in for the authType parameter |
CertificateException |
if the certificate chain is not trusted
by this TrustManager.
|
public
abstract
X509Certificate[]
getAcceptedIssuers
()
Return an array of certificate authority certificates
which are trusted for authenticating peers.
Returns
- a non-null (possibly empty) array of acceptable
CA issuer certificates.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-07-10 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-07-10 UTC."],[[["\u003cp\u003eThe \u003ccode\u003eX509TrustManager\u003c/code\u003e interface manages which X509 certificates can be used to authenticate the remote side of a secure socket.\u003c/p\u003e\n"],["\u003cp\u003eIt provides methods to check if client and server certificates are trusted based on their certificate chains and authentication types.\u003c/p\u003e\n"],["\u003cp\u003e\u003ccode\u003eX509TrustManager\u003c/code\u003e also allows retrieval of accepted certificate authority (CA) certificates for peer authentication.\u003c/p\u003e\n"],["\u003cp\u003eImplementations of this interface determine trust based on factors like trusted CAs, certificate revocation lists, and online status checks.\u003c/p\u003e\n"]]],[],null,["public interface **X509TrustManager** implements [TrustManager](../../../../reference/javax/net/ssl/TrustManager.html) \n\n|---|---|---|\n| Known Indirect Subclasses [X509ExtendedTrustManager](../../../../reference/javax/net/ssl/X509ExtendedTrustManager.html) |-----------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------| | [X509ExtendedTrustManager](../../../../reference/javax/net/ssl/X509ExtendedTrustManager.html) | Extensions to the `X509TrustManager` interface to support SSL/TLS connection sensitive trust management. | |||\n\nInstance of this interface manage which X509 certificates\nmay be used to authenticate the remote side of a secure\nsocket. Decisions may be based on trusted certificate\nauthorities, certificate revocation lists, online\nstatus checking or other means. \n\nPublic Method Summary\n\n|-----------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| abstract void | [checkClientTrusted](../../../../reference/javax/net/ssl/X509TrustManager.html#checkClientTrusted(java.security.cert.X509Certificate[],%20java.lang.String))([X509Certificate\\[\\]](../../../../reference/java/security/cert/X509Certificate.html) chain, [String](../../../../reference/java/lang/String.html) authType) Given the partial or complete certificate chain provided by the peer, build a certificate path to a trusted root and return if it can be validated and is trusted for client SSL authentication based on the authentication type. |\n| abstract void | [checkServerTrusted](../../../../reference/javax/net/ssl/X509TrustManager.html#checkServerTrusted(java.security.cert.X509Certificate[],%20java.lang.String))([X509Certificate\\[\\]](../../../../reference/java/security/cert/X509Certificate.html) chain, [String](../../../../reference/java/lang/String.html) authType) Given the partial or complete certificate chain provided by the peer, build a certificate path to a trusted root and return if it can be validated and is trusted for server SSL authentication based on the authentication type. |\n| abstract [X509Certificate\\[\\]](../../../../reference/java/security/cert/X509Certificate.html) | [getAcceptedIssuers](../../../../reference/javax/net/ssl/X509TrustManager.html#getAcceptedIssuers())() Return an array of certificate authority certificates which are trusted for authenticating peers. |\n\nPublic Methods \n\npublic abstract void\n**checkClientTrusted**\n([X509Certificate\\[\\]](../../../../reference/java/security/cert/X509Certificate.html) chain, [String](../../../../reference/java/lang/String.html) authType) \nGiven the partial or complete certificate chain provided by the\npeer, build a certificate path to a trusted root and return if\nit can be validated and is trusted for client SSL\nauthentication based on the authentication type.\n\n\nThe authentication type is determined by the actual certificate\nused. For instance, if RSAPublicKey is used, the authType\nshould be \"RSA\". Checking is case-sensitive. \n\nParameters\n\n| chain | the peer certificate chain |\n| authType | the authentication type based on the client certificate |\n|----------|---------------------------------------------------------|\n\nThrows\n\n| [IllegalArgumentException](../../../../reference/java/lang/IllegalArgumentException.html) | if null or zero-length chain is passed in for the chain parameter or if null or zero-length string is passed in for the authType parameter |\n| [CertificateException](../../../../reference/java/security/cert/CertificateException.html) | if the certificate chain is not trusted by this TrustManager. |\n|--------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------|\n\npublic abstract void\n**checkServerTrusted**\n([X509Certificate\\[\\]](../../../../reference/java/security/cert/X509Certificate.html) chain, [String](../../../../reference/java/lang/String.html) authType) \nGiven the partial or complete certificate chain provided by the\npeer, build a certificate path to a trusted root and return if\nit can be validated and is trusted for server SSL\nauthentication based on the authentication type.\n\n\nThe authentication type is the key exchange algorithm portion\nof the cipher suites represented as a String, such as \"RSA\",\n\"DHE_DSS\". Note: for some exportable cipher suites, the key\nexchange algorithm is determined at run time during the\nhandshake. For instance, for TLS_RSA_EXPORT_WITH_RC4_40_MD5,\nthe authType should be RSA_EXPORT when an ephemeral RSA key is\nused for the key exchange, and RSA when the key from the server\ncertificate is used. Checking is case-sensitive. \n\nParameters\n\n| chain | the peer certificate chain |\n| authType | the key exchange algorithm used |\n|----------|---------------------------------|\n\nThrows\n\n| [IllegalArgumentException](../../../../reference/java/lang/IllegalArgumentException.html) | if null or zero-length chain is passed in for the chain parameter or if null or zero-length string is passed in for the authType parameter |\n| [CertificateException](../../../../reference/java/security/cert/CertificateException.html) | if the certificate chain is not trusted by this TrustManager. |\n|--------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------|\n\npublic abstract [X509Certificate\\[\\]](../../../../reference/java/security/cert/X509Certificate.html)\n**getAcceptedIssuers**\n() \nReturn an array of certificate authority certificates\nwhich are trusted for authenticating peers. \n\nReturns\n\n- a non-null (possibly empty) array of acceptable CA issuer certificates."]]