TrustManager (Oracle WebLogic Server API Reference)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

Oracle Fusion Middleware
Oracle WebLogic Server API Reference
11g Release 1 (10.3.5)

Part Number E13941-05

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

weblogic.security.SSL
Interface TrustManager

All Known Implementing Classes:: CertPathTrustManager

public interface TrustManager

The TrustManager interface permits the user to override certain validation errors in the peer's certificate chain and allow the handshake to continue. This interface also permits the user to perform additional validation on the peer certificate chain and interrupt the handshake if need be.

Field Summary
`static int`	`ERR_CERT_CHAIN_INCOMPLETE` An incomplete certificate chain is when a chain does not include a self signed root CA certificate
`static int`	`ERR_CERT_CHAIN_INVALID` An invalid certificate chain is when a certificate is not issued by the succeeding certificate in the chain
`static int`	`ERR_CERT_CHAIN_UNTRUSTED` None of the certificates in the chain can be found in the list of trusted certificates
`static int`	`ERR_CERT_EXPIRED` An expired certificate
`static int`	`ERR_NONE` No error has been detected
`static int`	`ERR_SIGNATURE_INVALID` A certificate has an invalid signature when the public key of the succeeding certificate does not verify the signature in the certificate

Method Summary
`boolean`	`certificateCallback(X509Certificate[] chain, int validateErr)` Called by the SSL library when a peer presents a certificate chain.

Field Detail

ERR_NONE

static final int ERR_NONE

No error has been detected

See Also:: Constant Field Values

ERR_CERT_CHAIN_INVALID

static final int ERR_CERT_CHAIN_INVALID

An invalid certificate chain is when a certificate is not issued by the succeeding certificate in the chain

See Also:: Constant Field Values

ERR_CERT_EXPIRED

static final int ERR_CERT_EXPIRED

An expired certificate

See Also:: Constant Field Values

ERR_CERT_CHAIN_INCOMPLETE

static final int ERR_CERT_CHAIN_INCOMPLETE

An incomplete certificate chain is when a chain does not include a self signed root CA certificate

See Also:: Constant Field Values

ERR_SIGNATURE_INVALID

static final int ERR_SIGNATURE_INVALID

A certificate has an invalid signature when the public key of the succeeding certificate does not verify the signature in the certificate

See Also:: Constant Field Values

ERR_CERT_CHAIN_UNTRUSTED

static final int ERR_CERT_CHAIN_UNTRUSTED

None of the certificates in the chain can be found in the list of trusted certificates

See Also:: Constant Field Values

Method Detail

certificateCallback

boolean certificateCallback(X509Certificate[] chain,
                            int validateErr)

Called by the SSL library when a peer presents a certificate chain. This can be used to override certain errors in the peer certificate chain to allow the handshake to continue.

Parameters:: chain - The peer certificate chain; validateErr - indicates the validation errors present in the certificate chain. validateErr has the following properties: ERR_CERT_CHAIN_INVALID bit is set if the certificate chain is invalid; ERR_CERT_EXPIRED bit is set if any of the certificates are expired; ERR_CERT_CHAIN_INCOMPLETE bit is set if the certificate chain is incomplete; ERR_SIGNATURE_INVALID bit is set if any of the certificates have an invaid signature; ERR_CERT_CHAIN_UNTRUSTED bit is set if the certificate chain is not trusted.