BEA Systems, Inc.
WebLogic Server 8.1 API Reference

weblogic.security.SSL
Interface TrustManager

All Known Implementing Classes:
NullTrustManager
Deprecated. Deprecated in WebLogic Server 7.0.

public interface TrustManager

The TrustManager interface permits the user to override certain validation errors in the peer's certificate chain and allow the handshake to continue. This interface also permits the user to perform additional validation on the peer certificate chain and interrupt the handshake if need be.

Author:
Copyright © 2004 BEA Systems, Inc. All Rights Reserved.

Field Summary
static int ERR_CERT_CHAIN_INCOMPLETE
          Deprecated. An incomplete certificate chain is when a chain does not include a self signed root CA certificate
static int ERR_CERT_CHAIN_INVALID
          Deprecated. An invalid certificate chain is when a certificate is not issued by the succeeding certificate in the chain
static int ERR_CERT_CHAIN_UNTRUSTED
          Deprecated. None of the certificates in the chain can be found in the list of trusted certificates
static int ERR_CERT_EXPIRED
          Deprecated. An expired certificate
static int ERR_NONE
          Deprecated. No error has been detected
static int ERR_SIGNATURE_INVALID
          Deprecated. A certificate has an invalid signature when the public key of the succeeding certificate does not verify the signature in the certificate
 
Method Summary
 boolean certificateCallback(X509[] chain, int validateErr)
          Deprecated.  
 

Field Detail

ERR_NONE

public static final int ERR_NONE
Deprecated. 
No error has been detected

ERR_CERT_CHAIN_INVALID

public static final int ERR_CERT_CHAIN_INVALID
Deprecated. 
An invalid certificate chain is when a certificate is not issued by the succeeding certificate in the chain

ERR_CERT_EXPIRED

public static final int ERR_CERT_EXPIRED
Deprecated. 
An expired certificate

ERR_CERT_CHAIN_INCOMPLETE

public static final int ERR_CERT_CHAIN_INCOMPLETE
Deprecated. 
An incomplete certificate chain is when a chain does not include a self signed root CA certificate

ERR_SIGNATURE_INVALID

public static final int ERR_SIGNATURE_INVALID
Deprecated. 
A certificate has an invalid signature when the public key of the succeeding certificate does not verify the signature in the certificate

ERR_CERT_CHAIN_UNTRUSTED

public static final int ERR_CERT_CHAIN_UNTRUSTED
Deprecated. 
None of the certificates in the chain can be found in the list of trusted certificates
Method Detail

certificateCallback

public boolean certificateCallback(X509[] chain,
                                   int validateErr)
Deprecated.  
Called by the SSL library when a peer presents a certificate chain. This can be used to override certain errors in the peer certificate chain to allow the handshake to continue. The parameter validateErr indicates the validation errors present in the certificate chain. validateErr has the following properties: ERR_CERT_CHAIN_INVALID bit is set if the certificate chain is invalid; ERR_CERT_EXPIRED bit is set if any of the certificates are expired; ERR_CERT_CHAIN_INCOMPLETE bit is set if the certificate chain is incomplete; ERR_SIGNATURE_INVALID bit is set if any of the certificates have an invaid signature; ERR_CERT_CHAIN_UNTRUSTED bit is set if the certificate chain is not trusted.
Documentation is available at
http://download.oracle.com/docs/cd/E13222_01/wls/docs81