public interface X509TrustManager
Instance of this interface manage which X509 certificates may be used to authenticate the remote side of a secure socket. Decisions may be based on trusted certificate authorities, certificate revocation lists, online status checking or other means.
Method Summary | |
---|---|
void |
checkClientTrusted
(
X509Certificate
[] chain,
String
authType) Given the partial or complete certificate chain provided by the peer, build a certificate path to a trusted root and return if it can be validated and is trusted for client SSL authentication based on the authentication type. |
void |
checkServerTrusted
(
X509Certificate
[] chain,
String
authType) Given the partial or complete certificate chain provided by the peer, build a certificate path to a trusted root and return if it can be validated and is trusted for server SSL authentication based on the authentication type. |
X509Certificate [] |
getAcceptedIssuers
() Return an array of certificate authority certificates which are trusted for authenticating peers. |
Method Detail |
---|
void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException
The authentication type is determined by the actual certificate used. For instance, if RSAPublicKey is used, the authType should be "RSA". Checking is case-sensitive.
void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException
The authentication type is the key exchange algorithm portion of the cipher suites represented as a String, such as "RSA", "DHE_DSS". Note: for some exportable cipher suites, the key exchange algorithm is determined at run time during the handshake. For instance, for TLS_RSA_EXPORT_WITH_RC4_40_MD5, the authType should be RSA_EXPORT when an ephemeral RSA key is used for the key exchange, and RSA when the key from the server certificate is used. Checking is case-sensitive.
X509Certificate[] getAcceptedIssuers()