ExpirationCheckTrustManager (OpenDS Directory Server API Documentation)

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.opends.server.util
Class ExpirationCheckTrustManager

java.lang.Object
  org.opends.server.util.ExpirationCheckTrustManager

All Implemented Interfaces:: javax.net.ssl.TrustManager, javax.net.ssl.X509TrustManager

@PublicAPI(stability=UNCOMMITTED, mayInstantiate=true, mayExtend=false, mayInvoke=true) public final class ExpirationCheckTrustManager
extends java.lang.Object
implements javax.net.ssl.X509TrustManager
extends java.lang.Object
implements javax.net.ssl.X509TrustManager

This class implements an X.509 trust manager that will be used to wrap an existing trust manager and makes it possible to reject a presented certificate if that certificate is outside the validity window.

Constructor Summary
`ExpirationCheckTrustManager(javax.net.ssl.X509TrustManager trustManager)` Creates a new instance of this trust manager that will wrap the provided trust manager.

Method Summary
`void`	`checkClientTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType)` Determines whether to trust the peer based on the provided certificate chain.
`void`	`checkServerTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType)` Determines whether to trust the peer based on the provided certificate chain.
`java.security.cert.X509Certificate[]`	`getAcceptedIssuers()` Retrieves the set of CA certificates which are trusted for authenticating peers.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

ExpirationCheckTrustManager

public ExpirationCheckTrustManager(javax.net.ssl.X509TrustManager trustManager)

Creates a new instance of this trust manager that will wrap the provided trust manager.

Parameters:: trustManager - The trust manager to be wrapped by this trust manager.

Method Detail

checkClientTrusted

public void checkClientTrusted(java.security.cert.X509Certificate[] chain,
                               java.lang.String authType)
                        throws java.security.cert.CertificateException

Determines whether to trust the peer based on the provided certificate chain. In this case, the peer will only be trusted if all certificates in the chain are within the validity window and the parent trust manager also accepts the certificate.

Specified by:: checkClientTrusted in interface javax.net.ssl.X509TrustManager

Parameters:: chain - The peer certificate chain.; authType - The authentication type based on the client certificate.
Throws:: java.security.cert.CertificateException - If the client certificate chain is not trusted.

checkServerTrusted

public void checkServerTrusted(java.security.cert.X509Certificate[] chain,
                               java.lang.String authType)
                        throws java.security.cert.CertificateException

Specified by:: checkServerTrusted in interface javax.net.ssl.X509TrustManager

Parameters:: chain - The peer certificate chain.; authType - The key exchange algorithm used.
Throws:: java.security.cert.CertificateException - If the server certificate chain is not trusted.

getAcceptedIssuers

public java.security.cert.X509Certificate[] getAcceptedIssuers()

Retrieves the set of CA certificates which are trusted for authenticating peers. This will be taken from the parent trust manager.

Specified by:: getAcceptedIssuers in interface javax.net.ssl.X509TrustManager

Returns:: A non-null (possibly empty) array of acceptable CA issuer certificates.