|
Java™ Platform Standard Ed. 6 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface X509TrustManager
Instance of this interface manage which X509 certificates may be used to authenticate the remote side of a secure socket. Decisions may be based on trusted certificate authorities, certificate revocation lists, online status checking or other means.
Method Summary | |
---|---|
void |
checkClientTrusted(X509Certificate[] chain,
String authType)
Given the partial or complete certificate chain provided by the peer, build a certificate path to a trusted root and return if it can be validated and is trusted for client SSL authentication based on the authentication type. |
void |
checkServerTrusted(X509Certificate[] chain,
String authType)
Given the partial or complete certificate chain provided by the peer, build a certificate path to a trusted root and return if it can be validated and is trusted for server SSL authentication based on the authentication type. |
X509Certificate[] |
getAcceptedIssuers()
Return an array of certificate authority certificates which are trusted for authenticating peers. |
Method Detail |
---|
void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException
The authentication type is determined by the actual certificate used. For instance, if RSAPublicKey is used, the authType should be "RSA". Checking is case-sensitive.
chain
- the peer certificate chainauthType
- the authentication type based on the client certificate
IllegalArgumentException
- if null or zero-length chain
is passed in for the chain parameter or if null or zero-length
string is passed in for the authType parameter
CertificateException
- if the certificate chain is not trusted
by this TrustManager.void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException
The authentication type is the key exchange algorithm portion of the cipher suites represented as a String, such as "RSA", "DHE_DSS". Note: for some exportable cipher suites, the key exchange algorithm is determined at run time during the handshake. For instance, for TLS_RSA_EXPORT_WITH_RC4_40_MD5, the authType should be RSA_EXPORT when an ephemeral RSA key is used for the key exchange, and RSA when the key from the server certificate is used. Checking is case-sensitive.
chain
- the peer certificate chainauthType
- the key exchange algorithm used
IllegalArgumentException
- if null or zero-length chain
is passed in for the chain parameter or if null or zero-length
string is passed in for the authType parameter
CertificateException
- if the certificate chain is not trusted
by this TrustManager.X509Certificate[] getAcceptedIssuers()
|
Java™ Platform Standard Ed. 6 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
Copyright © 1993, 2010, Oracle and/or its affiliates. All rights reserved.