Module org.newsclub.net.unix.ssl

Package org.newsclub.net.unix.ssl

Class ValidatingX509TrustManager

java.lang.Object

org.newsclub.net.unix.ssl.FilterX509TrustManager

org.newsclub.net.unix.ssl.ValidatingX509TrustManager

All Implemented Interfaces:

TrustManager, X509TrustManager

public final class ValidatingX509TrustManager
extends FilterX509TrustManager

A wrapping X509TrustManager that verifies each individual certificate in a chain, in addition to the successful validation by the wrapped X509TrustManager.

This could be useful in some scenarios where self-signed certificates are being used, or where the upstream TrustManager can't be fully trusted.

Author:

Christian Kohlschütter

Constructor Summary

Constructors

Constructor	Description
ValidatingX509TrustManager(X509TrustManager wrapped)	Constructs a ValidatingX509TrustManager instance that wraps the given X509TrustManager.

Method Summary

Modifier and Type	Method	Description
protected void	onCertificateException(boolean checkClient, CertificateException e, X509Certificate[] chain, String authType)	Called whenever the wrapped X509TrustManager throws an exception when checking client or server certificate chains.
protected void	onCertificateTrusted(boolean checkClient, X509Certificate[] chain, String authType)	Called whenever the wrapped X509TrustManager trusted a given client or server certificate chains.

Methods inherited from class org.newsclub.net.unix.ssl.FilterX509TrustManager

checkClientTrusted, checkServerTrusted, getAcceptedIssuers

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

ValidatingX509TrustManager

public ValidatingX509TrustManager(X509TrustManager wrapped)

Constructs a ValidatingX509TrustManager instance that wraps the given X509TrustManager.

Parameters:

wrapped - The wrapped trust manager.

Method Details

onCertificateException

protected void onCertificateException(boolean checkClient,
 CertificateException e,
 X509Certificate[] chain,
 String authType)
                               throws CertificateException

Description copied from class: FilterX509TrustManager

Called whenever the wrapped X509TrustManager throws an exception when checking client or server certificate chains.

Specified by:

onCertificateException in class FilterX509TrustManager

Parameters:

checkClient - If true, we're checking a client certificate chain, if false a server's.

e - The caught exception

chain - The (potentially partial) certificate chain

authType - The authType.

Throws:

CertificateException - if desired.

onCertificateTrusted

protected void onCertificateTrusted(boolean checkClient,
 X509Certificate[] chain,
 String authType)
                             throws CertificateException

Description copied from class: FilterX509TrustManager

Called whenever the wrapped X509TrustManager trusted a given client or server certificate chains.

Specified by:

onCertificateTrusted in class FilterX509TrustManager

Parameters:

checkClient - If true, we're checking a client certificate chain, if false a server's.

chain - The (potentially partial) certificate chain

authType - The authType.

Throws:

CertificateException - if desired.