Package org.conscrypt

Class TrustManagerImpl

java.lang.Object
org.conscrypt.TrustManagerImpl
All Implemented Interfaces:
TrustManager, X509TrustManager
public final class TrustManagerImpl
extends Object
implements X509TrustManager
TrustManager implementation. The implementation is based on CertPathValidator PKIX and CertificateFactory X509 implementations. This implementations should be provided by some certification provider.
See Also:
X509TrustManager

  • Constructor Details

    • TrustManagerImpl

      public TrustManagerImpl​(KeyStore keyStore)
      Creates X509TrustManager based on a keystore
      Parameters:
      ks -

    • TrustManagerImpl

      public TrustManagerImpl​(KeyStore keyStore, CertPinManager manager)
      For testing only

  • Method Details

    • checkClientTrusted

      public void checkClientTrusted​(X509Certificate[] chain, String authType) throws CertificateException
      Description copied from interface: X509TrustManager
      Checks whether the specified certificate chain (partial or complete) can be validated and is trusted for client authentication for the specified authentication type.
      Specified by:
      checkClientTrusted in interface X509TrustManager
      Parameters:
      chain - the certificate chain to validate.
      authType - the authentication type used.
      Throws:
      CertificateException - if the certificate chain can't be validated or isn't trusted.

    • checkServerTrusted

      public void checkServerTrusted​(X509Certificate[] chain, String authType) throws CertificateException
      Description copied from interface: X509TrustManager
      Checks whether the specified certificate chain (partial or complete) can be validated and is trusted for server authentication for the specified key exchange algorithm.
      Specified by:
      checkServerTrusted in interface X509TrustManager
      Parameters:
      chain - the certificate chain to validate.
      authType - the key exchange algorithm name.
      Throws:
      CertificateException - if the certificate chain can't be validated or isn't trusted.

    • checkServerTrusted

      public List<X509Certificate> checkServerTrusted​(X509Certificate[] chain, String authType, String host) throws CertificateException
      Validates whether a server is trusted. If hostname is given and non-null it also checks if chain is pinned appropriately for that host. If null, it does not check for pinned certs. The return value is a list of the certificates used for making the trust decision.
      Throws:
      CertificateException

    • handleTrustStorageUpdate

      public void handleTrustStorageUpdate()

    • getAcceptedIssuers

      public X509Certificate[] getAcceptedIssuers()
      Description copied from interface: X509TrustManager
      Returns the list of certificate issuer authorities which are trusted for authentication of peers.
      Specified by:
      getAcceptedIssuers in interface X509TrustManager
      Returns:
      the list of certificate issuer authorities which are trusted for authentication of peers.