Package org.forgerock.opendj.security

Class TrustManagers

java.lang.Object

org.forgerock.opendj.security.TrustManagers

public final class TrustManagers
extends Object

This class contains methods for creating common types of trust manager.

Method Summary

Modifier and Type	Method	Description
static X509TrustManager	checkUsingKeyStore(KeyStore optionalKeyStore)	Creates a new X509TrustManager which will use the key store to determine whether to trust a certificate.
static X509TrustManager	checkUsingKeyStoreFile(String file, char[] password, String type)	Creates a new X509TrustManager which will use the named trust store file to determine whether to trust a certificate.
static X509TrustManager	distrustAll()	Returns an X509TrustManager which does not trust any certificates.
static X509ExtendedTrustManager	trustAll()	Returns an X509ExtendedTrustManager which trusts all certificates.
static X509ExtendedTrustManager	trustAny(List<TrustManager> trustManagers)	Returns a X509ExtendedTrustManager that wraps the given TrustManagers and that yields a positive result if ever one of the wrapped TrustManagers yields a positive result.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

checkUsingKeyStoreFile

public static X509TrustManager checkUsingKeyStoreFile(String file,
 char[] password,
 String type)
                                               throws GeneralSecurityException,
IOException

Creates a new X509TrustManager which will use the named trust store file to determine whether to trust a certificate. It will use the provided trust store type and password.

Parameters:

file - The trust store file name.

password - The trust store password, which may be null.

type - The trust store type, which may be null to indicate that the default trust store type for the JVM (e.g. KeyManagers.JKS) should be used.

Returns:

A new X509TrustManager which will use the named trust store file to determine whether to trust a certificate.

Throws:

GeneralSecurityException - If the trust store could not be loaded, perhaps due to incorrect type, or missing algorithms.

IOException - If the trust store file could not be found or could not be read.

NullPointerException - If provided file was null.

checkUsingKeyStore

public static X509TrustManager checkUsingKeyStore(KeyStore optionalKeyStore)
                                           throws NoSuchAlgorithmException,
KeyStoreException

Creates a new X509TrustManager which will use the key store to determine whether to trust a certificate.

Parameters:

optionalKeyStore - The key store containing the trusted certificates or null to use the default key store.

Returns:

A new X509TrustManager which will use the key store to determine whether to trust a certificate.

Throws:

NoSuchAlgorithmException - If default trust store algorithm cannot be found.

KeyStoreException - If the trust manager could not be initialized with the provided key store.

distrustAll

public static X509TrustManager distrustAll()

Returns an X509TrustManager which does not trust any certificates.

Returns:

An X509TrustManager which does not trust any certificates.

trustAll

public static X509ExtendedTrustManager trustAll()

Returns an X509ExtendedTrustManager which trusts all certificates.

Returns:

An X509ExtendedTrustManager which trusts all certificates.

trustAny

public static X509ExtendedTrustManager trustAny(List<TrustManager> trustManagers)

Returns a X509ExtendedTrustManager that wraps the given TrustManagers and that yields a positive result if ever one of the wrapped TrustManagers yields a positive result.

Parameters:

trustManagers - The trust managers to wrap.

Returns:

The instance of X509TrustManager that wraps the given trust managers.