public class X509TrustManagerExtensions extends Object
The checkServerTrusted method allows callers to perform additional verification of certificate chains after they have been successfully verified by the platform.
Constructor and Description |
---|
X509TrustManagerExtensions(X509TrustManager tm)
Constructs a new X509TrustManagerExtensions wrapper.
|
Modifier and Type | Method and Description |
---|---|
List<X509Certificate> |
checkServerTrusted(X509Certificate[] chain,
String authType,
String host)
Verifies the given certificate chain.
|
boolean |
isSameTrustConfiguration(String hostname1,
String hostname2)
Returns
true if the TrustManager uses the same trust configuration for the provided
hostnames. |
boolean |
isUserAddedCertificate(X509Certificate cert)
Checks whether a CA certificate is added by an user.
|
public X509TrustManagerExtensions(X509TrustManager tm) throws IllegalArgumentException
tm
- A X509TrustManager
as returned by TrustManagerFactory.getInstance();IllegalArgumentException
- If tm is an unsupported TrustManager type.public List<X509Certificate> checkServerTrusted(X509Certificate[] chain, String authType, String host) throws CertificateException
See X509TrustManager.checkServerTrusted(X509Certificate[], String)
for a
description of the chain and authType parameters. The final parameter, host, should be the
hostname of the server.
CertificateException
- if the chain does not verify correctly.public boolean isUserAddedCertificate(X509Certificate cert)
Since X509TrustManager.checkServerTrusted(java.security.cert.X509Certificate[], java.lang.String)
may allow its parameter chain
to
chain up to user-added CA certificates, this method can be used to perform additional
policies for user-added CA certificates.
true
to indicate that the certificate authority exists in the user added
certificate store, false
otherwise.