Class TopologyRegistryTrustManager
- java.lang.Object
-
- com.unboundid.ldap.sdk.unboundidds.TopologyRegistryTrustManager
-
- All Implemented Interfaces:
java.io.Serializable
,javax.net.ssl.TrustManager
,javax.net.ssl.X509TrustManager
@ThreadSafety(level=COMPLETELY_THREADSAFE) public final class TopologyRegistryTrustManager extends java.lang.Object implements javax.net.ssl.X509TrustManager, java.io.Serializable
This class provides an implementation of an X.509 trust manager that can be used to trust certificates listed in the topology registry of a Ping Identity Directory Server instance. It will read the topology registry from the server's configuration file rather than communicating with it over LDAP, so it is only available for use when run from LDAP tools provided with the Ping Identity Directory Server.
NOTE: This class, and other classes within the
com.unboundid.ldap.sdk.unboundidds
package structure, are only supported for use against Ping Identity, UnboundID, and Nokia/Alcatel-Lucent 8661 server products. These classes provide support for proprietary functionality or for external specifications that are not considered stable or mature enough to be guaranteed to work in an interoperable way with other types of LDAP servers.- See Also:
- Serialized Form
-
-
Constructor Summary
Constructors Constructor Description TopologyRegistryTrustManager(java.io.File configurationFile, long cacheDurationMillis)
Creates a new instance of this trust manager with the provided settings.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
checkClientTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType)
Checks to determine whether the provided client certificate chain should be trusted.void
checkServerTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType)
Checks to determine whether the provided server certificate chain should be trusted.java.security.cert.X509Certificate[]
getAcceptedIssuers()
Retrieves the accepted issuer certificates for this trust manager.
-
-
-
Constructor Detail
-
TopologyRegistryTrustManager
public TopologyRegistryTrustManager(@NotNull java.io.File configurationFile, long cacheDurationMillis)
Creates a new instance of this trust manager with the provided settings.- Parameters:
configurationFile
- The configuration file for the Ping Identity Directory Server instance that holds the topology registry data.cacheDurationMillis
- The maximum length of time in milliseconds that previously loaded certificates may be cached. If this is less than or equal to zero, then certificates will not be cached.
-
-
Method Detail
-
checkClientTrusted
public void checkClientTrusted(@NotNull java.security.cert.X509Certificate[] chain, @NotNull java.lang.String authType) throws java.security.cert.CertificateException
Checks to determine whether the provided client certificate chain should be trusted.- Specified by:
checkClientTrusted
in interfacejavax.net.ssl.X509TrustManager
- Parameters:
chain
- The client certificate chain for which to make the determination.authType
- The authentication type based on the client certificate.- Throws:
java.security.cert.CertificateException
- If the provided client certificate chain should not be trusted.
-
checkServerTrusted
public void checkServerTrusted(@NotNull java.security.cert.X509Certificate[] chain, @NotNull java.lang.String authType) throws java.security.cert.CertificateException
Checks to determine whether the provided server certificate chain should be trusted.- Specified by:
checkServerTrusted
in interfacejavax.net.ssl.X509TrustManager
- Parameters:
chain
- The server certificate chain for which to make the determination.authType
- The key exchange algorithm used.- Throws:
java.security.cert.CertificateException
- If the provided server certificate chain should not be trusted.
-
getAcceptedIssuers
@NotNull public java.security.cert.X509Certificate[] getAcceptedIssuers()
Retrieves the accepted issuer certificates for this trust manager.- Specified by:
getAcceptedIssuers
in interfacejavax.net.ssl.X509TrustManager
- Returns:
- The accepted issuer certificates for this trust manager, or an empty set of accepted issuers if a problem was encountered while initializing this trust manager.
-
-