Package com.unboundid.util.ssl
Class TrustAllTrustManager
- java.lang.Object
-
- com.unboundid.util.ssl.TrustAllTrustManager
-
- All Implemented Interfaces:
java.io.Serializable
,javax.net.ssl.TrustManager
,javax.net.ssl.X509TrustManager
@NotMutable @ThreadSafety(level=COMPLETELY_THREADSAFE) public final class TrustAllTrustManager extends java.lang.Object implements javax.net.ssl.X509TrustManager, java.io.Serializable
This class provides an SSL trust manager which will blindly trust any certificate that is presented to it, although it may optionally reject certificates that are expired or not yet valid. It can be convenient for testing purposes, but it is recommended that production environments use trust managers that perform stronger validation.- See Also:
- Serialized Form
-
-
Constructor Summary
Constructors Constructor Description TrustAllTrustManager()
Creates a new instance of this trust all trust manager that will trust any certificate, including certificates that are expired or not yet valid.TrustAllTrustManager(boolean examineValidityDates)
Creates a new instance of this trust all trust manager that will trust any certificate, potentially excluding certificates that are expired or not yet valid.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
checkClientTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType)
Checks to determine whether the provided client certificate chain should be trusted.void
checkServerTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType)
Checks to determine whether the provided server certificate chain should be trusted.boolean
examineValidityDates()
Indicate whether to reject certificates if the current time is outside the validity window for the certificate.java.security.cert.X509Certificate[]
getAcceptedIssuers()
Retrieves the accepted issuer certificates for this trust manager.
-
-
-
Constructor Detail
-
TrustAllTrustManager
public TrustAllTrustManager()
Creates a new instance of this trust all trust manager that will trust any certificate, including certificates that are expired or not yet valid.
-
TrustAllTrustManager
public TrustAllTrustManager(boolean examineValidityDates)
Creates a new instance of this trust all trust manager that will trust any certificate, potentially excluding certificates that are expired or not yet valid.- Parameters:
examineValidityDates
- Indicates whether to reject certificates if the current time is outside the validity window for the certificate.
-
-
Method Detail
-
examineValidityDates
public boolean examineValidityDates()
Indicate whether to reject certificates if the current time is outside the validity window for the certificate.- Returns:
true
if the certificate validity time should be examined and certificates should be rejected if they are expired or not yet valid, orfalse
if certificates should be accepted even outside of the validity window.
-
checkClientTrusted
public void checkClientTrusted(@NotNull java.security.cert.X509Certificate[] chain, @NotNull java.lang.String authType) throws java.security.cert.CertificateException
Checks to determine whether the provided client certificate chain should be trusted. A certificate will only be rejected (by throwing aCertificateException
) if certificate validity dates should be examined and the certificate or any of its issuers is outside of the validity window.- Specified by:
checkClientTrusted
in interfacejavax.net.ssl.X509TrustManager
- Parameters:
chain
- The client certificate chain for which to make the determination.authType
- The authentication type based on the client certificate.- Throws:
java.security.cert.CertificateException
- If the provided client certificate chain should not be trusted.
-
checkServerTrusted
public void checkServerTrusted(@NotNull java.security.cert.X509Certificate[] chain, @NotNull java.lang.String authType) throws java.security.cert.CertificateException
Checks to determine whether the provided server certificate chain should be trusted. A certificate will only be rejected (by throwing aCertificateException
) if certificate validity dates should be examined and the certificate or any of its issuers is outside of the validity window.- Specified by:
checkServerTrusted
in interfacejavax.net.ssl.X509TrustManager
- Parameters:
chain
- The server certificate chain for which to make the determination.authType
- The key exchange algorithm used.- Throws:
java.security.cert.CertificateException
- If the provided server certificate chain should not be trusted.
-
getAcceptedIssuers
@NotNull public java.security.cert.X509Certificate[] getAcceptedIssuers()
Retrieves the accepted issuer certificates for this trust manager. This will always return an empty array.- Specified by:
getAcceptedIssuers
in interfacejavax.net.ssl.X509TrustManager
- Returns:
- The accepted issuer certificates for this trust manager.
-
-