JSSEX509TrustManager ("Entrust Authority Security Toolkit for the Java Platform")

java.lang.Object
- javax.net.ssl.X509ExtendedTrustManager
- - com.entrust.toolkit.x509.jsse.JSSEX509TrustManager

All Implemented Interfaces:

javax.net.ssl.TrustManager, javax.net.ssl.X509TrustManager
```
public class JSSEX509TrustManager
extends javax.net.ssl.X509ExtendedTrustManager
implements javax.net.ssl.X509TrustManager
```
The JSSEX509TrustManager class implements the javax.net.ssl.X509TrustManager interface.
The javax.net.ssl.X509TrustManager interface is used to initialize an SSLContext object to support X.509 authentication to remote socket peers through JSSE. You can create an instance of this class directly either by using the constructor or by using a TrustManagerFactory engine.

For more information, see the SUN Microsystems API user's guide for the Java Secure Socket Extension (JSSE) version 1.0.2

Since:

7.0

See Also:
JSSEX509TrustManagerFactory, SSLContext

Constructor Summary

Constructors
Constructor and Description
`JSSEX509TrustManager(CertVerifier certVerifier)` Creates a `JSSEX509TrustManager` instance that uses the indicated Entrust certificate validation mechanism for trust decisions.
`JSSEX509TrustManager(KeyAndCertContainer keyAndCertContainer)` Creates a `JSSEX509TrustManager` instance that uses an Entrust key/certificate container's certificate validation mechanism for trust decisions.
`JSSEX509TrustManager(User user)` Creates a `JSSEX509TrustManager` instance that uses an Entrust user's certificate validation mechanism for trust decisions.
`JSSEX509TrustManager(java.security.cert.X509Certificate[] trustedRoots, java.lang.String keyStoreType)` Creates an instance of the `JSSEX509TrustManager` class.
`JSSEX509TrustManager(java.security.cert.X509Certificate[] trustedRoots, java.lang.String keyStoreType, LdapDirectory directory, ClientSettings settings)` Creates an instance of the `JSSEX509TrustManager` class.

Method Summary

Methods
Modifier and Type	Method and Description
`void`	`checkClientTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType)` Given the partial or complete certificate chain provided by the peer, build a certificate path to a trusted root and return if it can be validated and is trusted for client SSL authentication based on the authentication type.
`void`	`checkClientTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType, java.net.Socket socket)` Given the partial or complete certificate chain provided by the peer, build a certificate path to a trusted root and return if it can be validated and is trusted for client SSL authentication based on the authentication type.
`void`	`checkClientTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType, javax.net.ssl.SSLEngine engine)` Given the partial or complete certificate chain provided by the peer, build a certificate path to a trusted root and return if it can be validated and is trusted for client SSL authentication based on the authentication type.
`void`	`checkServerTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType)` Given the partial or complete certificate chain provided by the peer, build a certificate path to a trusted root and return if it can be validated and is trusted for server SSL authentication based on the authentication type.
`void`	`checkServerTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType, java.net.Socket socket)` Given the partial or complete certificate chain provided by the peer, build a certificate path to a trusted root and return if it can be validated and is trusted for server SSL authentication based on the authentication type.
`void`	`checkServerTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType, javax.net.ssl.SSLEngine engine)` Given the partial or complete certificate chain provided by the peer, build a certificate path to a trusted root and return if it can be validated and is trusted for server SSL authentication based on the authentication type.
`java.security.cert.X509Certificate[]`	`getAcceptedIssuers()` Retrieves the trusted root CA certificates.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - JSSEX509TrustManager
```
public JSSEX509TrustManager(KeyAndCertContainer keyAndCertContainer)
                     throws UserNotLoggedInException
```
    Creates a JSSEX509TrustManager instance that uses an Entrust key/certificate container's certificate validation mechanism for trust decisions.
    
    Parameters:
    keyAndCertContainer - an Entrust key/certificate container
    
    Throws:
    
    UserNotLoggedInException - if the Entrust key/certificate container represents a user that is not logged in
    
    java.lang.IllegalArgumentException - if the key/certificate container is not provided (null) or does not contain a certificate validation mechanism
    Since:
    
    7.2
  - JSSEX509TrustManager
```
public JSSEX509TrustManager(User user)
                     throws UserNotLoggedInException
```
    Creates a JSSEX509TrustManager instance that uses an Entrust user's certificate validation mechanism for trust decisions.
    
    Parameters:
    user - a logged in Entrust user
    
    Throws:
    
    UserNotLoggedInException - if the user is not logged in
    
    java.lang.IllegalArgumentException - if the user is not provided (null)
    Since:
    
    7.2
  - JSSEX509TrustManager
```
public JSSEX509TrustManager(CertVerifier certVerifier)
```
    Creates a JSSEX509TrustManager instance that uses the indicated Entrust certificate validation mechanism for trust decisions.
    
    Parameters:
    certVerifier - an Entrust certificate validation mechanism
    
    Throws:
    
    java.lang.IllegalArgumentException - if the certificate validation mechanism is not provided (null)
    Since:
    
    7.2
  - JSSEX509TrustManager
```
public JSSEX509TrustManager(java.security.cert.X509Certificate[] trustedRoots,
                    java.lang.String keyStoreType)
```
    Creates an instance of the JSSEX509TrustManager class.
    
    Parameters:
    trustedRoots - the trusted root CA certificates
    keyStoreType - not used
  - JSSEX509TrustManager
```
public JSSEX509TrustManager(java.security.cert.X509Certificate[] trustedRoots,
                    java.lang.String keyStoreType,
                    LdapDirectory directory,
                    ClientSettings settings)
```
    Creates an instance of the JSSEX509TrustManager class.
    
    Parameters:
    trustedRoots - the trusted root CA certificates
    keyStoreType - not used
    LdapDirectory - the Ldap directory used for revocation checking
    ClientSettings - the ClientSettings to use
    Since:
    
    7.2 patch
- Method Detail
  - getAcceptedIssuers
```
public java.security.cert.X509Certificate[] getAcceptedIssuers()
```
    Retrieves the trusted root CA certificates.
    
    Specified by:
    
    getAcceptedIssuers in interface javax.net.ssl.X509TrustManager
    
    Returns:
    The trusted root CA certificates.
  - checkClientTrusted
```
public void checkClientTrusted(java.security.cert.X509Certificate[] chain,
                      java.lang.String authType)
                        throws java.security.cert.CertificateException
```
    Given the partial or complete certificate chain provided by the peer, build a certificate path to a trusted root and return if it can be validated and is trusted for client SSL authentication based on the authentication type. The authentication type is determined by the actual certificate used. For instance, if RSAPublicKey is used, the authType should be "RSA". Checking is case-sensitive.
    
    Specified by:
    
    checkClientTrusted in interface javax.net.ssl.X509TrustManager
    
    Parameters:
    chain - - the peer certificate chain
    authType - - the authentication type based on the client certificate
    
    Throws:
    
    java.lang.IllegalArgumentException - - if null or zero-length chain is passed in for the chain parameter or if null or zero-length string is passed in for the authType parameter
    
    java.security.cert.CertificateException - - if the certificate chain is not trusted by this TrustManager.
    Since:
    
    JDK 1.4
    
    See Also:
    X509TrustManager.checkClientTrusted(X509Certificate[], String)
  - checkServerTrusted
```
public void checkServerTrusted(java.security.cert.X509Certificate[] chain,
                      java.lang.String authType)
                        throws java.security.cert.CertificateException
```
    Given the partial or complete certificate chain provided by the peer, build a certificate path to a trusted root and return if it can be validated and is trusted for server SSL authentication based on the authentication type. The authentication type is the key exchange algorithm portion of the cipher suites represented as a String, such as "RSA", "DHE_DSS". Note: for some exportable cipher suites, the key exchange algorithm is determined at run time during the handshake. For instance, for TLS_RSA_EXPORT_WITH_RC4_40_MD5, the authType should be RSA_EXPORT when an ephemeral RSA key is used for the key exchange, and RSA when the key from the server certificate is used. Checking is case-sensitive.
    
    Specified by:
    
    checkServerTrusted in interface javax.net.ssl.X509TrustManager
    
    Parameters:
    chain - - the peer certificate chain
    authType - - the key exchange algorithm used
    
    Throws:
    
    java.lang.IllegalArgumentException - - if null or zero-length chain is passed in for the chain parameter or if null or zero-length string is passed in for the authType parameter
    
    java.security.cert.CertificateException - - if the certificate chain is not trusted by this TrustManager.
    Since:
    
    JDK 1.4
    
    See Also:
    X509TrustManager.checkServerTrusted(X509Certificate[], String)
  - checkClientTrusted
```
public void checkClientTrusted(java.security.cert.X509Certificate[] chain,
                      java.lang.String authType,
                      java.net.Socket socket)
                        throws java.security.cert.CertificateException
```
    Given the partial or complete certificate chain provided by the peer, build a certificate path to a trusted root and return if it can be validated and is trusted for client SSL authentication based on the authentication type. The authentication type is determined by the actual certificate used. For instance, if RSAPublicKey is used, the authType should be "RSA". Checking is case-sensitive. This implementation doesn't do anything with the Socket, so it just calls the checkClientTrusted(chain[], authType)
    
    Specified by:
    
    checkClientTrusted in class javax.net.ssl.X509ExtendedTrustManager
    
    Parameters:
    chain - the certificate chain being checked for validity
    authType - the key exchange algorithm used
    socket - the socket used by the connection
    
    Throws:
    
    java.security.cert.CertificateException
  - checkClientTrusted
```
public void checkClientTrusted(java.security.cert.X509Certificate[] chain,
                      java.lang.String authType,
                      javax.net.ssl.SSLEngine engine)
                        throws java.security.cert.CertificateException
```
    Given the partial or complete certificate chain provided by the peer, build a certificate path to a trusted root and return if it can be validated and is trusted for client SSL authentication based on the authentication type. The authentication type is determined by the actual certificate used. For instance, if RSAPublicKey is used, the authType should be "RSA". Checking is case-sensitive. This implementation doesn't do anything with the given SSLEngine, so it just calls the checkClientTrusted(chain[], authType)
    
    Specified by:
    
    checkClientTrusted in class javax.net.ssl.X509ExtendedTrustManager
    
    Parameters:
    chain - the certificate chain being checked for validity
    authType - the key exchange algorithm used
    engine - the SSLEngine used by the connection
    
    Throws:
    
    java.security.cert.CertificateException
  - checkServerTrusted
```
public void checkServerTrusted(java.security.cert.X509Certificate[] chain,
                      java.lang.String authType,
                      java.net.Socket socket)
                        throws java.security.cert.CertificateException
```
    Given the partial or complete certificate chain provided by the peer, build a certificate path to a trusted root and return if it can be validated and is trusted for server SSL authentication based on the authentication type. The authentication type is the key exchange algorithm portion of the cipher suites represented as a String, such as "RSA", "DHE_DSS". Note: for some exportable cipher suites, the key exchange algorithm is determined at run time during the handshake. For instance, for TLS_RSA_EXPORT_WITH_RC4_40_MD5, the authType should be RSA_EXPORT when an ephemeral RSA key is used for the key exchange, and RSA when the key from the server certificate is used. Checking is case-sensitive. This method uses the given socket to lookup the SSLParameters and will make use of the Endpoint Identification algorithms "HTTPS" and "LDAPS" to perform hostname verification. This implementation will also attempt to retrieve the hostname using the Server Name Indication (SNI) TLS extension which is specified in RFC 6066. If SNI is not used, it will use the underlying SSLSession to retrieve the hostname.
    
    Specified by:
    
    checkServerTrusted in class javax.net.ssl.X509ExtendedTrustManager
    
    Parameters:
    chain - the certificate chain being checked for validity
    authType - the key exchange algorithm used
    socket - the socket used by the connection
    
    Throws:
    
    java.security.cert.CertificateException
  - checkServerTrusted
```
public void checkServerTrusted(java.security.cert.X509Certificate[] chain,
                      java.lang.String authType,
                      javax.net.ssl.SSLEngine engine)
                        throws java.security.cert.CertificateException
```
    Given the partial or complete certificate chain provided by the peer, build a certificate path to a trusted root and return if it can be validated and is trusted for server SSL authentication based on the authentication type. The authentication type is the key exchange algorithm portion of the cipher suites represented as a String, such as "RSA", "DHE_DSS". Note: for some exportable cipher suites, the key exchange algorithm is determined at run time during the handshake. For instance, for TLS_RSA_EXPORT_WITH_RC4_40_MD5, the authType should be RSA_EXPORT when an ephemeral RSA key is used for the key exchange, and RSA when the key from the server certificate is used. Checking is case-sensitive. This method uses the given socket to lookup the SSLParameters and will make use of the Endpoint Identification algorithms "HTTPS" and "LDAPS" to perform hostname verification. This implementation will also attempt to retrieve the hostname using the Server Name Indication (SNI) TLS extension which is specified in RFC 6066. If SNI is not used, it will use the underlying SSLSession to retrieve the hostname.
    
    Specified by:
    
    checkServerTrusted in class javax.net.ssl.X509ExtendedTrustManager
    
    Parameters:
    chain - the certificate chain being checked for validity
    authType - the key exchange algorithm used
    engine - the SSLEngine used by the connection
    
    Throws:
    
    java.security.cert.CertificateException

Class JSSEX509TrustManager

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

JSSEX509TrustManager

JSSEX509TrustManager

JSSEX509TrustManager

JSSEX509TrustManager

JSSEX509TrustManager

Method Detail

getAcceptedIssuers

checkClientTrusted

checkServerTrusted

checkClientTrusted

checkClientTrusted

checkServerTrusted

checkServerTrusted