public class JSSEX509TrustManagerFactory
extends javax.net.ssl.TrustManagerFactorySpi
JSSEX509TrustManagerFactory class implements the
javax.net.ssl.TrustManagerFractorySpi abstract class.
To create instances of this class, always use the
javax.net.ssl.TrustManagerFactory engine class. For
example:
java.security.Security.addProvider(new com.entrust.toolkit.x509.jsse.provider.EntrustJSSEProvider());
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
or
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509", "Entrust_JSSE");
or
TrustManagerFactory tmf =
TrustManagerFactory.getInstance("SunX509", new com.entrust.toolkit.x509.jsse.provider.EntrustJSSEProvider());
A newly created trust manager factory should be initialized by a
KeyStore object, as follows:
KetStore ks = new KeyStore(...);
ks.load(..., ...);
tmf.init( ks );
You can also initialize the KeyStore using the JSSEEntrustManagerFactoryParameters
If a KeyStore is not provided, then the system configured truststore specified by
the JVM setting javax.net.ssl.trustStore will be used. (Additionally, if the optional
javax.net.ssl.trustStorePassword is configured, then it will be used to validate the
integrity of the specified truststore.)
If a KeyStore is not provided and the JVM javax.net.ssl.trustStore is not configured, then a KeyStore
Exception will be thrown by this class.
//Pass in the KeyStore, Directory and ClientSettings
JSSEEntrustManagerFactoryParameters parameters =
new JSSEEntrustManagerFactoryParameters(eks, directory, clientSettings);
// For convenience, the KSIniFile can also be used to extract the directory information
// JSSEEntrustManagerFactoryParameters parameters =
// new JSSEEntrustManagerFactoryParameters(eks,new FileInputStream(ksIniFile), password);
// Initialize the TrustManagerFactory with the JSSEEntrustManagerFactoryParameters
tmf.init(parameters);
You can retrieve the trust managers by calling
TrustManager[] trustManagers = tmf.getManagers();
For more information, see the Oracle JSSE Reference Guide for the TrustManagerFactory
Note, if a non-Entrust keystore is being used, then this class will delegate the requested operation to the first provider in the list which supports the requested service/algorithm.
TrustManagerFactory,
JSSEX509TrustManager| Constructor and Description |
|---|
JSSEX509TrustManagerFactory() |
| Modifier and Type | Method and Description |
|---|---|
protected javax.net.ssl.TrustManager[] |
engineGetTrustManagers() |
protected void |
engineInit(java.security.KeyStore ks) |
protected void |
engineInit(javax.net.ssl.ManagerFactoryParameters managerFactoryParameters)
Must implement this abstract method in
javax.net.ssl.TrustManagerFactorySpi. |
protected javax.net.ssl.TrustManager[] engineGetTrustManagers()
engineGetTrustManagers in class javax.net.ssl.TrustManagerFactorySpiprotected void engineInit(java.security.KeyStore ks)
throws java.security.KeyStoreException
engineInit in class javax.net.ssl.TrustManagerFactorySpijava.security.KeyStoreExceptionprotected void engineInit(javax.net.ssl.ManagerFactoryParameters managerFactoryParameters)
throws java.security.InvalidAlgorithmParameterException
javax.net.ssl.TrustManagerFactorySpi.engineInit in class javax.net.ssl.TrustManagerFactorySpijava.security.KeyStoreExceptionjava.security.InvalidAlgorithmParameterException