TrustStoreTrustManager (Java EE 5 SDK)

Overview

Package

Class

Tree

Deprecated

Index

Help

Java EE 5 SDK

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.sun.appserv.management.client
Class TrustStoreTrustManager

java.lang.Object
  com.sun.appserv.management.client.TrustStoreTrustManager

All Implemented Interfaces:: TrustManager, X509TrustManager

public class TrustStoreTrustManager
extends Object
implements X509TrustManager
extends Object
implements X509TrustManager

This X509TrustManager implementation supports a trust-store file and allows adding new certificates to it. It is designed to allow a subclass to override a variety of protected methods including those of TrustManager:

checkClientTrusted
checkServerTrusted
getAcceptedIssuers

as well as:

#checkCertificate
#getTrustStorePassword
#shouldAddToTrustStore
#askShouldAddToTrustStore
#getCertificateAlias
#addCertificateToTrustStore
#writeStore
#certificateNotInTrustStore
#getTrustStore

For convenience, if setPrompt( true ) is called, then when a new Certificate is encountered, askShouldAddToTrustStore( c ) prompts the user via System.in as to whether to accept this new Certificate as trusted. Subclasses can of course override this behavior any any desired way.

Field Summary
`static String`	`TRUSTSTORE_FILE_SPROP` Standard system property denoting the trust-store.
`static String`	`TRUSTSTORE_PASSWORD_SPROP` Standard system property denoting the trust-store password.

Constructor Summary
`TrustStoreTrustManager(File trustStoreFile, char[] trustStorePassword)` calls this( trustStoreFile,"JKS", trustStorePassword )
`TrustStoreTrustManager(File trustStoreFile, String keyStoreType, char[] trustStorePassword)` Create a new instance with the specified File and password The trustStoreFile must exist.

Method Summary
`protected void`	`addCertificateToTrustStore(Certificate c)` Add the Certificate to the trust-store, using the alias returned by getCertificateAlias( c ).
`protected void`	`addCertificateToTrustStore(String alias, Certificate c)` Add the Certificate with the specified alias to the trust-store.
`protected boolean`	`askShouldAddToTrustStore(Certificate c)` Prompts via System.in to ask whether the Certificate should be added.
`protected void`	`certificateNotInTrustStore(Certificate c)` The Certificate is not found in the trust-store.
`protected void`	`checkCertificate(X509Certificate[] chain)`
`void`	`checkClientTrusted(X509Certificate[] chain, String authType)`
`void`	`checkServerTrusted(X509Certificate[] chain, String authType)`
`X509Certificate[]`	`getAcceptedIssuers()` By default, no issuers are trusted.
`protected String`	`getCertificateAlias(Certificate c)` Return an alias for a Certificate to be added to the TrustStore.
`static TrustStoreTrustManager`	`getSystemInstance()` Create an instance using the system trust-store as returned by getSystemTrustStoreFile().
`static File`	`getSystemTrustStoreFile()` Use System.getProperty( "javax.net.ssl.trustStore" ) to find a trust-store.
`static char[]`	`getSystemTrustStorePassword()` Use System.getProperty( "javax.net.ssl.trustStorePassword" ) to find the trust-store password.
`protected KeyStore`	`getTrustStore()` Get the KeyStore containing the Certificates to be trusted.
`File`	`getTrustStoreFile()` Return the trust-store that was initially passed in.
`protected char[]`	`getTrustStorePassword()` Subclass may choose to override this method to get the password from any desired source.
`void`	`setPrompt(boolean prompt)` If set to true, then when a new Certificate is encountered, the user will be prompted via System.in as to whether it should be trusted.
`protected boolean`	`shouldAddToTrustStore(Certificate c)` Subclass may wish to override this routine and call defaultShouldAddToTrustStore( c );
`String`	`toString()`
`protected void`	`writeStore()` Write the store to disk.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait`

Field Detail

TRUSTSTORE_FILE_SPROP

public static final String TRUSTSTORE_FILE_SPROP

Standard system property denoting the trust-store.

See Also:: Constant Field Values

TRUSTSTORE_PASSWORD_SPROP

public static final String TRUSTSTORE_PASSWORD_SPROP

Standard system property denoting the trust-store password.

See Also:: Constant Field Values

Constructor Detail

TrustStoreTrustManager

public TrustStoreTrustManager(File trustStoreFile,
                              String keyStoreType,
                              char[] trustStorePassword)

Create a new instance with the specified File and password The trustStoreFile must exist.

Parameters:: trustStoreFile - (not required to exist); keyStoreType - keystore (truststore) type, eg "JKS"; trustStorePassword - (may be null)

TrustStoreTrustManager

public TrustStoreTrustManager(File trustStoreFile,
                              char[] trustStorePassword)

calls this( trustStoreFile,"JKS", trustStorePassword )

Method Detail

setPrompt

public void setPrompt(boolean prompt)

If set to true, then when a new Certificate is encountered, the user will be prompted via System.in as to whether it should be trusted.

Parameters:: prompt -

getSystemInstance

public static TrustStoreTrustManager getSystemInstance()

Create an instance using the system trust-store as returned by getSystemTrustStoreFile().

Returns:: an instance or null if not possible

getSystemTrustStoreFile

public static File getSystemTrustStoreFile()

Use System.getProperty( "javax.net.ssl.trustStore" ) to find a trust-store.

getSystemTrustStorePassword

public static char[] getSystemTrustStorePassword()

Use System.getProperty( "javax.net.ssl.trustStorePassword" ) to find the trust-store password.

getTrustStoreFile

public final File getTrustStoreFile()

Return the trust-store that was initially passed in.

Returns:: File

getTrustStorePassword

protected char[] getTrustStorePassword()

Subclass may choose to override this method to get the password from any desired source. Otherwise, the password used to create this instance is returned.

Returns:: char[]

checkClientTrusted

public void checkClientTrusted(X509Certificate[] chain,
                               String authType)
                        throws CertificateException

Specified by:: checkClientTrusted in interface X509TrustManager

Throws:: CertificateException

checkServerTrusted

public void checkServerTrusted(X509Certificate[] chain,
                               String authType)
                        throws CertificateException

Specified by:: checkServerTrusted in interface X509TrustManager

Throws:: CertificateException

getAcceptedIssuers

public X509Certificate[] getAcceptedIssuers()

By default, no issuers are trusted. It is better to trust specific Certificates explicitly.

Specified by:: getAcceptedIssuers in interface X509TrustManager

Returns:: X509Certificate[]

askShouldAddToTrustStore

protected boolean askShouldAddToTrustStore(Certificate c)
                                    throws IOException

Prompts via System.in to ask whether the Certificate should be added.

Parameters:: c -
Returns:: true if the response is yes.
Throws:: IOException

shouldAddToTrustStore

protected boolean shouldAddToTrustStore(Certificate c)
                                 throws IOException

Subclass may wish to override this routine and call defaultShouldAddToTrustStore( c );

Parameters:: c -
Returns:: true if the Certificate should be trusted and added to the trust-store
Throws:: IOException

getCertificateAlias

protected String getCertificateAlias(Certificate c)

Return an alias for a Certificate to be added to the TrustStore.

Parameters:: c -
Returns:: an alias to be used for adding the Certificate to the trust-store

addCertificateToTrustStore

protected void addCertificateToTrustStore(String alias,
                                          Certificate c)
                                   throws IOException,
                                          KeyStoreException,
                                          NoSuchAlgorithmException,
                                          CertificateException

Add the Certificate with the specified alias to the trust-store.

Parameters:: alias -; c -
Throws:: IOException; KeyStoreException; NoSuchAlgorithmException; CertificateException

addCertificateToTrustStore

protected void addCertificateToTrustStore(Certificate c)
                                   throws IOException,
                                          KeyStoreException,
                                          NoSuchAlgorithmException,
                                          CertificateException

Add the Certificate to the trust-store, using the alias returned by getCertificateAlias( c ).

Parameters:: c -
Throws:: IOException; KeyStoreException; NoSuchAlgorithmException; CertificateException

writeStore

protected void writeStore()
                   throws IOException,
                          KeyStoreException,
                          NoSuchAlgorithmException,
                          CertificateException

Write the store to disk. Results are undefined if an error occurs while writing the file.

Throws:: IOException; KeyStoreException; NoSuchAlgorithmException; CertificateException

certificateNotInTrustStore

protected void certificateNotInTrustStore(Certificate c)
                                   throws IOException,
                                          KeyStoreException,
                                          NoSuchAlgorithmException,
                                          CertificateException

The Certificate is not found in the trust-store. If shouldAddToTrustStore( c ) returns false, then a CertificateException is thrown. Otherwise, addCertificateToTrustStore( c ) is called.

Parameters:: c -
Throws:: IOException; KeyStoreException; NoSuchAlgorithmException; CertificateException

getTrustStore

protected KeyStore getTrustStore()
                          throws IOException,
                                 CertificateException,
                                 NoSuchAlgorithmException,
                                 KeyStoreException,
                                 FileNotFoundException

Get the KeyStore containing the Certificates to be trusted. This should be a KeyStore corresponding to the file that was specified. The same KeyStore should be returned each time.

Returns:: KeyStore
Throws:: IOException; CertificateException; NoSuchAlgorithmException; KeyStoreException; FileNotFoundException

checkCertificate

protected void checkCertificate(X509Certificate[] chain)
                         throws RuntimeException,
                                CertificateException

Parameters:: chain -
Throws:: RuntimeException; CertificateException

toString

public String toString()

Overrides:: toString in class Object

Overview

Package

Class

Tree

Deprecated

Index

Help

Java EE 5 SDK

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

Submit a bug or feature

com.sun.appserv.management.client Class TrustStoreTrustManager

TRUSTSTORE_FILE_SPROP

TRUSTSTORE_PASSWORD_SPROP

TrustStoreTrustManager

TrustStoreTrustManager

setPrompt

getSystemInstance

getSystemTrustStoreFile

getSystemTrustStorePassword

getTrustStoreFile

getTrustStorePassword

checkClientTrusted

checkServerTrusted

getAcceptedIssuers

askShouldAddToTrustStore

shouldAddToTrustStore

getCertificateAlias

addCertificateToTrustStore

addCertificateToTrustStore

writeStore

certificateNotInTrustStore

getTrustStore

checkCertificate

toString

com.sun.appserv.management.client
Class TrustStoreTrustManager