Package org.ldaptive.ssl

Class AggregateTrustManager

java.lang.Object

javax.net.ssl.X509ExtendedTrustManager

org.ldaptive.ssl.AggregateTrustManager

All Implemented Interfaces:

TrustManager, X509TrustManager

public class AggregateTrustManager
extends X509ExtendedTrustManager

Trust manager that delegates to multiple trust managers.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	AggregateTrustManager.Strategy	Enum to define how trust managers should be processed.
private static interface	AggregateTrustManager.TrustManagerConsumer	Interface for consuming a trust manager.

Field Summary

Fields

Modifier and Type	Field	Description
private static int	DEFAULT_CHAIN_LOG_DEPTH	Maximum number of certificates to log.
protected Logger	logger	Logger for this class.
private X509ExtendedTrustManager[]	trustManagers	Trust managers to invoke.
private AggregateTrustManager.Strategy	trustStrategy	Whether to require all trust managers succeed.

Constructor Summary

Constructors

Constructor	Description
AggregateTrustManager(X509TrustManager... managers)	Creates a new aggregate trust manager with the ALL AggregateTrustManager.Strategy.
AggregateTrustManager(AggregateTrustManager.Strategy strategy, X509TrustManager... managers)	Creates a new aggregate trust manager.

Method Summary

Modifier and Type	Method	Description
private String	certsToString(X509Certificate[] chain, boolean withIssuer)	Returns a simple string representation of the supplied certificate chain.
private String	certToString(X509Certificate cert, boolean withIssuer)	Returns a simple string representation of the supplied certificate.
void	checkClientTrusted(X509Certificate[] chain, String authType)
void	checkClientTrusted(X509Certificate[] chain, String authType, Socket socket)
void	checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine)
void	checkServerTrusted(X509Certificate[] chain, String authType)
void	checkServerTrusted(X509Certificate[] chain, String authType, Socket socket)
void	checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine)
protected String	createCertificateExceptionMessage(X509Certificate[] chain)	Creates an exception message for the supplied certificate chain.
X509Certificate[]	getAcceptedIssuers()
X509TrustManager[]	getTrustManagers()	Returns the trust managers that are aggregated.
AggregateTrustManager.Strategy	getTrustStrategy()	Returns the trust strategy.
String	toString()
private void	trustManagerCheck(AggregateTrustManager.TrustManagerConsumer consumer)	Invoke the supplied consumer for each trust manager.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

DEFAULT_CHAIN_LOG_DEPTH

private static final int DEFAULT_CHAIN_LOG_DEPTH

Maximum number of certificates to log.

See Also:

Constant Field Values

logger

protected final Logger logger

Logger for this class.

trustManagers

private final X509ExtendedTrustManager[] trustManagers

Trust managers to invoke.

trustStrategy

private final AggregateTrustManager.Strategy trustStrategy

Whether to require all trust managers succeed.

Constructor Detail

AggregateTrustManager

public AggregateTrustManager(X509TrustManager... managers)

Creates a new aggregate trust manager with the ALL AggregateTrustManager.Strategy.

Parameters:

managers - to aggregate

AggregateTrustManager

public AggregateTrustManager(AggregateTrustManager.Strategy strategy,
                             X509TrustManager... managers)

Creates a new aggregate trust manager.

Parameters:

strategy - for processing trust managers

managers - to aggregate

Method Detail

getTrustManagers

public X509TrustManager[] getTrustManagers()

Returns the trust managers that are aggregated.

Returns:

trust managers

getTrustStrategy

public AggregateTrustManager.Strategy getTrustStrategy()

Returns the trust strategy.

Returns:

trust strategy

checkClientTrusted

public void checkClientTrusted(X509Certificate[] chain,
                               String authType,
                               Socket socket)
                        throws CertificateException

Specified by:

checkClientTrusted in class X509ExtendedTrustManager

Throws:

CertificateException

checkClientTrusted

public void checkClientTrusted(X509Certificate[] chain,
                               String authType,
                               SSLEngine engine)
                        throws CertificateException

Specified by:

checkClientTrusted in class X509ExtendedTrustManager

Throws:

CertificateException

checkClientTrusted

public void checkClientTrusted(X509Certificate[] chain,
                               String authType)
                        throws CertificateException

Throws:

CertificateException

checkServerTrusted

public void checkServerTrusted(X509Certificate[] chain,
                               String authType,
                               Socket socket)
                        throws CertificateException

Specified by:

checkServerTrusted in class X509ExtendedTrustManager

Throws:

CertificateException

checkServerTrusted

public void checkServerTrusted(X509Certificate[] chain,
                               String authType,
                               SSLEngine engine)
                        throws CertificateException

Specified by:

checkServerTrusted in class X509ExtendedTrustManager

Throws:

CertificateException

checkServerTrusted

public void checkServerTrusted(X509Certificate[] chain,
                               String authType)
                        throws CertificateException

Throws:

CertificateException

getAcceptedIssuers

public X509Certificate[] getAcceptedIssuers()

toString

public String toString()

Overrides:

toString in class Object

createCertificateExceptionMessage

protected String createCertificateExceptionMessage(X509Certificate[] chain)

Creates an exception message for the supplied certificate chain.

Parameters:

chain - to create message for

Returns:

string representation of certificate chain

certsToString

private String certsToString(X509Certificate[] chain,
                             boolean withIssuer)

Returns a simple string representation of the supplied certificate chain.

Parameters:

chain - to log

withIssuer - whether to include the certificate issuer

Returns:

string representation of certificate chain

certToString

private String certToString(X509Certificate cert,
                            boolean withIssuer)

Returns a simple string representation of the supplied certificate.

Parameters:

cert - to convert to string format

withIssuer - whether to include the certificate issuer

Returns:

string representation of the certificate

trustManagerCheck

private void trustManagerCheck(AggregateTrustManager.TrustManagerConsumer consumer)
                        throws CertificateException

Invoke the supplied consumer for each trust manager.

Parameters:

consumer - to invoke

Throws:

CertificateException - if trust check fails. For multiple failures the first exception is thrown