Package org.conscrypt
Class TrustManagerImpl
java.lang.Object
javax.net.ssl.X509ExtendedTrustManager
org.conscrypt.TrustManagerImpl
- All Implemented Interfaces:
TrustManager,X509TrustManager
TrustManager implementation. The implementation is based on CertPathValidator
PKIX and CertificateFactory X509 implementations. This implementations should
be provided by some certification provider.
- See Also:
-
Constructor Summary
ConstructorsConstructorDescriptionTrustManagerImpl(KeyStore keyStore) Creates X509TrustManager based on a keystoreTrustManagerImpl(KeyStore keyStore, CertPinManager manager) TrustManagerImpl(KeyStore keyStore, CertPinManager manager, ConscryptCertStore certStore) TrustManagerImpl(KeyStore keyStore, CertPinManager manager, ConscryptCertStore certStore, CertBlocklist blocklist) TrustManagerImpl(KeyStore keyStore, CertPinManager manager, ConscryptCertStore certStore, CertBlocklist blocklist, CTLogStore ctLogStore, CTVerifier ctVerifier, CTPolicy ctPolicy) For testing only. -
Method Summary
Modifier and TypeMethodDescriptionvoidcheckClientTrusted(X509Certificate[] chain, String authType) checkClientTrusted(X509Certificate[] chain, String authType, String hostname) For backward compatibility with older Android API that used String for the hostname only.voidcheckClientTrusted(X509Certificate[] chain, String authType, Socket socket) voidcheckClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) voidcheckServerTrusted(X509Certificate[] chain, String authType) checkServerTrusted(X509Certificate[] chain, String authType, String hostname) For backward compatibility with older Android API that used String for the hostname only.voidcheckServerTrusted(X509Certificate[] chain, String authType, Socket socket) voidcheckServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) checkServerTrusted(X509Certificate[] chain, String authType, SSLSession session) Validates whether a server is trusted.getTrustedChainForServer(X509Certificate[] certs, String authType, Socket socket) Returns the full trusted certificate chain found fromcerts.getTrustedChainForServer(X509Certificate[] certs, String authType, SSLEngine engine) Returns the full trusted certificate chain found fromcerts.voidvoidsetCTEnabledOverride(boolean enabled) voidsetCTPolicy(CTPolicy policy) voidsetCTVerifier(CTVerifier verifier)
-
Constructor Details
-
TrustManagerImpl
Creates X509TrustManager based on a keystore- Parameters:
keyStore-
-
TrustManagerImpl
-
TrustManagerImpl
-
TrustManagerImpl
public TrustManagerImpl(KeyStore keyStore, CertPinManager manager, ConscryptCertStore certStore, CertBlocklist blocklist) -
TrustManagerImpl
public TrustManagerImpl(KeyStore keyStore, CertPinManager manager, ConscryptCertStore certStore, CertBlocklist blocklist, CTLogStore ctLogStore, CTVerifier ctVerifier, CTPolicy ctPolicy) For testing only.
-
-
Method Details
-
checkClientTrusted
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException - Throws:
CertificateException
-
checkClientTrusted
public List<X509Certificate> checkClientTrusted(X509Certificate[] chain, String authType, String hostname) throws CertificateException For backward compatibility with older Android API that used String for the hostname only.- Throws:
CertificateException
-
checkClientTrusted
public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException - Specified by:
checkClientTrustedin classX509ExtendedTrustManager- Throws:
CertificateException
-
checkClientTrusted
public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException - Specified by:
checkClientTrustedin classX509ExtendedTrustManager- Throws:
CertificateException
-
checkServerTrusted
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException - Throws:
CertificateException
-
checkServerTrusted
public List<X509Certificate> checkServerTrusted(X509Certificate[] chain, String authType, String hostname) throws CertificateException For backward compatibility with older Android API that used String for the hostname only.- Throws:
CertificateException
-
getTrustedChainForServer
public List<X509Certificate> getTrustedChainForServer(X509Certificate[] certs, String authType, Socket socket) throws CertificateException Returns the full trusted certificate chain found fromcerts. ThrowsCertificateExceptionwhen no trusted chain can be found fromcerts.- Throws:
CertificateException
-
getTrustedChainForServer
public List<X509Certificate> getTrustedChainForServer(X509Certificate[] certs, String authType, SSLEngine engine) throws CertificateException Returns the full trusted certificate chain found fromcerts. ThrowsCertificateExceptionwhen no trusted chain can be found fromcerts.- Throws:
CertificateException
-
checkServerTrusted
public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException - Specified by:
checkServerTrustedin classX509ExtendedTrustManager- Throws:
CertificateException
-
checkServerTrusted
public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException - Specified by:
checkServerTrustedin classX509ExtendedTrustManager- Throws:
CertificateException
-
checkServerTrusted
public List<X509Certificate> checkServerTrusted(X509Certificate[] chain, String authType, SSLSession session) throws CertificateException Validates whether a server is trusted. If session is given and non-null it also checks if chain is pinned appropriately for that peer host. If null, it does not check for pinned certs. The return value is a list of the certificates used for making the trust decision.- Throws:
CertificateException
-
handleTrustStorageUpdate
public void handleTrustStorageUpdate() -
getAcceptedIssuers
-
setCTEnabledOverride
public void setCTEnabledOverride(boolean enabled) -
setCTVerifier
-
setCTPolicy
-