final class X509TrustManagerImpl extends X509ExtendedTrustManager implements X509TrustManager
This class supports both the Simple validation algorithm from previous JSSE versions and PKIX validation. Currently, it is not possible for the application to specify PKIX parameters other than trust anchors. This will be fixed in a future release using new APIs. When that happens, it may also make sense to separate the Simple and PKIX trust managers into separate classes.
| 限定符和类型 | 字段和说明 |
|---|---|
private Validator |
clientValidator |
private PKIXBuilderParameters |
pkixParams |
private Validator |
serverValidator |
private Collection<X509Certificate> |
trustedCerts
The Set of trusted X509Certificates.
|
private String |
validatorType |
| 构造器和说明 |
|---|
X509TrustManagerImpl(String validatorType,
Collection<X509Certificate> trustedCerts) |
X509TrustManagerImpl(String validatorType,
PKIXBuilderParameters params) |
| 限定符和类型 | 方法和说明 |
|---|---|
void |
checkClientTrusted(X509Certificate[] chain,
String authType) |
void |
checkClientTrusted(X509Certificate[] chain,
String authType,
Socket socket) |
void |
checkClientTrusted(X509Certificate[] chain,
String authType,
SSLEngine engine) |
(专用程序包) static void |
checkIdentity(SSLSession session,
X509Certificate[] trustedChain,
String algorithm,
boolean checkClientTrusted) |
(专用程序包) static void |
checkIdentity(String hostname,
X509Certificate cert,
String algorithm) |
private static void |
checkIdentity(String hostname,
X509Certificate cert,
String algorithm,
boolean chainsToPublicCA) |
void |
checkServerTrusted(X509Certificate[] chain,
String authType) |
void |
checkServerTrusted(X509Certificate[] chain,
String authType,
Socket socket) |
void |
checkServerTrusted(X509Certificate[] chain,
String authType,
SSLEngine engine) |
private void |
checkTrusted(X509Certificate[] chain,
String authType,
Socket socket,
boolean checkClientTrusted) |
private void |
checkTrusted(X509Certificate[] chain,
String authType,
SSLEngine engine,
boolean checkClientTrusted) |
private Validator |
checkTrustedInit(X509Certificate[] chain,
String authType,
boolean checkClientTrusted) |
X509Certificate[] |
getAcceptedIssuers() |
private static String |
getHostNameInSNI(List<SNIServerName> sniNames) |
(专用程序包) static List<SNIServerName> |
getRequestedServerNames(Socket socket) |
(专用程序包) static List<SNIServerName> |
getRequestedServerNames(SSLEngine engine) |
private static List<SNIServerName> |
getRequestedServerNames(SSLSession session) |
private Validator |
getValidator(String variant) |
private static X509Certificate[] |
validate(Validator v,
X509Certificate[] chain,
List<byte[]> responseList,
AlgorithmConstraints constraints,
String authType) |
private final String validatorType
private final Collection<X509Certificate> trustedCerts
private final PKIXBuilderParameters pkixParams
private volatile Validator clientValidator
private volatile Validator serverValidator
X509TrustManagerImpl(String validatorType, Collection<X509Certificate> trustedCerts)
X509TrustManagerImpl(String validatorType, PKIXBuilderParameters params)
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException
checkClientTrusted 在接口中 X509TrustManagerCertificateExceptionpublic void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException
checkServerTrusted 在接口中 X509TrustManagerCertificateExceptionpublic X509Certificate[] getAcceptedIssuers()
getAcceptedIssuers 在接口中 X509TrustManagerpublic void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException
public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException
public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException
public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException
private Validator checkTrustedInit(X509Certificate[] chain, String authType, boolean checkClientTrusted)
private void checkTrusted(X509Certificate[] chain, String authType, Socket socket, boolean checkClientTrusted) throws CertificateException
private void checkTrusted(X509Certificate[] chain, String authType, SSLEngine engine, boolean checkClientTrusted) throws CertificateException
private static X509Certificate[] validate(Validator v, X509Certificate[] chain, List<byte[]> responseList, AlgorithmConstraints constraints, String authType) throws CertificateException
private static String getHostNameInSNI(List<SNIServerName> sniNames)
static List<SNIServerName> getRequestedServerNames(Socket socket)
static List<SNIServerName> getRequestedServerNames(SSLEngine engine)
private static List<SNIServerName> getRequestedServerNames(SSLSession session)
static void checkIdentity(SSLSession session, X509Certificate[] trustedChain, String algorithm, boolean checkClientTrusted) throws CertificateException
static void checkIdentity(String hostname, X509Certificate cert, String algorithm) throws CertificateException
private static void checkIdentity(String hostname, X509Certificate cert, String algorithm, boolean chainsToPublicCA) throws CertificateException
Copyright © 2023. All rights reserved.