J2EE1.4 SDK

com.sun.appserv.management.client
Class TrustStoreTrustManager

java.lang.Object
  extended bycom.sun.appserv.management.client.TrustStoreTrustManager
All Implemented Interfaces:
javax.net.ssl.TrustManager, javax.net.ssl.X509TrustManager

public class TrustStoreTrustManager
extends java.lang.Object
implements javax.net.ssl.X509TrustManager

This X509TrustManager implementation supports a trust-store file and allows adding new certificates to it. It is designed to allow a subclass to override a variety of protected methods including those of TrustManager:

as well as:

For convenience, if setPrompt( true ) is called, then when a new Certificate is encountered, askShouldAddToTrustStore( c ) prompts the user via System.in as to whether to accept this new Certificate as trusted. Subclasses can of course override this behavior any any desired way.


Field Summary
static java.lang.String TRUSTSTORE_FILE_SPROP
          Standard system property denoting the trust-store.
static java.lang.String TRUSTSTORE_PASSWORD_SPROP
          Standard system property denoting the trust-store password.
 
Constructor Summary
TrustStoreTrustManager(java.io.File trustStoreFile, char[] trustStorePassword)
          calls this( trustStoreFile,"JKS", trustStorePassword )
TrustStoreTrustManager(java.io.File trustStoreFile, java.lang.String keyStoreType, char[] trustStorePassword)
          Create a new instance with the specified File and password The trustStoreFile must exist.
 
Method Summary
protected  void addCertificateToTrustStore(java.security.cert.Certificate c)
          Add the Certificate to the trust-store, using the alias returned by getCertificateAlias( c ).
protected  void addCertificateToTrustStore(java.lang.String alias, java.security.cert.Certificate c)
          Add the Certificate with the specified alias to the trust-store.
protected  boolean askShouldAddToTrustStore(java.security.cert.Certificate c)
          Prompts via System.in to ask whether the Certificate should be added.
protected  void certificateNotInTrustStore(java.security.cert.Certificate c)
          The Certificate is not found in the trust-store.
protected  void checkCertificate(java.security.cert.X509Certificate[] chain)
           
 void checkClientTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType)
           
 void checkServerTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType)
           
 java.security.cert.X509Certificate[] getAcceptedIssuers()
          By default, no issuers are trusted.
protected  java.lang.String getCertificateAlias(java.security.cert.Certificate c)
          Return an alias for a Certificate to be added to the TrustStore.
static TrustStoreTrustManager getSystemInstance()
          Create an instance using the system trust-store as returned by getSystemTrustStoreFile().
static java.io.File getSystemTrustStoreFile()
          Use System.getProperty( "javax.net.ssl.trustStore" ) to find a trust-store.
static char[] getSystemTrustStorePassword()
          Use System.getProperty( "javax.net.ssl.trustStorePassword" ) to find the trust-store password.
protected  java.security.KeyStore getTrustStore()
          Get the KeyStore containing the Certificates to be trusted.
 java.io.File getTrustStoreFile()
          Return the trust-store that was initially passed in.
protected  char[] getTrustStorePassword()
          Subclass may choose to override this method to get the password from any desired source.
 void setPrompt(boolean prompt)
          If set to true, then when a new Certificate is encountered, the user will be prompted via System.in as to whether it should be trusted.
protected  boolean shouldAddToTrustStore(java.security.cert.Certificate c)
          Subclass may wish to override this routine and call defaultShouldAddToTrustStore( c );
 java.lang.String toString()
           
protected  void writeStore()
          Write the store to disk.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

TRUSTSTORE_FILE_SPROP

public static final java.lang.String TRUSTSTORE_FILE_SPROP
Standard system property denoting the trust-store.

See Also:
Constant Field Values

TRUSTSTORE_PASSWORD_SPROP

public static final java.lang.String TRUSTSTORE_PASSWORD_SPROP
Standard system property denoting the trust-store password.

See Also:
Constant Field Values
Constructor Detail

TrustStoreTrustManager

public TrustStoreTrustManager(java.io.File trustStoreFile,
                              java.lang.String keyStoreType,
                              char[] trustStorePassword)
Create a new instance with the specified File and password The trustStoreFile must exist.

Parameters:
trustStoreFile - (not required to exist)
keyStoreType - keystore (truststore) type, eg "JKS"
trustStorePassword - (may be null)

TrustStoreTrustManager

public TrustStoreTrustManager(java.io.File trustStoreFile,
                              char[] trustStorePassword)
calls this( trustStoreFile,"JKS", trustStorePassword )

Method Detail

setPrompt

public void setPrompt(boolean prompt)
If set to true, then when a new Certificate is encountered, the user will be prompted via System.in as to whether it should be trusted.

Parameters:
prompt -

getSystemInstance

public static TrustStoreTrustManager getSystemInstance()
Create an instance using the system trust-store as returned by getSystemTrustStoreFile().

Returns:
an instance or null if not possible

getSystemTrustStoreFile

public static java.io.File getSystemTrustStoreFile()
Use System.getProperty( "javax.net.ssl.trustStore" ) to find a trust-store.


getSystemTrustStorePassword

public static char[] getSystemTrustStorePassword()
Use System.getProperty( "javax.net.ssl.trustStorePassword" ) to find the trust-store password.


getTrustStoreFile

public final java.io.File getTrustStoreFile()
Return the trust-store that was initially passed in.

Returns:
File

getTrustStorePassword

protected char[] getTrustStorePassword()
Subclass may choose to override this method to get the password from any desired source. Otherwise, the password used to create this instance is returned.

Returns:
char[]

checkClientTrusted

public void checkClientTrusted(java.security.cert.X509Certificate[] chain,
                               java.lang.String authType)
                        throws java.security.cert.CertificateException
Specified by:
checkClientTrusted in interface javax.net.ssl.X509TrustManager
Throws:
java.security.cert.CertificateException

checkServerTrusted

public void checkServerTrusted(java.security.cert.X509Certificate[] chain,
                               java.lang.String authType)
                        throws java.security.cert.CertificateException
Specified by:
checkServerTrusted in interface javax.net.ssl.X509TrustManager
Throws:
java.security.cert.CertificateException

getAcceptedIssuers

public java.security.cert.X509Certificate[] getAcceptedIssuers()
By default, no issuers are trusted. It is better to trust specific Certificates explicitly.

Specified by:
getAcceptedIssuers in interface javax.net.ssl.X509TrustManager
Returns:
X509Certificate[]

askShouldAddToTrustStore

protected boolean askShouldAddToTrustStore(java.security.cert.Certificate c)
                                    throws java.io.IOException
Prompts via System.in to ask whether the Certificate should be added.

Parameters:
c -
Returns:
true if the response is yes.
Throws:
java.io.IOException

shouldAddToTrustStore

protected boolean shouldAddToTrustStore(java.security.cert.Certificate c)
                                 throws java.io.IOException
Subclass may wish to override this routine and call defaultShouldAddToTrustStore( c );

Parameters:
c -
Returns:
true if the Certificate should be trusted and added to the trust-store
Throws:
java.io.IOException

getCertificateAlias

protected java.lang.String getCertificateAlias(java.security.cert.Certificate c)
Return an alias for a Certificate to be added to the TrustStore.

Parameters:
c -
Returns:
an alias to be used for adding the Certificate to the trust-store

addCertificateToTrustStore

protected void addCertificateToTrustStore(java.lang.String alias,
                                          java.security.cert.Certificate c)
                                   throws java.io.IOException,
                                          java.security.KeyStoreException,
                                          java.security.NoSuchAlgorithmException,
                                          java.security.cert.CertificateException
Add the Certificate with the specified alias to the trust-store.

Parameters:
alias -
c -
Throws:
java.io.IOException
java.security.KeyStoreException
java.security.NoSuchAlgorithmException
java.security.cert.CertificateException

addCertificateToTrustStore

protected void addCertificateToTrustStore(java.security.cert.Certificate c)
                                   throws java.io.IOException,
                                          java.security.KeyStoreException,
                                          java.security.NoSuchAlgorithmException,
                                          java.security.cert.CertificateException
Add the Certificate to the trust-store, using the alias returned by getCertificateAlias( c ).

Parameters:
c -
Throws:
java.io.IOException
java.security.KeyStoreException
java.security.NoSuchAlgorithmException
java.security.cert.CertificateException

writeStore

protected void writeStore()
                   throws java.io.IOException,
                          java.security.KeyStoreException,
                          java.security.NoSuchAlgorithmException,
                          java.security.cert.CertificateException
Write the store to disk. Results are undefined if an error occurs while writing the file.

Throws:
java.io.IOException
java.security.KeyStoreException
java.security.NoSuchAlgorithmException
java.security.cert.CertificateException

certificateNotInTrustStore

protected void certificateNotInTrustStore(java.security.cert.Certificate c)
                                   throws java.io.IOException,
                                          java.security.KeyStoreException,
                                          java.security.NoSuchAlgorithmException,
                                          java.security.cert.CertificateException
The Certificate is not found in the trust-store. If shouldAddToTrustStore( c ) returns false, then a CertificateException is thrown. Otherwise, addCertificateToTrustStore( c ) is called.

Parameters:
c -
Throws:
java.io.IOException
java.security.KeyStoreException
java.security.NoSuchAlgorithmException
java.security.cert.CertificateException

getTrustStore

protected java.security.KeyStore getTrustStore()
                                        throws java.io.IOException,
                                               java.security.cert.CertificateException,
                                               java.security.NoSuchAlgorithmException,
                                               java.security.KeyStoreException,
                                               java.io.FileNotFoundException
Get the KeyStore containing the Certificates to be trusted. This should be a KeyStore corresponding to the file that was specified. The same KeyStore should be returned each time.

Returns:
KeyStore
Throws:
java.io.IOException
java.security.cert.CertificateException
java.security.NoSuchAlgorithmException
java.security.KeyStoreException
java.io.FileNotFoundException

checkCertificate

protected void checkCertificate(java.security.cert.X509Certificate[] chain)
                         throws java.lang.RuntimeException,
                                java.security.cert.CertificateException
Parameters:
chain -
Throws:
java.lang.RuntimeException
java.security.cert.CertificateException

toString

public java.lang.String toString()

J2EE1.4 SDK

Submit a bug or feature

Copyright 2003 Sun Microsystems, Inc. All rights reserved.