X509TrustManagerExtensions

Kotlin |Java

public class X509TrustManagerExtensions
extends Object

java.lang.Object
↳	android.net.http.X509TrustManagerExtensions

X509TrustManager wrapper exposing Android-added features.

The checkServerTrusted methods allow callers to provide some additional context for the verification. This is particularly useful when an SSLEngine or SSLSocket is not available.

Summary

Public constructors
`X509TrustManagerExtensions(X509TrustManager tm)` Constructs a new X509TrustManagerExtensions wrapper.

Public methods
`List<X509Certificate>`	`checkServerTrusted(X509Certificate[] chain, String authType, String host)` Verifies the given certificate chain.
`List<X509Certificate>`	`checkServerTrusted(X509Certificate[] chain, byte[] ocspData, byte[] tlsSctData, String authType, String host)` Verifies the given certificate chain.
`boolean`	`isSameTrustConfiguration(String hostname1, String hostname2)` Returns `true` if the TrustManager uses the same trust configuration for the provided hostnames.
`boolean`	`isUserAddedCertificate(X509Certificate cert)` Checks whether a CA certificate is added by an user.

Inherited methods

From class


        
          java.lang.Object

`Object`	`clone()` Creates and returns a copy of this object.
`boolean`	`equals(Object obj)` Indicates whether some other object is "equal to" this one.
`void`	`finalize()` Called by the garbage collector on an object when garbage collection determines that there are no more references to the object.
`final Class<?>`	`getClass()` Returns the runtime class of this `Object`.
`int`	`hashCode()` Returns a hash code value for the object.
`final void`	`notify()` Wakes up a single thread that is waiting on this object's monitor.
`final void`	`notifyAll()` Wakes up all threads that are waiting on this object's monitor.
`String`	`toString()` Returns a string representation of the object.
`final void`	`wait(long timeoutMillis, int nanos)` Causes the current thread to wait until it is awakened, typically by being notified or interrupted, or until a certain amount of real time has elapsed.
`final void`	`wait(long timeoutMillis)` Causes the current thread to wait until it is awakened, typically by being notified or interrupted, or until a certain amount of real time has elapsed.
`final void`	`wait()` Causes the current thread to wait until it is awakened, typically by being notified or interrupted.

Public constructors

X509TrustManagerExtensions

Added in API level 17

public X509TrustManagerExtensions (X509TrustManager tm)

Constructs a new X509TrustManagerExtensions wrapper.

Parameters
`tm`	`X509TrustManager`: A `X509TrustManager` as returned by TrustManagerFactory.getInstance();

Throws
`IllegalArgumentException`	If tm is an unsupported TrustManager type.

Public methods

checkServerTrusted

Added in API level 17

public List<X509Certificate> checkServerTrusted (X509Certificate[] chain, 
                String authType, 
                String host)

Verifies the given certificate chain.

See X509TrustManager.checkServerTrusted(X509Certificate[], String) for a description of the chain and authType parameters. The final parameter, host, should be the hostname of the server.

Parameters
`chain`	`X509Certificate`
`authType`	`String`
`host`	`String`

Returns
`List<X509Certificate>`	the properly ordered chain used for verification as a list of X509Certificates.

Throws
`CertificateException`	if the chain does not verify correctly.

checkServerTrusted

Added in Android Baklava

public List<X509Certificate> checkServerTrusted (X509Certificate[] chain, 
                byte[] ocspData, 
                byte[] tlsSctData, 
                String authType, 
                String host)

Verifies the given certificate chain.

See X509TrustManager.checkServerTrusted(X509Certificate[], String) for a description of the chain and authType parameters. The final parameter, host, should be the hostname of the server.

ocspData and tlsSctData may be provided to verify any Signed Certificate Timestamp (SCT) attached to the connection. These are ASN.1 octet strings (SignedCertificateTimestampList) as described in RFC 6962, Section 3.3. Note that SCTs embedded in the certificate chain will automatically be processed.

Parameters
`chain`	`X509Certificate`: This value cannot be `null`.
`ocspData`	`byte`: This value may be `null`.
`tlsSctData`	`byte`: This value may be `null`.
`authType`	`String`: This value cannot be `null`.
`host`	`String`: This value cannot be `null`.

Returns
`List<X509Certificate>`	the properly ordered chain used for verification as a list of X509Certificates. This value cannot be `null`.

Throws
`CertificateException`	if the chain does not verify correctly.
`IllegalArgumentException`	if the TrustManager is not compatible.

isSameTrustConfiguration

Added in API level 28

public boolean isSameTrustConfiguration (String hostname1, 
                String hostname2)

Returns true if the TrustManager uses the same trust configuration for the provided hostnames.

Parameters
`hostname1`	`String`
`hostname2`	`String`

Returns
`boolean`

isUserAddedCertificate

Added in API level 21

public boolean isUserAddedCertificate (X509Certificate cert)

Checks whether a CA certificate is added by an user.

Since X509TrustManager.checkServerTrusted may allow its parameter chain to chain up to user-added CA certificates, this method can be used to perform additional policies for user-added CA certificates.

Parameters
`cert`	`X509Certificate`

Returns
`boolean`	`true` to indicate that the certificate authority exists in the user added certificate store, `false` otherwise.