Stay organized with collections
Save and categorize content based on your preferences.
X509TrustManager
public
interface
X509TrustManager
implements
TrustManager
| javax.net.ssl.X509TrustManager
|
Known indirect subclasses
| X509ExtendedTrustManager |
Extensions to the X509TrustManager interface to support
SSL/TLS connection sensitive trust management.
|
|
Instance of this interface manage which X509 certificates
may be used to authenticate the remote side of a secure
socket. Decisions may be based on trusted certificate
authorities, certificate revocation lists, online
status checking or other means.
Summary
Public methods |
|---|
abstract
void
|
checkClientTrusted(X509Certificate[] chain, String authType)
Given the partial or complete certificate chain provided by the
peer, build a certificate path to a trusted root and return if
it can be validated and is trusted for client SSL
authentication based on the authentication type.
|
abstract
void
|
checkServerTrusted(X509Certificate[] chain, String authType)
Given the partial or complete certificate chain provided by the
peer, build a certificate path to a trusted root and return if
it can be validated and is trusted for server SSL
authentication based on the authentication type.
|
abstract
X509Certificate[]
|
getAcceptedIssuers()
Return an array of certificate authority certificates
which are trusted for authenticating peers.
|
Public methods
checkClientTrusted
public abstract void checkClientTrusted (X509Certificate[] chain,
String authType)
Given the partial or complete certificate chain provided by the
peer, build a certificate path to a trusted root and return if
it can be validated and is trusted for client SSL
authentication based on the authentication type.
The authentication type is determined by the actual certificate
used. For instance, if RSAPublicKey is used, the authType
should be "RSA". Checking is case-sensitive.
| Parameters |
|---|
chain |
X509Certificate: the peer certificate chain |
authType |
String: the authentication type based on the client certificate |
| Throws |
|---|
IllegalArgumentException |
if null or zero-length chain
is passed in for the chain parameter or if null or zero-length
string is passed in for the authType parameter |
CertificateException |
if the certificate chain is not trusted
by this TrustManager. |
checkServerTrusted
public abstract void checkServerTrusted (X509Certificate[] chain,
String authType)
Given the partial or complete certificate chain provided by the
peer, build a certificate path to a trusted root and return if
it can be validated and is trusted for server SSL
authentication based on the authentication type.
The authentication type is the key exchange algorithm portion
of the cipher suites represented as a String, such as "RSA",
"DHE_DSS". Note: for some exportable cipher suites, the key
exchange algorithm is determined at run time during the
handshake. For instance, for TLS_RSA_EXPORT_WITH_RC4_40_MD5,
the authType should be RSA_EXPORT when an ephemeral RSA key is
used for the key exchange, and RSA when the key from the server
certificate is used. Checking is case-sensitive.
| Parameters |
|---|
chain |
X509Certificate: the peer certificate chain |
authType |
String: the key exchange algorithm used |
| Throws |
|---|
IllegalArgumentException |
if null or zero-length chain
is passed in for the chain parameter or if null or zero-length
string is passed in for the authType parameter |
CertificateException |
if the certificate chain is not trusted
by this TrustManager. |
getAcceptedIssuers
public abstract X509Certificate[] getAcceptedIssuers ()
Return an array of certificate authority certificates
which are trusted for authenticating peers.
| Returns |
|---|
X509Certificate[] |
a non-null (possibly empty) array of acceptable
CA issuer certificates. |
Content and code samples on this page are subject to the licenses described in the Content License. Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates.
Last updated 2025-02-10 UTC.
[null,null,["Last updated 2025-02-10 UTC."],[],[],null,["# X509TrustManager\n\nAdded in [API level 1](/guide/topics/manifest/uses-sdk-element#ApiLevels) \nSummary: [Methods](#pubmethods) \n\nX509TrustManager\n================\n\n\n`\npublic\n\n\ninterface\nX509TrustManager\n`\n\n\n`\n\n\nimplements\n\n`[TrustManager](/reference/javax/net/ssl/TrustManager)`\n\n\n`\n\n|--------------------------------|\n| javax.net.ssl.X509TrustManager |\n\n|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| Known indirect subclasses [X509ExtendedTrustManager](/reference/javax/net/ssl/X509ExtendedTrustManager) |-------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------| | [X509ExtendedTrustManager](/reference/javax/net/ssl/X509ExtendedTrustManager) | Extensions to the `X509TrustManager` interface to support SSL/TLS connection sensitive trust management. | |\n\n\u003cbr /\u003e\n\n*** ** * ** ***\n\nInstance of this interface manage which X509 certificates\nmay be used to authenticate the remote side of a secure\nsocket. Decisions may be based on trusted certificate\nauthorities, certificate revocation lists, online\nstatus checking or other means.\n\nSummary\n-------\n\n| ### Public methods ||\n|--------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| ` abstract void` | ` `[checkClientTrusted](/reference/javax/net/ssl/X509TrustManager#checkClientTrusted(java.security.cert.X509Certificate[],%20java.lang.String))`(`[X509Certificate[]](/reference/java/security/cert/X509Certificate)` chain, `[String](/reference/java/lang/String)` authType) ` Given the partial or complete certificate chain provided by the peer, build a certificate path to a trusted root and return if it can be validated and is trusted for client SSL authentication based on the authentication type. |\n| ` abstract void` | ` `[checkServerTrusted](/reference/javax/net/ssl/X509TrustManager#checkServerTrusted(java.security.cert.X509Certificate[],%20java.lang.String))`(`[X509Certificate[]](/reference/java/security/cert/X509Certificate)` chain, `[String](/reference/java/lang/String)` authType) ` Given the partial or complete certificate chain provided by the peer, build a certificate path to a trusted root and return if it can be validated and is trusted for server SSL authentication based on the authentication type. |\n| ` abstract `[X509Certificate[]](/reference/java/security/cert/X509Certificate) | ` `[getAcceptedIssuers](/reference/javax/net/ssl/X509TrustManager#getAcceptedIssuers())`() ` Return an array of certificate authority certificates which are trusted for authenticating peers. |\n\nPublic methods\n--------------\n\n### checkClientTrusted\n\nAdded in [API level 1](/guide/topics/manifest/uses-sdk-element#ApiLevels) \n\n```\npublic abstract void checkClientTrusted (X509Certificate[] chain, \n String authType)\n```\n\nGiven the partial or complete certificate chain provided by the\npeer, build a certificate path to a trusted root and return if\nit can be validated and is trusted for client SSL\nauthentication based on the authentication type.\n\n\nThe authentication type is determined by the actual certificate\nused. For instance, if RSAPublicKey is used, the authType\nshould be \"RSA\". Checking is case-sensitive.\n\n\u003cbr /\u003e\n\n| Parameters ||\n|------------|--------------------------------------------------------------------------|\n| `chain` | `X509Certificate`: the peer certificate chain \u003cbr /\u003e |\n| `authType` | `String`: the authentication type based on the client certificate \u003cbr /\u003e |\n\n| Throws ||\n|----------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------|\n| [IllegalArgumentException](/reference/java/lang/IllegalArgumentException) | if null or zero-length chain is passed in for the chain parameter or if null or zero-length string is passed in for the authType parameter |\n| [CertificateException](/reference/java/security/cert/CertificateException) | if the certificate chain is not trusted by this TrustManager. |\n\n### checkServerTrusted\n\nAdded in [API level 1](/guide/topics/manifest/uses-sdk-element#ApiLevels) \n\n```\npublic abstract void checkServerTrusted (X509Certificate[] chain, \n String authType)\n```\n\nGiven the partial or complete certificate chain provided by the\npeer, build a certificate path to a trusted root and return if\nit can be validated and is trusted for server SSL\nauthentication based on the authentication type.\n\n\nThe authentication type is the key exchange algorithm portion\nof the cipher suites represented as a String, such as \"RSA\",\n\"DHE_DSS\". Note: for some exportable cipher suites, the key\nexchange algorithm is determined at run time during the\nhandshake. For instance, for TLS_RSA_EXPORT_WITH_RC4_40_MD5,\nthe authType should be RSA_EXPORT when an ephemeral RSA key is\nused for the key exchange, and RSA when the key from the server\ncertificate is used. Checking is case-sensitive.\n\n\u003cbr /\u003e\n\n| Parameters ||\n|------------|------------------------------------------------------|\n| `chain` | `X509Certificate`: the peer certificate chain \u003cbr /\u003e |\n| `authType` | `String`: the key exchange algorithm used \u003cbr /\u003e |\n\n| Throws ||\n|----------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------|\n| [IllegalArgumentException](/reference/java/lang/IllegalArgumentException) | if null or zero-length chain is passed in for the chain parameter or if null or zero-length string is passed in for the authType parameter |\n| [CertificateException](/reference/java/security/cert/CertificateException) | if the certificate chain is not trusted by this TrustManager. |\n\n### getAcceptedIssuers\n\nAdded in [API level 1](/guide/topics/manifest/uses-sdk-element#ApiLevels) \n\n```\npublic abstract X509Certificate[] getAcceptedIssuers ()\n```\n\nReturn an array of certificate authority certificates\nwhich are trusted for authenticating peers.\n\n\u003cbr /\u003e\n\n| Returns ||\n|--------------------------------------------------------------------|--------------------------------------------------------------------------------|\n| [X509Certificate[]](/reference/java/security/cert/X509Certificate) | a non-null (possibly empty) array of acceptable CA issuer certificates. \u003cbr /\u003e |"]]
