X509TrustManagerExtensions
open class X509TrustManagerExtensions
kotlin.Any | |
↳ | android.net.http.X509TrustManagerExtensions |
X509TrustManager wrapper exposing Android-added features.
The checkServerTrusted methods allow callers to provide some additional context for the verification. This is particularly useful when an SSLEngine or SSLSocket is not available.
Summary
Public constructors | |
---|---|
Constructs a new X509TrustManagerExtensions wrapper. |
Public methods | |
---|---|
open MutableList<X509Certificate!> |
checkServerTrusted(chain: Array<X509Certificate!>, ocspData: ByteArray?, tlsSctData: ByteArray?, authType: String, host: String) Verifies the given certificate chain. |
open MutableList<X509Certificate!>! |
checkServerTrusted(chain: Array<X509Certificate!>!, authType: String!, host: String!) Verifies the given certificate chain. |
open Boolean |
isSameTrustConfiguration(hostname1: String!, hostname2: String!) Returns |
open Boolean |
Checks whether a CA certificate is added by an user. |
Public constructors
X509TrustManagerExtensions
X509TrustManagerExtensions(tm: X509TrustManager!)
Constructs a new X509TrustManagerExtensions wrapper.
Parameters | |
---|---|
tm |
X509TrustManager!: A X509TrustManager as returned by TrustManagerFactory.getInstance(); |
Exceptions | |
---|---|
java.lang.IllegalArgumentException |
If tm is an unsupported TrustManager type. |
Public methods
checkServerTrusted
open fun checkServerTrusted(
chain: Array<X509Certificate!>,
ocspData: ByteArray?,
tlsSctData: ByteArray?,
authType: String,
host: String
): MutableList<X509Certificate!>
Verifies the given certificate chain.
See X509TrustManager.checkServerTrusted(X509Certificate[], String)
for a description of the chain and authType parameters. The final parameter, host, should be the hostname of the server.
ocspData and tlsSctData may be provided to verify any Signed Certificate Timestamp (SCT) attached to the connection. These are ASN.1 octet strings (SignedCertificateTimestampList) as described in RFC 6962, Section 3.3. Note that SCTs embedded in the certificate chain will automatically be processed.
Parameters | |
---|---|
chain |
Array<X509Certificate!>: This value cannot be null . |
ocspData |
ByteArray?: This value may be null . |
tlsSctData |
ByteArray?: This value may be null . |
authType |
String: This value cannot be null . |
host |
String: This value cannot be null . |
Return | |
---|---|
MutableList<X509Certificate!> |
the properly ordered chain used for verification as a list of X509Certificates. This value cannot be null . |
Exceptions | |
---|---|
java.security.cert.CertificateException |
if the chain does not verify correctly. |
java.lang.IllegalArgumentException |
if the TrustManager is not compatible. |
checkServerTrusted
open fun checkServerTrusted(
chain: Array<X509Certificate!>!,
authType: String!,
host: String!
): MutableList<X509Certificate!>!
Verifies the given certificate chain.
See X509TrustManager.checkServerTrusted(X509Certificate[], String)
for a description of the chain and authType parameters. The final parameter, host, should be the hostname of the server.
Return | |
---|---|
MutableList<X509Certificate!>! |
the properly ordered chain used for verification as a list of X509Certificates. |
Exceptions | |
---|---|
java.security.cert.CertificateException |
if the chain does not verify correctly. |
isSameTrustConfiguration
open fun isSameTrustConfiguration(
hostname1: String!,
hostname2: String!
): Boolean
Returns true
if the TrustManager uses the same trust configuration for the provided hostnames.
isUserAddedCertificate
open fun isUserAddedCertificate(cert: X509Certificate!): Boolean
Checks whether a CA certificate is added by an user.
Since X509TrustManager.checkServerTrusted
may allow its parameter chain
to chain up to user-added CA certificates, this method can be used to perform additional policies for user-added CA certificates.
Return | |
---|---|
Boolean |
true to indicate that the certificate authority exists in the user added certificate store, false otherwise. |