Added in API level 17

X509TrustManagerExtensions


open class X509TrustManagerExtensions
kotlin.Any
   ↳ android.net.http.X509TrustManagerExtensions

X509TrustManager wrapper exposing Android-added features.

The checkServerTrusted methods allow callers to provide some additional context for the verification. This is particularly useful when an SSLEngine or SSLSocket is not available.

Summary

Public constructors

Constructs a new X509TrustManagerExtensions wrapper.

Public methods
open MutableList<X509Certificate!>
checkServerTrusted(chain: Array<X509Certificate!>, ocspData: ByteArray?, tlsSctData: ByteArray?, authType: String, host: String)

Verifies the given certificate chain.

open MutableList<X509Certificate!>!
checkServerTrusted(chain: Array<X509Certificate!>!, authType: String!, host: String!)

Verifies the given certificate chain.

open Boolean
isSameTrustConfiguration(hostname1: String!, hostname2: String!)

Returns true if the TrustManager uses the same trust configuration for the provided hostnames.

open Boolean

Checks whether a CA certificate is added by an user.

Public constructors

X509TrustManagerExtensions

Added in API level 17
X509TrustManagerExtensions(tm: X509TrustManager!)

Constructs a new X509TrustManagerExtensions wrapper.

Parameters
tm X509TrustManager!: A X509TrustManager as returned by TrustManagerFactory.getInstance();
Exceptions
java.lang.IllegalArgumentException If tm is an unsupported TrustManager type.

Public methods

checkServerTrusted

open fun checkServerTrusted(
    chain: Array<X509Certificate!>,
    ocspData: ByteArray?,
    tlsSctData: ByteArray?,
    authType: String,
    host: String
): MutableList<X509Certificate!>

Verifies the given certificate chain.

See X509TrustManager.checkServerTrusted(X509Certificate[], String) for a description of the chain and authType parameters. The final parameter, host, should be the hostname of the server.

ocspData and tlsSctData may be provided to verify any Signed Certificate Timestamp (SCT) attached to the connection. These are ASN.1 octet strings (SignedCertificateTimestampList) as described in RFC 6962, Section 3.3. Note that SCTs embedded in the certificate chain will automatically be processed.

Parameters
chain Array<X509Certificate!>: This value cannot be null.
ocspData ByteArray?: This value may be null.
tlsSctData ByteArray?: This value may be null.
authType String: This value cannot be null.
host String: This value cannot be null.
Return
MutableList<X509Certificate!> the properly ordered chain used for verification as a list of X509Certificates. This value cannot be null.
Exceptions
java.security.cert.CertificateException if the chain does not verify correctly.
java.lang.IllegalArgumentException if the TrustManager is not compatible.

checkServerTrusted

Added in API level 17
open fun checkServerTrusted(
    chain: Array<X509Certificate!>!,
    authType: String!,
    host: String!
): MutableList<X509Certificate!>!

Verifies the given certificate chain.

See X509TrustManager.checkServerTrusted(X509Certificate[], String) for a description of the chain and authType parameters. The final parameter, host, should be the hostname of the server.

Return
MutableList<X509Certificate!>! the properly ordered chain used for verification as a list of X509Certificates.
Exceptions
java.security.cert.CertificateException if the chain does not verify correctly.

isSameTrustConfiguration

Added in API level 28
open fun isSameTrustConfiguration(
    hostname1: String!,
    hostname2: String!
): Boolean

Returns true if the TrustManager uses the same trust configuration for the provided hostnames.

isUserAddedCertificate

Added in API level 21
open fun isUserAddedCertificate(cert: X509Certificate!): Boolean

Checks whether a CA certificate is added by an user.

Since X509TrustManager.checkServerTrusted may allow its parameter chain to chain up to user-added CA certificates, this method can be used to perform additional policies for user-added CA certificates.

Return
Boolean true to indicate that the certificate authority exists in the user added certificate store, false otherwise.