LdapClientTrustStoreManager (Apache Directory LDAP API Client API 2.0.0.AM4 API)

java.lang.Object
- org.apache.directory.ldap.client.api.LdapClientTrustStoreManager

All Implemented Interfaces:

Serializable, TrustManager, X509TrustManager
```
public final class LdapClientTrustStoreManager
extends Object
implements X509TrustManager, Serializable
```
Implement the X509TrustManager interface which will be used during JSSE truststore manager initialisation for LDAP client-to-server communications over TLS/SSL. It is used during certificate validation operations within JSSE. Note: This class allows self-signed certificates to pass the validation checks.

Author:

Apache Directory Project

See Also:

Serialized Form

Field Summary

Fields
Modifier and Type	Field and Description
`private static String`	`CLS_NM`
`private boolean`	`isExamineValidityDates`
`private static org.slf4j.Logger`	`LOG`
`private static long`	`serialVersionUID` Default serialVersionUID
`private String`	`trustStoreFile`
`private String`	`trustStoreFormat`
`private char[]`	`trustStorePw`
`private X509TrustManager[]`	`x509TrustManagers`

Constructor Summary

Constructors
Constructor and Description
`LdapClientTrustStoreManager(String trustStoreFile, char[] trustStorePw, String trustStoreFormat, boolean isExamineValidity)` Constructor used by connection configuration utility to load trust store manager.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`void`	`checkClientTrusted(X509Certificate[] x509Chain, String authNType)` Determine if client certificate is to be trusted.
`void`	`checkServerTrusted(X509Certificate[] x509Chain, String authNType)` Determine if server certificate is to be trusted.
`X509Certificate[]`	`getAcceptedIssuers()` Return the list of accepted issuers for this trust manager.
`private X509TrustManager[]`	`getTrustManagers(X509Certificate[] x509Chain)` Return array of trust managers to caller.
`private X509TrustManager[]`	`getTrustManagersOnClasspath(X509Certificate[] x509Chain)` Return array of trust managers to caller.
`private KeyStore`	`getTrustStore()` Load the TrustStore file into JSSE KeyStore instance.
`private InputStream`	`getTrustStoreInputStream()` Read the trust store off the classpath.
`private X509TrustManager[]`	`loadTrustManagers(KeyStore trustStore)` Return an array of X.509 TrustManagers.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - serialVersionUID
```
private static final long serialVersionUID
```
    Default serialVersionUID
    
    See Also:
    
    Constant Field Values
  - CLS_NM
```
private static final String CLS_NM
```
  - LOG
```
private static final org.slf4j.Logger LOG
```
  - isExamineValidityDates
```
private boolean isExamineValidityDates
```
  - trustStorePw
```
private char[] trustStorePw
```
  - trustStoreFile
```
private String trustStoreFile
```
  - trustStoreFormat
```
private String trustStoreFormat
```
  - x509TrustManagers
```
private X509TrustManager[] x509TrustManagers
```
- Constructor Detail
  - LdapClientTrustStoreManager
```
public LdapClientTrustStoreManager(String trustStoreFile,
                                   char[] trustStorePw,
                                   String trustStoreFormat,
                                   boolean isExamineValidity)
```
    Constructor used by connection configuration utility to load trust store manager.
    
    Parameters:
    
    trustStoreFile - contains name of trust store file.
    
    trustStorePw - contains the password for trust store
    
    trustStoreFormat - contains the format for trust store
    
    isExamineValidity - boolean var determines if certificate will be examined for valid dates on load.
- Method Detail
  - checkClientTrusted
```
public void checkClientTrusted(X509Certificate[] x509Chain,
                               String authNType)
                        throws CertificateException
```
    Determine if client certificate is to be trusted.
    
    Specified by:
    
    checkClientTrusted in interface X509TrustManager
    
    Parameters:
    
    x509Chain - The certificate chain
    
    authNType - The key exchange algorithm being used
    
    Throws:
    
    CertificateException - If the trustManager cannot be found
  - checkServerTrusted
```
public void checkServerTrusted(X509Certificate[] x509Chain,
                               String authNType)
                        throws CertificateException
```
    Determine if server certificate is to be trusted.
    
    Specified by:
    
    checkServerTrusted in interface X509TrustManager
    
    Parameters:
    
    x509Chain - The certificate chain
    
    authNType - The key exchange algorithm being used
    
    Throws:
    
    CertificateException - If the trustManager cannot be found
  - getAcceptedIssuers
```
public X509Certificate[] getAcceptedIssuers()
```
    Return the list of accepted issuers for this trust manager.
    
    Specified by:
    
    getAcceptedIssuers in interface X509TrustManager
    
    Returns:
    
    array of accepted issuers
  - getTrustManagers
```
private X509TrustManager[] getTrustManagers(X509Certificate[] x509Chain)
                                     throws CertificateException
```
    Return array of trust managers to caller. Will verify that current date is within certs validity period.
    
    Parameters:
    
    x509Chain - contains input X.509 certificate chain.
    
    Returns:
    
    array of X.509 trust managers.
    
    Throws:
    
    CertificateException - if trustStoreFile instance variable is null.
  - getTrustManagersOnClasspath
```
private X509TrustManager[] getTrustManagersOnClasspath(X509Certificate[] x509Chain)
                                                throws CertificateException
```
    Return array of trust managers to caller. Will verify that current date is within certs validity period.
    
    Parameters:
    
    x509Chain - contains input X.509 certificate chain.
    
    Returns:
    
    array of X.509 trust managers.
    
    Throws:
    
    CertificateException - if trustStoreFile instance variable is null.
  - loadTrustManagers
```
private X509TrustManager[] loadTrustManagers(KeyStore trustStore)
                                      throws CertificateException
```
    Return an array of X.509 TrustManagers.
    
    Parameters:
    
    trustStore - handle to input trustStore
    
    Returns:
    
    array of trust managers
    
    Throws:
    
    CertificateException - if problem occurs during TrustManager initialization.
  - getTrustStore
```
private KeyStore getTrustStore()
                        throws CertificateException
```
    Load the TrustStore file into JSSE KeyStore instance.
    
    Returns:
    
    instance of JSSE KeyStore containing the LDAP Client's TrustStore file info. *
    
    Throws:
    
    CertificateException - if cannot process file load.
  - getTrustStoreInputStream
```
private InputStream getTrustStoreInputStream()
                                      throws CertificateException
```
    Read the trust store off the classpath.
    
    Returns:
    
    handle to inputStream containing the trust store
    
    Throws:
    
    CertificateException - If the file cannot be found

Class LdapClientTrustStoreManager

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

serialVersionUID

CLS_NM

LOG

isExamineValidityDates

trustStorePw

trustStoreFile

trustStoreFormat

x509TrustManagers

Constructor Detail

LdapClientTrustStoreManager

Method Detail

checkClientTrusted

checkServerTrusted

getAcceptedIssuers

getTrustManagers

getTrustManagersOnClasspath

loadTrustManagers

getTrustStore

getTrustStoreInputStream