public class KeyStoreTrustManager extends Object implements X509TrustManager, HostnameVerifier
This class makes working with SSL connections easier, by prompting the user when an invalid certificate is encountered. The user will be given the option of refuting or accepting the certificate, including the option of adding the certificate to the PDF keystore.
Due to the way SSL is implemented in Java, in order to actually use this class it needs to be installed statically. This can be done easily:
PDFViewer viewer = newPDFViewer(); // Create it somehow KeyStoreTrustManager.install(viewer);
This will install an instance of this object as the default X509TrustManager
for any SSL connections made from Java. If an invalid certificate is encountered
a dialog will be displayed relative to the PDFViewer
object, and if
the user chooses to accept the certificate permanently it will be added to the
KeyStoreManager
returned by PDFViewer.getKeyStoreManager()
If you have more than one PDFViewer
on the screen at once, or you don't
want this class managing all SSL connections from the JVM, then you can create the
object and use it as a trust manager only on the connections you need.
Constructor and Description |
---|
KeyStoreTrustManager(KeyStoreManager ksm,
Component root)
Create a new KeyStoreTrustManager.
|
Modifier and Type | Method and Description |
---|---|
void |
checkClientTrusted(X509Certificate[] chain,
String auth) |
void |
checkServerTrusted(X509Certificate[] chain,
String auth) |
X509Certificate[] |
getAcceptedIssuers() |
static boolean |
install(PDFViewer viewer)
Create a new
KeyStoreTrustManager and install it as part of the default
SSLSocketFactory and HostnameVerifier for all HTTTPS connections
made by the JVM. |
boolean |
verify(String urlHostname,
SSLSession session) |
public KeyStoreTrustManager(KeyStoreManager ksm, Component root)
ksm
- the KeyStoreManager to add any permanently trusted Certificates to. May
be null
, in which case this option is not available.root
- the object to position the dialog relative to. May be null
if this is not known.public static boolean install(PDFViewer viewer) throws GeneralSecurityException
KeyStoreTrustManager
and install it as part of the default
SSLSocketFactory
and HostnameVerifier
for all HTTTPS connections
made by the JVM.viewer
- the PDFViewer to be used for the KeyStoreManager and dialog positioning.
May be null
, in which case the dialog is not tied to any component and certificates
cannot be permanently added to a KeyStore.GeneralSecurityException
public void checkClientTrusted(X509Certificate[] chain, String auth) throws CertificateException
checkClientTrusted
in interface X509TrustManager
CertificateException
public void checkServerTrusted(X509Certificate[] chain, String auth) throws CertificateException
checkServerTrusted
in interface X509TrustManager
CertificateException
public X509Certificate[] getAcceptedIssuers()
getAcceptedIssuers
in interface X509TrustManager
public boolean verify(String urlHostname, SSLSession session)
verify
in interface HostnameVerifier
Copyright © 2001-2017 Big Faceless Organization