Examples with PromptTrustManager - com.unboundid.util.ssl.PromptTrustManager

Example 1 with PromptTrustManager

use of com.unboundid.util.ssl.PromptTrustManager in project ldapsdk by pingidentity.

the class InternalSDKHelper method getPreferredPromptTrustManagerChain.

/**
 * Retrieves an aggregate trust manager that can be used to interactively
 * prompt the user about whether to trust a presented certificate chain as a
 * last resort, but will try other alternatives first, including the
 * JVM-default trust store and, if the tool is run with access to a Ping
 * Identity Directory Server instance, then it will also try to use the
 * server's default trust store and information in the topology registry.
 *
 * @param  expectedAddresses  An optional collection of the addresses that the
 *                            client is expected to use to connect to one of
 *                            the target servers.  This may be {@code null} or
 *                            empty if no expected addresses are available, if
 *                            this trust manager is only expected to be used
 *                            to validate client certificates, or if no server
 *                            address validation should be performed.  If a
 *                            non-empty collection is provided, then the trust
 *                            manager may issue a warning if the certificate
 *                            does not contain any of these addresses.
 *
 * @return  An aggregate trust manager that can be used to interactively
 *          prompt the user about whether to trust a presented certificate
 *          chain as a last resort, but will try other alternatives first.
 */
@InternalUseOnly()
@NotNull()
public static AggregateTrustManager getPreferredPromptTrustManagerChain(@Nullable final Collection<String> expectedAddresses) {
    final List<X509TrustManager> trustManagers = new ArrayList<>(4);
    trustManagers.add(JVMDefaultTrustManager.getInstance());
    final File pingIdentityServerRoot = InternalSDKHelper.getPingIdentityServerRoot();
    if (pingIdentityServerRoot != null) {
        final File serverTrustStore = StaticUtils.constructPath(pingIdentityServerRoot, "config", "truststore");
        if (serverTrustStore.exists()) {
            trustManagers.add(new TrustStoreTrustManager(serverTrustStore));
        }
        final File serverConfigFile = StaticUtils.constructPath(pingIdentityServerRoot, "config", "config.ldif");
        if (serverConfigFile.exists()) {
            trustManagers.add(new TopologyRegistryTrustManager(serverConfigFile, TimeUnit.MINUTES.toMillis(5L)));
        }
    }
    trustManagers.add(new PromptTrustManager(null, true, expectedAddresses, null, null));
    return new AggregateTrustManager(false, trustManagers);
}

Also used : PromptTrustManager(com.unboundid.util.ssl.PromptTrustManager) TopologyRegistryTrustManager(com.unboundid.ldap.sdk.unboundidds.TopologyRegistryTrustManager) X509TrustManager(javax.net.ssl.X509TrustManager) TrustStoreTrustManager(com.unboundid.util.ssl.TrustStoreTrustManager) ArrayList(java.util.ArrayList) File(java.io.File) AggregateTrustManager(com.unboundid.util.ssl.AggregateTrustManager) InternalUseOnly(com.unboundid.util.InternalUseOnly) NotNull(com.unboundid.util.NotNull)

Aggregations

TopologyRegistryTrustManager (com.unboundid.ldap.sdk.unboundidds.TopologyRegistryTrustManager)1 InternalUseOnly (com.unboundid.util.InternalUseOnly)1 NotNull (com.unboundid.util.NotNull)1 AggregateTrustManager (com.unboundid.util.ssl.AggregateTrustManager)1 PromptTrustManager (com.unboundid.util.ssl.PromptTrustManager)1 TrustStoreTrustManager (com.unboundid.util.ssl.TrustStoreTrustManager)1 File (java.io.File)1 ArrayList (java.util.ArrayList)1 X509TrustManager (javax.net.ssl.X509TrustManager)1