Package org.faceless.pdf2.viewer2.util

Class KeyStoreTrustManager

java.lang.Object

org.faceless.pdf2.viewer2.util.KeyStoreTrustManager

All Implemented Interfaces:

HostnameVerifier, TrustManager, X509TrustManager

public class KeyStoreTrustManager
extends Object
implements X509TrustManager, HostnameVerifier

This class makes working with SSL connections easier, by prompting the user when an invalid certificate is encountered. The user will be given the option of refuting or accepting the certificate, including the option of adding the certificate to the PDF keystore.

Due to the way SSL is implemented in Java, in order to actually use this class it needs to be installed statically. This can be done easily:

 PDFViewer viewer = newPDFViewer();   // Create it somehow
 KeyStoreTrustManager.install(viewer);
 

This will install an instance of this object as the default X509TrustManager for any SSL connections made from Java. If an invalid certificate is encountered a dialog will be displayed relative to the PDFViewer object, and if the user chooses to accept the certificate permanently it will be added to the KeyStoreManager returned by PDFViewer.getKeyStoreManager()

If you have more than one PDFViewer on the screen at once, or you don't want this class managing all SSL connections from the JVM, then you can create the object and use it as a trust manager only on the connections you need.

Since:

2.11

Constructor Summary

Constructors

Constructor	Description
KeyStoreTrustManager(KeyStoreManager ksm, Component root)	Create a new KeyStoreTrustManager.

Method Summary

Modifier and Type	Method	Description
void	checkClientTrusted(X509Certificate[] chain, String auth)
void	checkServerTrusted(X509Certificate[] chain, String auth)
X509Certificate[]	getAcceptedIssuers()
static boolean	install(PDFViewer viewer)	Create a new KeyStoreTrustManager and install it as part of the default SSLSocketFactory and HostnameVerifier for all HTTTPS connections made by the JVM.
boolean	verify(String urlHostname, SSLSession session)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

KeyStoreTrustManager

public KeyStoreTrustManager(KeyStoreManager ksm,
                            Component root)

Create a new KeyStoreTrustManager.

Parameters:

ksm - the KeyStoreManager to add any permanently trusted Certificates to. May be null, in which case this option is not available.

root - the object to position the dialog relative to. May be null if this is not known.

Method Detail

install

public static boolean install(PDFViewer viewer)
                       throws GeneralSecurityException

Create a new KeyStoreTrustManager and install it as part of the default SSLSocketFactory and HostnameVerifier for all HTTTPS connections made by the JVM.

Parameters:

viewer - the PDFViewer to be used for the KeyStoreManager and dialog positioning. May be null, in which case the dialog is not tied to any component and certificates cannot be permanently added to a KeyStore.

Returns:

true if the SecurityManager allowed this to be installed, false otherwise

Throws:

GeneralSecurityException

checkClientTrusted

public void checkClientTrusted(X509Certificate[] chain,
                               String auth)
                        throws CertificateException

Specified by:

checkClientTrusted in interface X509TrustManager

Throws:

CertificateException

checkServerTrusted

public void checkServerTrusted(X509Certificate[] chain,
                               String auth)
                        throws CertificateException

Specified by:

checkServerTrusted in interface X509TrustManager

Throws:

CertificateException

getAcceptedIssuers

public X509Certificate[] getAcceptedIssuers()

Specified by:

getAcceptedIssuers in interface X509TrustManager

verify

public boolean verify(String urlHostname,
                      SSLSession session)

Specified by:

verify in interface HostnameVerifier