Class KeyStoreTrustManager
- java.lang.Object
-
- org.faceless.pdf2.viewer2.util.KeyStoreTrustManager
-
- All Implemented Interfaces:
HostnameVerifier
,TrustManager
,X509TrustManager
public class KeyStoreTrustManager extends Object implements X509TrustManager, HostnameVerifier
This class makes working with SSL connections easier, by prompting the user when an invalid certificate is encountered. The user will be given the option of refuting or accepting the certificate, including the option of adding the certificate to the PDF keystore.
Due to the way SSL is implemented in Java, in order to actually use this class it needs to be installed statically. This can be done easily:
PDFViewer viewer = newPDFViewer(); // Create it somehow KeyStoreTrustManager.install(viewer);
This will install an instance of this object as the default
X509TrustManager
for any SSL connections made from Java. If an invalid certificate is encountered a dialog will be displayed relative to thePDFViewer
object, and if the user chooses to accept the certificate permanently it will be added to theKeyStoreManager
returned byPDFViewer.getKeyStoreManager()
If you have more than one
PDFViewer
on the screen at once, or you don't want this class managing all SSL connections from the JVM, then you can create the object and use it as a trust manager only on the connections you need.- Since:
- 2.11
-
-
Constructor Summary
Constructors Constructor Description KeyStoreTrustManager(KeyStoreManager ksm, Component root)
Create a new KeyStoreTrustManager.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description void
checkClientTrusted(X509Certificate[] chain, String auth)
void
checkServerTrusted(X509Certificate[] chain, String auth)
X509Certificate[]
getAcceptedIssuers()
static boolean
install(PDFViewer viewer)
Create a newKeyStoreTrustManager
and install it as part of the defaultSSLSocketFactory
andHostnameVerifier
for all HTTTPS connections made by the JVM.boolean
verify(String urlHostname, SSLSession session)
-
-
-
Constructor Detail
-
KeyStoreTrustManager
public KeyStoreTrustManager(KeyStoreManager ksm, Component root)
Create a new KeyStoreTrustManager.- Parameters:
ksm
- the KeyStoreManager to add any permanently trusted Certificates to. May benull
, in which case this option is not available.root
- the object to position the dialog relative to. May benull
if this is not known.
-
-
Method Detail
-
install
public static boolean install(PDFViewer viewer) throws GeneralSecurityException
Create a newKeyStoreTrustManager
and install it as part of the defaultSSLSocketFactory
andHostnameVerifier
for all HTTTPS connections made by the JVM.- Parameters:
viewer
- the PDFViewer to be used for the KeyStoreManager and dialog positioning. May benull
, in which case the dialog is not tied to any component and certificates cannot be permanently added to a KeyStore.- Returns:
- true if the SecurityManager allowed this to be installed, false otherwise
- Throws:
GeneralSecurityException
-
checkClientTrusted
public void checkClientTrusted(X509Certificate[] chain, String auth) throws CertificateException
- Specified by:
checkClientTrusted
in interfaceX509TrustManager
- Throws:
CertificateException
-
checkServerTrusted
public void checkServerTrusted(X509Certificate[] chain, String auth) throws CertificateException
- Specified by:
checkServerTrusted
in interfaceX509TrustManager
- Throws:
CertificateException
-
getAcceptedIssuers
public X509Certificate[] getAcceptedIssuers()
- Specified by:
getAcceptedIssuers
in interfaceX509TrustManager
-
verify
public boolean verify(String urlHostname, SSLSession session)
- Specified by:
verify
in interfaceHostnameVerifier
-
-