Package com.castlabs.android.network
Class CustomX509TrustManager
- java.lang.Object
-
- com.castlabs.android.network.CustomX509TrustManager
-
- All Implemented Interfaces:
TrustManager,X509TrustManager
public final class CustomX509TrustManager extends Object implements X509TrustManager
Custom implementation of X509TrustManager uses two key stores: system default one and provided custom key store. When validating the certificates, first the system default key store is used and in case the certificate can not be verified then the custom key store is then contacted. The current trust manager can be used when your certificate is not (yet) trusted by the system or the application is running on the older version of system without the needed CA. Note: The application shall take care of maintaining the custom key store and keeping it up-to-date. Note: There is a limitation using the custom TrustManagers with X509TrustManagerExtensions, which does not allow custom implementations of the TrustManager interface, see the older (marshmallow and older) implementation of X509TrustManagerExtensions(509TrustManager tm) constructor, throwing the IllegalArgumentException. In its turn, it effects all the code which uses this constructor e.g. http3 AndroidPlatform.buildCertificateChainCleaner(X509TrustManager trustManager) throwing exception and bringing extra significant delay when opening a connection.- Since:
- 4.2.0
-
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description voidcheckClientTrusted(X509Certificate[] chain, String authType)voidcheckServerTrusted(X509Certificate[] chain, String authType)static SSLSocketFactorycreateSSLSocketFactory(KeyStore keyStore)Creates SSL socket factory based on the provided custom key storestatic SSLSocketFactorycreateSSLSocketFactory(TrustManager[] trustManagers)Creates SSL socket factory based on the provided trust managersstatic X509TrustManagercreateTrustManager(KeyStore keyStore)Creates custom X509TrustManager based on the provided custom key storeX509Certificate[]getAcceptedIssuers()
-
-
-
Method Detail
-
createSSLSocketFactory
@Nullable public static SSLSocketFactory createSSLSocketFactory(@NonNull KeyStore keyStore)
Creates SSL socket factory based on the provided custom key store- Parameters:
keyStore- The custom key store to use- Returns:
- SSL socket factory or
nullwhen an error occurs
-
createSSLSocketFactory
@Nullable public static SSLSocketFactory createSSLSocketFactory(@NonNull TrustManager[] trustManagers)
Creates SSL socket factory based on the provided trust managers- Parameters:
trustManagers- Trust managers- Returns:
- SSL socket factory or
nullwhen an error occurs
-
createTrustManager
@NonNull public static X509TrustManager createTrustManager(@NonNull KeyStore keyStore)
Creates custom X509TrustManager based on the provided custom key store- Parameters:
keyStore- The custom key store to use- Returns:
- The X509TrustManager
-
checkClientTrusted
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException
- Specified by:
checkClientTrustedin interfaceX509TrustManager- Throws:
CertificateException
-
checkServerTrusted
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException
- Specified by:
checkServerTrustedin interfaceX509TrustManager- Throws:
CertificateException
-
getAcceptedIssuers
public X509Certificate[] getAcceptedIssuers()
- Specified by:
getAcceptedIssuersin interfaceX509TrustManager
-
-