Package com.castlabs.android.network
Class CustomX509TrustManager
java.lang.Object
com.castlabs.android.network.CustomX509TrustManager
- All Implemented Interfaces:
TrustManager
,X509TrustManager
Custom implementation of X509TrustManager uses two key stores: system default one and provided
custom key store. When validating the certificates, first the system default key store is used and
in case the certificate can not be verified then the custom key store is then contacted.
The current trust manager can be used when your certificate is not (yet) trusted by the system or
the application is running on the older version of system without the needed CA.
Note: The application shall take care of maintaining the custom key store and keeping it up-to-date.
Note: There is a limitation using the custom TrustManagers with X509TrustManagerExtensions,
which does not allow custom implementations of the TrustManager interface, see the older (marshmallow and older)
implementation of X509TrustManagerExtensions(509TrustManager tm) constructor, throwing the IllegalArgumentException.
In its turn, it effects all the code which uses this constructor
e.g. http3 AndroidPlatform.buildCertificateChainCleaner(X509TrustManager trustManager) throwing exception and
bringing extra significant delay when opening a connection.
- Since:
- 4.2.0
-
Method Summary
Modifier and TypeMethodDescriptionvoid
checkClientTrusted
(X509Certificate[] chain, String authType) void
checkServerTrusted
(X509Certificate[] chain, String authType) static SSLSocketFactory
createSSLSocketFactory
(KeyStore keyStore) Creates SSL socket factory based on the provided custom key storestatic SSLSocketFactory
createSSLSocketFactory
(TrustManager[] trustManagers) Creates SSL socket factory based on the provided trust managersstatic X509TrustManager
createTrustManager
(KeyStore keyStore) Creates custom X509TrustManager based on the provided custom key store
-
Method Details
-
createSSLSocketFactory
Creates SSL socket factory based on the provided custom key store- Parameters:
keyStore
- The custom key store to use- Returns:
- SSL socket factory or
null
when an error occurs
-
createSSLSocketFactory
@Nullable public static SSLSocketFactory createSSLSocketFactory(@NonNull TrustManager[] trustManagers) Creates SSL socket factory based on the provided trust managers- Parameters:
trustManagers
- Trust managers- Returns:
- SSL socket factory or
null
when an error occurs
-
createTrustManager
Creates custom X509TrustManager based on the provided custom key store- Parameters:
keyStore
- The custom key store to use- Returns:
- The X509TrustManager
-
checkClientTrusted
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException - Specified by:
checkClientTrusted
in interfaceX509TrustManager
- Throws:
CertificateException
-
checkServerTrusted
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException - Specified by:
checkServerTrusted
in interfaceX509TrustManager
- Throws:
CertificateException
-
getAcceptedIssuers
- Specified by:
getAcceptedIssuers
in interfaceX509TrustManager
-