Team LiB
Previous Section Next Section

TrustManagerFactoryjavax.net.ssl
Java 1.4

A trustManagerFactory is responsible for creating TRustManager objects for a specific trust management algorithm. Obtain a trustManagerFactory object by calling one of the getInstance( ) methods and specifying the desired algorithm and, optionally, the desired provider. In Java 1.4, the "SunX509" algorithm is the only one supported by the default "SunJSSE" provider. After calling getInstance( ), you initialize the factory object with init( ). For the "SunX509" algorithm, you pass a KeyStore object to init( ). This KeyStore should contain the public keys of trusted CAs (certification authorities). Once a trustManagerFactory has been created and initialized, use it to create a TRustManager by calling gettrustManagers( ). This method returns an array of trustManager objects because some trust management algorithms may handle more than one type of key or certificate. The "SunX509" algorithm manages only X.509 keys, and always returns an array with an X509trustManager object as its single element. This returned array is typically passed to the init( ) method of an SSLContext object.

If no KeyStore is passed to the init( ) method of the TRustManagerFactory for the "SunX509" algorithm, then the factory uses a KeyStore created from the file named by the system property javax.net.ssl.trustStore if that property is defined. (It also uses the key store type and password specified by the properties javax.net.ssl.trustStoreType and javax.net.ssl.trustStorePassword.) Otherwise, it uses the file jre/lib/security/jssecacerts in the Java distribution, if it exists. Otherwise it uses the file jre/lib/security/cacerts which is part of Sun's Java distribution. Sun ships a default cacerts file that contains certificates for several well-known and reputable CAs. You can use the keytool program to edit the cacerts keystore (the default password is "changeit").

public class TrustManagerFactory {
// Protected Constructors
     protected TrustManagerFactory(TrustManagerFactorySpi factorySpi, java.security.
        Provider provider, String algorithm);  
// Public Class Methods
     public static final String getDefaultAlgorithm( );  
     public static final TrustManagerFactory getInstance(String algorithm) 
        throws java.security.NoSuchAlgorithmException;  
     public static final TrustManagerFactory getInstance(String algorithm, 
        java.security.Provider provider) 
        throws java.security.NoSuchAlgorithmException;  
     public static final TrustManagerFactory getInstance(String algorithm, 
        String provider) throws java.security.NoSuchAlgorithmException, 
        java.security.NoSuchProviderException;  
// Public Instance Methods
     public final String getAlgorithm( );  
     public final java.security.Provider getProvider( );  
     public final TrustManager[ ] getTrustManagers( );  
     public final void init(ManagerFactoryParameters spec) 
        throws java.security.InvalidAlgorithmParameterException;  
     public final void init(java.security.KeyStore ks) 
        throws java.security.KeyStoreException;  
}

    Team LiB
    Previous Section Next Section