"Creating an X509TrustManager
You can either implement this interface directly yourself or obtain one from a provider-based
TrustManagerFactory (such as that supplied by the SunJSSE provider). You could also implement your own interface that delegates to a factory-generated trust manager. For example, you might do this to filter the resulting trust decisions and query an end-user through a graphical user interface.
Note: If a null KeyStore parameter is passed to the SunJSSE PKIX or SunX509
TrustManagerFactory, then the factory uses the following process to try to find trust material:- If the
javax.net.ssl.trustStoreproperty is defined, then theTrustManagerFactoryattempts to find a file using the file name specified by that system property, and uses that file for the KeyStore parameter. If thejavax.net.ssl.trustStorePasswordsystem property is also defined, then its value is used to check the integrity of the data in the truststore before opening it.If thejavax.net.ssl.trustStoreproperty is defined but the specified file does not exist, then a defaultTrustManagerusing an empty keystore is created. - If the
javax.net.ssl.trustStoresystem property was not specified, then: - if the file java-home
/lib/security/jssecacertsexists, that file is used; - if the file java-home
/lib/security/cacertsexists, that file is used; - if neither of these files exists, then the SSL cipher suite is anonymous, does not perform any authentication, and thus does not need a truststore."
No comments:
Post a Comment