ReplicationTrustManager

java.lang.Object
- org.apache.directory.server.ldap.replication.ReplicationTrustManager

All Implemented Interfaces:

javax.net.ssl.TrustManager, javax.net.ssl.X509TrustManager
```
public final class ReplicationTrustManager
extends java.lang.Object
implements javax.net.ssl.X509TrustManager
```
A X509TrustManager implementation used by the replication subsystem. This implementation doesn't require the certificates to be stored in a file, instead it parses the given certificates of replica peers using Bouncycastle's X509CertParser and stores them in the in-memory KeyStore. The SunX509 TrustManagerFactory is then initialized using this KeyStore and the resulting X509TrustManager present in this factory's TrustManagers will be used internally to perform the certificate verification

Field Summary

Fields
Modifier and Type	Field and Description
`private static ReplicationTrustManager`	`INSTANCE` the singleton instance of this trust manager
`private static java.security.KeyStore`	`ks` the in-memory keystore in JKS format
`private static org.slf4j.Logger`	`LOG` A logger for this class
`private static org.bouncycastle.jce.provider.X509CertParser`	`parser` the X509 certificate parser
`private static javax.net.ssl.X509TrustManager`	`trustManager` the internal trust manager used for verifying the certificates

Constructor Summary

Constructors
Modifier Constructor and Description

private ReplicationTrustManager()
Creates a instance of ReplicationTrustManager

Constructors
Modifier	Constructor and Description
`private`	`ReplicationTrustManager()` Creates a instance of ReplicationTrustManager

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`static void`	`addCertificate(java.lang.String certAlias, byte[] certificate)` stores the given certificate into the keystore with the given alias name
`static void`	`addCertificates(java.util.Map<java.lang.String,byte[]> aliasCertMap)` loads the given map of [alias-name, certificate-data] entries into the keystore to be used by the trust manager
`void`	`checkClientTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType)`
`void`	`checkServerTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType)`
`java.security.cert.X509Certificate[]`	`getAcceptedIssuers()`
`static ReplicationTrustManager`	`getInstance()` returns the singleton instance of ReplicationTrustManager, note that this return instance can only be used after calling the `addCertificates(Map)` method

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - LOG
```
private static final org.slf4j.Logger LOG
```
    A logger for this class
  - trustManager
```
private static javax.net.ssl.X509TrustManager trustManager
```
    the internal trust manager used for verifying the certificates
  - ks
```
private static java.security.KeyStore ks
```
    the in-memory keystore in JKS format
  - parser
```
private static org.bouncycastle.jce.provider.X509CertParser parser
```
    the X509 certificate parser
  - INSTANCE
```
private static final ReplicationTrustManager INSTANCE
```
    the singleton instance of this trust manager
- Constructor Detail
  - ReplicationTrustManager
```
private ReplicationTrustManager()
```
    Creates a instance of ReplicationTrustManager
- Method Detail
  - addCertificates
```
public static void addCertificates(java.util.Map<java.lang.String,byte[]> aliasCertMap)
                            throws java.lang.Exception
```
    loads the given map of [alias-name, certificate-data] entries into the keystore to be used by the trust manager
    
    Parameters:
    
    aliasCertMap - the map of [alias-name, certificate-data] entries
    
    Throws:
    
    java.lang.Exception - in case of any issues related to certificate data parsing
  - addCertificate
```
public static void addCertificate(java.lang.String certAlias,
                                  byte[] certificate)
                           throws java.lang.Exception
```
    stores the given certificate into the keystore with the given alias name
    
    Parameters:
    
    certAlias - the alias name to be used for this certificate
    
    certificate - the X509 certificate data
    
    Throws:
    
    java.lang.Exception - in case of any issues related to certificate data parsing
  - getInstance
```
public static ReplicationTrustManager getInstance()
```
    returns the singleton instance of ReplicationTrustManager, note that this return instance can only be used after calling the addCertificates(Map) method
    
    Returns:
    
    the instance of the ReplicationTrustManager
  - checkClientTrusted
```
public void checkClientTrusted(java.security.cert.X509Certificate[] chain,
                               java.lang.String authType)
                        throws java.security.cert.CertificateException
```
    Specified by:
    
    checkClientTrusted in interface javax.net.ssl.X509TrustManager
    
    Throws:
    
    java.security.cert.CertificateException
  - checkServerTrusted
```
public void checkServerTrusted(java.security.cert.X509Certificate[] chain,
                               java.lang.String authType)
                        throws java.security.cert.CertificateException
```
    Specified by:
    
    checkServerTrusted in interface javax.net.ssl.X509TrustManager
    
    Throws:
    
    java.security.cert.CertificateException
  - getAcceptedIssuers
```
public java.security.cert.X509Certificate[] getAcceptedIssuers()
```
    Specified by:
    
    getAcceptedIssuers in interface javax.net.ssl.X509TrustManager

Class ReplicationTrustManager

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

LOG

trustManager

ks

parser

INSTANCE

Constructor Detail

ReplicationTrustManager

Method Detail

addCertificates

addCertificate

getInstance

checkClientTrusted

checkServerTrusted

getAcceptedIssuers