Android APIs
public class

X509TrustManagerExtensions

extends Object
java.lang.Object
   ↳ android.net.http.X509TrustManagerExtensions

Class Overview

X509TrustManager wrapper exposing Android-added features.

The checkServerTrusted method allows callers to perform additional verification of certificate chains after they have been successfully verified by the platform.

If the returned certificate list is not needed, see also X509ExtendedTrustManager#checkServerTrusted(X509Certificate[], String, java.net.Socket) where an SSLSocket can be used to verify the given hostname during handshake using SSLParameters#setEndpointIdentificationAlgorithm(String).

Summary

Public Constructors
X509TrustManagerExtensions(X509TrustManager tm)
Constructs a new X509TrustManagerExtensions wrapper.
Public Methods
List<X509Certificate> checkServerTrusted(X509Certificate[] chain, String authType, String host)
Verifies the given certificate chain.
boolean isUserAddedCertificate(X509Certificate cert)
Checks whether a CA certificate is added by an user.
[Expand]
Inherited Methods
From class java.lang.Object

Public Constructors

public X509TrustManagerExtensions (X509TrustManager tm)

Added in API level 17

Constructs a new X509TrustManagerExtensions wrapper.

Parameters
tm A X509TrustManager as returned by TrustManagerFactory.getInstance();
Throws
IllegalArgumentException If tm is an unsupported TrustManager type.

Public Methods

public List<X509Certificate> checkServerTrusted (X509Certificate[] chain, String authType, String host)

Added in API level 17

Verifies the given certificate chain.

See checkServerTrusted(X509Certificate[], String) for a description of the chain and authType parameters. The final parameter, host, should be the hostname of the server.

Returns
  • the properly ordered chain used for verification as a list of X509Certificates.
Throws
CertificateException if the chain does not verify correctly.

public boolean isUserAddedCertificate (X509Certificate cert)

Checks whether a CA certificate is added by an user.

Since checkServerTrusted(X509Certificate[], String) allows its parameter chain to chain up to user-added CA certificates, this method can be used to perform additional policies for user-added CA certificates.

Returns
  • true to indicate that the certificate was added by the user, false otherwise.