Class CertificateCapturingTrustManager

java.lang.Object
de.xima.fc.certificate.provider.internal.CertificateCapturingTrustManager
All Implemented Interfaces:
TrustManager, X509TrustManager
public class CertificateCapturingTrustManager extends Object implements X509TrustManager
A TrustManager that captures the certificate chain presented during trust validation.

This class delegates trust checks to a provided X509TrustManager and records the certificate chain for later inspection. It also tracks whether the validation passed and any exception that occurred during validation.

The captured certificates are available as a List via getCapturedServerCertificates().

Since:
04.06.25
Author:
tobias

  • Constructor Details

    • CertificateCapturingTrustManager

      public CertificateCapturingTrustManager(X509TrustManager trustManager)
      Constructs a new CertificateCapturingTrustManager with the given trust manager.
      Parameters:
      trustManager - the trust manager to delegate to

  • Method Details

    • checkClientTrusted

      public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException
      Captures the client certificate chain and delegates trust validation.
      Specified by:
      checkClientTrusted in interface X509TrustManager
      Parameters:
      chain - the client certificate chain
      authType - the authentication type
      Throws:
      CertificateException

    • checkServerTrusted

      public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException
      Captures the server certificate chain and delegates trust validation. Does not rethrow the exception to allow certificate capture.
      Specified by:
      checkServerTrusted in interface X509TrustManager
      Parameters:
      chain - the server certificate chain
      authType - the authentication type
      Throws:
      CertificateException

    • getAcceptedIssuers

      public X509Certificate[] getAcceptedIssuers()
      Returns the list of accepted issuers from the underlying trust manager.
      Specified by:
      getAcceptedIssuers in interface X509TrustManager
      Returns:
      an array of accepted X509Certificate issuers

    • getLastClientTrustValidationResult

      public TrustValidationResult getLastClientTrustValidationResult()
      Returns the last client trust validation result, including captured certificates and validation status.
      Returns:
      an TrustValidationResult containing the results of the last client trust validation, or null if no validation has been performed yet.

    • getLastServerTrustValidationResult

      public TrustValidationResult getLastServerTrustValidationResult()
      Returns the last server trust validation result, including captured certificates and validation status.
      Returns:
      an TrustValidationResult containing the results of the last server trust validation, or null if no validation has been performed yet.

    • getCapturedServerCertificates

      public X509Certificate[] getCapturedServerCertificates()
      The most recently captured server certificate chain as a list.

    • getCapturedClientCertificates

      public X509Certificate[] getCapturedClientCertificates()
      The most recently captured client certificate chain as a list.

    • getServerTrustValidationPassed

      public Boolean getServerTrustValidationPassed()
      Indicates whether the last server trust validation passed.

    • getClientTrustValidationPassed

      public Boolean getClientTrustValidationPassed()
      Indicates whether the last client trust validation passed.

    • getServerTrustValidationException

      public CertificateException getServerTrustValidationException()
      The exception thrown during the last server trust validation, if any.

    • getClientTrustValidationException

      public CertificateException getClientTrustValidationException()
      The exception thrown during the last client trust validation, if any.