TrustManagerFactory

A trustManagerFactory is responsible for creating TRustManager objects for a specific trust management algorithm. Obtain a trustManagerFactory object by calling one of the getInstance( ) methods and specifying the desired algorithm and, optionally , the desired provider. In Java 1.4, the "SunX509" algorithm is the only one supported by the default "SunJSSE" provider. After calling getInstance( ) , you initialize the factory object with init( ) . For the "SunX509" algorithm, you pass a KeyStore object to init( ) . This KeyStore should contain the public keys of trusted CAs (certification authorities). Once a trustManagerFactory has been created and initialized , use it to create a TRustManager by calling gettrustManagers( ) . This method returns an array of trustManager objects because some trust management algorithms may handle more than one type of key or certificate. The "SunX509" algorithm manages only X.509 keys, and always returns an array with an X509trustManager object as its single element. This returned array is typically passed to the init( ) method of an SSLContext object.

If no KeyStore is passed to the init( ) method of the TRustManagerFactory for the "SunX509" algorithm, then the factory uses a KeyStore created from the file named by the system property javax.net.ssl.trustStore if that property is defined. (It also uses the key store type and password specified by the properties javax.net.ssl.trustStoreType and javax.net.ssl.trustStorePassword .) Otherwise, it uses the file jre/lib/security/jssecacerts in the Java distribution, if it exists. Otherwise it uses the file jre/lib/security/cacerts which is part of Sun's Java distribution. Sun ships a default cacerts file that contains certificates for several well-known and reputable CAs. You can use the keytool program to edit the cacerts keystore (the default password is "changeit").

 public class  TrustManagerFactory  {  // Protected Constructors  protected  TrustManagerFactory  (TrustManagerFactorySpi  factorySpi  , java.security.         Provider  provider  , String  algorithm  );  // Public Class Methods  public static final String  getDefaultAlgorithm  ( );        public static final TrustManagerFactory  getInstance  (String  algorithm  )          throws java.security.NoSuchAlgorithmException;        public static final TrustManagerFactory  getInstance  (String  algorithm  ,          java.security.Provider  provider  )          throws java.security.NoSuchAlgorithmException;        public static final TrustManagerFactory  getInstance  (String  algorithm  ,          String  provider  ) throws java.security.NoSuchAlgorithmException,          java.security.NoSuchProviderException;  // Public Instance Methods  public final String  getAlgorithm  ( );        public final java.security.Provider  getProvider  ( );        public final TrustManager[ ]  getTrustManagers  ( );        public final void  init  (ManagerFactoryParameters  spec  )          throws java.security.InvalidAlgorithmParameterException;        public final void  init  (java.security.KeyStore  ks  )          throws java.security.KeyStoreException;   }