public static final class HandshakeCertificates.Builder extends Object
Constructor and Description |
---|
Builder() |
Modifier and Type | Method and Description |
---|---|
HandshakeCertificates.Builder |
addPlatformTrustedCertificates()
Add all of the host platform's trusted root certificates.
|
HandshakeCertificates.Builder |
addTrustedCertificate(X509Certificate certificate)
Add a trusted root certificate to use when authenticating a peer.
|
HandshakeCertificates |
build() |
HandshakeCertificates.Builder |
heldCertificate(HeldCertificate heldCertificate,
X509Certificate... intermediates)
Configure the certificate chain to use when being authenticated.
|
public HandshakeCertificates.Builder heldCertificate(HeldCertificate heldCertificate, X509Certificate... intermediates)
The chain should include all intermediate certificates but does not need the root certificate that we expect to be known by the remote peer. The peer already has that certificate so transmitting it is unnecessary.
public HandshakeCertificates.Builder addTrustedCertificate(X509Certificate certificate)
public HandshakeCertificates.Builder addPlatformTrustedCertificates()
Most TLS clients that connect to hosts on the public Internet should call this method. Otherwise it is necessary to manually prepare a comprehensive set of trusted roots.
If the host platform is compromised or misconfigured this may contain untrustworthy root certificates. Applications that connect to a known set of servers may be able to mitigate this problem with certificate pinning.
public HandshakeCertificates build()
Copyright © 2019. All rights reserved.