A TrustManagerFactory is responsible for creating TrustManager objects for a specific trust management algorithm. Obtain a TrustManagerFactory object by calling one of the getInstance( ) methods and specifying the desired algorithm and, optionally, the desired provider. In Java 1.4, the “SunX509” algorithm is the only one supported by the default “SunJSSE” provider. After calling getInstance( ), you initialize the factory object with init( ). For the “SunX509” algorithm, you pass a KeyStore object to init( ). This KeyStore should contain the public keys of trusted CAs (certification authorities). Once a TrustManagerFactory has been created and initialized, use it to create a TrustManager by calling getTrustManagers( ). This method returns an array of TrustManager objects because some trust management algorithms may handle more than one type of key or certificate. The “SunX509” algorithm manages only X.509 keys, and always returns an array with an X509TrustManager object as its single element. This returned array is typically passed to the init( ) method of an SSLContext object.

If no KeyStore is passed to the init( ) method of the TrustManagerFactory for the “SunX509” algorithm, then the factory uses a KeyStore created from the file named by the system property if that property is defined. (It also uses the key store type and password specified by the properties and ...

Get Java in a Nutshell, 5th Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.