public final class

MAMTrustedRootCertsManager

extends Object
java.lang.Object
   ↳ com.microsoft.intune.mam.client.app.MAMTrustedRootCertsManager

Class Overview

A utility class that provides methods for receiving trusted root certificates from the MAM service and leveraging these certificates in your application to verify a server host on client SSL/TLS connections. This class delegates to Android TrustManager instances for client authentication checks and the trusted root certificates received from the MAM service are unsupported to perform client authentication checks. This class provides methods to create javax.net.ssl.SSLContext, javax.net.ssl.SSLSocketFactory, and javax.net.ssl.X509TrustManager objects that can be used to perform server trust checks. The createSSLContext(String, String) method creates an SSL context that uses the specified protocol and trusted root certificates for the specified identity. The createSSLSocketFactory(String, String) method creates an SSL socket factory that uses the specified protocol and trusted root certificates for the specified identity. The createX509TrustManagers(String) method creates an array of javax.net.ssl.X509TrustManager instances that use the trusted root certificates from the MAM service for the specified identity. Note that the `identity` parameter is expected to be a string identifier for a particular user running the application such as their UPN. In the case the user identifier is unknown beforehand, a value of null can be passed in and MAM will attempt to discover the correct identity from the thread or process in which this class is running. When using this class, you should call the appropriate methods, such as createSocket(java.net.Socket, String, int, boolean) to use the returned socket factory in your application. You can also configure HTTPS clients that are configurable with javax.net.ssl.SSLContext or javax.net.ssl.X509TrustManager instances using the returned objects from this class. You don't need to to initialize the obtained javax.net.ssl.SSLContext from this class with the returned javax.net.ssl.X509TrustManager instances since the returned context is already initialized correctly for the trusted root certificates received from the MAM service.

Summary

Public Methods
static SSLContext createSSLContext(String identity, String protocol)
This method is deprecated. Use createSSLContextForOID(String, String).
static SSLContext createSSLContextForOID(String oid, String protocol)
Creates an SSL context that uses the specified protocol and trusted root certificates for the specified identity.
static SSLSocketFactory createSSLSocketFactory(String identity, String protocol)
This method is deprecated. Use createSSLSocketFactoryForOID(String, String).
static SSLSocketFactory createSSLSocketFactoryForOID(String oid, String protocol)
Creates an SSL socket factory that uses the specified protocol and trusted root certificates for the specified identity.
static TrustManager[] createX509TrustManagers(String identity)
This method is deprecated. Use createX509TrustManagersForOID(String).
static TrustManager[] createX509TrustManagersForOID(String oid)
Creates an array of X509TrustManager that uses the trusted root certificates from the MAM service for the specified identity.
[Expand]
Inherited Methods
From class java.lang.Object

Public Methods

public static SSLContext createSSLContext (String identity, String protocol)

This method is deprecated.
Use createSSLContextForOID(String, String).

Creates an SSL context that uses the specified protocol and trusted root certificates for the specified identity.

Parameters
identity an optional string identifier for a particular user running the application that is expected to receive trusted root certificates from the MAM service. If the identifier is unknown, a value of null can be passed in and MAM will attempt to discover the correct identity from the thread or process in which this class is running.
protocol an optional standard name of the protocol to be used to initialize the SSL context. If the protocol is not provided, MAM will use the default supported protocol for the current level of Android at runtime.
Returns
  • an SSLContext that uses the specified protocol and trusted root certificates for the specified identity.
Throws
NoSuchAlgorithmException if the specified protocol is not available.
KeyStoreException if the keystore has not been initialized.
KeyManagementException if the SSL context cannot be created.
GeneralSecurityException if other security related failures occurred.

public static SSLContext createSSLContextForOID (String oid, String protocol)

Creates an SSL context that uses the specified protocol and trusted root certificates for the specified identity.

Parameters
oid an optional string identifier for the AAD OID of a particular user that is expected to receive trusted root certificates from the MAM service. If the identifier is unknown, a value of null can be passed in and MAM will attempt to discover the correct identity from the thread or process in which this class is running.
protocol an optional standard name of the protocol to be used to initialize the SSL context. If the protocol is not provided, MAM will use the default supported protocol for the current level of Android at runtime.
Returns
  • an SSLContext that uses the specified protocol and trusted root certificates for the specified identity.
Throws
NoSuchAlgorithmException if the specified protocol is not available.
KeyStoreException if the keystore has not been initialized.
KeyManagementException if the SSL context cannot be created.
GeneralSecurityException if other security related failures occurred.

public static SSLSocketFactory createSSLSocketFactory (String identity, String protocol)

This method is deprecated.
Use createSSLSocketFactoryForOID(String, String).

Creates an SSL socket factory that uses the specified protocol and trusted root certificates for the specified identity.

Parameters
identity an optional string identifier for a particular user running the application that is expected to receive trusted root certificates from the MAM service. If the identifier is unknown, a value of null can be passed in and MAM will attempt to discover the correct identity from the thread or process in which this class is running.
protocol an optional standard name of the protocol to be used to initialize the SSL context. If the protocol is not provided, MAM will use the default supported protocol for the current level of Android at runtime.
Returns
  • an SSL socket factory that uses the specified protocol and trusted root certificates for the specified identity.
Throws
NoSuchAlgorithmException if the specified protocol is not available on Android where the application is running.
KeyStoreException if the keystore has not been initialized.
KeyManagementException if the SSL context cannot be created.
GeneralSecurityException if other security related failures occurred.

public static SSLSocketFactory createSSLSocketFactoryForOID (String oid, String protocol)

Creates an SSL socket factory that uses the specified protocol and trusted root certificates for the specified identity.

Parameters
oid an optional string identifier for the AAD OID of a particular user that is expected to receive trusted root certificates from the MAM service. If the identifier is unknown, a value of null can be passed in and MAM will attempt to discover the correct identity from the thread or process in which this class is running.
protocol an optional standard name of the protocol to be used to initialize the SSL context. If the protocol is not provided, MAM will use the default supported protocol for the current level of Android at runtime.
Returns
  • an SSL socket factory that uses the specified protocol and trusted root certificates for the specified identity.
Throws
NoSuchAlgorithmException if the specified protocol is not available on Android where the application is running.
KeyStoreException if the keystore has not been initialized.
KeyManagementException if the SSL context cannot be created.
GeneralSecurityException if other security related failures occurred.

public static TrustManager[] createX509TrustManagers (String identity)

This method is deprecated.
Use createX509TrustManagersForOID(String).

Creates an array of X509TrustManager that uses the trusted root certificates from the MAM service for the specified identity.

Parameters
identity an optional string identifier for a particular user running the application that is expected to receive trusted root certificates from the MAM service. If the identifier is unknown, a value of null can be passed in and MAM will attempt to discover the correct identity from the thread or process in which this class is running.
Returns
  • an array of X509TrustManager instances that use the trusted root certificates from the MAM service for the specified identity.
Throws
NoSuchAlgorithmException if the algorithm for creating trust managers is not available.
KeyStoreException if the keystore has not been initialized.
GeneralSecurityException if other security related failures occurred.

public static TrustManager[] createX509TrustManagersForOID (String oid)

Creates an array of X509TrustManager that uses the trusted root certificates from the MAM service for the specified identity.

Parameters
oid an optional string identifier for the AAD OID of a particular user that is expected to receive trusted root certificates from the MAM service. If the identifier is unknown, a value of null can be passed in and MAM will attempt to discover the correct identity from the thread or process in which this class is running.
Returns
  • an array of X509TrustManager instances that use the trusted root certificates from the MAM service for the specified identity.
Throws
NoSuchAlgorithmException if the algorithm for creating trust managers is not available.
KeyStoreException if the keystore has not been initialized.
GeneralSecurityException if other security related failures occurred.