X509TrustManager


1   /*
2    * @(#)X509TrustManager.java    1.10 04/02/16
3    *
4    * Copyright (c) 2004 Sun Microsystems, Inc. All Rights Reserved.
5    * SUN PROPRIETARY/CONFIDENTIAL.  Use is subject to license terms.
6    */
7     
8   /*
9    * NOTE:
10   * Because of various external restrictions (i.e. US export
11   * regulations, etc.), the actual source code can not be provided
12   * at this time. This file represents the skeleton of the source
13   * file, so that javadocs of the API can be created.
14   */
15  
16  package javax.net.ssl;
17  
18  import java.security.cert.*;
19  
20  /** 
21   * Instance of this interface manage which X509 certificates
22   * may be used to authenticate the remote side of a secure
23   * socket. Decisions may be based on trusted certificate
24   * authorities, certificate revocation lists, online
25   * status checking or other means.
26   *
27   * @since 1.4
28   * @version 1.11
29   */
30  public interface X509TrustManager extends TrustManager
31  {
32  
33      /** 
34       * Given the partial or complete certificate chain provided by the
35       * peer, build a certificate path to a trusted root and return if
36       * it can be validated and is trusted for client SSL
37       * authentication based on the authentication type.
38       *
39       * The authentication type is determined by the actual certificate
40       * used. For instance, if RSAPublicKey is used, the authType
41       * should be "RSA". Checking is case-sensitive.
42       *
43       * @param chain the peer certificate chain
44       * @param authType the authentication type based on the client certificate
45       * @throws IllegalArgumentException if null or zero-length chain
46       *         is passed in for the chain parameter or if null or zero-length
47       *         string is passed in for the  authType parameter
48       * @throws CertificateException if the certificate chain is not trusted 
49       *         by this TrustManager.
50       */
51      public void checkClientTrusted(X509Certificate[] chain, String authType)
52          throws CertificateException;
53  
54      /** 
55       * Given the partial or complete certificate chain provided by the
56       * peer, build a certificate path to a trusted root and return if
57       * it can be validated and is trusted for server SSL
58       * authentication based on the authentication type.
59       *
60       * The authentication type is the key exchange algorithm portion
61       * of the cipher suites represented as a String, such as "RSA",
62       * "DHE_DSS". Note: for some exportable cipher suites, the key
63       * exchange algorithm is determined at run time during the
64       * handshake. For instance, for TLS_RSA_EXPORT_WITH_RC4_40_MD5,
65       * the authType should be RSA_EXPORT when an ephemeral RSA key is
66       * used for the key exchange, and RSA when the key from the server
67       * certificate is used. Checking is case-sensitive.
68       *
69       * @param chain the peer certificate chain
70       * @param authType the key exchange algorithm used
71       * @throws IllegalArgumentException if null or zero-length chain
72       *         is passed in for the chain parameter or if null or zero-length
73       *         string is passed in for the  authType parameter
74       * @throws CertificateException if the certificate chain is not trusted 
75       *         by this TrustManager.
76       */
77      public void checkServerTrusted(X509Certificate[] chain, String authType)
78          throws CertificateException;
79  
80      /** 
81       * Return an array of certificate authority certificates
82       * which are trusted for authenticating peers.
83       *
84       * @return a non-null (possibly empty) array of acceptable
85       *      CA issuer certificates.
86       */
87      public X509Certificate[] getAcceptedIssuers();
88  }
89
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Java Books Remove Frame
Popular Tags