KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > javax > net > ssl > X509TrustManager


1 /*
2  * @(#)X509TrustManager.java 1.10 04/02/16
3  *
4  * Copyright (c) 2004 Sun Microsystems, Inc. All Rights Reserved.
5  * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
6  */

7   
8 /*
9  * NOTE:
10  * Because of various external restrictions (i.e. US export
11  * regulations, etc.), the actual source code can not be provided
12  * at this time. This file represents the skeleton of the source
13  * file, so that javadocs of the API can be created.
14  */

15
16 package javax.net.ssl;
17
18 import java.security.cert.*;
19
20 /**
21  * Instance of this interface manage which X509 certificates
22  * may be used to authenticate the remote side of a secure
23  * socket. Decisions may be based on trusted certificate
24  * authorities, certificate revocation lists, online
25  * status checking or other means.
26  *
27  * @since 1.4
28  * @version 1.11
29  */

30 public interface X509TrustManager extends TrustManager
31 {
32
33     /**
34      * Given the partial or complete certificate chain provided by the
35      * peer, build a certificate path to a trusted root and return if
36      * it can be validated and is trusted for client SSL
37      * authentication based on the authentication type.
38      *
39      * The authentication type is determined by the actual certificate
40      * used. For instance, if RSAPublicKey is used, the authType
41      * should be "RSA". Checking is case-sensitive.
42      *
43      * @param chain the peer certificate chain
44      * @param authType the authentication type based on the client certificate
45      * @throws IllegalArgumentException if null or zero-length chain
46      * is passed in for the chain parameter or if null or zero-length
47      * string is passed in for the authType parameter
48      * @throws CertificateException if the certificate chain is not trusted
49      * by this TrustManager.
50      */

51     public void checkClientTrusted(X509Certificate[] chain, String authType)
52         throws CertificateException;
53
54     /**
55      * Given the partial or complete certificate chain provided by the
56      * peer, build a certificate path to a trusted root and return if
57      * it can be validated and is trusted for server SSL
58      * authentication based on the authentication type.
59      *
60      * The authentication type is the key exchange algorithm portion
61      * of the cipher suites represented as a String, such as "RSA",
62      * "DHE_DSS". Note: for some exportable cipher suites, the key
63      * exchange algorithm is determined at run time during the
64      * handshake. For instance, for TLS_RSA_EXPORT_WITH_RC4_40_MD5,
65      * the authType should be RSA_EXPORT when an ephemeral RSA key is
66      * used for the key exchange, and RSA when the key from the server
67      * certificate is used. Checking is case-sensitive.
68      *
69      * @param chain the peer certificate chain
70      * @param authType the key exchange algorithm used
71      * @throws IllegalArgumentException if null or zero-length chain
72      * is passed in for the chain parameter or if null or zero-length
73      * string is passed in for the authType parameter
74      * @throws CertificateException if the certificate chain is not trusted
75      * by this TrustManager.
76      */

77     public void checkServerTrusted(X509Certificate[] chain, String authType)
78         throws CertificateException;
79
80     /**
81      * Return an array of certificate authority certificates
82      * which are trusted for authenticating peers.
83      *
84      * @return a non-null (possibly empty) array of acceptable
85      * CA issuer certificates.
86      */

87     public X509Certificate[] getAcceptedIssuers();
88 }
89
Popular Tags