| /* |
| * Copyright (c) 1999, 2005, Oracle and/or its affiliates. All rights reserved. |
| * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| * |
| * This code is free software; you can redistribute it and/or modify it |
| * under the terms of the GNU General Public License version 2 only, as |
| * published by the Free Software Foundation. Oracle designates this |
| * particular file as subject to the "Classpath" exception as provided |
| * by Oracle in the LICENSE file that accompanied this code. |
| * |
| * This code is distributed in the hope that it will be useful, but WITHOUT |
| * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| * version 2 for more details (a copy is included in the LICENSE file that |
| * accompanied this code). |
| * |
| * You should have received a copy of the GNU General Public License version |
| * 2 along with this work; if not, write to the Free Software Foundation, |
| * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| * |
| * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
| * or visit www.oracle.com if you need additional information or have any |
| * questions. |
| */ |
| |
| package javax.net.ssl; |
| |
| import java.security.cert.*; |
| |
| /** |
| * Instance of this interface manage which X509 certificates |
| * may be used to authenticate the remote side of a secure |
| * socket. Decisions may be based on trusted certificate |
| * authorities, certificate revocation lists, online |
| * status checking or other means. |
| * |
| * @since 1.4 |
| */ |
| public interface X509TrustManager extends TrustManager { |
| /** |
| * Given the partial or complete certificate chain provided by the |
| * peer, build a certificate path to a trusted root and return if |
| * it can be validated and is trusted for client SSL |
| * authentication based on the authentication type. |
| * <p> |
| * The authentication type is determined by the actual certificate |
| * used. For instance, if RSAPublicKey is used, the authType |
| * should be "RSA". Checking is case-sensitive. |
| * |
| * @param chain the peer certificate chain |
| * @param authType the authentication type based on the client certificate |
| * @throws IllegalArgumentException if null or zero-length chain |
| * is passed in for the chain parameter or if null or zero-length |
| * string is passed in for the authType parameter |
| * @throws CertificateException if the certificate chain is not trusted |
| * by this TrustManager. |
| */ |
| public void checkClientTrusted(X509Certificate[] chain, String authType) |
| throws CertificateException; |
| |
| /** |
| * Given the partial or complete certificate chain provided by the |
| * peer, build a certificate path to a trusted root and return if |
| * it can be validated and is trusted for server SSL |
| * authentication based on the authentication type. |
| * <p> |
| * The authentication type is the key exchange algorithm portion |
| * of the cipher suites represented as a String, such as "RSA", |
| * "DHE_DSS". Note: for some exportable cipher suites, the key |
| * exchange algorithm is determined at run time during the |
| * handshake. For instance, for TLS_RSA_EXPORT_WITH_RC4_40_MD5, |
| * the authType should be RSA_EXPORT when an ephemeral RSA key is |
| * used for the key exchange, and RSA when the key from the server |
| * certificate is used. Checking is case-sensitive. |
| * |
| * @param chain the peer certificate chain |
| * @param authType the key exchange algorithm used |
| * @throws IllegalArgumentException if null or zero-length chain |
| * is passed in for the chain parameter or if null or zero-length |
| * string is passed in for the authType parameter |
| * @throws CertificateException if the certificate chain is not trusted |
| * by this TrustManager. |
| */ |
| public void checkServerTrusted(X509Certificate[] chain, String authType) |
| throws CertificateException; |
| |
| /** |
| * Return an array of certificate authority certificates |
| * which are trusted for authenticating peers. |
| * |
| * @return a non-null (possibly empty) array of acceptable |
| * CA issuer certificates. |
| */ |
| public X509Certificate[] getAcceptedIssuers(); |
| } |