1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one or more 3 * contributor license agreements. See the NOTICE file distributed with 4 * this work for additional information regarding copyright ownership. 5 * The ASF licenses this file to You under the Apache License, Version 2.0 6 * (the "License"); you may not use this file except in compliance with 7 * the License. You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 18 package javax.net.ssl; 19 20 import java.security.cert.CertificateException; 21 import java.security.cert.X509Certificate; 22 23 /** 24 * The trust manager for X509 certificates to be used to perform authentication 25 * for secure sockets. 26 */ 27 public interface X509TrustManager extends TrustManager { 28 29 /** 30 * Checks whether the specified certificate chain (partial or complete) can 31 * be validated and is trusted for client authentication for the specified 32 * authentication type. 33 * 34 * @param chain 35 * the certificate chain to validate. 36 * @param authType 37 * the authentication type used. 38 * @throws CertificateException 39 * if the certificate chain can't be validated or isn't trusted. 40 * @throws IllegalArgumentException 41 * if the specified certificate chain is empty or {@code null}, 42 * or if the specified authentication type is {@code null} or an 43 * empty string. 44 */ 45 public void checkClientTrusted(X509Certificate[] chain, String authType) 46 throws CertificateException; 47 48 49 /** 50 * Checks whether the specified certificate chain (partial or complete) can 51 * be validated and is trusted for server authentication for the specified 52 * key exchange algorithm. 53 * 54 * @param chain 55 * the certificate chain to validate. 56 * @param authType 57 * the key exchange algorithm name. 58 * @throws CertificateException 59 * if the certificate chain can't be validated or isn't trusted. 60 * @throws IllegalArgumentException 61 * if the specified certificate chain is empty or {@code null}, 62 * or if the specified authentication type is {@code null} or an 63 * empty string. 64 */ 65 public void checkServerTrusted(X509Certificate[] chain, String authType) 66 throws CertificateException; 67 68 /** 69 * Returns the list of certificate issuer authorities which are trusted for 70 * authentication of peers. 71 * 72 * @return the list of certificate issuer authorities which are trusted for 73 * authentication of peers. 74 */ 75 public X509Certificate[] getAcceptedIssuers(); 76 } 77