Home | History | Annotate | Download | only in ssl 
      1 /*
      2  *  Licensed to the Apache Software Foundation (ASF) under one or more
      3  *  contributor license agreements.  See the NOTICE file distributed with
      4  *  this work for additional information regarding copyright ownership.
      5  *  The ASF licenses this file to You under the Apache License, Version 2.0
      6  *  (the "License"); you may not use this file except in compliance with
      7  *  the License.  You may obtain a copy of the License at
      8  *
      9  *     http://www.apache.org/licenses/LICENSE-2.0
     10  *
     11  *  Unless required by applicable law or agreed to in writing, software
     12  *  distributed under the License is distributed on an "AS IS" BASIS,
     13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     14  *  See the License for the specific language governing permissions and
     15  *  limitations under the License.
     16  */
     17 
     18 package javax.net.ssl;
     19 
     20 import java.security.cert.CertificateException;
     21 import java.security.cert.X509Certificate;
     22 
     23 /**
     24  * The trust manager for X509 certificates to be used to perform authentication
     25  * for secure sockets.
     26  */
     27 public interface X509TrustManager extends TrustManager {
     28 
     29     /**
     30      * Checks whether the specified certificate chain (partial or complete) can
     31      * be validated and is trusted for client authentication for the specified
     32      * authentication type.
     33      *
     34      * @param chain
     35      *            the certificate chain to validate.
     36      * @param authType
     37      *            the authentication type used.
     38      * @throws CertificateException
     39      *             if the certificate chain can't be validated or isn't trusted.
     40      * @throws IllegalArgumentException
     41      *             if the specified certificate chain is empty or {@code null},
     42      *             or if the specified authentication type is {@code null} or an
     43      *             empty string.
     44      */
     45     public void checkClientTrusted(X509Certificate[] chain, String authType)
     46             throws CertificateException;
     47 
     48 
     49     /**
     50      * Checks whether the specified certificate chain (partial or complete) can
     51      * be validated and is trusted for server authentication for the specified
     52      * key exchange algorithm.
     53      *
     54      * @param chain
     55      *            the certificate chain to validate.
     56      * @param authType
     57      *            the key exchange algorithm name.
     58      * @throws CertificateException
     59      *             if the certificate chain can't be validated or isn't trusted.
     60      * @throws IllegalArgumentException
     61      *             if the specified certificate chain is empty or {@code null},
     62      *             or if the specified authentication type is {@code null} or an
     63      *             empty string.
     64      */
     65     public void checkServerTrusted(X509Certificate[] chain, String authType)
     66             throws CertificateException;
     67 
     68     /**
     69      * Returns the list of certificate issuer authorities which are trusted for
     70      * authentication of peers.
     71      *
     72      * @return the list of certificate issuer authorities which are trusted for
     73      *         authentication of peers.
     74      */
     75     public X509Certificate[] getAcceptedIssuers();
     76 }
     77