1 /* 2 * ==================================================================== 3 * Licensed to the Apache Software Foundation (ASF) under one 4 * or more contributor license agreements. See the NOTICE file 5 * distributed with this work for additional information 6 * regarding copyright ownership. The ASF licenses this file 7 * to you under the Apache License, Version 2.0 (the 8 * "License"); you may not use this file except in compliance 9 * with the License. You may obtain a copy of the License at 10 * 11 * http://www.apache.org/licenses/LICENSE-2.0 12 * 13 * Unless required by applicable law or agreed to in writing, 14 * software distributed under the License is distributed on an 15 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 * KIND, either express or implied. See the License for the 17 * specific language governing permissions and limitations 18 * under the License. 19 * ==================================================================== 20 * 21 * This software consists of voluntary contributions made by many 22 * individuals on behalf of the Apache Software Foundation. For more 23 * information on the Apache Software Foundation, please see 24 * <http://www.apache.org/>. 25 * 26 */ 27 package org.apache.hc.client5.http.ssl; 28 29 import java.security.cert.CertificateException; 30 import java.security.cert.X509Certificate; 31 32 import org.apache.hc.core5.annotation.Contract; 33 import org.apache.hc.core5.annotation.ThreadingBehavior; 34 import org.apache.hc.core5.ssl.TrustStrategy; 35 36 /** 37 * A trust strategy that accepts self-signed certificates as trusted. Verification of all other 38 * certificates is done by the trust manager configured in the SSL context. 39 * 40 * <h2>Security Warning</h2> 41 * This acts like {@link TrustAllStrategy}, with the only restriction that the certificate chain 42 * must have length 1. This means this trust strategy does not protect against man-in-the-middle 43 * attacks. See the {@link TrustAllStrategy} for more information and more secure alternatives. 44 * 45 * @deprecated 46 * For self-signed certificates prefer specifying a keystore containing the certificate when 47 * calling the {@link org.apache.hc.core5.ssl.SSLContextBuilder} {@code loadTrustMaterial} 48 * methods. 49 * @since 4.1 50 */ 51 @Deprecated 52 @Contract(threading = ThreadingBehavior.STATELESS) 53 public class TrustSelfSignedStrategy implements TrustStrategy { 54 55 /** 56 * Default instance of {@link TrustSelfSignedStrategy} 57 */ 58 public static final TrustSelfSignedStrategy INSTANCE = new TrustSelfSignedStrategy(); 59 60 @Override 61 public boolean isTrusted( 62 final X509Certificate[] chain, final String authType) throws CertificateException { 63 return chain.length == 1; 64 } 65 66 }