1 /* 2 * ==================================================================== 3 * Licensed to the Apache Software Foundation (ASF) under one 4 * or more contributor license agreements. See the NOTICE file 5 * distributed with this work for additional information 6 * regarding copyright ownership. The ASF licenses this file 7 * to you under the Apache License, Version 2.0 (the 8 * "License"); you may not use this file except in compliance 9 * with the License. You may obtain a copy of the License at 10 * 11 * http://www.apache.org/licenses/LICENSE-2.0 12 * 13 * Unless required by applicable law or agreed to in writing, 14 * software distributed under the License is distributed on an 15 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 * KIND, either express or implied. See the License for the 17 * specific language governing permissions and limitations 18 * under the License. 19 * ==================================================================== 20 * 21 * This software consists of voluntary contributions made by many 22 * individuals on behalf of the Apache Software Foundation. For more 23 * information on the Apache Software Foundation, please see 24 * <http://www.apache.org/>. 25 * 26 */ 27 package org.apache.hc.core5.ssl; 28 29 import java.security.cert.CertificateException; 30 import java.security.cert.X509Certificate; 31 32 /** 33 * A strategy to establish trustworthiness of certificates without consulting the trust manager 34 * configured in the actual SSL context. This interface can be used to override the standard 35 * JSSE certificate verification process. 36 * 37 * @since 4.4 38 */ 39 public interface TrustStrategy { 40 41 /** 42 * Determines whether the certificate chain can be trusted without consulting the trust manager 43 * configured in the actual SSL context. This method can be used to override the standard JSSE 44 * certificate verification process. 45 * <p> 46 * Please note that, if this method returns {@code false}, the trust manager configured 47 * in the actual SSL context can still clear the certificate as trusted. 48 * 49 * @param chain the peer certificate chain 50 * @param authType the authentication type based on the client certificate 51 * @return {@code true} if the certificate can be trusted without verification by 52 * the trust manager, {@code false} otherwise. 53 * @throws CertificateException thrown if the certificate is not trusted or invalid. 54 */ 55 boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException; 56 57 }