public interface TrustStrategy
SSLContextBuilder
loadTrustMaterial
methods instead of implementing a custom trust strategy.
A trust strategy alone cannot be used for certificate pinning. When isTrusted
returns
false
the certificate check falls back to the trust manager which might consider
the certificate trusted. See the isTrusted(X509Certificate[], String)
documentation.
SSLContextBuilder
Modifier and Type | Method and Description |
---|---|
boolean |
isTrusted(X509Certificate[] chain,
String authType)
Determines whether the certificate chain can be trusted without consulting the trust manager
configured in the actual SSL context.
|
boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException
Please note that, if this method returns false
, the trust manager configured
in the actual SSL context can still clear the certificate as trusted.
chain
- the peer certificate chainauthType
- the authentication type based on the client certificatetrue
if the certificate can be trusted without verification by
the trust manager, false
otherwise.CertificateException
- thrown if the certificate is not trusted or invalid.Copyright © 2005–2021 The Apache Software Foundation. All rights reserved.