public interface TrustConfirmationProvider
Used by Credential Manager when looking up the username and password for the service in its Keystore - if it cannot find anything it will loop through all providers until one can provide them. If none can, the service invocation will (most probably) fail.
A typical implementation of this class would pop up a dialog and ask the user
for the password. Such providers should check
GraphicsEnvironment#isHeadless()
before returning to avoid attempts
to pop up dialogues on server/headless installations.
It is safe to return null
if the provider does not have an
opinion.
CredentialManager
Modifier and Type | Method and Description |
---|---|
Boolean |
shouldTrustCertificate(X509Certificate[] chain)
If the given public key certificate should be trusted or not.
|
Boolean shouldTrustCertificate(X509Certificate[] chain)
This method is called when a SSL connection is attempted to a service which certificate could not be confirmed using the Credential Manager's Truststore (i.e. it could not be found there).
A typical implementation of this class would pop up a dialog and ask the
user if they want to trust the service. Such providers should check
GraphicsEnvironment#isHeadless()
before returning to avoid
attempts to pop up dialogues on server/headless installations.
The provider can return null
if it does not have an opinion
whether the certificate should be trusted or not (in which case other
providers will be asked), or an instance of TrustConfirmation
confirming or denying if the certificate is to be trusted.
If the provider returns true
, the Credential Manager will
also save the first certificate of the certificate chain (chain[0]) in
its Truststore so the user will not be asked next time.
chain
- X509 certificate chain to confirm whether it is trusted or notnull
if the provider does not have an opinion,
true
if certificate is to be trusted and
false
if not.Copyright © 2015–2016 The Apache Software Foundation. All rights reserved.