1 /*
2 * ====================================================================
3 * Licensed to the Apache Software Foundation (ASF) under one
4 * or more contributor license agreements. See the NOTICE file
5 * distributed with this work for additional information
6 * regarding copyright ownership. The ASF licenses this file
7 * to you under the Apache License, Version 2.0 (the
8 * "License"); you may not use this file except in compliance
9 * with the License. You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing,
14 * software distributed under the License is distributed on an
15 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16 * KIND, either express or implied. See the License for the
17 * specific language governing permissions and limitations
18 * under the License.
19 * ====================================================================
20 *
21 * This software consists of voluntary contributions made by many
22 * individuals on behalf of the Apache Software Foundation. For more
23 * information on the Apache Software Foundation, please see
24 * <http://www.apache.org/>.
25 *
26 */
27 package org.apache.hc.core5.ssl;
28
29 import java.security.cert.CertificateException;
30 import java.security.cert.X509Certificate;
31
32 /**
33 * A strategy to establish trustworthiness of certificates without consulting the trust manager
34 * configured in the actual SSL context. This interface can be used to override the standard
35 * JSSE certificate verification process.
36 *
37 * <h2>Security Warning</h2>
38 * If a trust strategy considers a certificate chain to be trusted, then the default trust manager
39 * will not be consulted. Trust strategy implementations should therefore consider properly checking
40 * the complete certificate chain. Checking for example only the subject of a certificate does not
41 * protect against man-in-the-middle attacks. For self-signed certificates prefer specifying a keystore
42 * containing the certificate chain when calling the {@link SSLContextBuilder} {@code loadTrustMaterial}
43 * methods instead of implementing a custom trust strategy.
44 *
45 * <p>A trust strategy alone cannot be used for certificate pinning. When {@code isTrusted} returns
46 * {@code false} the certificate check falls back to the trust manager which might consider
47 * the certificate trusted. See the {@link #isTrusted(X509Certificate[], String)} documentation.
48 *
49 * @see SSLContextBuilder
50 * @since 4.4
51 */
52 public interface TrustStrategy {
53
54 /**
55 * Determines whether the certificate chain can be trusted without consulting the trust manager
56 * configured in the actual SSL context. This method can be used to override the standard JSSE
57 * certificate verification process.
58 * <p>
59 * Please note that, if this method returns {@code false}, the trust manager configured
60 * in the actual SSL context can still clear the certificate as trusted.
61 *
62 * @param chain the peer certificate chain
63 * @param authType the authentication type based on the client certificate
64 * @return {@code true} if the certificate can be trusted without verification by
65 * the trust manager, {@code false} otherwise.
66 * @throws CertificateException thrown if the certificate is not trusted or invalid.
67 */
68 boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException;
69
70 }