michael@0: /*
michael@0:  * ====================================================================
michael@0:  * Licensed to the Apache Software Foundation (ASF) under one
michael@0:  * or more contributor license agreements.  See the NOTICE file
michael@0:  * distributed with this work for additional information
michael@0:  * regarding copyright ownership.  The ASF licenses this file
michael@0:  * to you under the Apache License, Version 2.0 (the
michael@0:  * "License"); you may not use this file except in compliance
michael@0:  * with the License.  You may obtain a copy of the License at
michael@0:  *
michael@0:  *   http://www.apache.org/licenses/LICENSE-2.0
michael@0:  *
michael@0:  * Unless required by applicable law or agreed to in writing,
michael@0:  * software distributed under the License is distributed on an
michael@0:  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
michael@0:  * KIND, either express or implied.  See the License for the
michael@0:  * specific language governing permissions and limitations
michael@0:  * under the License.
michael@0:  * ====================================================================
michael@0:  *
michael@0:  * This software consists of voluntary contributions made by many
michael@0:  * individuals on behalf of the Apache Software Foundation.  For more
michael@0:  * information on the Apache Software Foundation, please see
michael@0:  * <http://www.apache.org/>.
michael@0:  *
michael@0:  */
michael@0: package ch.boye.httpclientandroidlib.conn.ssl;
michael@0: 
michael@0: import java.security.cert.CertificateException;
michael@0: import java.security.cert.X509Certificate;
michael@0: 
michael@0: /**
michael@0:  * A strategy to establish trustworthiness of certificates without consulting the trust manager
michael@0:  * configured in the actual SSL context. This interface can be used to override the standard
michael@0:  * JSSE certificate verification process.
michael@0:  *
michael@0:  * @since 4.1
michael@0:  */
michael@0: public interface TrustStrategy {
michael@0: 
michael@0:     /**
michael@0:      * Determines whether the certificate chain can be trusted without consulting the trust manager
michael@0:      * configured in the actual SSL context. This method can be used to override the standard JSSE
michael@0:      * certificate verification process.
michael@0:      * <p>
michael@0:      * Please note that, if this method returns <code>false</code>, the trust manager configured
michael@0:      * in the actual SSL context can still clear the certificate as trusted.
michael@0:      *
michael@0:      * @param chain the peer certificate chain
michael@0:      * @param authType the authentication type based on the client certificate
michael@0:      * @return <code>true</code> if the certificate can be trusted without verification by
michael@0:      *   the trust manager, <code>false</code> otherwise.
michael@0:      * @throws CertificateException thrown if the certificate is not trusted or invalid.
michael@0:      */
michael@0:     boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException;
michael@0: 
michael@0: }