All Packages  Class Hierarchy  This Package  Previous  Next  Index

Interface sun.security.TrustDecider

public interface TrustDecider
This interface is supported by "callback" objects used when making trust decisions. All such decisions are for specific purposes, named by strings which for now include:

Subsystems which accept entities that are authenticated by X.509 certificate chains restrict their operations to validating basic validity of those certificates, and defer policy decisions to components which are contacted by using this callback interface.

Implementations of this interface encapsulate the authentication policies used by an application. So for example some policies might require checking of Certificate Revocation Lists (CRLs), or rejecting certificate chains based on what Certificate Authorities (CAs) are used within the certificate chain.

Initializing an authentication context usually involves providing it with an object which implements this interface. When no such object is provided, the default decision is to extend trust.

See Also:
AuthContext

Method Index

 o getAcceptedCAs(String)
Returns a list of CAs accepted to authenticate entities for the specified purpose.
 o isTrustedFor(X509Cert[], String)
Returns true if the entity named by the certificate chain is trusted for the specified purpose.

Methods

 o isTrustedFor
  public abstract boolean isTrustedFor(X509Cert entity[],
                                       String purpose)
Returns true if the entity named by the certificate chain is trusted for the specified purpose. That chain will normally be a complete certificate chain: an entity's certificate first, then the certificate for that entity's CA, and so on up to a "root" CA's self-signed certificate. Signatures and validity periods on certificates will already have been approved by the code which calls this method.

Logic of the code implementing this test will normally be to go to the topmost (last) element in the chain, and then check if that entity (a CA, unless the chain has a single element) is trusted for that purpose. If so, true will be returned. Else, CAs lower on the chain will then be checked similarly, and finally the certificate at the head of the chain. If none of the CAs is trusted, and even the entity's own certificate is not trusted, then the chain will be untrusted. (The goal is to use CAs that are trusted, to minimize the complexity of these tests and of the certificate management subystem.)

However, many other trust policies may be implemented. For example, there may be restrictions on the length of a certificate chain, or about cross-certification (that is, the X.500 naming hierarchy may matter). This policy check would be expected to address certificate revocation, if that is recognized in the context of this security policy. Specific signature algorithms might be required, or rejected; attributes in the certificate may preclude extending some kinds of trust; and so on.

Parameters:
chain - certificates which establish an identity.
purpose - activity for which trust is being checked.
Returns:
true iff the entity is trusted for that purpose.
 o getAcceptedCAs
  public abstract X509Cert[] getAcceptedCAs(String purpose)
Returns a list of CAs accepted to authenticate entities for the specified purpose. This list is used to help narrow the set of certificates that a peer will use to authenticate itself. The isTrustedFor method is still used to determine whether a given peer identity will be accepted.

Parameters:
purpose - activity for which CAs should be trusted
Returns:
list of CAs accepted for authenticating such tasks

All Packages  Class Hierarchy  This Package  Previous  Next  Index