public interface TrustConfirmationProvider
Used by Credential Manager when looking up the username and password for the service in its Keystore - if it cannot find anything it will loop through all providers until one can provide them. If none can, the service invocation will (most probably) fail.
A typical implementation of this class would pop up a dialog and ask the user
for the password. Such providers should check
GraphicsEnvironment#isHeadless() before returning to avoid attempts
to pop up dialogues on server/headless installations.
It is safe to return
null if the provider does not have an
Boolean shouldTrustCertificate(X509Certificate chain)
This method is called when a SSL connection is attempted to a service which certificate could not be confirmed using the Credential Manager's Truststore (i.e. it could not be found there).
A typical implementation of this class would pop up a dialog and ask the
user if they want to trust the service. Such providers should check
GraphicsEnvironment#isHeadless() before returning to avoid
attempts to pop up dialogues on server/headless installations.
The provider can return
null if it does not have an opinion
whether the certificate should be trusted or not (in which case other
providers will be asked), or an instance of
confirming or denying if the certificate is to be trusted.
If the provider returns
true, the Credential Manager will
also save the first certificate of the certificate chain (chain) in
its Truststore so the user will not be asked next time.
chain- X509 certificate chain to confirm whether it is trusted or not
nullif the provider does not have an opinion,
trueif certificate is to be trusted and
Copyright © 2015–2016 The Apache Software Foundation. All rights reserved.