won.cryptography.ssl

Class TOFUStrategy

java.lang.Object

won.cryptography.ssl.TOFUStrategy

All Implemented Interfaces:

org.apache.http.ssl.TrustStrategy

public class TOFUStrategy
extends java.lang.Object
implements org.apache.http.ssl.TrustStrategy

Trust on first use strategy: if certificate is already known and trusted (from previous communication) - trust it. If not yet in the store, and we can successfully add it to the store (no alias collision based on the provided alias generator) - trust it. Otherwise - don't trust. For example if we have already the certificate under the same alias in the store - we don't trust it because we already trust that other certificate (alias should represent the certificate owner unique id, e.g. for server it is usually the authority, for client can be anything). User: ypanchenko Date: 05.08.2015

Constructor Summary

Constructors

Constructor and Description
TOFUStrategy()

Method Summary

Modifier and Type	Method and Description
boolean	isTrusted(java.security.cert.X509Certificate[] x509Certificates, java.lang.String authType)
void	setAliasGenerator(AliasGenerator aliasGenerator)
void	setTrustStoreService(TrustStoreService trustStoreService)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

TOFUStrategy

public TOFUStrategy()

Method Detail

setTrustStoreService

public void setTrustStoreService(TrustStoreService trustStoreService)

setAliasGenerator

public void setAliasGenerator(AliasGenerator aliasGenerator)

isTrusted

public boolean isTrusted(java.security.cert.X509Certificate[] x509Certificates,
                         java.lang.String authType)
                  throws java.security.cert.CertificateException

Specified by:

isTrusted in interface org.apache.http.ssl.TrustStrategy

Throws:

java.security.cert.CertificateException