Package no.digipost.signature.client.core.internal.http

Class SignatureApiTrustStrategy

java.lang.Object

no.digipost.signature.client.core.internal.http.SignatureApiTrustStrategy

All Implemented Interfaces:

org.apache.hc.core5.ssl.TrustStrategy

public final class SignatureApiTrustStrategy
extends Object
implements org.apache.hc.core5.ssl.TrustStrategy

Constructor Summary

Constructors

Constructor	Description
SignatureApiTrustStrategy(CertificateChainValidation certificateChainValidation)

Method Summary

Modifier and Type	Method	Description
boolean	isTrusted(X509Certificate[] chain, String authType)	Verify that the server certificate is trusted.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SignatureApiTrustStrategy

public SignatureApiTrustStrategy(CertificateChainValidation certificateChainValidation)

Method Details

isTrusted

public boolean isTrusted(X509Certificate[] chain,
 String authType)

Verify that the server certificate is trusted. Note that we have to throw an Exception to make sure that invalid certificates will be denied. The http client TrustStrategy can only be used to used to state that a server certificate is to be trusted without consulting the standard Java certificate verification process. Unintuitively returns false when the CertificateChainValidation determines the chain to be CertificateChainValidation.Result.TRUSTED to make sure http client will run the Java certificate verification process, which will verify the certificate against the trust store, making sure that it's actually issued by a trusted CA.

Specified by:

isTrusted in interface org.apache.hc.core5.ssl.TrustStrategy

See Also:

• X509TrustManager.checkServerTrusted(X509Certificate[], String)