ICertificateTrustVerifier.java example

Explorer
eu.geclipse.core-master
/*****************************************************************************
 * Copyright (c) 2008 g-Eclipse Consortium 
 * All rights reserved. This program and the accompanying materials
 * are made available under the terms of the Eclipse Public License v1.0
 * which accompanies this distribution, and is available at
 * http://www.eclipse.org/legal/epl-v10.html
 *
 * Initial development of the original code was made for the
 * g-Eclipse project founded by European Union
 * project number: FP6-IST-034327  http://www.geclipse.eu/
 *
 * Contributors:
 *    Mathias Stuempert - initial API and implementation
 *****************************************************************************/

package eu.geclipse.core.security;

import java.security.cert.X509Certificate;

/**
 * Base interface for classes that verify the trust of a certificate chain.
 * Classes can be registered with the eu.geclipse.core.certificateTrustVerifier
 * extension point.
 */
public interface ICertificateTrustVerifier {
  
  /**
   * The trust mode of the certificate.
   */
  public enum TrustMode {
    
    /**
     * Trust mode could not be established.
     */
    None,
    
    /**
     * Trust mode for never trusting a certificate.
     */
    Never,
    
    /**
     * Trust mode for temporarily not trusting a certificate.
     */
    NotNow,
    
    /**
     * Trust mode for temporarily trusting a certificate.
     */
    Temporarily,
    
    /**
     * Trust mode for trusting a certificate within the current session.
     */
    Session,
    
    /**
     * Trust mode for permanently trusting a certificate.
     */
    Permanent;
    
    /**
     * Determine if the trust mode denotes a trust state.
     * 
     * @return <code>True</code> if the trust mode is <code>Temporarily</code>.
     * <code>Session</code> or <code>Permanent</code>.
     */
    public boolean isTrusted() {
      return ordinal() > NotNow.ordinal();
    }
    
    /**
     * Determine if the trust mode is a valid mode. Invalid modes are either
     * non-specified modes or <code>None</code>.
     * 
     * @return <code>True</code> if the trust mode is a valid one.
     */
    public boolean isValid() {
      return ( ordinal() >= Never.ordinal() ) && ( ordinal() <= Permanent.ordinal() );
    }
    
  }
  
  /**
   * Verify the trust mode of the specified certificate chain.
   * 
   * @param chain The certificate chain that should be verified.
   * @return One of the defined trust modes.
   */
  public TrustMode verifyTrust( final X509Certificate[] chain );
  
}