org.mozilla.jss.ssl

Interface SSLCertificateApprovalCallback

public interface SSLCertificateApprovalCallback

This interface is what you should implement if you want to be able to decide whether or not you want to approve the peer's cert, instead of having NSS do that.
Nested Class Summary
static classSSLCertificateApprovalCallback.ValidityItem
static classSSLCertificateApprovalCallback.ValidityStatus
This class holds details about the errors for each cert in the chain that the server presented To use this class, getReasons(), then iterate over the enumeration
Method Summary
booleanapprove(X509Certificate cert, SSLCertificateApprovalCallback.ValidityStatus status)
This method is called when the server sends it's certificate to the client.

Method Detail

approve

public boolean approve(X509Certificate cert, SSLCertificateApprovalCallback.ValidityStatus status)
This method is called when the server sends it's certificate to the client. The 'status' argument passed to this method is constructed by NSS. It's a list of things 'wrong' with the certificate (which you can see by calling the status.getReasons() method. So, if there are problems regarding validity or trust of any of the certificates in the chain, you can present this info to the user. If there are no items in the Enumeration returned by getReasons(), you can assume that the certificate is trustworthy, and return true, or you can continue to make further tests of your own to determine trustworthiness.

Parameters: cert the peer's server certificate status the ValidityStatus object containing a list of all the problems with the cert

Returns: true allow the connection to continue
false terminate the connection (Expect an IOException on the outstanding read()/write() on the socket)