org.opends.admin.ads.util
Class ApplicationTrustManager

java.lang.Object
  extended by org.opends.admin.ads.util.ApplicationTrustManager
All Implemented Interfaces:
javax.net.ssl.TrustManager, javax.net.ssl.X509TrustManager

public class ApplicationTrustManager
extends java.lang.Object
implements javax.net.ssl.X509TrustManager

This class is in charge of checking whether the certificates that are presented are trusted or not. This implementation tries to check also that the subject DN of the certificate corresponds to the host passed using the setHostName method. The constructor tries to use a default TrustManager from the system and if it cannot be retrieved this class will only accept the certificates explicitly accepted by the user (and specified by calling acceptCertificate). NOTE: this class is not aimed to be used when we have connections in paralel.


Nested Class Summary
static class ApplicationTrustManager.Cause
          The enumeration for the different causes for which the trust manager can refuse to accept a certificate.
 
Constructor Summary
ApplicationTrustManager(java.security.KeyStore keystore)
          The default constructor.
 
Method Summary
 void acceptCertificate(java.security.cert.X509Certificate[] chain, java.lang.String authType, java.lang.String host)
          This method is called when the user accepted a certificate.
 void checkClientTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType)
          
 void checkServerTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType)
          
 ApplicationTrustManager createCopy()
          Creates a copy of this ApplicationTrustManager.
 java.security.cert.X509Certificate[] getAcceptedIssuers()
          
 java.lang.String getLastRefusedAuthType()
          Returns the authentication type for the last refused certificate.
 ApplicationTrustManager.Cause getLastRefusedCause()
          Returns the last cause for refusal of a certificate.
 java.security.cert.X509Certificate[] getLastRefusedChain()
          Returns the certificate chain for the last refused certificate.
 void resetLastRefusedItems()
          This is a method used to set to null the different members that provide information about the last refused certificate.
 void setHost(java.lang.String host)
          Sets the host name we are trying to contact in a secure mode.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

ApplicationTrustManager

public ApplicationTrustManager(java.security.KeyStore keystore)
The default constructor.

Parameters:
keystore - The keystore to use for this trustmanager.
Method Detail

checkClientTrusted

public void checkClientTrusted(java.security.cert.X509Certificate[] chain,
                               java.lang.String authType)
                        throws java.security.cert.CertificateException

Specified by:
checkClientTrusted in interface javax.net.ssl.X509TrustManager
Throws:
java.security.cert.CertificateException

checkServerTrusted

public void checkServerTrusted(java.security.cert.X509Certificate[] chain,
                               java.lang.String authType)
                        throws java.security.cert.CertificateException

Specified by:
checkServerTrusted in interface javax.net.ssl.X509TrustManager
Throws:
java.security.cert.CertificateException

getAcceptedIssuers

public java.security.cert.X509Certificate[] getAcceptedIssuers()

Specified by:
getAcceptedIssuers in interface javax.net.ssl.X509TrustManager

acceptCertificate

public void acceptCertificate(java.security.cert.X509Certificate[] chain,
                              java.lang.String authType,
                              java.lang.String host)
This method is called when the user accepted a certificate.

Parameters:
chain - the certificate chain accepted by the user.
authType - the authentication type.
host - the host we tried to connect and that presented the certificate.

setHost

public void setHost(java.lang.String host)
Sets the host name we are trying to contact in a secure mode. This method is used if we want to verify the correspondance between the hostname and the subject DN of the certificate that is being presented. If this method is never called (or called passing null) no verification will be made on the host name.

Parameters:
host - the host name we are trying to contact in a secure mode.

resetLastRefusedItems

public void resetLastRefusedItems()
This is a method used to set to null the different members that provide information about the last refused certificate. It is recommended to call this method before trying to establish a connection using this trust manager.


createCopy

public ApplicationTrustManager createCopy()
Creates a copy of this ApplicationTrustManager.

Returns:
a copy of this ApplicationTrustManager.

getLastRefusedAuthType

public java.lang.String getLastRefusedAuthType()
Returns the authentication type for the last refused certificate.

Returns:
the authentication type for the last refused certificate.

getLastRefusedCause

public ApplicationTrustManager.Cause getLastRefusedCause()
Returns the last cause for refusal of a certificate.

Returns:
the last cause for refusal of a certificate.

getLastRefusedChain

public java.security.cert.X509Certificate[] getLastRefusedChain()
Returns the certificate chain for the last refused certificate.

Returns:
the certificate chain for the last refused certificate.