001    /*
002     * CDDL HEADER START
003     *
004     * The contents of this file are subject to the terms of the
005     * Common Development and Distribution License, Version 1.0 only
006     * (the "License").  You may not use this file except in compliance
007     * with the License.
008     *
009     * You can obtain a copy of the license at
010     * trunk/opends/resource/legal-notices/OpenDS.LICENSE
011     * or https://OpenDS.dev.java.net/OpenDS.LICENSE.
012     * See the License for the specific language governing permissions
013     * and limitations under the License.
014     *
015     * When distributing Covered Code, include this CDDL HEADER in each
016     * file and include the License file at
017     * trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
018     * add the following below this CDDL HEADER, with the fields enclosed
019     * by brackets "[]" replaced with your own identifying information:
020     *      Portions Copyright [yyyy] [name of copyright owner]
021     *
022     * CDDL HEADER END
023     *
024     *
025     *      Copyright 2006-2008 Sun Microsystems, Inc.
026     */
027    package org.opends.server.extensions;
028    
029    
030    
031    import java.security.cert.X509Certificate;
032    import javax.net.ssl.TrustManager;
033    import javax.net.ssl.X509TrustManager;
034    
035    import org.opends.server.admin.std.server.BlindTrustManagerProviderCfg;
036    import org.opends.server.api.TrustManagerProvider;
037    import org.opends.server.config.ConfigException;
038    import org.opends.server.types.DirectoryException;
039    import org.opends.server.types.InitializationException;
040    
041    
042    
043    /**
044     * This class provides an implementation of a trust manager provider that will
045     * indicate that any certificate presented should be blindly trusted by the
046     * Directory Server.  This can provide convenience and ease of use, but that
047     * added convenience will be at the expense of security and therefore it should
048     * not be used in environments in which the clients may not be considered
049     * trustworthy.
050     */
051    public class BlindTrustManagerProvider
052           extends TrustManagerProvider<BlindTrustManagerProviderCfg>
053           implements X509TrustManager
054    {
055      /**
056       * Creates a new instance of this blind trust manager provider.  The
057       * <CODE>initializeTrustManagerProvider</CODE> method must be called on the
058       * resulting object before it may be used.
059       */
060      public BlindTrustManagerProvider()
061      {
062        // No implementation is required.
063      }
064    
065    
066    
067      /**
068       * {@inheritDoc}
069       */
070      @Override()
071      public void initializeTrustManagerProvider(
072                      BlindTrustManagerProviderCfg configuration)
073             throws ConfigException, InitializationException
074      {
075        // No implementation is required.
076      }
077    
078    
079    
080      /**
081       * Performs any finalization that may be necessary for this trust manager
082       * provider.
083       */
084      @Override()
085      public void finalizeTrustManagerProvider()
086      {
087        // No implementation is required.
088      }
089    
090    
091    
092      /**
093       * {@inheritDoc}
094       */
095      @Override()
096      public TrustManager[] getTrustManagers()
097             throws DirectoryException
098      {
099        return new TrustManager[] { this };
100      }
101    
102    
103    
104      /**
105       * Determines whether an SSL client with the provided certificate chain should
106       * be trusted.  In this case, all client certificates will be trusted.
107       *
108       * @param  chain     The certificate chain for the SSL client.
109       * @param  authType  The authentication type based on the client certificate.
110       */
111      public void checkClientTrusted(X509Certificate[] chain, String authType)
112      {
113        // As long as we don't throw an exception, then the client certificate will
114        // be considered trusted.
115      }
116    
117    
118    
119      /**
120       * Determines whether an SSL server with the provided certificate chain should
121       * be trusted.  In this case, all server certificates will be trusted.
122       *
123       * @param  chain     The certificate chain for the SSL server.
124       * @param  authType  The key exchange algorithm used.
125       */
126      public void checkServerTrusted(X509Certificate[] chain, String authType)
127      {
128        // As long as we don't throw an exception, then the server certificate will
129        // be considered trusted.
130      }
131    
132    
133    
134      /**
135       * Retrieves the set of certificate authority certificates which are trusted
136       * for authenticating peers.
137       *
138       * @return  An empty array, since we don't care what certificates are
139       *          presented because we will trust them all.
140       */
141      public X509Certificate[] getAcceptedIssuers()
142      {
143        return new X509Certificate[0];
144      }
145    }
146