org.opends.server.extensions
Class BlindTrustManagerProvider

java.lang.Object
  extended by org.opends.server.api.TrustManagerProvider<BlindTrustManagerProviderCfg>
      extended by org.opends.server.extensions.BlindTrustManagerProvider
All Implemented Interfaces:
javax.net.ssl.TrustManager, javax.net.ssl.X509TrustManager

public class BlindTrustManagerProvider
extends TrustManagerProvider<BlindTrustManagerProviderCfg>
implements javax.net.ssl.X509TrustManager

This class provides an implementation of a trust manager provider that will indicate that any certificate presented should be blindly trusted by the Directory Server. This can provide convenience and ease of use, but that added convenience will be at the expense of security and therefore it should not be used in environments in which the clients may not be considered trustworthy.


Constructor Summary
BlindTrustManagerProvider()
          Creates a new instance of this blind trust manager provider.
 
Method Summary
 void checkClientTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType)
          Determines whether an SSL client with the provided certificate chain should be trusted.
 void checkServerTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType)
          Determines whether an SSL server with the provided certificate chain should be trusted.
 void finalizeTrustManagerProvider()
          Performs any finalization that may be necessary for this trust manager provider.
 java.security.cert.X509Certificate[] getAcceptedIssuers()
          Retrieves the set of certificate authority certificates which are trusted for authenticating peers.
 javax.net.ssl.TrustManager[] getTrustManagers()
          Retrieves a set of TrustManager objects that may be used for interactions requiring access to a trust manager.
 void initializeTrustManagerProvider(BlindTrustManagerProviderCfg configuration)
          Initializes this trust manager provider based on the information in the provided configuration entry.
 
Methods inherited from class org.opends.server.api.TrustManagerProvider
isConfigurationAcceptable
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

BlindTrustManagerProvider

public BlindTrustManagerProvider()
Creates a new instance of this blind trust manager provider. The initializeTrustManagerProvider method must be called on the resulting object before it may be used.

Method Detail

initializeTrustManagerProvider

public void initializeTrustManagerProvider(BlindTrustManagerProviderCfg configuration)
                                    throws ConfigException,
                                           InitializationException
Initializes this trust manager provider based on the information in the provided configuration entry.

Specified by:
initializeTrustManagerProvider in class TrustManagerProvider<BlindTrustManagerProviderCfg>
Parameters:
configuration - The configuration to use for this trust manager provider.
Throws:
ConfigException - If an unrecoverable problem arises in the process of performing the initialization as a result of the server configuration.
InitializationException - If a problem occurs during initialization that is not related to the server configuration.

finalizeTrustManagerProvider

public void finalizeTrustManagerProvider()
Performs any finalization that may be necessary for this trust manager provider.

Specified by:
finalizeTrustManagerProvider in class TrustManagerProvider<BlindTrustManagerProviderCfg>

getTrustManagers

public javax.net.ssl.TrustManager[] getTrustManagers()
                                              throws DirectoryException
Retrieves a set of TrustManager objects that may be used for interactions requiring access to a trust manager.

Specified by:
getTrustManagers in class TrustManagerProvider<BlindTrustManagerProviderCfg>
Returns:
A set of TrustManager objects that may be used for interactions requiring access to a trust manager.
Throws:
DirectoryException - If a problem occurs while attempting to obtain the set of trust managers.

checkClientTrusted

public void checkClientTrusted(java.security.cert.X509Certificate[] chain,
                               java.lang.String authType)
Determines whether an SSL client with the provided certificate chain should be trusted. In this case, all client certificates will be trusted.

Specified by:
checkClientTrusted in interface javax.net.ssl.X509TrustManager
Parameters:
chain - The certificate chain for the SSL client.
authType - The authentication type based on the client certificate.

checkServerTrusted

public void checkServerTrusted(java.security.cert.X509Certificate[] chain,
                               java.lang.String authType)
Determines whether an SSL server with the provided certificate chain should be trusted. In this case, all server certificates will be trusted.

Specified by:
checkServerTrusted in interface javax.net.ssl.X509TrustManager
Parameters:
chain - The certificate chain for the SSL server.
authType - The key exchange algorithm used.

getAcceptedIssuers

public java.security.cert.X509Certificate[] getAcceptedIssuers()
Retrieves the set of certificate authority certificates which are trusted for authenticating peers.

Specified by:
getAcceptedIssuers in interface javax.net.ssl.X509TrustManager
Returns:
An empty array, since we don't care what certificates are presented because we will trust them all.