• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4  *
5  * This code is free software; you can redistribute it and/or modify it
6  * under the terms of the GNU General Public License version 2 only, as
7  * published by the Free Software Foundation.  Oracle designates this
8  * particular file as subject to the "Classpath" exception as provided
9  * by Oracle in the LICENSE file that accompanied this code.
10  *
11  * This code is distributed in the hope that it will be useful, but WITHOUT
12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14  * version 2 for more details (a copy is included in the LICENSE file that
15  * accompanied this code).
16  *
17  * You should have received a copy of the GNU General Public License version
18  * 2 along with this work; if not, write to the Free Software Foundation,
19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20  *
21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22  * or visit www.oracle.com if you need additional information or have any
23  * questions.
24  */
25 
26 package javax.net.ssl;
27 
28 import java.net.Socket;
29 import javax.net.ssl.X509TrustManager;
30 
31 import java.security.cert.X509Certificate;
32 import java.security.cert.CertificateException;
33 
34 /**
35  * Extensions to the <code>X509TrustManager</code> interface to support
36  * SSL/TLS connection sensitive trust management.
37  * <p>
38  * To prevent man-in-the-middle attacks, hostname checks can be done
39  * to verify that the hostname in an end-entity certificate matches the
40  * targeted hostname.  TLS does not require such checks, but some protocols
41  * over TLS (such as HTTPS) do.  In earlier versions of the JDK, the
42  * certificate chain checks were done at the SSL/TLS layer, and the hostname
43  * verification checks were done at the layer over TLS.  This class allows
44  * for the checking to be done during a single call to this class.
45  * <p>
46  * RFC 2830 defines the server identification specification for the "LDAPS"
47  * algorithm. RFC 2818 defines both the server identification and the
48  * client identification specification for the "HTTPS" algorithm.
49  *
50  * @see X509TrustManager
51  * @see HostnameVerifier
52  *
53  * @since 1.7
54  */
55 public abstract class X509ExtendedTrustManager implements X509TrustManager {
56     /**
57      * Given the partial or complete certificate chain provided by the
58      * peer, build and validate the certificate path based on the
59      * authentication type and ssl parameters.
60      * <p>
61      * The authentication type is determined by the actual certificate
62      * used. For instance, if RSAPublicKey is used, the authType
63      * should be "RSA". Checking is case-sensitive.
64      * <p>
65      * If the <code>socket</code> parameter is an instance of
66      * {@link javax.net.ssl.SSLSocket}, and the endpoint identification
67      * algorithm of the <code>SSLParameters</code> is non-empty, to prevent
68      * man-in-the-middle attacks, the address that the <code>socket</code>
69      * connected to should be checked against the peer's identity presented
70      * in the end-entity X509 certificate, as specified in the endpoint
71      * identification algorithm.
72      * <p>
73      * If the <code>socket</code> parameter is an instance of
74      * {@link javax.net.ssl.SSLSocket}, and the algorithm constraints of the
75      * <code>SSLParameters</code> is non-null, for every certificate in the
76      * certification path, fields such as subject public key, the signature
77      * algorithm, key usage, extended key usage, etc. need to conform to the
78      * algorithm constraints in place on this socket.
79      *
80      * @param chain the peer certificate chain
81      * @param authType the key exchange algorithm used
82      * @param socket the socket used for this connection. This parameter
83      *        can be null, which indicates that implementations need not check
84      *        the ssl parameters
85      * @throws IllegalArgumentException if null or zero-length array is passed
86      *        in for the <code>chain</code> parameter or if null or zero-length
87      *        string is passed in for the <code>authType</code> parameter
88      * @throws CertificateException if the certificate chain is not trusted
89      *        by this TrustManager
90      *
91      * @see SSLParameters#getEndpointIdentificationAlgorithm
92      * @see SSLParameters#setEndpointIdentificationAlgorithm(String)
93      * @see SSLParameters#getAlgorithmConstraints
94      * @see SSLParameters#setAlgorithmConstraints(AlgorithmConstraints)
95      */
checkClientTrusted(X509Certificate[] chain, String authType, Socket socket)96     public abstract void checkClientTrusted(X509Certificate[] chain,
97             String authType, Socket socket) throws CertificateException;
98 
99     /**
100      * Given the partial or complete certificate chain provided by the
101      * peer, build and validate the certificate path based on the
102      * authentication type and ssl parameters.
103      * <p>
104      * The authentication type is the key exchange algorithm portion
105      * of the cipher suites represented as a String, such as "RSA",
106      * "DHE_DSS". Note: for some exportable cipher suites, the key
107      * exchange algorithm is determined at run time during the
108      * handshake. For instance, for TLS_RSA_EXPORT_WITH_RC4_40_MD5,
109      * the authType should be RSA_EXPORT when an ephemeral RSA key is
110      * used for the key exchange, and RSA when the key from the server
111      * certificate is used. Checking is case-sensitive.
112      * <p>
113      * If the <code>socket</code> parameter is an instance of
114      * {@link javax.net.ssl.SSLSocket}, and the endpoint identification
115      * algorithm of the <code>SSLParameters</code> is non-empty, to prevent
116      * man-in-the-middle attacks, the address that the <code>socket</code>
117      * connected to should be checked against the peer's identity presented
118      * in the end-entity X509 certificate, as specified in the endpoint
119      * identification algorithm.
120      * <p>
121      * If the <code>socket</code> parameter is an instance of
122      * {@link javax.net.ssl.SSLSocket}, and the algorithm constraints of the
123      *  <code>SSLParameters</code> is non-null, for every certificate in the
124      * certification path, fields such as subject public key, the signature
125      * algorithm, key usage, extended key usage, etc. need to conform to the
126      * algorithm constraints in place on this socket.
127      *
128      * @param chain the peer certificate chain
129      * @param authType the key exchange algorithm used
130      * @param socket the socket used for this connection. This parameter
131      *        can be null, which indicates that implementations need not check
132      *        the ssl parameters
133      * @throws IllegalArgumentException if null or zero-length array is passed
134      *        in for the <code>chain</code> parameter or if null or zero-length
135      *        string is passed in for the <code>authType</code> parameter
136      * @throws CertificateException if the certificate chain is not trusted
137      *        by this TrustManager
138      *
139      * @see SSLParameters#getEndpointIdentificationAlgorithm
140      * @see SSLParameters#setEndpointIdentificationAlgorithm(String)
141      * @see SSLParameters#getAlgorithmConstraints
142      * @see SSLParameters#setAlgorithmConstraints(AlgorithmConstraints)
143      */
checkServerTrusted(X509Certificate[] chain, String authType, Socket socket)144     public abstract void checkServerTrusted(X509Certificate[] chain,
145         String authType, Socket socket) throws CertificateException;
146 
147     /**
148      * Given the partial or complete certificate chain provided by the
149      * peer, build and validate the certificate path based on the
150      * authentication type and ssl parameters.
151      * <p>
152      * The authentication type is determined by the actual certificate
153      * used. For instance, if RSAPublicKey is used, the authType
154      * should be "RSA". Checking is case-sensitive.
155      * <p>
156      * If the <code>engine</code> parameter is available, and the endpoint
157      * identification algorithm of the <code>SSLParameters</code> is
158      * non-empty, to prevent man-in-the-middle attacks, the address that
159      * the <code>engine</code> connected to should be checked against
160      * the peer's identity presented in the end-entity X509 certificate,
161      * as specified in the endpoint identification algorithm.
162      * <p>
163      * If the <code>engine</code> parameter is available, and the algorithm
164      * constraints of the <code>SSLParameters</code> is non-null, for every
165      * certificate in the certification path, fields such as subject public
166      * key, the signature algorithm, key usage, extended key usage, etc.
167      * need to conform to the algorithm constraints in place on this engine.
168      *
169      * @param chain the peer certificate chain
170      * @param authType the key exchange algorithm used
171      * @param engine the engine used for this connection. This parameter
172      *        can be null, which indicates that implementations need not check
173      *        the ssl parameters
174      * @throws IllegalArgumentException if null or zero-length array is passed
175      *        in for the <code>chain</code> parameter or if null or zero-length
176      *        string is passed in for the <code>authType</code> parameter
177      * @throws CertificateException if the certificate chain is not trusted
178      *        by this TrustManager
179      *
180      * @see SSLParameters#getEndpointIdentificationAlgorithm
181      * @see SSLParameters#setEndpointIdentificationAlgorithm(String)
182      * @see SSLParameters#getAlgorithmConstraints
183      * @see SSLParameters#setAlgorithmConstraints(AlgorithmConstraints)
184      */
checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine)185     public abstract void checkClientTrusted(X509Certificate[] chain,
186         String authType, SSLEngine engine) throws CertificateException;
187 
188     /**
189      * Given the partial or complete certificate chain provided by the
190      * peer, build and validate the certificate path based on the
191      * authentication type and ssl parameters.
192      * <p>
193      * The authentication type is the key exchange algorithm portion
194      * of the cipher suites represented as a String, such as "RSA",
195      * "DHE_DSS". Note: for some exportable cipher suites, the key
196      * exchange algorithm is determined at run time during the
197      * handshake. For instance, for TLS_RSA_EXPORT_WITH_RC4_40_MD5,
198      * the authType should be RSA_EXPORT when an ephemeral RSA key is
199      * used for the key exchange, and RSA when the key from the server
200      * certificate is used. Checking is case-sensitive.
201      * <p>
202      * If the <code>engine</code> parameter is available, and the endpoint
203      * identification algorithm of the <code>SSLParameters</code> is
204      * non-empty, to prevent man-in-the-middle attacks, the address that
205      * the <code>engine</code> connected to should be checked against
206      * the peer's identity presented in the end-entity X509 certificate,
207      * as specified in the endpoint identification algorithm.
208      * <p>
209      * If the <code>engine</code> parameter is available, and the algorithm
210      * constraints of the <code>SSLParameters</code> is non-null, for every
211      * certificate in the certification path, fields such as subject public
212      * key, the signature algorithm, key usage, extended key usage, etc.
213      * need to conform to the algorithm constraints in place on this engine.
214      *
215      * @param chain the peer certificate chain
216      * @param authType the key exchange algorithm used
217      * @param engine the engine used for this connection. This parameter
218      *        can be null, which indicates that implementations need not check
219      *        the ssl parameters
220      * @throws IllegalArgumentException if null or zero-length array is passed
221      *        in for the <code>chain</code> parameter or if null or zero-length
222      *        string is passed in for the <code>authType</code> parameter
223      * @throws CertificateException if the certificate chain is not trusted
224      *        by this TrustManager
225      *
226      * @see SSLParameters#getEndpointIdentificationAlgorithm
227      * @see SSLParameters#setEndpointIdentificationAlgorithm(String)
228      * @see SSLParameters#getAlgorithmConstraints
229      * @see SSLParameters#setAlgorithmConstraints(AlgorithmConstraints)
230      */
checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine)231     public abstract void checkServerTrusted(X509Certificate[] chain,
232         String authType, SSLEngine engine) throws CertificateException;
233 
234 }
235