org.opends.server.tools
Class PromptTrustManager

java.lang.Object
  extended by org.opends.server.tools.PromptTrustManager
All Implemented Interfaces:
javax.net.ssl.TrustManager, javax.net.ssl.X509TrustManager

public class PromptTrustManager
extends java.lang.Object
implements javax.net.ssl.X509TrustManager

This class provides an implementation of an X.509 trust manager which will interactively prompt the user (via the CLI) whether a given certificate should be trusted. It should only be used by interactive command-line tools, since it will block until it gets a response from the user.

Note that this class is only intended for client-side use, and therefore may not be used by a server to determine whether a client certificate is trusted.


Method Summary
 void checkClientTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType)
          Determines whether an SSL client with the provided certificate chain should be trusted.
 void checkServerTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType)
          Determines whether an SSL server with the provided certificate chain should be trusted.
 java.security.cert.X509Certificate[] getAcceptedIssuers()
          Retrieves the set of certificate authority certificates which are trusted for authenticating peers.
static javax.net.ssl.TrustManager[] getTrustManagers()
          Retrieves the trust manager array that should be used to initialize an SSL context in cases where the user should be interactively prompted about whether to trust the server certificate.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Method Detail

getTrustManagers

public static javax.net.ssl.TrustManager[] getTrustManagers()
Retrieves the trust manager array that should be used to initialize an SSL context in cases where the user should be interactively prompted about whether to trust the server certificate.

Returns:
The trust manager array that should be used to initialize an SSL context in cases where the user should be interactively prompted about whether to trust the server certificate.

checkClientTrusted

public void checkClientTrusted(java.security.cert.X509Certificate[] chain,
                               java.lang.String authType)
                        throws java.security.cert.CertificateException
Determines whether an SSL client with the provided certificate chain should be trusted. This implementation is not intended for server-side use, and therefore this method will always throw an exception.

Specified by:
checkClientTrusted in interface javax.net.ssl.X509TrustManager
Parameters:
chain - The certificate chain for the SSL client.
authType - The authentication type based on the client certificate.
Throws:
java.security.cert.CertificateException - To indicate that the provided client certificate is not trusted.

checkServerTrusted

public void checkServerTrusted(java.security.cert.X509Certificate[] chain,
                               java.lang.String authType)
                        throws java.security.cert.CertificateException
Determines whether an SSL server with the provided certificate chain should be trusted. In this case, the user will be interactively prompted as to whether the certificate should be trusted.

Specified by:
checkServerTrusted in interface javax.net.ssl.X509TrustManager
Parameters:
chain - The certificate chain for the SSL server.
authType - The key exchange algorithm used.
Throws:
java.security.cert.CertificateException - If the user rejects the certificate.

getAcceptedIssuers

public java.security.cert.X509Certificate[] getAcceptedIssuers()
Retrieves the set of certificate authority certificates which are trusted for authenticating peers.

Specified by:
getAcceptedIssuers in interface javax.net.ssl.X509TrustManager
Returns:
An empty array, since we don't care what certificates are presented because we will always prompt the user.