001 /* 002 * CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at 010 * trunk/opends/resource/legal-notices/OpenDS.LICENSE 011 * or https://OpenDS.dev.java.net/OpenDS.LICENSE. 012 * See the License for the specific language governing permissions 013 * and limitations under the License. 014 * 015 * When distributing Covered Code, include this CDDL HEADER in each 016 * file and include the License file at 017 * trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable, 018 * add the following below this CDDL HEADER, with the fields enclosed 019 * by brackets "[]" replaced with your own identifying information: 020 * Portions Copyright [yyyy] [name of copyright owner] 021 * 022 * CDDL HEADER END 023 * 024 * 025 * Copyright 2006-2008 Sun Microsystems, Inc. 026 */ 027 package org.opends.server.extensions; 028 029 030 031 import java.security.cert.X509Certificate; 032 import javax.net.ssl.TrustManager; 033 import javax.net.ssl.X509TrustManager; 034 035 import org.opends.server.admin.std.server.BlindTrustManagerProviderCfg; 036 import org.opends.server.api.TrustManagerProvider; 037 import org.opends.server.config.ConfigException; 038 import org.opends.server.types.DirectoryException; 039 import org.opends.server.types.InitializationException; 040 041 042 043 /** 044 * This class provides an implementation of a trust manager provider that will 045 * indicate that any certificate presented should be blindly trusted by the 046 * Directory Server. This can provide convenience and ease of use, but that 047 * added convenience will be at the expense of security and therefore it should 048 * not be used in environments in which the clients may not be considered 049 * trustworthy. 050 */ 051 public class BlindTrustManagerProvider 052 extends TrustManagerProvider<BlindTrustManagerProviderCfg> 053 implements X509TrustManager 054 { 055 /** 056 * Creates a new instance of this blind trust manager provider. The 057 * <CODE>initializeTrustManagerProvider</CODE> method must be called on the 058 * resulting object before it may be used. 059 */ 060 public BlindTrustManagerProvider() 061 { 062 // No implementation is required. 063 } 064 065 066 067 /** 068 * {@inheritDoc} 069 */ 070 @Override() 071 public void initializeTrustManagerProvider( 072 BlindTrustManagerProviderCfg configuration) 073 throws ConfigException, InitializationException 074 { 075 // No implementation is required. 076 } 077 078 079 080 /** 081 * Performs any finalization that may be necessary for this trust manager 082 * provider. 083 */ 084 @Override() 085 public void finalizeTrustManagerProvider() 086 { 087 // No implementation is required. 088 } 089 090 091 092 /** 093 * {@inheritDoc} 094 */ 095 @Override() 096 public TrustManager[] getTrustManagers() 097 throws DirectoryException 098 { 099 return new TrustManager[] { this }; 100 } 101 102 103 104 /** 105 * Determines whether an SSL client with the provided certificate chain should 106 * be trusted. In this case, all client certificates will be trusted. 107 * 108 * @param chain The certificate chain for the SSL client. 109 * @param authType The authentication type based on the client certificate. 110 */ 111 public void checkClientTrusted(X509Certificate[] chain, String authType) 112 { 113 // As long as we don't throw an exception, then the client certificate will 114 // be considered trusted. 115 } 116 117 118 119 /** 120 * Determines whether an SSL server with the provided certificate chain should 121 * be trusted. In this case, all server certificates will be trusted. 122 * 123 * @param chain The certificate chain for the SSL server. 124 * @param authType The key exchange algorithm used. 125 */ 126 public void checkServerTrusted(X509Certificate[] chain, String authType) 127 { 128 // As long as we don't throw an exception, then the server certificate will 129 // be considered trusted. 130 } 131 132 133 134 /** 135 * Retrieves the set of certificate authority certificates which are trusted 136 * for authenticating peers. 137 * 138 * @return An empty array, since we don't care what certificates are 139 * presented because we will trust them all. 140 */ 141 public X509Certificate[] getAcceptedIssuers() 142 { 143 return new X509Certificate[0]; 144 } 145 } 146