eu.emi.security.authn.x509.impl
Class AbstractHostnameToCertificateChecker

java.lang.Object
  extended by eu.emi.security.authn.x509.impl.AbstractHostnameToCertificateChecker
All Implemented Interfaces:
EventListener, HandshakeCompletedListener

Deprecated. Use SocketFactoryCreator.connectWithHostnameChecking(SSLSocket, HostnameMismatchCallback) instead. This class is not perfect as the HandshakeCompletedListener is invoked (at least in reference JDK) in a separate thread, what can easily lead to a situation when the connection is opened and made available, before this implementation finishes checking.

@Deprecated
public abstract class AbstractHostnameToCertificateChecker
extends Object
implements HandshakeCompletedListener

Abstract implementation of the JSSE HandshakeCompletedListener which can be registered on a SSLSocket to verify if a peer's host name matches a DN of its certificate. It is useful on client side when connecting to a server.

By default the implementation checks the certificate's Subject Alternative Name and Common Name, following the server identity part of RFC 2818. Additionally the 'service/hostname' syntax is supported (the service prefix is simply ignored).

If there is a name mismatch the nameMismatch() method is called. User of this class must extend it and provide the application specific reaction in this method.

Note that this class should be used only on SSL connections which are authenticated with X.509 certificates.

Author:
Joni Hahkala, K. Benedyczak

Constructor Summary
AbstractHostnameToCertificateChecker()
          Deprecated.  
 
Method Summary
 void handshakeCompleted(HandshakeCompletedEvent hce)
          Deprecated.  
protected abstract  void nameMismatch(HandshakeCompletedEvent hce, X509Certificate peerCertificate, String hostName)
          Deprecated. This method is called whenever peer's host name is not matching the peer's certificate DN.
protected  void processingError(HandshakeCompletedEvent hce, Exception e)
          Deprecated. This method is called whenever there is an error when processing the peer's certificate and hostname.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

AbstractHostnameToCertificateChecker

public AbstractHostnameToCertificateChecker()
Deprecated. 
Method Detail

handshakeCompleted

public void handshakeCompleted(HandshakeCompletedEvent hce)
Deprecated. 
Specified by:
handshakeCompleted in interface HandshakeCompletedListener

nameMismatch

protected abstract void nameMismatch(HandshakeCompletedEvent hce,
                                     X509Certificate peerCertificate,
                                     String hostName)
                              throws SSLException
Deprecated. 
This method is called whenever peer's host name is not matching the peer's certificate DN. Note that throwing exceptions from this method doesn't make any sense.

Parameters:
hce - the original event object
peerCertificate - peer's certificate (for convenience)
hostName - peer's host name (for convenience)
Throws:
SSLException

processingError

protected void processingError(HandshakeCompletedEvent hce,
                               Exception e)
Deprecated. 
This method is called whenever there is an error when processing the peer's certificate and hostname. Generally it should never happen, and the implementation should simply close the socket and report the error. The default implementation simply throws an IllegalStateException.

Parameters:
hce - the original event object
e - error


Copyright © 2012-2013 European Middleware Initiative. All Rights Reserved.