001/*
002 * CDDL HEADER START
003 *
004 * The contents of this file are subject to the terms of the
005 * Common Development and Distribution License, Version 1.0 only
006 * (the "License").  You may not use this file except in compliance
007 * with the License.
008 *
009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
010 * or http://forgerock.org/license/CDDLv1.0.html.
011 * See the License for the specific language governing permissions
012 * and limitations under the License.
013 *
014 * When distributing Covered Code, include this CDDL HEADER in each
015 * file and include the License file at legal-notices/CDDLv1_0.txt.
016 * If applicable, add the following below this CDDL HEADER, with the
017 * fields enclosed by brackets "[]" replaced with your own identifying
018 * information:
019 *      Portions Copyright [yyyy] [name of copyright owner]
020 *
021 * CDDL HEADER END
022 *
023 *
024 *      Copyright 2006-2008 Sun Microsystems, Inc.
025 *      Portions Copyright 2014-2015 ForgeRock AS
026 */
027package org.opends.server.extensions;
028
029
030
031import java.security.cert.X509Certificate;
032import javax.net.ssl.TrustManager;
033import javax.net.ssl.X509TrustManager;
034
035import org.opends.server.admin.std.server.BlindTrustManagerProviderCfg;
036import org.opends.server.api.TrustManagerProvider;
037import org.forgerock.opendj.config.server.ConfigException;
038import org.opends.server.types.DirectoryException;
039import org.opends.server.types.InitializationException;
040
041
042
043/**
044 * This class provides an implementation of a trust manager provider that will
045 * indicate that any certificate presented should be blindly trusted by the
046 * Directory Server.  This can provide convenience and ease of use, but that
047 * added convenience will be at the expense of security and therefore it should
048 * not be used in environments in which the clients may not be considered
049 * trustworthy.
050 */
051public class BlindTrustManagerProvider
052       extends TrustManagerProvider<BlindTrustManagerProviderCfg>
053       implements X509TrustManager
054{
055  /**
056   * Creates a new instance of this blind trust manager provider.  The
057   * <CODE>initializeTrustManagerProvider</CODE> method must be called on the
058   * resulting object before it may be used.
059   */
060  public BlindTrustManagerProvider()
061  {
062    // No implementation is required.
063  }
064
065
066
067  /** {@inheritDoc} */
068  @Override
069  public void initializeTrustManagerProvider(
070                  BlindTrustManagerProviderCfg configuration)
071         throws ConfigException, InitializationException
072  {
073    // No implementation is required.
074  }
075
076
077
078  /**
079   * Performs any finalization that may be necessary for this trust manager
080   * provider.
081   */
082  @Override
083  public void finalizeTrustManagerProvider()
084  {
085    // No implementation is required.
086  }
087
088
089
090  /** {@inheritDoc} */
091  @Override
092  public TrustManager[] getTrustManagers()
093         throws DirectoryException
094  {
095    return new TrustManager[] { this };
096  }
097
098
099
100  /**
101   * Determines whether an SSL client with the provided certificate chain should
102   * be trusted.  In this case, all client certificates will be trusted.
103   *
104   * @param  chain     The certificate chain for the SSL client.
105   * @param  authType  The authentication type based on the client certificate.
106   */
107  public void checkClientTrusted(X509Certificate[] chain, String authType)
108  {
109    // As long as we don't throw an exception, then the client certificate will
110    // be considered trusted.
111  }
112
113
114
115  /**
116   * Determines whether an SSL server with the provided certificate chain should
117   * be trusted.  In this case, all server certificates will be trusted.
118   *
119   * @param  chain     The certificate chain for the SSL server.
120   * @param  authType  The key exchange algorithm used.
121   */
122  public void checkServerTrusted(X509Certificate[] chain, String authType)
123  {
124    // As long as we don't throw an exception, then the server certificate will
125    // be considered trusted.
126  }
127
128
129
130  /**
131   * Retrieves the set of certificate authority certificates which are trusted
132   * for authenticating peers.
133   *
134   * @return  An empty array, since we don't care what certificates are
135   *          presented because we will trust them all.
136   */
137  public X509Certificate[] getAcceptedIssuers()
138  {
139    return new X509Certificate[0];
140  }
141}
142