001/* 002 * CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt 010 * or http://forgerock.org/license/CDDLv1.0.html. 011 * See the License for the specific language governing permissions 012 * and limitations under the License. 013 * 014 * When distributing Covered Code, include this CDDL HEADER in each 015 * file and include the License file at legal-notices/CDDLv1_0.txt. 016 * If applicable, add the following below this CDDL HEADER, with the 017 * fields enclosed by brackets "[]" replaced with your own identifying 018 * information: 019 * Portions Copyright [yyyy] [name of copyright owner] 020 * 021 * CDDL HEADER END 022 * 023 * 024 * Copyright 2006-2008 Sun Microsystems, Inc. 025 * Portions Copyright 2014-2015 ForgeRock AS 026 */ 027package org.opends.server.extensions; 028 029 030 031import java.security.cert.X509Certificate; 032import javax.net.ssl.TrustManager; 033import javax.net.ssl.X509TrustManager; 034 035import org.opends.server.admin.std.server.BlindTrustManagerProviderCfg; 036import org.opends.server.api.TrustManagerProvider; 037import org.forgerock.opendj.config.server.ConfigException; 038import org.opends.server.types.DirectoryException; 039import org.opends.server.types.InitializationException; 040 041 042 043/** 044 * This class provides an implementation of a trust manager provider that will 045 * indicate that any certificate presented should be blindly trusted by the 046 * Directory Server. This can provide convenience and ease of use, but that 047 * added convenience will be at the expense of security and therefore it should 048 * not be used in environments in which the clients may not be considered 049 * trustworthy. 050 */ 051public class BlindTrustManagerProvider 052 extends TrustManagerProvider<BlindTrustManagerProviderCfg> 053 implements X509TrustManager 054{ 055 /** 056 * Creates a new instance of this blind trust manager provider. The 057 * <CODE>initializeTrustManagerProvider</CODE> method must be called on the 058 * resulting object before it may be used. 059 */ 060 public BlindTrustManagerProvider() 061 { 062 // No implementation is required. 063 } 064 065 066 067 /** {@inheritDoc} */ 068 @Override 069 public void initializeTrustManagerProvider( 070 BlindTrustManagerProviderCfg configuration) 071 throws ConfigException, InitializationException 072 { 073 // No implementation is required. 074 } 075 076 077 078 /** 079 * Performs any finalization that may be necessary for this trust manager 080 * provider. 081 */ 082 @Override 083 public void finalizeTrustManagerProvider() 084 { 085 // No implementation is required. 086 } 087 088 089 090 /** {@inheritDoc} */ 091 @Override 092 public TrustManager[] getTrustManagers() 093 throws DirectoryException 094 { 095 return new TrustManager[] { this }; 096 } 097 098 099 100 /** 101 * Determines whether an SSL client with the provided certificate chain should 102 * be trusted. In this case, all client certificates will be trusted. 103 * 104 * @param chain The certificate chain for the SSL client. 105 * @param authType The authentication type based on the client certificate. 106 */ 107 public void checkClientTrusted(X509Certificate[] chain, String authType) 108 { 109 // As long as we don't throw an exception, then the client certificate will 110 // be considered trusted. 111 } 112 113 114 115 /** 116 * Determines whether an SSL server with the provided certificate chain should 117 * be trusted. In this case, all server certificates will be trusted. 118 * 119 * @param chain The certificate chain for the SSL server. 120 * @param authType The key exchange algorithm used. 121 */ 122 public void checkServerTrusted(X509Certificate[] chain, String authType) 123 { 124 // As long as we don't throw an exception, then the server certificate will 125 // be considered trusted. 126 } 127 128 129 130 /** 131 * Retrieves the set of certificate authority certificates which are trusted 132 * for authenticating peers. 133 * 134 * @return An empty array, since we don't care what certificates are 135 * presented because we will trust them all. 136 */ 137 public X509Certificate[] getAcceptedIssuers() 138 { 139 return new X509Certificate[0]; 140 } 141} 142