eu.emi.security.authn.x509.impl.AbstractHostnameToCertificateChecker

All Implemented Interfaces:: EventListener, HandshakeCompletedListener

@Deprecated public abstract class AbstractHostnameToCertificateChecker extends Object implements HandshakeCompletedListener

Deprecated.

Use SocketFactoryCreator.connectWithHostnameChecking(SSLSocket, HostnameMismatchCallback) instead. This class is not perfect as the HandshakeCompletedListener is invoked (at least in reference JDK) in a separate thread, what can easily lead to a situation when the connection is opened and made available, before this implementation finishes checking.

Abstract implementation of the JSSE HandshakeCompletedListener which can be registered on a SSLSocket to verify if a peer's host name matches a DN of its certificate. It is useful on client side when connecting to a server.

By default the implementation checks the certificate's Subject Alternative Name and Common Name, following the server identity part of RFC 2818. Additionally the 'service/hostname' syntax is supported (the service prefix is simply ignored).

If there is a name mismatch the nameMismatch() method is called. User of this class must extend it and provide the application specific reaction in this method.

Note that this class should be used only on SSL connections which are authenticated with X.509 certificates.

Author:: Joni Hahkala, K. Benedyczak

Constructor Summary

Constructors

Constructor

Description

AbstractHostnameToCertificateChecker()

Deprecated.
Method Summary

Modifier and Type

Method

Description

void

handshakeCompleted(HandshakeCompletedEvent hce)

Deprecated.

protected abstract void

nameMismatch(HandshakeCompletedEvent hce, X509Certificate peerCertificate, String hostName)

Deprecated.

This method is called whenever peer's host name is not matching the peer's certificate DN.

protected void

processingError(HandshakeCompletedEvent hce, Exception e)

Deprecated.

This method is called whenever there is an error when processing the peer's certificate and hostname.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- AbstractHostnameToCertificateChecker
  
  public AbstractHostnameToCertificateChecker()
  
  Deprecated.
Method Details
- handshakeCompleted
  
  public void handshakeCompleted(HandshakeCompletedEvent hce)
  
  Deprecated.
  
  Specified by:
  
  handshakeCompleted in interface HandshakeCompletedListener
- nameMismatch
  
  protected abstract void nameMismatch(HandshakeCompletedEvent hce, X509Certificate peerCertificate, String hostName) throws SSLException
  
  Deprecated.
  
  This method is called whenever peer's host name is not matching the peer's certificate DN. Note that throwing exceptions from this method doesn't make any sense.
  
  Parameters:
  
  hce - the original event object
  
  peerCertificate - peer's certificate (for convenience)
  
  hostName - peer's host name (for convenience)
  
  Throws:
  
  SSLException - SSL exception
- processingError
  
  protected void processingError(HandshakeCompletedEvent hce, Exception e)
  
  Deprecated.
  
  This method is called whenever there is an error when processing the peer's certificate and hostname. Generally it should never happen, and the implementation should simply close the socket and report the error. The default implementation simply throws an IllegalStateException.
  
  Parameters:
  
  hce - the original event object
  
  e - error

Class AbstractHostnameToCertificateChecker

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Details

AbstractHostnameToCertificateChecker

Method Details

handshakeCompleted

nameMismatch

processingError