001/*
002 * The contents of this file are subject to the terms of the Common Development and
003 * Distribution License (the License). You may not use this file except in compliance with the
004 * License.
005 *
006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
007 * specific language governing permission and limitations under the License.
008 *
009 * When distributing Covered Software, include this CDDL Header Notice in each file and include
010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
011 * Header, with the fields enclosed by brackets [] replaced by your own identifying
012 * information: "Portions Copyright [year] [name of copyright owner]".
013 *
014 * Copyright 2006-2008 Sun Microsystems, Inc.
015 * Portions Copyright 2014-2016 ForgeRock AS.
016 */
017package org.opends.server.extensions;
018
019import java.security.cert.X509Certificate;
020import javax.net.ssl.TrustManager;
021import javax.net.ssl.X509TrustManager;
022
023import org.forgerock.opendj.server.config.server.BlindTrustManagerProviderCfg;
024import org.opends.server.api.TrustManagerProvider;
025import org.forgerock.opendj.config.server.ConfigException;
026import org.opends.server.types.DirectoryException;
027import org.opends.server.types.InitializationException;
028
029/**
030 * This class provides an implementation of a trust manager provider that will
031 * indicate that any certificate presented should be blindly trusted by the
032 * Directory Server.  This can provide convenience and ease of use, but that
033 * added convenience will be at the expense of security and therefore it should
034 * not be used in environments in which the clients may not be considered
035 * trustworthy.
036 */
037public class BlindTrustManagerProvider
038       extends TrustManagerProvider<BlindTrustManagerProviderCfg>
039       implements X509TrustManager
040{
041  /**
042   * Creates a new instance of this blind trust manager provider.  The
043   * <CODE>initializeTrustManagerProvider</CODE> method must be called on the
044   * resulting object before it may be used.
045   */
046  public BlindTrustManagerProvider()
047  {
048    // No implementation is required.
049  }
050
051  @Override
052  public void initializeTrustManagerProvider(
053                  BlindTrustManagerProviderCfg configuration)
054         throws ConfigException, InitializationException
055  {
056    // No implementation is required.
057  }
058
059  @Override
060  public void finalizeTrustManagerProvider()
061  {
062    // No implementation is required.
063  }
064
065  @Override
066  public TrustManager[] getTrustManagers()
067         throws DirectoryException
068  {
069    return new TrustManager[] { this };
070  }
071
072  /**
073   * Determines whether an SSL client with the provided certificate chain should
074   * be trusted.  In this case, all client certificates will be trusted.
075   *
076   * @param  chain     The certificate chain for the SSL client.
077   * @param  authType  The authentication type based on the client certificate.
078   */
079  @Override
080  public void checkClientTrusted(X509Certificate[] chain, String authType)
081  {
082    // As long as we don't throw an exception, then the client certificate will
083    // be considered trusted.
084  }
085
086  /**
087   * Determines whether an SSL server with the provided certificate chain should
088   * be trusted.  In this case, all server certificates will be trusted.
089   *
090   * @param  chain     The certificate chain for the SSL server.
091   * @param  authType  The key exchange algorithm used.
092   */
093  @Override
094  public void checkServerTrusted(X509Certificate[] chain, String authType)
095  {
096    // As long as we don't throw an exception, then the server certificate will
097    // be considered trusted.
098  }
099
100  /**
101   * Retrieves the set of certificate authority certificates which are trusted
102   * for authenticating peers.
103   *
104   * @return  An empty array, since we don't care what certificates are
105   *          presented because we will trust them all.
106   */
107  @Override
108  public X509Certificate[] getAcceptedIssuers()
109  {
110    return new X509Certificate[0];
111  }
112}