001/* 002 * The contents of this file are subject to the terms of the Common Development and 003 * Distribution License (the License). You may not use this file except in compliance with the 004 * License. 005 * 006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the 007 * specific language governing permission and limitations under the License. 008 * 009 * When distributing Covered Software, include this CDDL Header Notice in each file and include 010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL 011 * Header, with the fields enclosed by brackets [] replaced by your own identifying 012 * information: "Portions Copyright [year] [name of copyright owner]". 013 * 014 * Copyright 2006-2008 Sun Microsystems, Inc. 015 * Portions Copyright 2014-2016 ForgeRock AS. 016 */ 017package org.opends.server.extensions; 018 019import java.security.cert.X509Certificate; 020import javax.net.ssl.TrustManager; 021import javax.net.ssl.X509TrustManager; 022 023import org.forgerock.opendj.server.config.server.BlindTrustManagerProviderCfg; 024import org.opends.server.api.TrustManagerProvider; 025import org.forgerock.opendj.config.server.ConfigException; 026import org.opends.server.types.DirectoryException; 027import org.opends.server.types.InitializationException; 028 029/** 030 * This class provides an implementation of a trust manager provider that will 031 * indicate that any certificate presented should be blindly trusted by the 032 * Directory Server. This can provide convenience and ease of use, but that 033 * added convenience will be at the expense of security and therefore it should 034 * not be used in environments in which the clients may not be considered 035 * trustworthy. 036 */ 037public class BlindTrustManagerProvider 038 extends TrustManagerProvider<BlindTrustManagerProviderCfg> 039 implements X509TrustManager 040{ 041 /** 042 * Creates a new instance of this blind trust manager provider. The 043 * <CODE>initializeTrustManagerProvider</CODE> method must be called on the 044 * resulting object before it may be used. 045 */ 046 public BlindTrustManagerProvider() 047 { 048 // No implementation is required. 049 } 050 051 @Override 052 public void initializeTrustManagerProvider( 053 BlindTrustManagerProviderCfg configuration) 054 throws ConfigException, InitializationException 055 { 056 // No implementation is required. 057 } 058 059 @Override 060 public void finalizeTrustManagerProvider() 061 { 062 // No implementation is required. 063 } 064 065 @Override 066 public TrustManager[] getTrustManagers() 067 throws DirectoryException 068 { 069 return new TrustManager[] { this }; 070 } 071 072 /** 073 * Determines whether an SSL client with the provided certificate chain should 074 * be trusted. In this case, all client certificates will be trusted. 075 * 076 * @param chain The certificate chain for the SSL client. 077 * @param authType The authentication type based on the client certificate. 078 */ 079 @Override 080 public void checkClientTrusted(X509Certificate[] chain, String authType) 081 { 082 // As long as we don't throw an exception, then the client certificate will 083 // be considered trusted. 084 } 085 086 /** 087 * Determines whether an SSL server with the provided certificate chain should 088 * be trusted. In this case, all server certificates will be trusted. 089 * 090 * @param chain The certificate chain for the SSL server. 091 * @param authType The key exchange algorithm used. 092 */ 093 @Override 094 public void checkServerTrusted(X509Certificate[] chain, String authType) 095 { 096 // As long as we don't throw an exception, then the server certificate will 097 // be considered trusted. 098 } 099 100 /** 101 * Retrieves the set of certificate authority certificates which are trusted 102 * for authenticating peers. 103 * 104 * @return An empty array, since we don't care what certificates are 105 * presented because we will trust them all. 106 */ 107 @Override 108 public X509Certificate[] getAcceptedIssuers() 109 { 110 return new X509Certificate[0]; 111 } 112}