slcshttps/trust/package.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<!--
  @(#)package.html for nl.nikhef.slcshttps.trust
  @version 0.1
  @date 23-11-2009
  @author Mischa Sall&eacute;
-->
</head>
<body bgcolor="white">
Provides classes to give the user a handle to accept invalid server
certificates. The {@link javax.net.ssl.TrustManager} doing this is implemented
by {@link nl.nikhef.slcshttps.trust.TrustManagerImpl}. In addition to standard
certificate chain checking, it also checks the hostname against the certificate.
For this it is necessary to extend the standard {@link
javax.net.ssl.HttpsURLConnection} since the {@link javax.net.ssl.TrustManager}
normally doesn't receive the hostname/port. This extension is {@link
nl.nikhef.slcshttps.trust.HttxURLConnection}, which is a delegate class due to
the abstract nature of {@link javax.net.ssl.HttpsURLConnection}. The hostname is
checked using the {@link nl.nikhef.slcshttps.trust.HostnameChecker} class which
is roughly a combination of JDK1.6 implementation dependent
<CODE>sun.security.util.HostnameChecker</CODE> with
<CODE>sun.net.util.IPAddressUtil</CODE>, while using a method
<CODE>getCNS()</CODE>, adapted from the <A
HREF="">not-yet-commons-ssl-0.3.10</A> package, instead of the
<CODE>getSubjectX500Name()</CODE>.
TODO: findMostSpecificAttribute(X500Name.commonName_oid) adapted from
not-yet-commons-ssl-0.3.10.

<BR>
@see nl.nikhef.slcshttps
@see <A HREF="http://www.nikhef.nl/pub/projects/grid/gridwiki/index.php/User:Msalle">http://www.nikhef.nl/pub/projects/grid/gridwiki/index.php/User:Msalle</A>
</body>
</html>
1	msalle	1175	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
2			<html>
3			<head>
4			<!--
5			@(#)package.html for nl.nikhef.slcshttps.trust
6			@version 0.1
7			@date 23-11-2009
8			@author Mischa Sallé
9			-->
10			</head>
11			<body bgcolor="white">
12			Provides classes to give the user a handle to accept invalid server
13			certificates. The {@link javax.net.ssl.TrustManager} doing this is implemented
14			by {@link nl.nikhef.slcshttps.trust.TrustManagerImpl}. In addition to standard
15			certificate chain checking, it also checks the hostname against the certificate.
16			For this it is necessary to extend the standard {@link
17			javax.net.ssl.HttpsURLConnection} since the {@link javax.net.ssl.TrustManager}
18			normally doesn't receive the hostname/port. This extension is {@link
19			nl.nikhef.slcshttps.trust.HttxURLConnection}, which is a delegate class due to
20			the abstract nature of {@link javax.net.ssl.HttpsURLConnection}. The hostname is
21			checked using the {@link nl.nikhef.slcshttps.trust.HostnameChecker} class which
22			is roughly a combination of JDK1.6 implementation dependent
23			<CODE>sun.security.util.HostnameChecker</CODE> with
24			<CODE>sun.net.util.IPAddressUtil</CODE>, while using a method
25			<CODE>getCNS()</CODE>, adapted from the <A
26			HREF="">not-yet-commons-ssl-0.3.10</A> package, instead of the
27			<CODE>getSubjectX500Name()</CODE>.
28			TODO: findMostSpecificAttribute(X500Name.commonName_oid) adapted from
29			not-yet-commons-ssl-0.3.10.
30
31			<BR>
32			@see nl.nikhef.slcshttps
33			@see <A HREF="http://www.nikhef.nl/pub/projects/grid/gridwiki/index.php/User:Msalle">http://www.nikhef.nl/pub/projects/grid/gridwiki/index.php/User:Msalle</A>
34			</body>
35			</html>
grid.support@nikhef.nl	ViewVC Help
Powered by ViewVC 1.1.28