slcshttps/trust/package.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<!--
  @(#)package.html for nl.nikhef.slcshttps.trust
  @version 0.1
  @date 23-11-2009
  @author Mischa Sall&eacute;
-->
</head>
<body bgcolor="white">
This package provides classes to interactively let the user accept or refuse
invalid server certificates in a way similar to the behaviour of modern
webbrowsers.
Customizing the checking of server certificates is normally done in Java by
implementing both a {@link java.net.HostnameVerifier} and a {@link
javax.net.ssl.X509TrustManager}. The <CODE>HostnameVerifier</CODE> is
responsible for matching the hostname of the server against the server, while
the <CODE>TrustManager</CODE> does the different checks on the validity of the
certificate chain. A <CODE>HostnameVerifier</CODE> implementation cannot do
both, since its <CODE>verify()</CODE> method is <EM>only</EM> called when the
hostname does not match. On the other a <CODE>(X509)TrustManager</CODE>
implementation does not get the hostname of the server. Since we like the user
to get only one prompt upon error, we extend
{@link javax.net.ssl.HttpsURLConnection} into
{@link nl.nikhef.slcshttps.trust.HttxURLConnection} which sets static hostname
and port fields inside the
{@link nl.nikhef.slcshttps.trust.TrustManagerImpl} class. Note that this means
that <CODE>HttxURLConnection</CODE> is not thread-safe, but it is hard to
implement this in any case, since the set of already accepted certificates should be
global accross threads.
All checks are now done using only the <CODE>TrustManager</CODE> which
internally uses {@link nl.nikhef.slcshttps.trust.HostnameChecker} and
{@link nl.nikhef.slcshttps.trust.CertChainChecker} for this.
@see nl.nikhef.slcshttps
@see <A HREF="http://www.nikhef.nl/pub/projects/grid/slcshttps/">http://www.nikhef.nl/pub/projects/grid/slcshttps/</A>
@since 0.1
</body>
</html>
1	msalle	1175	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
2			<html>
3			<head>
4			<!--
5			@(#)package.html for nl.nikhef.slcshttps.trust
6			@version 0.1
7			@date 23-11-2009
8			@author Mischa Sallé
9			-->
10			</head>
11			<body bgcolor="white">
12	msalle	1268	This package provides classes to interactively let the user accept or refuse
13			invalid server certificates in a way similar to the behaviour of modern
14			webbrowsers.
15			Customizing the checking of server certificates is normally done in Java by
16			implementing both a {@link java.net.HostnameVerifier} and a {@link
17			javax.net.ssl.X509TrustManager}. The <CODE>HostnameVerifier</CODE> is
18			responsible for matching the hostname of the server against the server, while
19			the <CODE>TrustManager</CODE> does the different checks on the validity of the
20			certificate chain. A <CODE>HostnameVerifier</CODE> implementation cannot do
21			both, since its <CODE>verify()</CODE> method is <EM>only</EM> called when the
22			hostname does not match. On the other a <CODE>(X509)TrustManager</CODE>
23			implementation does not get the hostname of the server. Since we like the user
24			to get only one prompt upon error, we extend
25			{@link javax.net.ssl.HttpsURLConnection} into
26			{@link nl.nikhef.slcshttps.trust.HttxURLConnection} which sets static hostname
27			and port fields inside the
28	msalle	1272	{@link nl.nikhef.slcshttps.trust.TrustManagerImpl} class. Note that this means
29			that <CODE>HttxURLConnection</CODE> is not thread-safe, but it is hard to
30			implement this in any case, since the set of already accepted certificates should be
31			global accross threads.
32			All checks are now done using only the <CODE>TrustManager</CODE> which
33			internally uses {@link nl.nikhef.slcshttps.trust.HostnameChecker} and
34	msalle	1268	{@link nl.nikhef.slcshttps.trust.CertChainChecker} for this.
35	msalle	1175	@see nl.nikhef.slcshttps
36	msalle	1232	@see <A HREF="http://www.nikhef.nl/pub/projects/grid/slcshttps/">http://www.nikhef.nl/pub/projects/grid/slcshttps/</A>
37	msalle	1268	@since 0.1
38	msalle	1175	</body>
39			</html>
grid.support@nikhef.nl	ViewVC Help
Powered by ViewVC 1.1.28