ViewVC logotype

Annotation of /trunk/nl.nikhef.slcshttps/src/nl/nikhef/slcshttps/trust/package.html

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1272 - (hide annotations) (download) (as text)
Thu Dec 10 15:33:22 2009 UTC (12 years, 9 months ago) by msalle
File MIME type: application/xhtml+xml
File size: 1892 byte(s)
- Javadocs for crypto package are now complete
- Partial Javadocs for CertChain- and HostnameChecker classes
- added note about thread (un)safety to trust package

1 msalle 1175 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
2     <html>
3     <head>
4     <!--
5     @(#)package.html for nl.nikhef.slcshttps.trust
6     @version 0.1
7     @date 23-11-2009
8     @author Mischa Sall&eacute;
9     -->
10     </head>
11     <body bgcolor="white">
12 msalle 1268 This package provides classes to interactively let the user accept or refuse
13     invalid server certificates in a way similar to the behaviour of modern
14     webbrowsers.
15     Customizing the checking of server certificates is normally done in Java by
16     implementing both a {@link java.net.HostnameVerifier} and a {@link
17     javax.net.ssl.X509TrustManager}. The <CODE>HostnameVerifier</CODE> is
18     responsible for matching the hostname of the server against the server, while
19     the <CODE>TrustManager</CODE> does the different checks on the validity of the
20     certificate chain. A <CODE>HostnameVerifier</CODE> implementation cannot do
21     both, since its <CODE>verify()</CODE> method is <EM>only</EM> called when the
22     hostname does not match. On the other a <CODE>(X509)TrustManager</CODE>
23     implementation does not get the hostname of the server. Since we like the user
24     to get only one prompt upon error, we extend
25     {@link javax.net.ssl.HttpsURLConnection} into
26     {@link nl.nikhef.slcshttps.trust.HttxURLConnection} which sets static hostname
27     and port fields inside the
28 msalle 1272 {@link nl.nikhef.slcshttps.trust.TrustManagerImpl} class. Note that this means
29     that <CODE>HttxURLConnection</CODE> is not thread-safe, but it is hard to
30     implement this in any case, since the set of already accepted certificates should be
31     global accross threads.
32     All checks are now done using only the <CODE>TrustManager</CODE> which
33     internally uses {@link nl.nikhef.slcshttps.trust.HostnameChecker} and
34 msalle 1268 {@link nl.nikhef.slcshttps.trust.CertChainChecker} for this.
35 msalle 1175 @see nl.nikhef.slcshttps
36 msalle 1232 @see <A HREF="http://www.nikhef.nl/pub/projects/grid/slcshttps/">http://www.nikhef.nl/pub/projects/grid/slcshttps/</A>
37 msalle 1268 @since 0.1
38 msalle 1175 </body>
39     </html>

ViewVC Help
Powered by ViewVC 1.1.28