/[pdpsoft]/trunk/nl.nikhef.slcshttps/src/nl/nikhef/slcshttps/trust/package.html
ViewVC logotype

Contents of /trunk/nl.nikhef.slcshttps/src/nl/nikhef/slcshttps/trust/package.html

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1272 - (show annotations) (download) (as text)
Thu Dec 10 15:33:22 2009 UTC (12 years, 8 months ago) by msalle
File MIME type: application/xhtml+xml
File size: 1892 byte(s)
- Javadocs for crypto package are now complete
- Partial Javadocs for CertChain- and HostnameChecker classes
- added note about thread (un)safety to trust package


1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
2 <html>
3 <head>
4 <!--
5 @(#)package.html for nl.nikhef.slcshttps.trust
6 @version 0.1
7 @date 23-11-2009
8 @author Mischa Sall&eacute;
9 -->
10 </head>
11 <body bgcolor="white">
12 This package provides classes to interactively let the user accept or refuse
13 invalid server certificates in a way similar to the behaviour of modern
14 webbrowsers.
15 Customizing the checking of server certificates is normally done in Java by
16 implementing both a {@link java.net.HostnameVerifier} and a {@link
17 javax.net.ssl.X509TrustManager}. The <CODE>HostnameVerifier</CODE> is
18 responsible for matching the hostname of the server against the server, while
19 the <CODE>TrustManager</CODE> does the different checks on the validity of the
20 certificate chain. A <CODE>HostnameVerifier</CODE> implementation cannot do
21 both, since its <CODE>verify()</CODE> method is <EM>only</EM> called when the
22 hostname does not match. On the other a <CODE>(X509)TrustManager</CODE>
23 implementation does not get the hostname of the server. Since we like the user
24 to get only one prompt upon error, we extend
25 {@link javax.net.ssl.HttpsURLConnection} into
26 {@link nl.nikhef.slcshttps.trust.HttxURLConnection} which sets static hostname
27 and port fields inside the
28 {@link nl.nikhef.slcshttps.trust.TrustManagerImpl} class. Note that this means
29 that <CODE>HttxURLConnection</CODE> is not thread-safe, but it is hard to
30 implement this in any case, since the set of already accepted certificates should be
31 global accross threads.
32 All checks are now done using only the <CODE>TrustManager</CODE> which
33 internally uses {@link nl.nikhef.slcshttps.trust.HostnameChecker} and
34 {@link nl.nikhef.slcshttps.trust.CertChainChecker} for this.
35 @see nl.nikhef.slcshttps
36 @see <A HREF="http://www.nikhef.nl/pub/projects/grid/slcshttps/">http://www.nikhef.nl/pub/projects/grid/slcshttps/</A>
37 @since 0.1
38 </body>
39 </html>

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28