slcshttps/trust/package.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<!--
  @(#)package.html for nl.nikhef.slcshttps.trust
  @version 0.1
  @date 23-11-2009
  @author Mischa Sall&eacute;
-->
</head>
<body bgcolor="white">
This package provides classes to interactively let the user accept or refuse
invalid server certificates in a way similar to the behaviour of modern
webbrowsers.
Customizing the checking of server certificates is normally done in Java by
implementing both a {@link java.net.HostnameVerifier} and a {@link
javax.net.ssl.X509TrustManager}. The <CODE>HostnameVerifier</CODE> is
responsible for matching the hostname of the server against the server, while
the <CODE>TrustManager</CODE> does the different checks on the validity of the
certificate chain. A <CODE>HostnameVerifier</CODE> implementation cannot do
both, since its <CODE>verify()</CODE> method is <EM>only</EM> called when the
hostname does not match. On the other a <CODE>(X509)TrustManager</CODE>
implementation does not get the hostname of the server. Since we like the user
to get only one prompt upon error, we extend
{@link javax.net.ssl.HttpsURLConnection} into
{@link nl.nikhef.slcshttps.trust.HttxURLConnection} which sets static hostname
and port fields inside the
{@link nl.nikhef.slcshttps.trust.TrustManagerImpl} class. Note that this means
that <CODE>HttxURLConnection</CODE> is not thread-safe, but it is hard to
implement this in any case, since the set of already accepted certificates should be
global accross threads.
All checks are now done using only the <CODE>TrustManager</CODE> which
internally uses {@link nl.nikhef.slcshttps.trust.HostnameChecker} and
{@link nl.nikhef.slcshttps.trust.CertChainChecker} for this.
@see nl.nikhef.slcshttps
@see <A HREF="http://www.nikhef.nl/pub/projects/grid/slcshttps/">http://www.nikhef.nl/pub/projects/grid/slcshttps/</A>
@since 0.1
</body>
</html>
1	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
2	<html>
3	<head>
4	<!--
5	@(#)package.html for nl.nikhef.slcshttps.trust
6	@version 0.1
7	@date 23-11-2009
8	@author Mischa Sallé
9	-->
10	</head>
11	<body bgcolor="white">
12	This package provides classes to interactively let the user accept or refuse
13	invalid server certificates in a way similar to the behaviour of modern
14	webbrowsers.
15	Customizing the checking of server certificates is normally done in Java by
16	implementing both a {@link java.net.HostnameVerifier} and a {@link
17	javax.net.ssl.X509TrustManager}. The <CODE>HostnameVerifier</CODE> is
18	responsible for matching the hostname of the server against the server, while
19	the <CODE>TrustManager</CODE> does the different checks on the validity of the
20	certificate chain. A <CODE>HostnameVerifier</CODE> implementation cannot do
21	both, since its <CODE>verify()</CODE> method is <EM>only</EM> called when the
22	hostname does not match. On the other a <CODE>(X509)TrustManager</CODE>
23	implementation does not get the hostname of the server. Since we like the user
24	to get only one prompt upon error, we extend
25	{@link javax.net.ssl.HttpsURLConnection} into
26	{@link nl.nikhef.slcshttps.trust.HttxURLConnection} which sets static hostname
27	and port fields inside the
28	{@link nl.nikhef.slcshttps.trust.TrustManagerImpl} class. Note that this means
29	that <CODE>HttxURLConnection</CODE> is not thread-safe, but it is hard to
30	implement this in any case, since the set of already accepted certificates should be
31	global accross threads.
32	All checks are now done using only the <CODE>TrustManager</CODE> which
33	internally uses {@link nl.nikhef.slcshttps.trust.HostnameChecker} and
34	{@link nl.nikhef.slcshttps.trust.CertChainChecker} for this.
35	@see nl.nikhef.slcshttps
36	@see <A HREF="http://www.nikhef.nl/pub/projects/grid/slcshttps/">http://www.nikhef.nl/pub/projects/grid/slcshttps/</A>
37	@since 0.1
38	</body>
39	</html>
grid.support@nikhef.nl	ViewVC Help
Powered by ViewVC 1.1.28