Class Summary |
CertChainChecker |
Static class to validate a X509Certificate chain. |
HostnameChecker |
Class to check whether a certain certificate is valid for a certain hostname,
either using TLS or LDAP scheme. |
HttxURLConnection |
This class extends a HttpsURLConnection that can use a TrustManager that not only can check the certificate chain but also the
hostname against the server certificate. |
HttxURLConnection.StdioComm |
This Implementation uses only stdio/stderr for I/O. |
TrustCert |
This class contains all fields and methods to check the validity of a
certificate chain for use as a trusted server certificate, including storing
for reuse. |
TrustManagerImpl |
This class implements a X509TrustManager which asks the user for
confirmation when something is wrong and in this process also checks whether
the hostname is valid for the certificate chain. |
TrustManagerImpl.StdioComm |
This Implementation uses only stdio/stderr for I/O. |
This package provides classes to interactively let the user accept or refuse
invalid server certificates in a way similar to the behaviour of modern
webbrowsers.
Customizing the checking of server certificates is normally done in Java by
implementing both a HostnameVerifier
and a X509TrustManager
. The HostnameVerifier
is
responsible for matching the hostname of the server against the server, while
the TrustManager
does the different checks on the validity of the
certificate chain. A HostnameVerifier
implementation cannot do
both, since its verify()
method is only called when the
hostname does not match. On the other a (X509)TrustManager
implementation does not get the hostname of the server. Since we like the user
to get only one prompt upon error, we extend
HttpsURLConnection
into
HttxURLConnection
which sets static hostname
and port fields inside the
TrustManagerImpl
class. Note that this means
that HttxURLConnection
is not thread-safe, but it is hard to
implement this in any case, since the set of already accepted certificates should be
global accross threads.
All checks are now done using only the TrustManager
which
internally uses HostnameChecker
and
CertChainChecker
for this.