com.waveset.util
Class AbstractServerTrustManager

java.lang.Object
  extended bycom.waveset.util.AbstractServerTrustManager
All Implemented Interfaces:
JSSE.ServerTrustManager

public abstract class AbstractServerTrustManager
extends java.lang.Object
implements JSSE.ServerTrustManager

Partial implementation of JSSE.ServerTrustManager which has an implementation for storing the certificate in a KeyStore. Subclasses must override the promptUserForTrust method. Shared by the BPE and console. Each has their own implementation since each requires a different means to prompt the user.


Constructor Summary
protected AbstractServerTrustManager()
          Constructs a AbstractServerTrustManager, placing the keystore in the default location ~/idmgr/.keystore and the default password "changeit".
protected AbstractServerTrustManager(java.io.File keystoreFile, java.lang.String keystorePass)
          Constructs a AbstractServerTrustManager.
 
Method Summary
protected static java.lang.String getCertificateFingerprint(java.security.cert.X509Certificate cert)
          Convenient method for subclasses to use to get a colon-separated MD5 hash of the certificate for the purpose of displaying to the user.
 boolean isServerTrusted(JSSE.ServerTrustManager parent, java.security.cert.X509Certificate[] cert, java.lang.String authType)
          Default implementation which first checks if parent trusts the certificate.
protected abstract  boolean promptUserForTrust(java.security.cert.X509Certificate cert)
          Subclasses must implement this method to prompt the user for whether they trust the certificate.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

AbstractServerTrustManager

protected AbstractServerTrustManager()
Constructs a AbstractServerTrustManager, placing the keystore in the default location ~/idmgr/.keystore and the default password "changeit".


AbstractServerTrustManager

protected AbstractServerTrustManager(java.io.File keystoreFile,
                                     java.lang.String keystorePass)
Constructs a AbstractServerTrustManager.

Parameters:
keystoreFile - The location of the keystore
keystorePass - The password for the keystore.
Method Detail

isServerTrusted

public boolean isServerTrusted(JSSE.ServerTrustManager parent,
                               java.security.cert.X509Certificate[] cert,
                               java.lang.String authType)
Default implementation which first checks if parent trusts the certificate. If the parent trusts it, we trust it. Otherwise, looks for the certificate in the keystore. If it's found in the keystore, we trust it. Otherwise, we call promptUser to see if the user trusts it. If promptUser returns true, we add this cert to the keystore so that we don't prompt again for the same certificate.

Specified by:
isServerTrusted in interface JSSE.ServerTrustManager

getCertificateFingerprint

protected static java.lang.String getCertificateFingerprint(java.security.cert.X509Certificate cert)
Convenient method for subclasses to use to get a colon-separated MD5 hash of the certificate for the purpose of displaying to the user.


promptUserForTrust

protected abstract boolean promptUserForTrust(java.security.cert.X509Certificate cert)
Subclasses must implement this method to prompt the user for whether they trust the certificate.