001/*
002 * Copyright 2014 UnboundID Corp.
003 * All Rights Reserved.
004 */
005/*
006 * Copyright (C) 2014 UnboundID Corp.
007 *
008 * This program is free software; you can redistribute it and/or modify
009 * it under the terms of the GNU General Public License (GPLv2 only)
010 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only)
011 * as published by the Free Software Foundation.
012 *
013 * This program is distributed in the hope that it will be useful,
014 * but WITHOUT ANY WARRANTY; without even the implied warranty of
015 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
016 * GNU General Public License for more details.
017 *
018 * You should have received a copy of the GNU General Public License
019 * along with this program; if not, see <http://www.gnu.org/licenses>.
020 */
021package com.unboundid.util.ssl;
022
023
024
025import javax.net.ssl.SSLSocket;
026
027import com.unboundid.ldap.sdk.LDAPException;
028import com.unboundid.util.Extensible;
029import com.unboundid.util.ThreadSafety;
030import com.unboundid.util.ThreadSafetyLevel;
031
032
033
034/**
035 * This class defines an API that will be invoked immediately after establishing
036 * a connection using {@code SSLSocket} (whether by establishing a connection
037 * that is initially secure or by wrapping an existing insecure connection in an
038 * {@code SSLSocket}).  It may be used to terminate the connection if it is
039 * determined that the connection should not be trusted for some reason.
040 */
041@Extensible()
042@ThreadSafety(level=ThreadSafetyLevel.INTERFACE_THREADSAFE)
043public abstract class SSLSocketVerifier
044{
045  /**
046   * Verifies that the provided {@code SSLSocket} is acceptable and the
047   * connection should be allowed to remain established.
048   *
049   * @param  host              The address to which the client intended the
050   *                           connection to be established.
051   * @param  port              The port to which the client intended the
052   *                           connection to be established.
053   * @param  sslSocket         The {@code SSLSocket} that was created and should
054   *                           be verified.
055   *
056   * @throws  LDAPException  If a problem is identified that should prevent the
057   *                         provided {@code SSLSocket} from remaining
058   *                         established.
059   */
060  public abstract void verifySSLSocket(final String host, final int port,
061                                       final SSLSocket sslSocket)
062         throws LDAPException;
063}