001/* 002 * Copyright 2014 UnboundID Corp. 003 * All Rights Reserved. 004 */ 005/* 006 * Copyright (C) 2014 UnboundID Corp. 007 * 008 * This program is free software; you can redistribute it and/or modify 009 * it under the terms of the GNU General Public License (GPLv2 only) 010 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only) 011 * as published by the Free Software Foundation. 012 * 013 * This program is distributed in the hope that it will be useful, 014 * but WITHOUT ANY WARRANTY; without even the implied warranty of 015 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 016 * GNU General Public License for more details. 017 * 018 * You should have received a copy of the GNU General Public License 019 * along with this program; if not, see <http://www.gnu.org/licenses>. 020 */ 021package com.unboundid.util.ssl; 022 023 024 025import javax.net.ssl.SSLSocket; 026 027import com.unboundid.ldap.sdk.LDAPException; 028import com.unboundid.util.Extensible; 029import com.unboundid.util.ThreadSafety; 030import com.unboundid.util.ThreadSafetyLevel; 031 032 033 034/** 035 * This class defines an API that will be invoked immediately after establishing 036 * a connection using {@code SSLSocket} (whether by establishing a connection 037 * that is initially secure or by wrapping an existing insecure connection in an 038 * {@code SSLSocket}). It may be used to terminate the connection if it is 039 * determined that the connection should not be trusted for some reason. 040 */ 041@Extensible() 042@ThreadSafety(level=ThreadSafetyLevel.INTERFACE_THREADSAFE) 043public abstract class SSLSocketVerifier 044{ 045 /** 046 * Verifies that the provided {@code SSLSocket} is acceptable and the 047 * connection should be allowed to remain established. 048 * 049 * @param host The address to which the client intended the 050 * connection to be established. 051 * @param port The port to which the client intended the 052 * connection to be established. 053 * @param sslSocket The {@code SSLSocket} that was created and should 054 * be verified. 055 * 056 * @throws LDAPException If a problem is identified that should prevent the 057 * provided {@code SSLSocket} from remaining 058 * established. 059 */ 060 public abstract void verifySSLSocket(final String host, final int port, 061 final SSLSocket sslSocket) 062 throws LDAPException; 063}