001/* 002 * Copyright 2014-2020 Ping Identity Corporation 003 * All Rights Reserved. 004 */ 005/* 006 * Copyright 2014-2020 Ping Identity Corporation 007 * 008 * Licensed under the Apache License, Version 2.0 (the "License"); 009 * you may not use this file except in compliance with the License. 010 * You may obtain a copy of the License at 011 * 012 * http://www.apache.org/licenses/LICENSE-2.0 013 * 014 * Unless required by applicable law or agreed to in writing, software 015 * distributed under the License is distributed on an "AS IS" BASIS, 016 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 017 * See the License for the specific language governing permissions and 018 * limitations under the License. 019 */ 020/* 021 * Copyright (C) 2014-2020 Ping Identity Corporation 022 * 023 * This program is free software; you can redistribute it and/or modify 024 * it under the terms of the GNU General Public License (GPLv2 only) 025 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only) 026 * as published by the Free Software Foundation. 027 * 028 * This program is distributed in the hope that it will be useful, 029 * but WITHOUT ANY WARRANTY; without even the implied warranty of 030 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 031 * GNU General Public License for more details. 032 * 033 * You should have received a copy of the GNU General Public License 034 * along with this program; if not, see <http://www.gnu.org/licenses>. 035 */ 036package com.unboundid.util.ssl; 037 038 039 040import javax.net.ssl.SSLSocket; 041 042import com.unboundid.ldap.sdk.LDAPException; 043import com.unboundid.util.Extensible; 044import com.unboundid.util.ThreadSafety; 045import com.unboundid.util.ThreadSafetyLevel; 046 047 048 049/** 050 * This class defines an API that will be invoked immediately after establishing 051 * a connection using {@code SSLSocket} (whether by establishing a connection 052 * that is initially secure or by wrapping an existing insecure connection in an 053 * {@code SSLSocket}). It may be used to terminate the connection if it is 054 * determined that the connection should not be trusted for some reason. 055 */ 056@Extensible() 057@ThreadSafety(level=ThreadSafetyLevel.INTERFACE_THREADSAFE) 058public abstract class SSLSocketVerifier 059{ 060 /** 061 * Verifies that the provided {@code SSLSocket} is acceptable and the 062 * connection should be allowed to remain established. 063 * 064 * @param host The address to which the client intended the 065 * connection to be established. 066 * @param port The port to which the client intended the 067 * connection to be established. 068 * @param sslSocket The {@code SSLSocket} that was created and should 069 * be verified. 070 * 071 * @throws LDAPException If a problem is identified that should prevent the 072 * provided {@code SSLSocket} from remaining 073 * established. 074 */ 075 public abstract void verifySSLSocket(String host, int port, 076 SSLSocket sslSocket) 077 throws LDAPException; 078}