001    /*
002     * Copyright 2014-2015 UnboundID Corp.
003     * All Rights Reserved.
004     */
005    /*
006     * Copyright (C) 2014-2015 UnboundID Corp.
007     *
008     * This program is free software; you can redistribute it and/or modify
009     * it under the terms of the GNU General Public License (GPLv2 only)
010     * or the terms of the GNU Lesser General Public License (LGPLv2.1 only)
011     * as published by the Free Software Foundation.
012     *
013     * This program is distributed in the hope that it will be useful,
014     * but WITHOUT ANY WARRANTY; without even the implied warranty of
015     * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
016     * GNU General Public License for more details.
017     *
018     * You should have received a copy of the GNU General Public License
019     * along with this program; if not, see <http://www.gnu.org/licenses>.
020     */
021    package com.unboundid.util.ssl;
022    
023    
024    
025    import javax.net.ssl.SSLSocket;
026    
027    import com.unboundid.ldap.sdk.LDAPException;
028    import com.unboundid.util.Extensible;
029    import com.unboundid.util.ThreadSafety;
030    import com.unboundid.util.ThreadSafetyLevel;
031    
032    
033    
034    /**
035     * This class defines an API that will be invoked immediately after establishing
036     * a connection using {@code SSLSocket} (whether by establishing a connection
037     * that is initially secure or by wrapping an existing insecure connection in an
038     * {@code SSLSocket}).  It may be used to terminate the connection if it is
039     * determined that the connection should not be trusted for some reason.
040     */
041    @Extensible()
042    @ThreadSafety(level=ThreadSafetyLevel.INTERFACE_THREADSAFE)
043    public abstract class SSLSocketVerifier
044    {
045      /**
046       * Verifies that the provided {@code SSLSocket} is acceptable and the
047       * connection should be allowed to remain established.
048       *
049       * @param  host              The address to which the client intended the
050       *                           connection to be established.
051       * @param  port              The port to which the client intended the
052       *                           connection to be established.
053       * @param  sslSocket         The {@code SSLSocket} that was created and should
054       *                           be verified.
055       *
056       * @throws  LDAPException  If a problem is identified that should prevent the
057       *                         provided {@code SSLSocket} from remaining
058       *                         established.
059       */
060      public abstract void verifySSLSocket(final String host, final int port,
061                                           final SSLSocket sslSocket)
062             throws LDAPException;
063    }