001    /*
002     * Copyright 2014-2016 UnboundID Corp.
003     * All Rights Reserved.
004     */
005    /*
006     * Copyright (C) 2014-2016 UnboundID Corp.
007     *
008     * This program is free software; you can redistribute it and/or modify
009     * it under the terms of the GNU General Public License (GPLv2 only)
010     * or the terms of the GNU Lesser General Public License (LGPLv2.1 only)
011     * as published by the Free Software Foundation.
012     *
013     * This program is distributed in the hope that it will be useful,
014     * but WITHOUT ANY WARRANTY; without even the implied warranty of
015     * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
016     * GNU General Public License for more details.
017     *
018     * You should have received a copy of the GNU General Public License
019     * along with this program; if not, see <http://www.gnu.org/licenses>.
020     */
021    package com.unboundid.util.ssl;
022    
023    
024    
025    import javax.net.ssl.SSLSocket;
026    
027    import com.unboundid.ldap.sdk.LDAPException;
028    
029    
030    
031    /**
032     * This class defines an API that will be invoked immediately after establishing
033     * a connection using {@code SSLSocket} (whether by establishing a connection
034     * that is initially secure or by wrapping an existing insecure connection in an
035     * {@code SSLSocket}).  It may be used to terminate the connection if it is
036     * determined that the connection should not be trusted for some reason.
037     */
038    public abstract class SSLSocketVerifier
039    {
040      /**
041       * Verifies that the provided {@code SSLSocket} is acceptable and the
042       * connection should be allowed to remain established.
043       *
044       * @param  host              The address to which the client intended the
045       *                           connection to be established.
046       * @param  port              The port to which the client intended the
047       *                           connection to be established.
048       * @param  sslSocket         The {@code SSLSocket} that was created and should
049       *                           be verified.
050       *
051       * @throws  LDAPException  If a problem is identified that should prevent the
052       *                         provided {@code SSLSocket} from remaining
053       *                         established.
054       */
055      public abstract void verifySSLSocket(final String host, final int port,
056                                           final SSLSocket sslSocket)
057             throws LDAPException;
058    }