jdk-sandbox: comparison jdk/src/java.base/share/classes/javax/net/ssl/X509ExtendedTrustManager.java

equal deleted inserted replaced

-:0c7d705209c6
+:ec0224270f90
 /*
-* Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+* Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 import java.security.cert.X509Certificate;
 import java.security.cert.CertificateException;
 /**
-* Extensions to the <code>X509TrustManager</code> interface to support
+* Extensions to the {@code X509TrustManager} interface to support
-* SSL/TLS connection sensitive trust management.
+* SSL/TLS/DTLS connection sensitive trust management.
 * <p>
 * To prevent man-in-the-middle attacks, hostname checks can be done
 * to verify that the hostname in an end-entity certificate matches the
-* targeted hostname.  TLS does not require such checks, but some protocols
+* targeted hostname.  TLS/DTLS does not require such checks, but some
-* over TLS (such as HTTPS) do.  In earlier versions of the JDK, the
+* protocols over TLS/DTLS (such as HTTPS) do.  In earlier versions of the
-* certificate chain checks were done at the SSL/TLS layer, and the hostname
+* JDK, the certificate chain checks were done at the SSL/TLS/DTLS layer,
-* verification checks were done at the layer over TLS.  This class allows
+* and the hostname verification checks were done at the layer over TLS/DTLS.
-* for the checking to be done during a single call to this class.
+* This class allows for the checking to be done during a single call to
+* this class.
 * <p>
 * RFC 2830 defines the server identification specification for the "LDAPS"
 * algorithm. RFC 2818 defines both the server identification and the
 * client identification specification for the "HTTPS" algorithm.
 *
 * <p>
 * The authentication type is determined by the actual certificate
 * used. For instance, if RSAPublicKey is used, the authType
 * should be "RSA". Checking is case-sensitive.
 * <p>
-* If the <code>socket</code> parameter is an instance of
+* If the {@code socket} parameter is an instance of
 * {@link javax.net.ssl.SSLSocket}, and the endpoint identification
-* algorithm of the <code>SSLParameters</code> is non-empty, to prevent
+* algorithm of the {@code SSLParameters} is non-empty, to prevent
-* man-in-the-middle attacks, the address that the <code>socket</code>
+* man-in-the-middle attacks, the address that the {@code socket}
 * connected to should be checked against the peer's identity presented
 * in the end-entity X509 certificate, as specified in the endpoint
 * identification algorithm.
 * <p>
-* If the <code>socket</code> parameter is an instance of
+* If the {@code socket} parameter is an instance of
 * {@link javax.net.ssl.SSLSocket}, and the algorithm constraints of the
-* <code>SSLParameters</code> is non-null, for every certificate in the
+* {@code SSLParameters} is non-null, for every certificate in the
 * certification path, fields such as subject public key, the signature
 * algorithm, key usage, extended key usage, etc. need to conform to the
 * algorithm constraints in place on this socket.
 *
 * @param chain the peer certificate chain
 * @param authType the key exchange algorithm used
 * @param socket the socket used for this connection. This parameter
 *        can be null, which indicates that implementations need not check
 *        the ssl parameters
 * @throws IllegalArgumentException if null or zero-length array is passed
-*        in for the <code>chain</code> parameter or if null or zero-length
+*        in for the {@code chain} parameter or if null or zero-length
-*        string is passed in for the <code>authType</code> parameter
+*        string is passed in for the {@code authType} parameter
 * @throws CertificateException if the certificate chain is not trusted
 *        by this TrustManager
 *
 * @see SSLParameters#getEndpointIdentificationAlgorithm
 * @see SSLParameters#setEndpointIdentificationAlgorithm(String)
 * handshake. For instance, for TLS_RSA_EXPORT_WITH_RC4_40_MD5,
 * the authType should be RSA_EXPORT when an ephemeral RSA key is
 * used for the key exchange, and RSA when the key from the server
 * certificate is used. Checking is case-sensitive.
 * <p>
-* If the <code>socket</code> parameter is an instance of
+* If the {@code socket} parameter is an instance of
 * {@link javax.net.ssl.SSLSocket}, and the endpoint identification
-* algorithm of the <code>SSLParameters</code> is non-empty, to prevent
+* algorithm of the {@code SSLParameters} is non-empty, to prevent
-* man-in-the-middle attacks, the address that the <code>socket</code>
+* man-in-the-middle attacks, the address that the {@code socket}
 * connected to should be checked against the peer's identity presented
 * in the end-entity X509 certificate, as specified in the endpoint
 * identification algorithm.
 * <p>
-* If the <code>socket</code> parameter is an instance of
+* If the {@code socket} parameter is an instance of
 * {@link javax.net.ssl.SSLSocket}, and the algorithm constraints of the
-*  <code>SSLParameters</code> is non-null, for every certificate in the
+*  {@code SSLParameters} is non-null, for every certificate in the
 * certification path, fields such as subject public key, the signature
 * algorithm, key usage, extended key usage, etc. need to conform to the
 * algorithm constraints in place on this socket.
 *
 * @param chain the peer certificate chain
 * @param authType the key exchange algorithm used
 * @param socket the socket used for this connection. This parameter
 *        can be null, which indicates that implementations need not check
 *        the ssl parameters
 * @throws IllegalArgumentException if null or zero-length array is passed
-*        in for the <code>chain</code> parameter or if null or zero-length
+*        in for the {@code chain} parameter or if null or zero-length
-*        string is passed in for the <code>authType</code> parameter
+*        string is passed in for the {@code authType} parameter
 * @throws CertificateException if the certificate chain is not trusted
 *        by this TrustManager
 *
 * @see SSLParameters#getEndpointIdentificationAlgorithm
 * @see SSLParameters#setEndpointIdentificationAlgorithm(String)
 * <p>
 * The authentication type is determined by the actual certificate
 * used. For instance, if RSAPublicKey is used, the authType
 * should be "RSA". Checking is case-sensitive.
 * <p>
-* If the <code>engine</code> parameter is available, and the endpoint
+* If the {@code engine} parameter is available, and the endpoint
-* identification algorithm of the <code>SSLParameters</code> is
+* identification algorithm of the {@code SSLParameters} is
 * non-empty, to prevent man-in-the-middle attacks, the address that
-* the <code>engine</code> connected to should be checked against
+* the {@code engine} connected to should be checked against
 * the peer's identity presented in the end-entity X509 certificate,
 * as specified in the endpoint identification algorithm.
 * <p>
-* If the <code>engine</code> parameter is available, and the algorithm
+* If the {@code engine} parameter is available, and the algorithm
-* constraints of the <code>SSLParameters</code> is non-null, for every
+* constraints of the {@code SSLParameters} is non-null, for every
 * certificate in the certification path, fields such as subject public
 * key, the signature algorithm, key usage, extended key usage, etc.
 * need to conform to the algorithm constraints in place on this engine.
 *
 * @param chain the peer certificate chain
 * @param authType the key exchange algorithm used
 * @param engine the engine used for this connection. This parameter
 *        can be null, which indicates that implementations need not check
 *        the ssl parameters
 * @throws IllegalArgumentException if null or zero-length array is passed
-*        in for the <code>chain</code> parameter or if null or zero-length
+*        in for the {@code chain} parameter or if null or zero-length
-*        string is passed in for the <code>authType</code> parameter
+*        string is passed in for the {@code authType} parameter
 * @throws CertificateException if the certificate chain is not trusted
 *        by this TrustManager
 *
 * @see SSLParameters#getEndpointIdentificationAlgorithm
 * @see SSLParameters#setEndpointIdentificationAlgorithm(String)
 * handshake. For instance, for TLS_RSA_EXPORT_WITH_RC4_40_MD5,
 * the authType should be RSA_EXPORT when an ephemeral RSA key is
 * used for the key exchange, and RSA when the key from the server
 * certificate is used. Checking is case-sensitive.
 * <p>
-* If the <code>engine</code> parameter is available, and the endpoint
+* If the {@code engine} parameter is available, and the endpoint
-* identification algorithm of the <code>SSLParameters</code> is
+* identification algorithm of the {@code SSLParameters} is
 * non-empty, to prevent man-in-the-middle attacks, the address that
-* the <code>engine</code> connected to should be checked against
+* the {@code engine} connected to should be checked against
 * the peer's identity presented in the end-entity X509 certificate,
 * as specified in the endpoint identification algorithm.
 * <p>
-* If the <code>engine</code> parameter is available, and the algorithm
+* If the {@code engine} parameter is available, and the algorithm
-* constraints of the <code>SSLParameters</code> is non-null, for every
+* constraints of the {@code SSLParameters} is non-null, for every
 * certificate in the certification path, fields such as subject public
 * key, the signature algorithm, key usage, extended key usage, etc.
 * need to conform to the algorithm constraints in place on this engine.
 *
 * @param chain the peer certificate chain
 * @param authType the key exchange algorithm used
 * @param engine the engine used for this connection. This parameter
 *        can be null, which indicates that implementations need not check
 *        the ssl parameters
 * @throws IllegalArgumentException if null or zero-length array is passed
-*        in for the <code>chain</code> parameter or if null or zero-length
+*        in for the {@code chain} parameter or if null or zero-length
-*        string is passed in for the <code>authType</code> parameter
+*        string is passed in for the {@code authType} parameter
 * @throws CertificateException if the certificate chain is not trusted
 *        by this TrustManager
 *
 * @see SSLParameters#getEndpointIdentificationAlgorithm
 * @see SSLParameters#setEndpointIdentificationAlgorithm(String)

changeset 30904	ec0224270f90
parent 25859	3317bb8137f4