|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
public interface TlsCallbacks
Callback interface for TLS certificate exceptions.
An instance of this interface may be passed to
TlsConfiguration.setCallbacks(TlsCallbacks) or to
TlsConfiguration.setDefaultCallbacks(TlsCallbacks) to provide
customized handling of missing or mismatched TLS server certicates
encountered while attempting to make TLS connections to a ZOS server.
The TlsCallbacks.onCertificateNotFound(SocketAddress,PemCertificate) method
is invoked when the ZOS server returns a server certificate and there is
currently no certificate found for that server. If this method returns
false then a certificate exception is thrown on the client,
otherwise, the code for this method can "accept" the certificate, possibly
with user warnings and a confirmation dialog before returning true
to indicate that the certificate is "OK".
The TlsCallbacks.onCertificateMismatch(SocketAddress,PemCertificate,PemCertificate) method
is invoked when the ZOS server returns a server certificate that does
not correctly match the current certificate held by the client. This
exception is a more severe error than "not found" since it indicates a
possible spoofing attempt by a "man in the middle". It is recommended
that implementations of this callback method default to returning
false unless the user or administrator very specifically
indicates a willingness to accept the new certificate.
| Method Summary | |
|---|---|
boolean |
onCertificateMismatch(SocketAddress peer,
PemCertificate peerCert,
PemCertificate refCert)
Callback method invoked upon receiving a mismatched server certificate. |
boolean |
onCertificateNotFound(SocketAddress peer,
PemCertificate peerCert)
Callback method invoked upon receiving a new, unknown certificate. |
| Method Detail |
|---|
boolean onCertificateNotFound(SocketAddress peer,
PemCertificate peerCert)
Invoked when the ZOS server returns a server certificate and there is
currently no certificate found for that server. If this method returns
false then a certificate exception is thrown on the client,
otherwise, the code for this method can "accept" the certificate, possibly
with user warnings and a confirmation dialog before returning true
to indicate that the certificate is "OK".
peer - The connected socket address for the remote ZOS server.peerCert - The server certificate presented by the remote ZOS server.
true, then the client TLS engine should "accept" the
new certificate. Otherwise the client will throw a certificate
exception.
boolean onCertificateMismatch(SocketAddress peer,
PemCertificate peerCert,
PemCertificate refCert)
Invoked when the ZOS server returns a server certificate that does
not correctly match the current certificate held by the client. This
exception is a more severe error than "not found" since it indicates a
possible spoofing attempt by a "man in the middle". It is recommended
that implementations of this callback method default to returning
false unless the user or administrator very specifically
indicates a willingness to accept the new certificate.
peer - The connected socket address for the remote ZOS server.peerCert - The server certificate presented by the remote ZOS server.refCert - The non-matching server certificate currently cached by the client.
true, then the client TLS engine should "accept" the
new certificate. Otherwise the client will throw a certificate
exception.
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||