public class SSLFTPStandardValidator extends java.lang.Object implements SSLFTPValidator
Standard server certificate validator (SSLFTPValidator
). This
validator performs the following validation tests:
SSLFTPClient.getRootCertificateStore()
).
or (2) server validation has been switched off
see SSLFTPClient.setValidateServer(boolean)
).
The second test, host-name checking, is sometimes problematic and may be disabled by passing a flag to the constructor. This, however, is strongly discouraged and should be done only if the FTPS server's certificate cannot be configured so that its CN parameter contains its host-name.
Be warned that disabling host-name checking opens the opportunity for man-in-the-middle attacks. This scenario is when an attacker has stolen the certificate and private key of a server, and then set up another server using these with the aim of impersonating the former. Since internet naming is such that only one server can have a particular host-name, it is very difficult for the attacker to make their host-name match the host-name on the certificate. However, if the host-name is not matched with the name on the certificate then this possibility opens.
Modifier and Type | Field and Description |
---|---|
protected boolean |
hostNameCheckingEnabled
Flag indicating whether or not host-name checking is enabled.
|
static int |
MAX_CERTIFICATE_CHAIN_LENGTH
Maximum allowed length of the certificate chain.
|
protected SSLFTPCertificateStore |
rootCertificateStore
Reference to SSLFTPClient's root certificate store.
|
protected java.lang.String[] |
serverCommonNames
Name with which the certificate's CommonName (CN) will be compared.
|
Constructor and Description |
---|
SSLFTPStandardValidator()
Default constructor.
|
SSLFTPStandardValidator(boolean checkHostNames)
Creates a standard validator with host-name checking enabled or disabled
depending on the setting of the
hostNameCheckingEnabled
flag. |
SSLFTPStandardValidator(java.lang.String serverCommonName)
Creates a standard validator that will compare the CommonName on the
server certificate with the given string rather than the host-name.
|
SSLFTPStandardValidator(java.lang.String[] serverCommonNames)
Creates a standard validator that will compare the CommonName on the
server certificate each of the names in the given array rather than the host-name.
|
Modifier and Type | Method and Description |
---|---|
protected boolean |
checkChainLength(int chainLength)
Checks the length of the certificate-chain, but making sure that it is
less than or equal to
MAX_CERTIFICATE_CHAIN_LENGTH . |
protected boolean |
checkCommonName(java.lang.String certCommonName,
java.lang.String serverHostName)
Checks that the common name is the same as the server's host-name or
(alternatively) one of the names passed into the constructor.
|
protected boolean |
checkDateRange(java.util.Date validFrom,
java.util.Date validUntil)
Checks that today's date falls between
validFrom and
validTo . |
boolean |
validateServerCertificate(boolean recommendValidate,
java.util.Vector certificateChain,
java.lang.String serverHostName)
Applies the validation tests described in the class description (see
above) and throws an exception if any of them fail.
|
public static int MAX_CERTIFICATE_CHAIN_LENGTH
protected boolean hostNameCheckingEnabled
protected java.lang.String[] serverCommonNames
protected SSLFTPCertificateStore rootCertificateStore
public SSLFTPStandardValidator()
public SSLFTPStandardValidator(java.lang.String serverCommonName)
serverCommonName
- Name with which the certificate's CommonName (CN) will be compared.public SSLFTPStandardValidator(java.lang.String[] serverCommonNames)
serverCommonName
- Name with which the certificate's CommonName (CN) will be compared.public SSLFTPStandardValidator(boolean checkHostNames)
hostNameCheckingEnabled
flag. Disabling host-name checking is strongly discouraged and
should be done only if the FTPS server's certificate cannot be
configured so that its CN parameter contains its host-name.
Disabling host-name checking opens the opportunity for man-in-the-middle attacks. This scenario is when an attacker has stolen the certificate and private key of a server, and then set up another server using these with the aim of impersonating the former. Since internet naming is such that only one server can have a particular host-name, it is very difficult for the attacker to make their host-name match the host-name on the certificate. However, if the host-name is not matched with the name on the certificate then this possibility opens.
checkHostNames
- Determines if host-names should be checked.protected boolean checkChainLength(int chainLength)
MAX_CERTIFICATE_CHAIN_LENGTH
.
Code:
protected boolean checkChainLength(int chainLength) { return chainLength <= MAX_CERTIFICATE_CHAIN_LENGTH; }
chainLength
- Length of the certificate chain.true
if the chain is less than or equal to MAX_CERTIFICATE_CHAIN_LENGTH
.protected boolean checkCommonName(java.lang.String certCommonName, java.lang.String serverHostName)
Code:
if (serverCommonNames==null || !hostNameCheckingEnabled) { return certCommonName.toLowerCase().equals(serverHostName.toLowerCase()); } else { for (int i=0; iwhere serverCommonNames is the array of name that are optionally specified in the constructor.
certCommonName
- The CN (Common Name) attribute of the server certificates subject.serverHostName
- The server's hostname.commonName
and serverHostName
or (alternatively) one of the names passed into
the constructor.protected boolean checkDateRange(java.util.Date validFrom, java.util.Date validUntil)
validFrom
and
validTo
.
Code:
protected boolean checkDateRange(Date validFrom, Date validUntil) { Date today = new Date(); return !today.before(validFrom) && !today.after(validUntil); }
validFrom
- Date that the server's certificate is valid from.validUntil
- Date that the server's certificate is valid from until.public boolean validateServerCertificate(boolean recommendValidate, java.util.Vector certificateChain, java.lang.String serverHostName) throws SSLFTPException
public boolean validateServerCertificate( boolean recommendValidate, Vector certificateChain, String serverHostName) throws SSLFTPException { if (!recommendValidate) return false; if (!checkChainLength(certificateChain.size())) throw new SSLFTPException(...error message...); SSLFTPCertificate serverCertificate = (SSLFTPCertificate) certificateChain.lastElement(); String commonName = serverCertificate.getSubjectName().getCommonName(); if (!checkCommonName(commonName, serverHostName)) throw new SSLFTPException(...error message...); if (!checkDateRange(serverCertificate.getValidityNotBefore(), serverCertificate.getValidityNotAfter())) throw new SSLFTPException(...error message...); return true; }
validateServerCertificate
in interface SSLFTPValidator
recommendValidate
- flag indicating whether the client recommends
that the certificate should be accepted. It will be
true
if the (1) the server's certificate was
verified from the root certificates store (see
SSLFTPClient.getRootCertificateStore()
).
or (2) server validation has been switched off
see SSLFTPClient.setValidateServer(boolean)
).certificateChain
- chain of certificates (SSLFTPCertificate
objects) with the server's certificate appearing last and the
root certificate issuer (usually a Certificate Authority -
CA) appearing first. Under most circumstances, the vector has
only 2 elements; the certificate of the CA and the
certificate of the server.serverHostName
- the host-name of the server that we are connected to.true
if the certificate is valid. If the certificate
is invalid then the method should either return false
or throw
an SSLFTPException
with details describing the failure.
If false
is returned then a generic server certificate validation
failure exception will be thrown.SSLFTPException
- Thrown if the certificate is found to be invalid.Copyright © 2001-2014 Enterprise Distributed Technologies Ltd. All Rights Reserved.