|
|
|
/*
|
|
|
|
* ====================================================================
|
|
|
|
*
|
|
|
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
|
|
|
* contributor license agreements. See the NOTICE file distributed with
|
|
|
|
* this work for additional information regarding copyright ownership.
|
|
|
|
* The ASF licenses this file to You under the Apache License, Version 2.0
|
|
|
|
* (the "License"); you may not use this file except in compliance with
|
|
|
|
* the License. You may obtain a copy of the License at
|
|
|
|
*
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
*
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
|
|
|
* ====================================================================
|
|
|
|
*
|
|
|
|
* This software consists of voluntary contributions made by many
|
|
|
|
* individuals on behalf of the Apache Software Foundation. For more
|
|
|
|
* information on the Apache Software Foundation, please see
|
|
|
|
* <http://www.apache.org/>.
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
|
|
|
/* CHANGES to original file
|
|
|
|
* ========================
|
|
|
|
* 2008-04-07 danielr: changed package from org.apache.commons.httpclient.contrib.ssl
|
|
|
|
*/
|
|
|
|
package de.anomic.http;
|
|
|
|
|
|
|
|
import java.security.KeyStore;
|
|
|
|
import java.security.KeyStoreException;
|
|
|
|
import java.security.NoSuchAlgorithmException;
|
|
|
|
import java.security.cert.CertificateException;
|
|
|
|
import java.security.cert.X509Certificate;
|
|
|
|
|
|
|
|
import javax.net.ssl.TrustManager;
|
|
|
|
import javax.net.ssl.TrustManagerFactory;
|
|
|
|
import javax.net.ssl.X509TrustManager;
|
|
|
|
|
|
|
|
import org.apache.commons.logging.Log;
|
|
|
|
import org.apache.commons.logging.LogFactory;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* <p>
|
|
|
|
* EasyX509TrustManager unlike default {@link X509TrustManager} accepts
|
|
|
|
* self-signed certificates.
|
|
|
|
* </p>
|
|
|
|
* <p>
|
|
|
|
* This trust manager SHOULD NOT be used for productive systems
|
|
|
|
* due to security reasons, unless it is a concious decision and
|
|
|
|
* you are perfectly aware of security implications of accepting
|
|
|
|
* self-signed certificates
|
|
|
|
* </p>
|
|
|
|
*
|
|
|
|
* @author <a href="mailto:adrian.sutton@ephox.com">Adrian Sutton</a>
|
|
|
|
* @author <a href="mailto:oleg@ural.ru">Oleg Kalnichevski</a>
|
|
|
|
*
|
|
|
|
* <p>
|
|
|
|
* DISCLAIMER: HttpClient developers DO NOT actively support this component.
|
|
|
|
* The component is provided as a reference material, which may be inappropriate
|
|
|
|
* for use without additional customization.
|
|
|
|
* </p>
|
|
|
|
*/
|
|
|
|
|
|
|
|
public class EasyX509TrustManager implements X509TrustManager
|
|
|
|
{
|
|
|
|
private X509TrustManager standardTrustManager = null;
|
|
|
|
|
|
|
|
/** Log object for this class. */
|
|
|
|
private static final Log LOG = LogFactory.getLog(EasyX509TrustManager.class);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Constructor for EasyX509TrustManager.
|
|
|
|
*/
|
|
|
|
public EasyX509TrustManager(final KeyStore keystore) throws NoSuchAlgorithmException, KeyStoreException {
|
|
|
|
super();
|
|
|
|
final TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
|
|
|
|
factory.init(keystore);
|
|
|
|
final TrustManager[] trustmanagers = factory.getTrustManagers();
|
|
|
|
if (trustmanagers.length == 0) {
|
|
|
|
throw new NoSuchAlgorithmException("no trust manager found");
|
|
|
|
}
|
|
|
|
this.standardTrustManager = (X509TrustManager)trustmanagers[0];
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @see javax.net.ssl.X509TrustManager#checkClientTrusted(X509Certificate[],String authType)
|
|
|
|
*/
|
|
|
|
public void checkClientTrusted(final X509Certificate[] certificates,final String authType) throws CertificateException {
|
|
|
|
standardTrustManager.checkClientTrusted(certificates,authType);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[],String authType)
|
|
|
|
*/
|
|
|
|
public void checkServerTrusted(final X509Certificate[] certificates,final String authType) throws CertificateException {
|
|
|
|
if ((certificates != null) && LOG.isDebugEnabled()) {
|
|
|
|
LOG.debug("Server certificate chain:");
|
|
|
|
for (int i = 0; i < certificates.length; i++) {
|
|
|
|
LOG.debug("X509Certificate[" + i + "]=" + certificates[i]);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if ((certificates != null) && (certificates.length == 1)) {
|
|
|
|
certificates[0].checkValidity();
|
|
|
|
} else {
|
|
|
|
standardTrustManager.checkServerTrusted(certificates,authType);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @see javax.net.ssl.X509TrustManager#getAcceptedIssuers()
|
|
|
|
*/
|
|
|
|
public X509Certificate[] getAcceptedIssuers() {
|
|
|
|
return this.standardTrustManager.getAcceptedIssuers();
|
|
|
|
}
|
|
|
|
}
|