KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > com > maverick > ssl > SSLTransportTrustManager


1 package com.maverick.ssl;
2
3 import java.io.File JavaDoc;
4 import java.io.FileInputStream JavaDoc;
5 import java.security.KeyStore JavaDoc;
6 import java.security.cert.CertPath JavaDoc;
7 import java.security.cert.CertPathValidator JavaDoc;
8 import java.security.cert.CertPathValidatorResult JavaDoc;
9 import java.security.cert.CertificateException JavaDoc;
10 import java.security.cert.CertificateFactory JavaDoc;
11 import java.security.cert.PKIXCertPathValidatorResult JavaDoc;
12 import java.security.cert.PKIXParameters JavaDoc;
13 import java.security.cert.TrustAnchor JavaDoc;
14 import java.security.cert.X509Certificate JavaDoc;
15 import java.util.Arrays JavaDoc;
16
17 import javax.net.ssl.X509TrustManager;
18
19
20 public class SSLTransportTrustManager implements X509TrustManager {
21     
22     private KeyStore JavaDoc trustcacerts;
23     
24  
25     public SSLTransportTrustManager() {
26         String JavaDoc filename = System.getProperty("java.home") + "/lib/security/cacerts".replace('/', File.separatorChar);
27         try {
28             FileInputStream JavaDoc is = new FileInputStream JavaDoc(filename);
29             trustcacerts = KeyStore.getInstance(KeyStore.getDefaultType());
30             String JavaDoc password = "changeit";
31             trustcacerts.load(is, password.toCharArray());
32
33         } catch (Exception JavaDoc e) {
34            
35         }
36     }
37
38     public void checkClientTrusted(X509Certificate JavaDoc[] chain, String JavaDoc authType) throws CertificateException JavaDoc {
39         throw new CertificateException JavaDoc("Client certs are not trusted by the custom SSL trust manager.");
40     }
41
42     public void checkServerTrusted(X509Certificate JavaDoc[] chain, String JavaDoc authType) throws CertificateException JavaDoc {
43         /**
44          * Check the Maverick system property
45          */

46         if("true".equalsIgnoreCase(System.getProperty("com.maverick.ssl.allowUntrustedCertificates")))
47             return;
48         
49         /**
50          * If we got this far then the certificate was not in our trust store so
51          * lets check the java cacerts store.
52          */

53
54         if (trustcacerts == null) {
55             throw new CertificateException JavaDoc("No trust store found!");
56         } else {
57             try {
58                 CertificateFactory JavaDoc certFact = CertificateFactory.getInstance("X.509");
59                 CertPath JavaDoc path = certFact.generateCertPath(Arrays.asList(chain));
60                 PKIXParameters JavaDoc params = new PKIXParameters JavaDoc(trustcacerts);
61                 params.setRevocationEnabled(false);
62                 CertPathValidator JavaDoc certPathValidator = CertPathValidator.getInstance(CertPathValidator.getDefaultType());
63                 CertPathValidatorResult JavaDoc result = certPathValidator.validate(path, params);
64                 PKIXCertPathValidatorResult JavaDoc pkixResult = (PKIXCertPathValidatorResult JavaDoc) result;
65                 TrustAnchor JavaDoc ta = pkixResult.getTrustAnchor();
66                 X509Certificate JavaDoc cert = ta.getTrustedCert();
67                 return;
68             } catch (Exception JavaDoc e) {
69             }
70         }
71
72         throw new CertificateException JavaDoc("Certificate chain is not trusted");
73     }
74
75     public X509Certificate JavaDoc[] getAcceptedIssuers() {
76         return null;
77     }
78 }
79
Popular Tags