EasyX509TrustManager


1   /*
2    * ====================================================================
3    *
4    *  Copyright 2002-2004 The Apache Software Foundation
5    *
6    *  Licensed under the Apache License, Version 2.0 (the "License");
7    *  you may not use this file except in compliance with the License.
8    *  You may obtain a copy of the License at
9    *
10   *      http://www.apache.org/licenses/LICENSE-2.0
11   *
12   *  Unless required by applicable law or agreed to in writing, software
13   *  distributed under the License is distributed on an "AS IS" BASIS,
14   *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   *  See the License for the specific language governing permissions and
16   *  limitations under the License.
17   * ====================================================================
18   *
19   * This software consists of voluntary contributions made by many
20   * individuals on behalf of the Apache Software Foundation.  For more
21   * information on the Apache Software Foundation, please see
22   * <http://www.apache.org/>.
23   *
24   */
25  
26  package org.apache.commons.httpclient.contrib.ssl;
27  
28  import java.security.KeyStore  ;
29  import java.security.KeyStoreException  ;
30  import java.security.NoSuchAlgorithmException  ;
31  import java.security.cert.CertificateException  ;
32  import java.security.cert.X509Certificate  ;
33  
34  import javax.net.ssl.TrustManagerFactory;
35  import javax.net.ssl.TrustManager;
36  import javax.net.ssl.X509TrustManager;
37  import org.apache.commons.logging.Log; 
38  import org.apache.commons.logging.LogFactory;
39  
40  /**
41   * <p>
42   * EasyX509TrustManager unlike default {@link X509TrustManager} accepts 
43   * self-signed certificates. 
44   * </p>
45   * <p>
46   * This trust manager SHOULD NOT be used for productive systems 
47   * due to security reasons, unless it is a concious decision and 
48   * you are perfectly aware of security implications of accepting 
49   * self-signed certificates
50   * </p>
51   * 
52   * @author <a HREF="mailto:adrian.sutton@ephox.com">Adrian Sutton</a>
53   * @author <a HREF="mailto:oleg@ural.ru">Oleg Kalnichevski</a>
54   * 
55   * <p>
56   * DISCLAIMER: HttpClient developers DO NOT actively support this component.
57   * The component is provided as a reference material, which may be inappropriate
58   * for use without additional customization.
59   * </p>
60   */
61  
62  public class EasyX509TrustManager implements X509TrustManager
63  {
64      private X509TrustManager standardTrustManager = null;
65  
66      /** Log object for this class. */
67      private static final Log LOG = LogFactory.getLog(EasyX509TrustManager.class);
68  
69      /**
70       * Constructor for EasyX509TrustManager.
71       */
72      public EasyX509TrustManager(KeyStore   keystore) throws NoSuchAlgorithmException  , KeyStoreException   {
73          super();
74          TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
75          factory.init(keystore);
76          TrustManager[] trustmanagers = factory.getTrustManagers();
77          if (trustmanagers.length == 0) {
78              throw new NoSuchAlgorithmException  ("no trust manager found");
79          }
80          this.standardTrustManager = (X509TrustManager)trustmanagers[0];
81      }
82  
83      /**
84       * @see javax.net.ssl.X509TrustManager#checkClientTrusted(X509Certificate[],String authType)
85       */
86      public void checkClientTrusted(X509Certificate  [] certificates,String   authType) throws CertificateException   {
87          standardTrustManager.checkClientTrusted(certificates,authType);
88      }
89  
90      /**
91       * @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[],String authType)
92       */
93      public void checkServerTrusted(X509Certificate  [] certificates,String   authType) throws CertificateException   {
94          if ((certificates != null) && LOG.isDebugEnabled()) {
95              LOG.debug("Server certificate chain:");
96              for (int i = 0; i < certificates.length; i++) {
97                  LOG.debug("X509Certificate[" + i + "]=" + certificates[i]);
98              }
99          }
100         if ((certificates != null) && (certificates.length == 1)) {
101             certificates[0].checkValidity();
102         } else {
103             standardTrustManager.checkServerTrusted(certificates,authType);
104         }
105     }
106 
107     /**
108      * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers()
109      */
110     public X509Certificate  [] getAcceptedIssuers() {
111         return this.standardTrustManager.getAcceptedIssuers();
112     }
113 }
114
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags