EasyX509TrustManager xref

View Javadoc

1   /*
2    * ====================================================================
3    *
4    * The Apache Software License, Version 1.1
5    *
6    * Copyright (c) 2002-2003 The Apache Software Foundation.  All rights
7    * reserved.
8    *
9    * Redistribution and use in source and binary forms, with or without
10   * modification, are permitted provided that the following conditions
11   * are met:
12   *
13   * 1. Redistributions of source code must retain the above copyright
14   *    notice, this list of conditions and the following disclaimer.
15   *
16   * 2. Redistributions in binary form must reproduce the above copyright
17   *    notice, this list of conditions and the following disclaimer in
18   *    the documentation and/or other materials provided with the
19   *    distribution.
20   *
21   * 3. The end-user documentation included with the redistribution, if
22   *    any, must include the following acknowlegement:
23   *       "This product includes software developed by the
24   *        Apache Software Foundation (http://www.apache.org/)."
25   *    Alternately, this acknowlegement may appear in the software itself,
26   *    if and wherever such third-party acknowlegements normally appear.
27   *
28   * 4. The names "The Jakarta Project", "Commons", and "Apache Software
29   *    Foundation" must not be used to endorse or promote products derived
30   *    from this software without prior written permission. For written
31   *    permission, please contact apache@apache.org.
32   *
33   * 5. Products derived from this software may not be called "Apache"
34   *    nor may "Apache" appear in their names without prior written
35   *    permission of the Apache Group.
36   *
37   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
38   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
39   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
40   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
41   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
43   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
44   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
45   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
46   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
47   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
48   * SUCH DAMAGE.
49   * ====================================================================
50   *
51   * This software consists of voluntary contributions made by many
52   * individuals on behalf of the Apache Software Foundation.  For more
53   * information on the Apache Software Foundation, please see
54   * <http://www.apache.org/>.
55   *
56   * [Additional notices, if required by prior licensing conditions]
57   *
58   */
59  
60  package org.apache.commons.httpclient.contrib.ssl;
61  
62  import java.security.KeyStore;
63  import java.security.KeyStoreException;
64  import java.security.NoSuchAlgorithmException;
65  import java.security.cert.CertificateException;
66  import java.security.cert.X509Certificate;
67  
68  import com.sun.net.ssl.TrustManagerFactory;
69  import com.sun.net.ssl.TrustManager;
70  import com.sun.net.ssl.X509TrustManager;
71  import org.apache.commons.logging.Log; 
72  import org.apache.commons.logging.LogFactory;
73  
74  /***
75   * <p>
76   * EasyX509TrustManager unlike default {@link X509TrustManager} accepts 
77   * self-signed certificates. 
78   * </p>
79   * <p>
80   * This trust manager SHOULD NOT be used for productive systems 
81   * due to security reasons, unless it is a concious decision and 
82   * you are perfectly aware of security implications of accepting 
83   * self-signed certificates
84   * </p>
85   * 
86   * @author <a href="mailto:adrian.sutton@ephox.com">Adrian Sutton</a>
87   * @author <a href="mailto:oleg@ural.ru">Oleg Kalnichevski</a>
88   * 
89   * DISCLAIMER: HttpClient developers DO NOT actively support this component.
90   * The component is provided as a reference material, which may be inappropriate
91   * to be used without additional customization.
92   */
93  
94  public class EasyX509TrustManager implements X509TrustManager
95  {
96      private X509TrustManager standardTrustManager = null;
97  
98      /*** Log object for this class. */
99      private static final Log LOG = LogFactory.getLog(EasyX509TrustManager.class);
100 
101     /***
102      * Constructor for EasyX509TrustManager.
103      */
104     public EasyX509TrustManager(KeyStore keystore) throws NoSuchAlgorithmException, KeyStoreException {
105         super();
106         TrustManagerFactory factory = TrustManagerFactory.getInstance("SunX509");
107         factory.init(keystore);
108         TrustManager[] trustmanagers = factory.getTrustManagers();
109         if (trustmanagers.length == 0) {
110             throw new NoSuchAlgorithmException("SunX509 trust manager not supported");
111         }
112         this.standardTrustManager = (X509TrustManager)trustmanagers[0];
113     }
114 
115     /***
116      * @see com.sun.net.ssl.X509TrustManager#isClientTrusted(X509Certificate[])
117      */
118     public boolean isClientTrusted(X509Certificate[] certificates) {
119         return this.standardTrustManager.isClientTrusted(certificates);
120     }
121 
122     /***
123      * @see com.sun.net.ssl.X509TrustManager#isServerTrusted(X509Certificate[])
124      */
125     public boolean isServerTrusted(X509Certificate[] certificates) {
126         if ((certificates != null) && LOG.isDebugEnabled()) {
127             LOG.debug("Server certificate chain:");
128             for (int i = 0; i < certificates.length; i++) {
129                 LOG.debug("X509Certificate[" + i + "]=" + certificates[i]);
130             }
131         }
132         if ((certificates != null) && (certificates.length == 1)) {
133             X509Certificate certificate = certificates[0];
134             try {
135                 certificate.checkValidity(); 
136             }
137             catch (CertificateException e) {
138                 LOG.error(e.toString());
139                 return false;
140             }
141             return true;
142         } else {
143             return this.standardTrustManager.isServerTrusted(certificates);
144         }
145     }
146 
147     /***
148      * @see com.sun.net.ssl.X509TrustManager#getAcceptedIssuers()
149      */
150     public X509Certificate[] getAcceptedIssuers() {
151         return this.standardTrustManager.getAcceptedIssuers();
152     }
153 }