1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16 package org.apache.commons.httpclient.contrib.ssl;
17
18 import java.security.KeyStore;
19 import java.security.KeyStoreException;
20 import java.security.NoSuchAlgorithmException;
21 import java.security.cert.CertificateException;
22 import java.security.cert.X509Certificate;
23
24 import javax.net.ssl.TrustManagerFactory;
25 import javax.net.ssl.TrustManager;
26 import javax.net.ssl.X509TrustManager;
27 import org.apache.commons.logging.Log;
28 import org.apache.commons.logging.LogFactory;
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52 public class EasyX509TrustManager implements X509TrustManager
53 {
54 private X509TrustManager standardTrustManager = null;
55
56
57 private static final Log LOG = LogFactory.getLog(EasyX509TrustManager.class);
58
59
60
61
62 public EasyX509TrustManager(KeyStore keystore) throws NoSuchAlgorithmException, KeyStoreException {
63 super();
64 TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
65 factory.init(keystore);
66 TrustManager[] trustmanagers = factory.getTrustManagers();
67 if (trustmanagers.length == 0) {
68 throw new NoSuchAlgorithmException("no trust manager found");
69 }
70 this.standardTrustManager = (X509TrustManager)trustmanagers[0];
71 }
72
73
74
75
76 public void checkClientTrusted(X509Certificate[] certificates,String authType) throws CertificateException {
77 standardTrustManager.checkClientTrusted(certificates,authType);
78 }
79
80
81
82
83 public void checkServerTrusted(X509Certificate[] certificates,String authType) throws CertificateException {
84 if ((certificates != null) && LOG.isDebugEnabled()) {
85 LOG.debug("Server certificate chain:");
86 for (int i = 0; i < certificates.length; i++) {
87 LOG.debug("X509Certificate[" + i + "]=" + certificates[i]);
88 }
89 }
90 if ((certificates != null) && (certificates.length == 1)) {
91 certificates[0].checkValidity();
92 } else {
93 standardTrustManager.checkServerTrusted(certificates,authType);
94 }
95 }
96
97
98
99
100 public X509Certificate[] getAcceptedIssuers() {
101 return this.standardTrustManager.getAcceptedIssuers();
102 }
103 }