| Classes in this File | Line Coverage | Branch Coverage | Complexity | ||||
| EasyX509TrustManager |
|
| 2.75;2.75 |
| 1 | /* | |
| 2 | * ==================================================================== | |
| 3 | * | |
| 4 | * Licensed to the Apache Software Foundation (ASF) under one or more | |
| 5 | * contributor license agreements. See the NOTICE file distributed with | |
| 6 | * this work for additional information regarding copyright ownership. | |
| 7 | * The ASF licenses this file to You under the Apache License, Version 2.0 | |
| 8 | * (the "License"); you may not use this file except in compliance with | |
| 9 | * the License. You may obtain a copy of the License at | |
| 10 | * | |
| 11 | * http://www.apache.org/licenses/LICENSE-2.0 | |
| 12 | * | |
| 13 | * Unless required by applicable law or agreed to in writing, software | |
| 14 | * distributed under the License is distributed on an "AS IS" BASIS, | |
| 15 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| 16 | * See the License for the specific language governing permissions and | |
| 17 | * limitations under the License. | |
| 18 | * ==================================================================== | |
| 19 | * | |
| 20 | * This software consists of voluntary contributions made by many | |
| 21 | * individuals on behalf of the Apache Software Foundation. For more | |
| 22 | * information on the Apache Software Foundation, please see | |
| 23 | * <http://www.apache.org/>. | |
| 24 | * | |
| 25 | */ | |
| 26 | ||
| 27 | package org.apache.commons.httpclient.contrib.ssl; | |
| 28 | ||
| 29 | import java.security.KeyStore; | |
| 30 | import java.security.KeyStoreException; | |
| 31 | import java.security.NoSuchAlgorithmException; | |
| 32 | import java.security.cert.CertificateException; | |
| 33 | import java.security.cert.X509Certificate; | |
| 34 | ||
| 35 | import javax.net.ssl.TrustManagerFactory; | |
| 36 | import javax.net.ssl.TrustManager; | |
| 37 | import javax.net.ssl.X509TrustManager; | |
| 38 | import org.apache.commons.logging.Log; | |
| 39 | import org.apache.commons.logging.LogFactory; | |
| 40 | ||
| 41 | /** | |
| 42 | * <p> | |
| 43 | * EasyX509TrustManager unlike default {@link X509TrustManager} accepts | |
| 44 | * self-signed certificates. | |
| 45 | * </p> | |
| 46 | * <p> | |
| 47 | * This trust manager SHOULD NOT be used for productive systems | |
| 48 | * due to security reasons, unless it is a concious decision and | |
| 49 | * you are perfectly aware of security implications of accepting | |
| 50 | * self-signed certificates | |
| 51 | * </p> | |
| 52 | * | |
| 53 | * @author <a href="mailto:adrian.sutton@ephox.com">Adrian Sutton</a> | |
| 54 | * @author <a href="mailto:oleg@ural.ru">Oleg Kalnichevski</a> | |
| 55 | * | |
| 56 | * <p> | |
| 57 | * DISCLAIMER: HttpClient developers DO NOT actively support this component. | |
| 58 | * The component is provided as a reference material, which may be inappropriate | |
| 59 | * for use without additional customization. | |
| 60 | * </p> | |
| 61 | */ | |
| 62 | ||
| 63 | public class EasyX509TrustManager implements X509TrustManager | |
| 64 | { | |
| 65 | 0 | private X509TrustManager standardTrustManager = null; |
| 66 | ||
| 67 | /** Log object for this class. */ | |
| 68 | 0 | private static final Log LOG = LogFactory.getLog(EasyX509TrustManager.class); |
| 69 | ||
| 70 | /** | |
| 71 | * Constructor for EasyX509TrustManager. | |
| 72 | */ | |
| 73 | public EasyX509TrustManager(KeyStore keystore) throws NoSuchAlgorithmException, KeyStoreException { | |
| 74 | 0 | super(); |
| 75 | 0 | TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); |
| 76 | 0 | factory.init(keystore); |
| 77 | 0 | TrustManager[] trustmanagers = factory.getTrustManagers(); |
| 78 | 0 | if (trustmanagers.length == 0) { |
| 79 | 0 | throw new NoSuchAlgorithmException("no trust manager found"); |
| 80 | } | |
| 81 | 0 | this.standardTrustManager = (X509TrustManager)trustmanagers[0]; |
| 82 | 0 | } |
| 83 | ||
| 84 | /** | |
| 85 | * @see javax.net.ssl.X509TrustManager#checkClientTrusted(X509Certificate[],String authType) | |
| 86 | */ | |
| 87 | public void checkClientTrusted(X509Certificate[] certificates,String authType) throws CertificateException { | |
| 88 | 0 | standardTrustManager.checkClientTrusted(certificates,authType); |
| 89 | 0 | } |
| 90 | ||
| 91 | /** | |
| 92 | * @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[],String authType) | |
| 93 | */ | |
| 94 | public void checkServerTrusted(X509Certificate[] certificates,String authType) throws CertificateException { | |
| 95 | 0 | if ((certificates != null) && LOG.isDebugEnabled()) { |
| 96 | 0 | LOG.debug("Server certificate chain:"); |
| 97 | 0 | for (int i = 0; i < certificates.length; i++) { |
| 98 | 0 | LOG.debug("X509Certificate[" + i + "]=" + certificates[i]); |
| 99 | } | |
| 100 | } | |
| 101 | 0 | if ((certificates != null) && (certificates.length == 1)) { |
| 102 | 0 | certificates[0].checkValidity(); |
| 103 | } else { | |
| 104 | 0 | standardTrustManager.checkServerTrusted(certificates,authType); |
| 105 | } | |
| 106 | 0 | } |
| 107 | ||
| 108 | /** | |
| 109 | * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers() | |
| 110 | */ | |
| 111 | public X509Certificate[] getAcceptedIssuers() { | |
| 112 | 0 | return this.standardTrustManager.getAcceptedIssuers(); |
| 113 | } | |
| 114 | } |