001/**
002 * Copyright 2005-2015 The Kuali Foundation
003 *
004 * Licensed under the Educational Community License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.opensource.org/licenses/ecl2.php
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016package org.apache.commons.httpclient.contrib.ssl;
017
018import org.apache.log4j.Logger;
019
020import java.security.KeyStore;
021import java.security.KeyStoreException;
022import java.security.NoSuchAlgorithmException;
023import java.security.cert.CertificateException;
024import java.security.cert.X509Certificate;
025
026import javax.net.ssl.TrustManagerFactory;
027import javax.net.ssl.TrustManager;
028import javax.net.ssl.X509TrustManager;
029
030/**
031 * <p>
032 * EasyX509TrustManager unlike default {@link X509TrustManager} accepts 
033 * self-signed certificates. 
034 * </p>
035 * <p>
036 * This trust manager SHOULD NOT be used for productive systems 
037 * due to security reasons, unless it is a concious decision and 
038 * you are perfectly aware of security implications of accepting 
039 * self-signed certificates
040 * </p>
041 * 
042 * @author <a href="mailto:adrian.sutton@ephox.com">Adrian Sutton</a>
043 * @author <a href="mailto:oleg@ural.ru">Oleg Kalnichevski</a>
044 * 
045 * <p>
046 * DISCLAIMER: HttpClient developers DO NOT actively support this component.
047 * The component is provided as a reference material, which may be inappropriate
048 * for use without additional customization.
049 * </p>
050 */
051
052public class EasyX509TrustManager implements X509TrustManager
053{
054    private X509TrustManager standardTrustManager = null;
055
056    /** Log object for this class. */
057    private static final Logger LOG = Logger.getLogger(EasyX509TrustManager.class);
058
059    /**
060     * Constructor for EasyX509TrustManager.
061     */
062    public EasyX509TrustManager(KeyStore keystore) throws NoSuchAlgorithmException, KeyStoreException {
063        super();
064        TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
065        factory.init(keystore);
066        TrustManager[] trustmanagers = factory.getTrustManagers();
067        if (trustmanagers.length == 0) {
068            throw new NoSuchAlgorithmException("no trust manager found");
069        }
070        this.standardTrustManager = (X509TrustManager)trustmanagers[0];
071    }
072
073    /**
074     * @see javax.net.ssl.X509TrustManager#checkClientTrusted(X509Certificate[],String authType)
075     */
076    public void checkClientTrusted(X509Certificate[] certificates,String authType) throws CertificateException {
077        standardTrustManager.checkClientTrusted(certificates,authType);
078    }
079
080    /**
081     * @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[],String authType)
082     */
083    public void checkServerTrusted(X509Certificate[] certificates,String authType) throws CertificateException {
084        if ((certificates != null) && LOG.isDebugEnabled()) {
085            LOG.debug("Server certificate chain:");
086            for (int i = 0; i < certificates.length; i++) {
087                LOG.debug("X509Certificate[" + i + "]=" + certificates[i]);
088            }
089        }
090        if ((certificates != null) && (certificates.length == 1)) {
091            certificates[0].checkValidity();
092        } else {
093            standardTrustManager.checkServerTrusted(certificates,authType);
094        }
095    }
096
097    /**
098     * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers()
099     */
100    public X509Certificate[] getAcceptedIssuers() {
101        return this.standardTrustManager.getAcceptedIssuers();
102    }
103}