001 /**
002 * Copyright 2005-2014 The Kuali Foundation
003 *
004 * Licensed under the Educational Community License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.opensource.org/licenses/ecl2.php
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016 package org.apache.commons.httpclient.contrib.ssl;
017
018 import org.apache.log4j.Logger;
019
020 import java.security.KeyStore;
021 import java.security.KeyStoreException;
022 import java.security.NoSuchAlgorithmException;
023 import java.security.cert.CertificateException;
024 import java.security.cert.X509Certificate;
025
026 import javax.net.ssl.TrustManagerFactory;
027 import javax.net.ssl.TrustManager;
028 import javax.net.ssl.X509TrustManager;
029
030 /**
031 * <p>
032 * EasyX509TrustManager unlike default {@link X509TrustManager} accepts
033 * self-signed certificates.
034 * </p>
035 * <p>
036 * This trust manager SHOULD NOT be used for productive systems
037 * due to security reasons, unless it is a concious decision and
038 * you are perfectly aware of security implications of accepting
039 * self-signed certificates
040 * </p>
041 *
042 * @author <a href="mailto:adrian.sutton@ephox.com">Adrian Sutton</a>
043 * @author <a href="mailto:oleg@ural.ru">Oleg Kalnichevski</a>
044 *
045 * <p>
046 * DISCLAIMER: HttpClient developers DO NOT actively support this component.
047 * The component is provided as a reference material, which may be inappropriate
048 * for use without additional customization.
049 * </p>
050 */
051
052 public class EasyX509TrustManager implements X509TrustManager
053 {
054 private X509TrustManager standardTrustManager = null;
055
056 /** Log object for this class. */
057 private static final Logger LOG = Logger.getLogger(EasyX509TrustManager.class);
058
059 /**
060 * Constructor for EasyX509TrustManager.
061 */
062 public EasyX509TrustManager(KeyStore keystore) throws NoSuchAlgorithmException, KeyStoreException {
063 super();
064 TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
065 factory.init(keystore);
066 TrustManager[] trustmanagers = factory.getTrustManagers();
067 if (trustmanagers.length == 0) {
068 throw new NoSuchAlgorithmException("no trust manager found");
069 }
070 this.standardTrustManager = (X509TrustManager)trustmanagers[0];
071 }
072
073 /**
074 * @see javax.net.ssl.X509TrustManager#checkClientTrusted(X509Certificate[],String authType)
075 */
076 public void checkClientTrusted(X509Certificate[] certificates,String authType) throws CertificateException {
077 standardTrustManager.checkClientTrusted(certificates,authType);
078 }
079
080 /**
081 * @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[],String authType)
082 */
083 public void checkServerTrusted(X509Certificate[] certificates,String authType) throws CertificateException {
084 if ((certificates != null) && LOG.isDebugEnabled()) {
085 LOG.debug("Server certificate chain:");
086 for (int i = 0; i < certificates.length; i++) {
087 LOG.debug("X509Certificate[" + i + "]=" + certificates[i]);
088 }
089 }
090 if ((certificates != null) && (certificates.length == 1)) {
091 certificates[0].checkValidity();
092 } else {
093 standardTrustManager.checkServerTrusted(certificates,authType);
094 }
095 }
096
097 /**
098 * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers()
099 */
100 public X509Certificate[] getAcceptedIssuers() {
101 return this.standardTrustManager.getAcceptedIssuers();
102 }
103 }