001    /**
002     * Copyright 2005-2014 The Kuali Foundation
003     *
004     * Licensed under the Educational Community License, Version 2.0 (the "License");
005     * you may not use this file except in compliance with the License.
006     * You may obtain a copy of the License at
007     *
008     * http://www.opensource.org/licenses/ecl2.php
009     *
010     * Unless required by applicable law or agreed to in writing, software
011     * distributed under the License is distributed on an "AS IS" BASIS,
012     * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013     * See the License for the specific language governing permissions and
014     * limitations under the License.
015     */
016    package org.apache.commons.httpclient.contrib.ssl;
017    
018    import org.apache.log4j.Logger;
019    
020    import java.security.KeyStore;
021    import java.security.KeyStoreException;
022    import java.security.NoSuchAlgorithmException;
023    import java.security.cert.CertificateException;
024    import java.security.cert.X509Certificate;
025    
026    import javax.net.ssl.TrustManagerFactory;
027    import javax.net.ssl.TrustManager;
028    import javax.net.ssl.X509TrustManager;
029    
030    /**
031     * <p>
032     * EasyX509TrustManager unlike default {@link X509TrustManager} accepts 
033     * self-signed certificates. 
034     * </p>
035     * <p>
036     * This trust manager SHOULD NOT be used for productive systems 
037     * due to security reasons, unless it is a concious decision and 
038     * you are perfectly aware of security implications of accepting 
039     * self-signed certificates
040     * </p>
041     * 
042     * @author <a href="mailto:adrian.sutton@ephox.com">Adrian Sutton</a>
043     * @author <a href="mailto:oleg@ural.ru">Oleg Kalnichevski</a>
044     * 
045     * <p>
046     * DISCLAIMER: HttpClient developers DO NOT actively support this component.
047     * The component is provided as a reference material, which may be inappropriate
048     * for use without additional customization.
049     * </p>
050     */
051    
052    public class EasyX509TrustManager implements X509TrustManager
053    {
054        private X509TrustManager standardTrustManager = null;
055    
056        /** Log object for this class. */
057        private static final Logger LOG = Logger.getLogger(EasyX509TrustManager.class);
058    
059        /**
060         * Constructor for EasyX509TrustManager.
061         */
062        public EasyX509TrustManager(KeyStore keystore) throws NoSuchAlgorithmException, KeyStoreException {
063            super();
064            TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
065            factory.init(keystore);
066            TrustManager[] trustmanagers = factory.getTrustManagers();
067            if (trustmanagers.length == 0) {
068                throw new NoSuchAlgorithmException("no trust manager found");
069            }
070            this.standardTrustManager = (X509TrustManager)trustmanagers[0];
071        }
072    
073        /**
074         * @see javax.net.ssl.X509TrustManager#checkClientTrusted(X509Certificate[],String authType)
075         */
076        public void checkClientTrusted(X509Certificate[] certificates,String authType) throws CertificateException {
077            standardTrustManager.checkClientTrusted(certificates,authType);
078        }
079    
080        /**
081         * @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[],String authType)
082         */
083        public void checkServerTrusted(X509Certificate[] certificates,String authType) throws CertificateException {
084            if ((certificates != null) && LOG.isDebugEnabled()) {
085                LOG.debug("Server certificate chain:");
086                for (int i = 0; i < certificates.length; i++) {
087                    LOG.debug("X509Certificate[" + i + "]=" + certificates[i]);
088                }
089            }
090            if ((certificates != null) && (certificates.length == 1)) {
091                certificates[0].checkValidity();
092            } else {
093                standardTrustManager.checkServerTrusted(certificates,authType);
094            }
095        }
096    
097        /**
098         * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers()
099         */
100        public X509Certificate[] getAcceptedIssuers() {
101            return this.standardTrustManager.getAcceptedIssuers();
102        }
103    }