001/** 002 * Copyright 2005-2014 The Kuali Foundation 003 * 004 * Licensed under the Educational Community License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.opensource.org/licenses/ecl2.php 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 */ 016package org.apache.commons.httpclient.contrib.ssl; 017 018import org.apache.log4j.Logger; 019 020import java.security.KeyStore; 021import java.security.KeyStoreException; 022import java.security.NoSuchAlgorithmException; 023import java.security.cert.CertificateException; 024import java.security.cert.X509Certificate; 025 026import javax.net.ssl.TrustManagerFactory; 027import javax.net.ssl.TrustManager; 028import javax.net.ssl.X509TrustManager; 029 030/** 031 * <p> 032 * EasyX509TrustManager unlike default {@link X509TrustManager} accepts 033 * self-signed certificates. 034 * </p> 035 * <p> 036 * This trust manager SHOULD NOT be used for productive systems 037 * due to security reasons, unless it is a concious decision and 038 * you are perfectly aware of security implications of accepting 039 * self-signed certificates 040 * </p> 041 * 042 * @author <a href="mailto:adrian.sutton@ephox.com">Adrian Sutton</a> 043 * @author <a href="mailto:oleg@ural.ru">Oleg Kalnichevski</a> 044 * 045 * <p> 046 * DISCLAIMER: HttpClient developers DO NOT actively support this component. 047 * The component is provided as a reference material, which may be inappropriate 048 * for use without additional customization. 049 * </p> 050 */ 051 052public class EasyX509TrustManager implements X509TrustManager 053{ 054 private X509TrustManager standardTrustManager = null; 055 056 /** Log object for this class. */ 057 private static final Logger LOG = Logger.getLogger(EasyX509TrustManager.class); 058 059 /** 060 * Constructor for EasyX509TrustManager. 061 */ 062 public EasyX509TrustManager(KeyStore keystore) throws NoSuchAlgorithmException, KeyStoreException { 063 super(); 064 TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); 065 factory.init(keystore); 066 TrustManager[] trustmanagers = factory.getTrustManagers(); 067 if (trustmanagers.length == 0) { 068 throw new NoSuchAlgorithmException("no trust manager found"); 069 } 070 this.standardTrustManager = (X509TrustManager)trustmanagers[0]; 071 } 072 073 /** 074 * @see javax.net.ssl.X509TrustManager#checkClientTrusted(X509Certificate[],String authType) 075 */ 076 public void checkClientTrusted(X509Certificate[] certificates,String authType) throws CertificateException { 077 standardTrustManager.checkClientTrusted(certificates,authType); 078 } 079 080 /** 081 * @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[],String authType) 082 */ 083 public void checkServerTrusted(X509Certificate[] certificates,String authType) throws CertificateException { 084 if ((certificates != null) && LOG.isDebugEnabled()) { 085 LOG.debug("Server certificate chain:"); 086 for (int i = 0; i < certificates.length; i++) { 087 LOG.debug("X509Certificate[" + i + "]=" + certificates[i]); 088 } 089 } 090 if ((certificates != null) && (certificates.length == 1)) { 091 certificates[0].checkValidity(); 092 } else { 093 standardTrustManager.checkServerTrusted(certificates,authType); 094 } 095 } 096 097 /** 098 * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers() 099 */ 100 public X509Certificate[] getAcceptedIssuers() { 101 return this.standardTrustManager.getAcceptedIssuers(); 102 } 103}