1 /*
2 * Licensed to the Apache Software Foundation (ASF) under one or more
3 * contributor license agreements. See the NOTICE file distributed with
4 * this work for additional information regarding copyright ownership.
5 * The ASF licenses this file to You under the Apache License, Version 2.0
6 * (the "License"); you may not use this file except in compliance with
7 * the License. You may obtain a copy of the License at
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 */
17
18 package org.apache.commons.net.util;
19
20 import java.security.GeneralSecurityException;
21 import java.security.KeyStore;
22 import java.security.cert.CertificateException;
23 import java.security.cert.X509Certificate;
24
25 import javax.net.ssl.TrustManagerFactory;
26 import javax.net.ssl.X509TrustManager;
27
28 /**
29 * TrustManager utilities for generating TrustManagers.
30 *
31 * @since 3.0
32 */
33 public final class TrustManagerUtils
34 {
35 private static final X509Certificate[] EMPTY_X509CERTIFICATE_ARRAY = new X509Certificate[]{};
36
37 private static class TrustManager implements X509TrustManager {
38
39 private final boolean checkServerValidity;
40
41 TrustManager(boolean checkServerValidity) {
42 this.checkServerValidity = checkServerValidity;
43 }
44
45 /**
46 * Never generates a CertificateException.
47 */
48 @Override
49 public void checkClientTrusted(X509Certificate[] certificates, String authType)
50 {
51 return;
52 }
53
54 @Override
55 public void checkServerTrusted(X509Certificate[] certificates, String authType)
56 throws CertificateException
57 {
58 if (checkServerValidity) {
59 for (X509Certificate certificate : certificates)
60 {
61 certificate.checkValidity();
62 }
63 }
64 }
65
66 /**
67 * @return an empty array of certificates
68 */
69 @Override
70 public X509Certificate[] getAcceptedIssuers()
71 {
72 return EMPTY_X509CERTIFICATE_ARRAY;
73 }
74 }
75
76 private static final X509TrustManager ACCEPT_ALL=new TrustManager(false);
77
78 private static final X509TrustManager CHECK_SERVER_VALIDITY=new TrustManager(true);
79
80 /**
81 * Generate a TrustManager that performs no checks.
82 *
83 * @return the TrustManager
84 */
85 public static X509TrustManager getAcceptAllTrustManager(){
86 return ACCEPT_ALL;
87 }
88
89 /**
90 * Generate a TrustManager that checks server certificates for validity,
91 * but otherwise performs no checks.
92 *
93 * @return the validating TrustManager
94 */
95 public static X509TrustManager getValidateServerCertificateTrustManager(){
96 return CHECK_SERVER_VALIDITY;
97 }
98
99 /**
100 * Return the default TrustManager provided by the JVM.
101 * <p>
102 * This should be the same as the default used by {@link javax.net.ssl.SSLContext#init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], java.security.SecureRandom)
103 * SSLContext#init(KeyManager[], TrustManager[], SecureRandom)}
104 * when the TrustManager parameter is set to {@code null}
105 * @param keyStore the KeyStore to use, may be {@code null}
106 * @return the default TrustManager
107 * @throws GeneralSecurityException
108 */
109 public static X509TrustManager getDefaultTrustManager(KeyStore keyStore) throws GeneralSecurityException {
110 String defaultAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
111 TrustManagerFactory instance = TrustManagerFactory.getInstance(defaultAlgorithm);
112 instance.init(keyStore);
113 return (X509TrustManager) instance.getTrustManagers()[0];
114 }
115
116 }