View Javadoc

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one or more
3    * contributor license agreements.  See the NOTICE file distributed with
4    * this work for additional information regarding copyright ownership.
5    * The ASF licenses this file to You under the Apache License, Version 2.0
6    * (the "License"); you may not use this file except in compliance with
7    * the License.  You may obtain a copy of the License at
8    *
9    *      http://www.apache.org/licenses/LICENSE-2.0
10   *
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  
18  package org.apache.commons.net.util;
19  
20  import java.security.GeneralSecurityException;
21  import java.security.KeyStore;
22  import java.security.cert.CertificateException;
23  import java.security.cert.X509Certificate;
24  
25  import javax.net.ssl.TrustManagerFactory;
26  import javax.net.ssl.X509TrustManager;
27  
28  /**
29   * TrustManager utilities for generating TrustManagers.
30   *
31   * @since 3.0
32   */
33  public final class TrustManagerUtils
34  {
35      private static final X509Certificate[] EMPTY_X509CERTIFICATE_ARRAY = new X509Certificate[]{};
36  
37      private static class TrustManager implements X509TrustManager {
38  
39          private final boolean checkServerValidity;
40  
41          TrustManager(boolean checkServerValidity) {
42              this.checkServerValidity = checkServerValidity;
43          }
44  
45          /**
46           * Never generates a CertificateException.
47           */
48  //        @Override
49          public void checkClientTrusted(X509Certificate[] certificates, String authType)
50          {
51              return;
52          }
53  
54  //        @Override
55          public void checkServerTrusted(X509Certificate[] certificates, String authType)
56              throws CertificateException
57          {
58              if (checkServerValidity) {
59                  for (X509Certificate certificate : certificates)
60                  {
61                      certificate.checkValidity();
62                  }
63              }
64          }
65  
66          /**
67           * @return an empty array of certificates
68           */
69  //        @Override
70          public X509Certificate[] getAcceptedIssuers()
71          {
72              return EMPTY_X509CERTIFICATE_ARRAY;
73          }
74      }
75  
76      private static final X509TrustManager ACCEPT_ALL=new TrustManager(false);
77  
78      private static final X509TrustManager CHECK_SERVER_VALIDITY=new TrustManager(true);
79  
80      /**
81       * Generate a TrustManager that performs no checks.
82       *
83       * @return the TrustManager
84       */
85      public static X509TrustManager getAcceptAllTrustManager(){
86          return ACCEPT_ALL;
87      }
88  
89      /**
90       * Generate a TrustManager that checks server certificates for validity,
91       * but otherwise performs no checks.
92       *
93       * @return the validating TrustManager
94       */
95      public static X509TrustManager getValidateServerCertificateTrustManager(){
96          return CHECK_SERVER_VALIDITY;
97      }
98  
99      /**
100      * Return the default TrustManager provided by the JVM.
101      * <p>
102      * This should be the same as the default used by {@link javax.net.ssl.SSLContext#init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], java.security.SecureRandom)
103      * SSLContext#init(KeyManager[], TrustManager[], SecureRandom)}
104      * when the TrustManager parameter is set to {@code null}
105      * @param keyStore the KeyStore to use, may be {@code null}
106      * @return the default TrustManager
107      * @throws GeneralSecurityException
108      */
109     public static X509TrustManager getDefaultTrustManager(KeyStore keyStore) throws GeneralSecurityException {
110         String defaultAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
111         TrustManagerFactory instance = TrustManagerFactory.getInstance(defaultAlgorithm);
112         instance.init(keyStore);
113         return (X509TrustManager) instance.getTrustManagers()[0];
114     }
115 
116 }