001/* 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017 018package org.apache.commons.net.util; 019 020import java.security.GeneralSecurityException; 021import java.security.KeyStore; 022import java.security.cert.CertificateException; 023import java.security.cert.X509Certificate; 024 025import javax.net.ssl.TrustManagerFactory; 026import javax.net.ssl.X509TrustManager; 027 028/** 029 * TrustManager utilities for generating TrustManagers. 030 * 031 * @since 3.0 032 */ 033public final class TrustManagerUtils 034{ 035 private static final X509Certificate[] EMPTY_X509CERTIFICATE_ARRAY = new X509Certificate[]{}; 036 037 private static class TrustManager implements X509TrustManager { 038 039 private final boolean checkServerValidity; 040 041 TrustManager(boolean checkServerValidity) { 042 this.checkServerValidity = checkServerValidity; 043 } 044 045 /** 046 * Never generates a CertificateException. 047 */ 048 @Override 049 public void checkClientTrusted(X509Certificate[] certificates, String authType) 050 { 051 return; 052 } 053 054 @Override 055 public void checkServerTrusted(X509Certificate[] certificates, String authType) 056 throws CertificateException 057 { 058 if (checkServerValidity) { 059 for (X509Certificate certificate : certificates) 060 { 061 certificate.checkValidity(); 062 } 063 } 064 } 065 066 /** 067 * @return an empty array of certificates 068 */ 069 @Override 070 public X509Certificate[] getAcceptedIssuers() 071 { 072 return EMPTY_X509CERTIFICATE_ARRAY; 073 } 074 } 075 076 private static final X509TrustManager ACCEPT_ALL=new TrustManager(false); 077 078 private static final X509TrustManager CHECK_SERVER_VALIDITY=new TrustManager(true); 079 080 /** 081 * Generate a TrustManager that performs no checks. 082 * 083 * @return the TrustManager 084 */ 085 public static X509TrustManager getAcceptAllTrustManager(){ 086 return ACCEPT_ALL; 087 } 088 089 /** 090 * Generate a TrustManager that checks server certificates for validity, 091 * but otherwise performs no checks. 092 * 093 * @return the validating TrustManager 094 */ 095 public static X509TrustManager getValidateServerCertificateTrustManager(){ 096 return CHECK_SERVER_VALIDITY; 097 } 098 099 /** 100 * Return the default TrustManager provided by the JVM. 101 * <p> 102 * This should be the same as the default used by 103 * {@link javax.net.ssl.SSLContext#init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], java.security.SecureRandom) 104 * SSLContext#init(KeyManager[], TrustManager[], SecureRandom)} 105 * when the TrustManager parameter is set to {@code null} 106 * @param keyStore the KeyStore to use, may be {@code null} 107 * @return the default TrustManager 108 * @throws GeneralSecurityException if an error occurs 109 */ 110 public static X509TrustManager getDefaultTrustManager(KeyStore keyStore) throws GeneralSecurityException { 111 String defaultAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); 112 TrustManagerFactory instance = TrustManagerFactory.getInstance(defaultAlgorithm); 113 instance.init(keyStore); 114 return (X509TrustManager) instance.getTrustManagers()[0]; 115 } 116 117}