001 /*
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements. See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License. You may obtain a copy of the License at
008 *
009 * http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017
018 package org.apache.commons.net.util;
019
020 import java.security.GeneralSecurityException;
021 import java.security.KeyStore;
022 import java.security.cert.CertificateException;
023 import java.security.cert.X509Certificate;
024
025 import javax.net.ssl.TrustManagerFactory;
026 import javax.net.ssl.X509TrustManager;
027
028 /**
029 * TrustManager utilities for generating TrustManagers.
030 *
031 * @since 3.0
032 */
033 public final class TrustManagerUtils
034 {
035 private static final X509Certificate[] EMPTY_X509CERTIFICATE_ARRAY = new X509Certificate[]{};
036
037 private static class TrustManager implements X509TrustManager {
038
039 private final boolean checkServerValidity;
040
041 TrustManager(boolean checkServerValidity) {
042 this.checkServerValidity = checkServerValidity;
043 }
044
045 /**
046 * Never generates a CertificateException.
047 */
048 public void checkClientTrusted(X509Certificate[] certificates, String authType)
049 {
050 return;
051 }
052
053 public void checkServerTrusted(X509Certificate[] certificates, String authType)
054 throws CertificateException
055 {
056 if (checkServerValidity) {
057 for (X509Certificate certificate : certificates)
058 {
059 certificate.checkValidity();
060 }
061 }
062 }
063
064 /**
065 * @return an empty array of certificates
066 */
067 public X509Certificate[] getAcceptedIssuers()
068 {
069 return EMPTY_X509CERTIFICATE_ARRAY;
070 }
071 }
072
073 private static final X509TrustManager ACCEPT_ALL=new TrustManager(false);
074
075 private static final X509TrustManager CHECK_SERVER_VALIDITY=new TrustManager(true);
076
077 /**
078 * Generate a TrustManager that performs no checks.
079 *
080 * @return the TrustManager
081 */
082 public static X509TrustManager getAcceptAllTrustManager(){
083 return ACCEPT_ALL;
084 }
085
086 /**
087 * Generate a TrustManager that checks server certificates for validity,
088 * but otherwise performs no checks.
089 *
090 * @return the validating TrustManager
091 */
092 public static X509TrustManager getValidateServerCertificateTrustManager(){
093 return CHECK_SERVER_VALIDITY;
094 }
095
096 /**
097 * Return the default TrustManager provided by the JVM.
098 * <p>
099 * This should be the same as the default used by {@link javax.net.ssl.SSLContext#init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], java.security.SecureRandom)
100 * SSLContext#init(KeyManager[], TrustManager[], SecureRandom)}
101 * when the TrustManager parameter is set to {@code null}
102 * @param keyStore the KeyStore to use, may be {@code null}
103 * @return the default TrustManager
104 * @throws GeneralSecurityException
105 */
106 public static X509TrustManager getDefaultTrustManager(KeyStore keyStore) throws GeneralSecurityException {
107 String defaultAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
108 TrustManagerFactory instance = TrustManagerFactory.getInstance(defaultAlgorithm);
109 instance.init(keyStore);
110 return (X509TrustManager) instance.getTrustManagers()[0];
111 }
112
113 }