001 /* 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017 018 package org.apache.commons.net.util; 019 020 import java.security.GeneralSecurityException; 021 import java.security.KeyStore; 022 import java.security.cert.CertificateException; 023 import java.security.cert.X509Certificate; 024 025 import javax.net.ssl.TrustManagerFactory; 026 import javax.net.ssl.X509TrustManager; 027 028 /** 029 * TrustManager utilities for generating TrustManagers. 030 * 031 * @since 3.0 032 */ 033 public final class TrustManagerUtils 034 { 035 private static final X509Certificate[] EMPTY_X509CERTIFICATE_ARRAY = new X509Certificate[]{}; 036 037 private static class TrustManager implements X509TrustManager { 038 039 private final boolean checkServerValidity; 040 041 TrustManager(boolean checkServerValidity) { 042 this.checkServerValidity = checkServerValidity; 043 } 044 045 /** 046 * Never generates a CertificateException. 047 */ 048 public void checkClientTrusted(X509Certificate[] certificates, String authType) 049 { 050 return; 051 } 052 053 public void checkServerTrusted(X509Certificate[] certificates, String authType) 054 throws CertificateException 055 { 056 if (checkServerValidity) { 057 for (X509Certificate certificate : certificates) 058 { 059 certificate.checkValidity(); 060 } 061 } 062 } 063 064 /** 065 * @return an empty array of certificates 066 */ 067 public X509Certificate[] getAcceptedIssuers() 068 { 069 return EMPTY_X509CERTIFICATE_ARRAY; 070 } 071 } 072 073 private static final X509TrustManager ACCEPT_ALL=new TrustManager(false); 074 075 private static final X509TrustManager CHECK_SERVER_VALIDITY=new TrustManager(true); 076 077 /** 078 * Generate a TrustManager that performs no checks. 079 * 080 * @return the TrustManager 081 */ 082 public static X509TrustManager getAcceptAllTrustManager(){ 083 return ACCEPT_ALL; 084 } 085 086 /** 087 * Generate a TrustManager that checks server certificates for validity, 088 * but otherwise performs no checks. 089 * 090 * @return the validating TrustManager 091 */ 092 public static X509TrustManager getValidateServerCertificateTrustManager(){ 093 return CHECK_SERVER_VALIDITY; 094 } 095 096 /** 097 * Return the default TrustManager provided by the JVM. 098 * <p> 099 * This should be the same as the default used by {@link javax.net.ssl.SSLContext#init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], java.security.SecureRandom) 100 * SSLContext#init(KeyManager[], TrustManager[], SecureRandom)} 101 * when the TrustManager parameter is set to {@code null} 102 * @param keyStore the KeyStore to use, may be {@code null} 103 * @return the default TrustManager 104 * @throws GeneralSecurityException 105 */ 106 public static X509TrustManager getDefaultTrustManager(KeyStore keyStore) throws GeneralSecurityException { 107 String defaultAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); 108 TrustManagerFactory instance = TrustManagerFactory.getInstance(defaultAlgorithm); 109 instance.init(keyStore); 110 return (X509TrustManager) instance.getTrustManagers()[0]; 111 } 112 113 }