001    /*
002     * Licensed to the Apache Software Foundation (ASF) under one or more
003     * contributor license agreements.  See the NOTICE file distributed with
004     * this work for additional information regarding copyright ownership.
005     * The ASF licenses this file to You under the Apache License, Version 2.0
006     * (the "License"); you may not use this file except in compliance with
007     * the License.  You may obtain a copy of the License at
008     *
009     *      http://www.apache.org/licenses/LICENSE-2.0
010     *
011     * Unless required by applicable law or agreed to in writing, software
012     * distributed under the License is distributed on an "AS IS" BASIS,
013     * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014     * See the License for the specific language governing permissions and
015     * limitations under the License.
016     */
017    
018    package org.apache.commons.net.util;
019    
020    import java.security.GeneralSecurityException;
021    import java.security.KeyStore;
022    import java.security.cert.CertificateException;
023    import java.security.cert.X509Certificate;
024    
025    import javax.net.ssl.TrustManagerFactory;
026    import javax.net.ssl.X509TrustManager;
027    
028    /**
029     * TrustManager utilities for generating TrustManagers.
030     *
031     * @since 3.0
032     */
033    public final class TrustManagerUtils
034    {
035        private static final X509Certificate[] EMPTY_X509CERTIFICATE_ARRAY = new X509Certificate[]{};
036    
037        private static class TrustManager implements X509TrustManager {
038    
039            private final boolean checkServerValidity;
040    
041            TrustManager(boolean checkServerValidity) {
042                this.checkServerValidity = checkServerValidity;
043            }
044    
045            /**
046             * Never generates a CertificateException.
047             */
048            public void checkClientTrusted(X509Certificate[] certificates, String authType)
049            {
050                return;
051            }
052    
053            public void checkServerTrusted(X509Certificate[] certificates, String authType)
054                throws CertificateException
055            {
056                if (checkServerValidity) {
057                    for (X509Certificate certificate : certificates)
058                    {
059                        certificate.checkValidity();
060                    }
061                }
062            }
063    
064            /**
065             * @return an empty array of certificates
066             */
067            public X509Certificate[] getAcceptedIssuers()
068            {
069                return EMPTY_X509CERTIFICATE_ARRAY;
070            }
071        }
072    
073        private static final X509TrustManager ACCEPT_ALL=new TrustManager(false);
074    
075        private static final X509TrustManager CHECK_SERVER_VALIDITY=new TrustManager(true);
076    
077        /**
078         * Generate a TrustManager that performs no checks.
079         *
080         * @return the TrustManager
081         */
082        public static X509TrustManager getAcceptAllTrustManager(){
083            return ACCEPT_ALL;
084        }
085    
086        /**
087         * Generate a TrustManager that checks server certificates for validity,
088         * but otherwise performs no checks.
089         *
090         * @return the validating TrustManager
091         */
092        public static X509TrustManager getValidateServerCertificateTrustManager(){
093            return CHECK_SERVER_VALIDITY;
094        }
095    
096        /**
097         * Return the default TrustManager provided by the JVM.
098         * <p>
099         * This should be the same as the default used by {@link javax.net.ssl.SSLContext#init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], java.security.SecureRandom)
100         * SSLContext#init(KeyManager[], TrustManager[], SecureRandom)}
101         * when the TrustManager parameter is set to {@code null}
102         * @param keyStore the KeyStore to use, may be {@code null}
103         * @return the default TrustManager
104         * @throws GeneralSecurityException
105         */
106        public static X509TrustManager getDefaultTrustManager(KeyStore keyStore) throws GeneralSecurityException {
107            String defaultAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
108            TrustManagerFactory instance = TrustManagerFactory.getInstance(defaultAlgorithm);
109            instance.init(keyStore);
110            return (X509TrustManager) instance.getTrustManagers()[0];
111        }
112    
113    }