001package org.apache.maven.wagon.shared.http4; 002 003/* 004 * Licensed to the Apache Software Foundation (ASF) under one 005 * or more contributor license agreements. See the NOTICE file 006 * distributed with this work for additional information 007 * regarding copyright ownership. The ASF licenses this file 008 * to you under the Apache License, Version 2.0 (the 009 * "License"); you may not use this file except in compliance 010 * with the License. You may obtain a copy of the License at 011 * 012 * http://www.apache.org/licenses/LICENSE-2.0 013 * 014 * Unless required by applicable law or agreed to in writing, 015 * software distributed under the License is distributed on an 016 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 017 * KIND, either express or implied. See the License for the 018 * specific language governing permissions and limitations 019 * under the License. 020 */ 021 022import javax.net.ssl.SSLContext; 023import javax.net.ssl.TrustManager; 024import javax.net.ssl.TrustManagerFactory; 025import javax.net.ssl.X509TrustManager; 026import java.io.IOException; 027import java.security.KeyStore; 028import java.security.KeyStoreException; 029import java.security.NoSuchAlgorithmException; 030import java.security.cert.CertificateException; 031import java.security.cert.CertificateExpiredException; 032import java.security.cert.CertificateNotYetValidException; 033import java.security.cert.X509Certificate; 034 035/** 036 * Relaxed X509 certificate trust manager: can ignore invalid certificate date. 037 * 038 * @author Olivier Lamy 039 * @since 2.0 040 * @see AbstractHttpClientWagon.IGNORE_SSL_VALIDITY_DATES 041 */ 042public class RelaxedX509TrustManager 043 implements X509TrustManager 044{ 045 private X509TrustManager standardTrustManager = null; 046 047 protected static SSLContext createRelaxedSSLContext() 048 throws IOException 049 { 050 try 051 { 052 SSLContext context = SSLContext.getInstance( "SSL" ); 053 context.init( null, new TrustManager[]{ new RelaxedX509TrustManager( null ) }, null ); 054 return context; 055 } 056 catch ( Exception e ) 057 { 058 IOException ioe = new IOException( e.getMessage() ); 059 ioe.initCause( e ); 060 throw ioe; 061 } 062 } 063 064 /** 065 * Constructor for EasyX509TrustManager. 066 */ 067 public RelaxedX509TrustManager( KeyStore keystore ) 068 throws NoSuchAlgorithmException, KeyStoreException 069 { 070 super(); 071 TrustManagerFactory factory = TrustManagerFactory.getInstance( TrustManagerFactory.getDefaultAlgorithm() ); 072 factory.init( keystore ); 073 TrustManager[] trustmanagers = factory.getTrustManagers(); 074 if ( trustmanagers.length == 0 ) 075 { 076 throw new NoSuchAlgorithmException( "no trust manager found" ); 077 } 078 this.standardTrustManager = (X509TrustManager) trustmanagers[0]; 079 } 080 081 /** 082 * @see javax.net.ssl.X509TrustManager#checkClientTrusted(X509Certificate[], String authType) 083 */ 084 public void checkClientTrusted( X509Certificate[] certificates, String authType ) 085 throws CertificateException 086 { 087 standardTrustManager.checkClientTrusted( certificates, authType ); 088 } 089 090 /** 091 * @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[], String authType) 092 */ 093 public void checkServerTrusted( X509Certificate[] certificates, String authType ) 094 throws CertificateException 095 { 096 097 if ( ( certificates != null ) && ( certificates.length == 1 ) ) 098 { 099 try 100 { 101 certificates[0].checkValidity(); 102 } 103 catch ( CertificateExpiredException e ) 104 { 105 if ( !AbstractHttpClientWagon.IGNORE_SSL_VALIDITY_DATES ) 106 { 107 throw e; 108 } 109 } 110 catch ( CertificateNotYetValidException e ) 111 { 112 if ( !AbstractHttpClientWagon.IGNORE_SSL_VALIDITY_DATES ) 113 { 114 throw e; 115 } 116 } 117 } 118 else 119 { 120 standardTrustManager.checkServerTrusted( certificates, authType ); 121 } 122 } 123 124 /** 125 * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers() 126 */ 127 public X509Certificate[] getAcceptedIssuers() 128 { 129 return this.standardTrustManager.getAcceptedIssuers(); 130 } 131}