001package org.apache.maven.wagon.providers.http;
002
003/*
004 * Licensed to the Apache Software Foundation (ASF) under one
005 * or more contributor license agreements.  See the NOTICE file
006 * distributed with this work for additional information
007 * regarding copyright ownership.  The ASF licenses this file
008 * to you under the Apache License, Version 2.0 (the
009 * "License"); you may not use this file except in compliance
010 * with the License.  You may obtain a copy of the License at
011 *
012 *   http://www.apache.org/licenses/LICENSE-2.0
013 *
014 * Unless required by applicable law or agreed to in writing,
015 * software distributed under the License is distributed on an
016 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
017 * KIND, either express or implied.  See the License for the
018 * specific language governing permissions and limitations
019 * under the License.
020 */
021
022import org.apache.http.conn.ssl.TrustStrategy;
023
024import java.security.cert.CertificateException;
025import java.security.cert.CertificateExpiredException;
026import java.security.cert.CertificateNotYetValidException;
027import java.security.cert.X509Certificate;
028
029/**
030 * Relaxed X509 certificate trust manager: can ignore invalid certificate date.
031 *
032 * @author Olivier Lamy
033 * @since 2.0
034 */
035public class RelaxedTrustStrategy
036    implements TrustStrategy
037{
038    private final boolean ignoreSSLValidityDates;
039
040    public RelaxedTrustStrategy( boolean ignoreSSLValidityDates )
041    {
042        this.ignoreSSLValidityDates = ignoreSSLValidityDates;
043    }
044
045    public boolean isTrusted( X509Certificate[] certificates, String authType )
046        throws CertificateException
047    {
048        if ( ( certificates != null ) && ( certificates.length == 1 ) )
049        {
050            try
051            {
052                certificates[0].checkValidity();
053            }
054            catch ( CertificateExpiredException e )
055            {
056                if ( !ignoreSSLValidityDates )
057                {
058                    throw e;
059                }
060            }
061            catch ( CertificateNotYetValidException e )
062            {
063                if ( !ignoreSSLValidityDates )
064                {
065                    throw e;
066                }
067            }
068            return true;
069        }
070        else
071        {
072            return false;
073        }
074    }
075
076}