1 package org.apache.maven.wagon.shared.http;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22 import javax.net.ssl.SSLContext;
23 import javax.net.ssl.TrustManager;
24 import javax.net.ssl.TrustManagerFactory;
25 import javax.net.ssl.X509TrustManager;
26 import java.io.IOException;
27 import java.security.KeyStore;
28 import java.security.KeyStoreException;
29 import java.security.NoSuchAlgorithmException;
30 import java.security.cert.CertificateException;
31 import java.security.cert.CertificateExpiredException;
32 import java.security.cert.CertificateNotYetValidException;
33 import java.security.cert.X509Certificate;
34
35
36
37
38
39 public class EasyX509TrustManager
40 implements X509TrustManager
41 {
42 private X509TrustManager standardTrustManager = null;
43
44
45 protected static SSLContext createEasySSLContext()
46 throws IOException
47 {
48 try
49 {
50 SSLContext context = SSLContext.getInstance( "SSL" );
51 context.init( null, new TrustManager[]{ new EasyX509TrustManager( null ) }, null );
52 return context;
53 }
54 catch ( Exception e )
55 {
56 IOException ioe = new IOException( e.getMessage() );
57 ioe.initCause( e );
58 throw ioe;
59 }
60 }
61
62
63
64
65 public EasyX509TrustManager( KeyStore keystore )
66 throws NoSuchAlgorithmException, KeyStoreException
67 {
68 super();
69 TrustManagerFactory factory = TrustManagerFactory.getInstance( TrustManagerFactory.getDefaultAlgorithm() );
70 factory.init( keystore );
71 TrustManager[] trustmanagers = factory.getTrustManagers();
72 if ( trustmanagers.length == 0 )
73 {
74 throw new NoSuchAlgorithmException( "no trust manager found" );
75 }
76 this.standardTrustManager = (X509TrustManager) trustmanagers[0];
77 }
78
79
80
81
82 public void checkClientTrusted( X509Certificate[] certificates, String authType )
83 throws CertificateException
84 {
85 standardTrustManager.checkClientTrusted( certificates, authType );
86 }
87
88
89
90
91 public void checkServerTrusted( X509Certificate[] certificates, String authType )
92 throws CertificateException
93 {
94
95 if ( ( certificates != null ) && ( certificates.length == 1 ) )
96 {
97 try
98 {
99 certificates[0].checkValidity();
100 }
101 catch ( CertificateExpiredException e )
102 {
103 if ( !AbstractHttpClientWagon.IGNORE_SSL_VALIDITY_DATES )
104 {
105 throw e;
106 }
107 }
108 catch ( CertificateNotYetValidException e )
109 {
110 if ( !AbstractHttpClientWagon.IGNORE_SSL_VALIDITY_DATES )
111 {
112 throw e;
113 }
114 }
115 }
116 else
117 {
118 standardTrustManager.checkServerTrusted( certificates, authType );
119 }
120 }
121
122
123
124
125 public X509Certificate[] getAcceptedIssuers()
126 {
127 return this.standardTrustManager.getAcceptedIssuers();
128 }
129 }