View Javadoc

1   package org.apache.maven.wagon.shared.http;
2   
3   /*
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   *   http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  
22  import javax.net.ssl.SSLContext;
23  import javax.net.ssl.TrustManager;
24  import javax.net.ssl.TrustManagerFactory;
25  import javax.net.ssl.X509TrustManager;
26  import java.io.IOException;
27  import java.security.KeyStore;
28  import java.security.KeyStoreException;
29  import java.security.NoSuchAlgorithmException;
30  import java.security.cert.CertificateException;
31  import java.security.cert.CertificateExpiredException;
32  import java.security.cert.CertificateNotYetValidException;
33  import java.security.cert.X509Certificate;
34  
35  /**
36   * @author Olivier Lamy
37   * @since 2.0
38   */
39  public class EasyX509TrustManager
40      implements X509TrustManager
41  {
42      private X509TrustManager standardTrustManager = null;
43  
44  
45      protected static SSLContext createEasySSLContext()
46          throws IOException
47      {
48          try
49          {
50              SSLContext context = SSLContext.getInstance( "SSL" );
51              context.init( null, new TrustManager[]{ new EasyX509TrustManager( null ) }, null );
52              return context;
53          }
54          catch ( Exception e )
55          {
56              IOException ioe = new IOException( e.getMessage() );
57              ioe.initCause( e );
58              throw ioe;
59          }
60      }
61  
62      /**
63       * Constructor for EasyX509TrustManager.
64       */
65      public EasyX509TrustManager( KeyStore keystore )
66          throws NoSuchAlgorithmException, KeyStoreException
67      {
68          super();
69          TrustManagerFactory factory = TrustManagerFactory.getInstance( TrustManagerFactory.getDefaultAlgorithm() );
70          factory.init( keystore );
71          TrustManager[] trustmanagers = factory.getTrustManagers();
72          if ( trustmanagers.length == 0 )
73          {
74              throw new NoSuchAlgorithmException( "no trust manager found" );
75          }
76          this.standardTrustManager = (X509TrustManager) trustmanagers[0];
77      }
78  
79      /**
80       * @see javax.net.ssl.X509TrustManager#checkClientTrusted(X509Certificate[], String authType)
81       */
82      public void checkClientTrusted( X509Certificate[] certificates, String authType )
83          throws CertificateException
84      {
85          standardTrustManager.checkClientTrusted( certificates, authType );
86      }
87  
88      /**
89       * @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[], String authType)
90       */
91      public void checkServerTrusted( X509Certificate[] certificates, String authType )
92          throws CertificateException
93      {
94  
95          if ( ( certificates != null ) && ( certificates.length == 1 ) )
96          {
97              try
98              {
99                  certificates[0].checkValidity();
100             }
101             catch ( CertificateExpiredException e )
102             {
103                 if ( !AbstractHttpClientWagon.IGNORE_SSL_VALIDITY_DATES )
104                 {
105                     throw e;
106                 }
107             }
108             catch ( CertificateNotYetValidException e )
109             {
110                 if ( !AbstractHttpClientWagon.IGNORE_SSL_VALIDITY_DATES )
111                 {
112                     throw e;
113                 }
114             }
115         }
116         else
117         {
118             standardTrustManager.checkServerTrusted( certificates, authType );
119         }
120     }
121 
122     /**
123      * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers()
124      */
125     public X509Certificate[] getAcceptedIssuers()
126     {
127         return this.standardTrustManager.getAcceptedIssuers();
128     }
129 }