001/* 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017 018package org.apache.commons.net.util; 019 020import java.security.GeneralSecurityException; 021import java.security.KeyStore; 022import java.security.cert.CertificateException; 023import java.security.cert.X509Certificate; 024 025import javax.net.ssl.TrustManagerFactory; 026import javax.net.ssl.X509TrustManager; 027 028/** 029 * TrustManager utilities for generating TrustManagers. 030 * 031 * @since 3.0 032 */ 033public final class TrustManagerUtils 034{ 035 private static class TrustManager implements X509TrustManager { 036 037 private final boolean checkServerValidity; 038 039 TrustManager(final boolean checkServerValidity) { 040 this.checkServerValidity = checkServerValidity; 041 } 042 043 /** 044 * Never generates a CertificateException. 045 */ 046 @Override 047 public void checkClientTrusted(final X509Certificate[] certificates, final String authType) 048 { 049 } 050 051 @Override 052 public void checkServerTrusted(final X509Certificate[] certificates, final String authType) 053 throws CertificateException 054 { 055 if (checkServerValidity) { 056 for (final X509Certificate certificate : certificates) 057 { 058 certificate.checkValidity(); 059 } 060 } 061 } 062 063 /** 064 * @return an empty array of certificates 065 */ 066 @Override 067 public X509Certificate[] getAcceptedIssuers() 068 { 069 return NetConstants.EMPTY_X509_CERTIFICATE_ARRAY; 070 } 071 } 072 073 private static final X509TrustManager ACCEPT_ALL=new TrustManager(false); 074 075 private static final X509TrustManager CHECK_SERVER_VALIDITY=new TrustManager(true); 076 077 /** 078 * Generate a TrustManager that performs no checks. 079 * 080 * @return the TrustManager 081 */ 082 public static X509TrustManager getAcceptAllTrustManager(){ 083 return ACCEPT_ALL; 084 } 085 086 /** 087 * Generate a TrustManager that checks server certificates for validity, 088 * but otherwise performs no checks. 089 * 090 * @return the validating TrustManager 091 */ 092 public static X509TrustManager getValidateServerCertificateTrustManager(){ 093 return CHECK_SERVER_VALIDITY; 094 } 095 096 /** 097 * Return the default TrustManager provided by the JVM. 098 * <p> 099 * This should be the same as the default used by 100 * {@link javax.net.ssl.SSLContext#init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], java.security.SecureRandom) 101 * SSLContext#init(KeyManager[], TrustManager[], SecureRandom)} 102 * when the TrustManager parameter is set to {@code null} 103 * @param keyStore the KeyStore to use, may be {@code null} 104 * @return the default TrustManager 105 * @throws GeneralSecurityException if an error occurs 106 */ 107 public static X509TrustManager getDefaultTrustManager(final KeyStore keyStore) throws GeneralSecurityException { 108 final String defaultAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); 109 final TrustManagerFactory instance = TrustManagerFactory.getInstance(defaultAlgorithm); 110 instance.init(keyStore); 111 return (X509TrustManager) instance.getTrustManagers()[0]; 112 } 113 114}