View Javadoc
1   /*
2    * This file is part of Waarp Project (named also Waarp or GG).
3    *
4    *  Copyright (c) 2019, Waarp SAS, and individual contributors by the @author
5    *  tags. See the COPYRIGHT.txt in the distribution for a full listing of
6    * individual contributors.
7    *
8    *  All Waarp Project is free software: you can redistribute it and/or
9    * modify it under the terms of the GNU General Public License as published by
10   * the Free Software Foundation, either version 3 of the License, or (at your
11   * option) any later version.
12   *
13   * Waarp is distributed in the hope that it will be useful, but WITHOUT ANY
14   * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
15   * A PARTICULAR PURPOSE. See the GNU General Public License for more details.
16   *
17   *  You should have received a copy of the GNU General Public License along with
18   * Waarp . If not, see <http://www.gnu.org/licenses/>.
19   */
20  package org.waarp.common.crypto.ssl;
21  
22  import org.waarp.common.exception.CryptoException;
23  
24  import javax.net.ssl.TrustManager;
25  import javax.net.ssl.TrustManagerFactory;
26  import javax.net.ssl.X509TrustManager;
27  import java.security.cert.CertificateException;
28  import java.security.cert.X509Certificate;
29  
30  /**
31   * Waarp X509 Trust Manager implementation
32   */
33  public class WaarpX509TrustManager implements X509TrustManager {
34    private static final X509Certificate[] X_509_CERTIFICATES_0_LENGTH =
35        new X509Certificate[0];
36    /**
37     * First using default X509TrustManager returned by the global TrustManager.
38     * Then delegate decisions to it,
39     * and fall back to the logic in this class if the default doesn't trust it.
40     */
41    private final X509TrustManager defaultX509TrustManager;
42  
43    /**
44     * Create an "always-valid" X509TrustManager
45     */
46    public WaarpX509TrustManager() {
47      defaultX509TrustManager = null;
48    }
49  
50    /**
51     * Create a "default" X509TrustManager
52     *
53     * @param tmf
54     *
55     * @throws CryptoException
56     */
57    public WaarpX509TrustManager(final TrustManagerFactory tmf)
58        throws CryptoException {
59      final TrustManager[] tms = tmf.getTrustManagers();
60      /*
61       * Iterate over the returned trustmanagers, look for an instance of X509TrustManager and use it as the default
62       */
63      for (final TrustManager tm : tms) {
64        if (tm instanceof X509TrustManager) {
65          defaultX509TrustManager = (X509TrustManager) tm;
66          return;
67        }
68      }
69      /*
70       * Could not initialize, maybe try to build it from scratch?
71       */
72      throw new CryptoException("Cannot initialize the WaarpX509TrustManager");
73    }
74  
75    @Override
76    public final void checkClientTrusted(final X509Certificate[] arg0,
77                                         final String arg1)
78        throws CertificateException {
79      if (defaultX509TrustManager == null) {
80        return; // valid
81      }
82      defaultX509TrustManager.checkClientTrusted(arg0, arg1);
83    }
84  
85    @Override
86    public final void checkServerTrusted(final X509Certificate[] arg0,
87                                         final String arg1)
88        throws CertificateException {
89      if (defaultX509TrustManager == null) {
90        return; // valid
91      }
92      defaultX509TrustManager.checkServerTrusted(arg0, arg1);
93    }
94  
95    @Override
96    public final X509Certificate[] getAcceptedIssuers() {
97      if (defaultX509TrustManager == null) {
98        return X_509_CERTIFICATES_0_LENGTH; // none valid
99      }
100     return defaultX509TrustManager.getAcceptedIssuers();
101   }
102 
103 }