001/* 002 * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.9/src/java/org/apache/commons/ssl/Java13TrustManagerWrapper.java $ 003 * $Revision: 121 $ 004 * $Date: 2007-11-13 21:26:57 -0800 (Tue, 13 Nov 2007) $ 005 * 006 * ==================================================================== 007 * Licensed to the Apache Software Foundation (ASF) under one 008 * or more contributor license agreements. See the NOTICE file 009 * distributed with this work for additional information 010 * regarding copyright ownership. The ASF licenses this file 011 * to you under the Apache License, Version 2.0 (the 012 * "License"); you may not use this file except in compliance 013 * with the License. You may obtain a copy of the License at 014 * 015 * http://www.apache.org/licenses/LICENSE-2.0 016 * 017 * Unless required by applicable law or agreed to in writing, 018 * software distributed under the License is distributed on an 019 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 020 * KIND, either express or implied. See the License for the 021 * specific language governing permissions and limitations 022 * under the License. 023 * ==================================================================== 024 * 025 * This software consists of voluntary contributions made by many 026 * individuals on behalf of the Apache Software Foundation. For more 027 * information on the Apache Software Foundation, please see 028 * <http://www.apache.org/>. 029 * 030 */ 031 032package org.apache.commons.ssl; 033 034import com.sun.net.ssl.X509TrustManager; 035 036import java.security.cert.CertificateException; 037import java.security.cert.X509Certificate; 038 039/** 040 * @author Credit Union Central of British Columbia 041 * @author <a href="http://www.cucbc.com/">www.cucbc.com</a> 042 * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a> 043 * @since 30-Jun-2006 044 */ 045public class Java13TrustManagerWrapper implements X509TrustManager { 046 047 private final X509TrustManager trustManager; 048 private final TrustChain trustChain; 049 private final SSL ssl; 050 051 public Java13TrustManagerWrapper(X509TrustManager m, TrustChain tc, SSL h) { 052 this.trustManager = m; 053 this.trustChain = tc; 054 this.ssl = h; 055 } 056 057 public boolean isClientTrusted(X509Certificate[] chain) { 058 ssl.setCurrentClientChain(chain); 059 boolean firstTest = trustManager.isClientTrusted(chain); 060 return test(firstTest, chain); 061 } 062 063 public boolean isServerTrusted(X509Certificate[] chain) { 064 ssl.setCurrentServerChain(chain); 065 boolean firstTest = trustManager.isServerTrusted(chain); 066 return test(firstTest, chain); 067 } 068 069 public X509Certificate[] getAcceptedIssuers() { 070 return trustManager.getAcceptedIssuers(); 071 } 072 073 private boolean test(boolean firstTest, X509Certificate[] chain) { 074 // Even if the first test failed, we might still be okay as long as 075 // this SSLServer or SSLClient is setup to trust all certificates. 076 if (!firstTest) { 077 if (!trustChain.contains(TrustMaterial.TRUST_ALL)) { 078 return false; 079 } 080 } 081 082 try { 083 for (int i = 0; i < chain.length; i++) { 084 X509Certificate c = chain[i]; 085 if (ssl.getCheckExpiry()) { 086 c.checkValidity(); 087 } 088 if (ssl.getCheckCRL()) { 089 Certificates.checkCRL(c); 090 } 091 } 092 return true; 093 } 094 catch (CertificateException ce) { 095 return false; 096 } 097 } 098 099}