001/* 002 * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.9/src/java/org/apache/commons/ssl/Java14TrustManagerWrapper.java $ 003 * $Revision: 121 $ 004 * $Date: 2007-11-13 21:26:57 -0800 (Tue, 13 Nov 2007) $ 005 * 006 * ==================================================================== 007 * Licensed to the Apache Software Foundation (ASF) under one 008 * or more contributor license agreements. See the NOTICE file 009 * distributed with this work for additional information 010 * regarding copyright ownership. The ASF licenses this file 011 * to you under the Apache License, Version 2.0 (the 012 * "License"); you may not use this file except in compliance 013 * with the License. You may obtain a copy of the License at 014 * 015 * http://www.apache.org/licenses/LICENSE-2.0 016 * 017 * Unless required by applicable law or agreed to in writing, 018 * software distributed under the License is distributed on an 019 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 020 * KIND, either express or implied. See the License for the 021 * specific language governing permissions and limitations 022 * under the License. 023 * ==================================================================== 024 * 025 * This software consists of voluntary contributions made by many 026 * individuals on behalf of the Apache Software Foundation. For more 027 * information on the Apache Software Foundation, please see 028 * <http://www.apache.org/>. 029 * 030 */ 031 032package org.apache.commons.ssl; 033 034import javax.net.ssl.X509TrustManager; 035import java.security.cert.CertificateException; 036import java.security.cert.CertificateExpiredException; 037import java.security.cert.X509Certificate; 038 039/** 040 * @author Credit Union Central of British Columbia 041 * @author <a href="http://www.cucbc.com/">www.cucbc.com</a> 042 * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a> 043 * @since 30-Mar-2006 044 */ 045public class Java14TrustManagerWrapper implements X509TrustManager { 046 private final X509TrustManager trustManager; 047 private final TrustChain trustChain; 048 private final SSL ssl; 049 050 public Java14TrustManagerWrapper(X509TrustManager m, TrustChain tc, SSL h) { 051 this.trustManager = m; 052 this.trustChain = tc; 053 this.ssl = h; 054 } 055 056 public void checkClientTrusted(X509Certificate[] chain, String authType) 057 throws CertificateException { 058 ssl.setCurrentClientChain(chain); 059 CertificateException ce = null; 060 try { 061 trustManager.checkClientTrusted(chain, authType); 062 } 063 catch (CertificateException e) { 064 ce = e; 065 } 066 testShouldWeThrow(ce, chain); 067 } 068 069 public void checkServerTrusted(X509Certificate[] chain, String authType) 070 throws CertificateException { 071 ssl.setCurrentServerChain(chain); 072 CertificateException ce = null; 073 try { 074 trustManager.checkServerTrusted(chain, authType); 075 } 076 catch (CertificateException e) { 077 ce = e; 078 } 079 testShouldWeThrow(ce, chain); 080 } 081 082 public X509Certificate[] getAcceptedIssuers() { 083 return trustManager.getAcceptedIssuers(); 084 } 085 086 private void testShouldWeThrow(CertificateException checkException, 087 X509Certificate[] chain) 088 throws CertificateException { 089 if (checkException != null) { 090 Throwable root = getRootThrowable(checkException); 091 boolean expiryProblem = root instanceof CertificateExpiredException; 092 if (expiryProblem) { 093 if (ssl.getCheckExpiry()) { 094 // We're expired, and this factory cares. 095 throw checkException; 096 } 097 } else { 098 // Probably the cert isn't trusted. Only let it through if 099 // this factory trusts everything. 100 if (!trustChain.contains(TrustMaterial.TRUST_ALL)) { 101 throw checkException; 102 } 103 } 104 } 105 106 for (int i = 0; i < chain.length; i++) { 107 X509Certificate c = chain[i]; 108 if (ssl.getCheckExpiry()) { 109 c.checkValidity(); 110 } 111 if (ssl.getCheckCRL()) { 112 Certificates.checkCRL(c); 113 } 114 } 115 } 116 117 private static Throwable getRootThrowable(Throwable t) { 118 if (t == null) { 119 return t; 120 } 121 Throwable cause = t.getCause(); 122 while (cause != null && !t.equals(cause)) { 123 t = cause; 124 cause = t.getCause(); 125 } 126 return t; 127 } 128}