1:
37:
38:
39: package ;
40:
41: import ;
42: import ;
43:
44: import ;
45: import ;
46: import ;
47: import ;
48:
49: import ;
50: import ;
51: import ;
52: import ;
53: import ;
54: import ;
55: import ;
56: import ;
57: import ;
58: import ;
59: import ;
60:
61: import ;
62: import ;
63: import ;
64: import ;
65:
66: import ;
67: import ;
68:
69:
73: public class X509TrustManagerFactory extends TrustManagerFactorySpi
74: {
75:
76:
77:
78:
79:
82: private static final String JSSE_CERTS = Util.getProperty("java.home")
83: + Util.getProperty("file.separator") + "lib"
84: + Util.getProperty("file.separator") + "security"
85: + Util.getProperty("file.separator") + "jssecerts";
86:
87:
90: private static final String CA_CERTS = Util.getProperty("java.home")
91: + Util.getProperty("file.separator") + "lib"
92: + Util.getProperty("file.separator") + "security"
93: + Util.getProperty("file.separator") + "cacerts";
94:
95: private Manager current;
96:
97:
98:
99:
100: public X509TrustManagerFactory()
101: {
102: super();
103: }
104:
105:
106:
107:
108: protected TrustManager[] engineGetTrustManagers()
109: {
110: if (current == null)
111: {
112: throw new IllegalStateException("not initialized");
113: }
114: return new TrustManager[] { current };
115: }
116:
117: protected void engineInit(ManagerFactoryParameters params)
118: throws InvalidAlgorithmParameterException
119: {
120: if (params instanceof StaticTrustAnchors)
121: {
122: current = new Manager(((StaticTrustAnchors) params).getCertificates());
123: }
124: else if (params instanceof NullManagerParameters)
125: {
126: current = new Manager(new X509Certificate[0]);
127: }
128: else
129: {
130: throw new InvalidAlgorithmParameterException();
131: }
132: }
133:
134: protected void engineInit(KeyStore store) throws KeyStoreException
135: {
136: if (store == null)
137: {
138: String s = Util.getProperty("javax.net.ssl.trustStoreType");
139: if (s == null)
140: s = KeyStore.getDefaultType();
141: store = KeyStore.getInstance(s);
142: try
143: {
144: s = Util.getProperty("javax.net.ssl.trustStore");
145: FileInputStream in = null;
146: if (s == null)
147: {
148: try
149: {
150: in = new FileInputStream(JSSE_CERTS);
151: }
152: catch (IOException e)
153: {
154: in = new FileInputStream(CA_CERTS);
155: }
156: }
157: else
158: {
159: in = new FileInputStream(s);
160: }
161: String p = Util.getProperty("javax.net.ssl.trustStorePassword");
162: store.load(in, p != null ? p.toCharArray() : null);
163: }
164: catch (IOException ioe)
165: {
166: throw new KeyStoreException(ioe.toString());
167: }
168: catch (CertificateException ce)
169: {
170: throw new KeyStoreException(ce.toString());
171: }
172: catch (NoSuchAlgorithmException nsae)
173: {
174: throw new KeyStoreException(nsae.toString());
175: }
176: }
177:
178: LinkedList l = new LinkedList();
179: Enumeration aliases = store.aliases();
180: while (aliases.hasMoreElements())
181: {
182: String alias = (String) aliases.nextElement();
183: if (!store.isCertificateEntry(alias))
184: continue;
185: Certificate c = store.getCertificate(alias);
186: if (!(c instanceof X509Certificate))
187: continue;
188: l.add(c);
189: }
190: current = this.new Manager((X509Certificate[])
191: l.toArray(new X509Certificate[l.size()]));
192: }
193:
194:
195:
196:
197:
200: private class Manager implements X509TrustManager
201: {
202:
203:
204:
205:
206: private final X509Certificate[] trusted;
207:
208:
209:
210:
211: Manager(X509Certificate[] trusted)
212: {
213: this.trusted = trusted;
214: }
215:
216:
217:
218:
219: public void checkClientTrusted(X509Certificate[] chain, String authType)
220: throws CertificateException
221: {
222: checkTrusted(chain, authType);
223: }
224:
225: public void checkServerTrusted(X509Certificate[] chain, String authType)
226: throws CertificateException
227: {
228: checkTrusted(chain, authType);
229: }
230:
231: public X509Certificate[] getAcceptedIssuers()
232: {
233: if (trusted == null)
234: return new X509Certificate[0];
235: return (X509Certificate[]) trusted.clone();
236: }
237:
238:
239:
240:
241: private void checkTrusted(X509Certificate[] chain, String authType)
242: throws CertificateException
243: {
244:
245:
246:
247: chain[0].checkValidity();
248:
249:
250: for (int i = 1; i < chain.length; i++)
251: {
252: chain[i].checkValidity();
253: try
254: {
255: chain[i-1].verify(chain[i].getPublicKey());
256: }
257: catch (NoSuchAlgorithmException nsae)
258: {
259: throw new CertificateException(nsae.toString());
260: }
261: catch (NoSuchProviderException nspe)
262: {
263: throw new CertificateException(nspe.toString());
264: }
265: catch (InvalidKeyException ike)
266: {
267: throw new CertificateException(ike.toString());
268: }
269: catch (SignatureException se)
270: {
271: throw new CertificateException(se.toString());
272: }
273: }
274:
275:
276: if (trusted == null || trusted.length == 0)
277: throw new CertificateException("no trust anchors");
278: for (int i = 0; i < trusted.length; i++)
279: {
280: try
281: {
282: trusted[i].checkValidity();
283: chain[chain.length-1].verify(trusted[i].getPublicKey());
284: return;
285: }
286: catch (Exception e)
287: {
288: }
289:
290:
291:
292:
293:
294: }
295: throw new CertificateException();
296: }
297: }
298: }