com.day.cq.analytics.sitecatalyst.util.EasyX509TrustManager Maven / Gradle / Ivy
/*************************************************************************
*
* ADOBE CONFIDENTIAL
* __________________
*
* Copyright 2011 Adobe Systems Incorporated
* All Rights Reserved.
*
* NOTICE: All information contained herein is, and remains
* the property of Adobe Systems Incorporated and its suppliers,
* if any. The intellectual and technical concepts contained
* herein are proprietary to Adobe Systems Incorporated and its
* suppliers and are protected by trade secret or copyright law.
* Dissemination of this information or reproduction of this material
* is strictly forbidden unless prior written permission is obtained
* from Adobe Systems Incorporated.
**************************************************************************/
package com.day.cq.analytics.sitecatalyst.util;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
*
* EasyX509TrustManager unlike default {@link javax.net.ssl.X509TrustManager} accepts
* self-signed certificates.
*
*
* This trust manager SHOULD NOT be used for productive systems
* due to security reasons, unless it is a concious decision and
* you are perfectly aware of security implications of accepting
* self-signed certificates
*
*
* @author Adrian Sutton
* @author Oleg Kalnichevski
*
* DISCLAIMER: HttpClient developers DO NOT actively support this component.
* The component is provided as a reference material, which may be inappropriate
* for use without additional customization.
*
*
* @deprecated As of 6.3.0.3 (Package Version 5.7.0), with no replacement.
*/
@Deprecated
public class EasyX509TrustManager implements X509TrustManager {
private X509TrustManager standardTrustManager = null;
private boolean allowExpired;
/**
* default logger
*/
private static final Logger log = LoggerFactory.getLogger(EasyX509TrustManager.class);
/**
* Constructor for EasyX509TrustManager.
* @param keystore keystore
* @param allowExpired flag if expired should be allowed
* @throws NoSuchAlgorithmException migth be thrown
* @throws KeyStoreException migth be thrown
*/
public EasyX509TrustManager(KeyStore keystore, boolean allowExpired) throws NoSuchAlgorithmException, KeyStoreException {
this.allowExpired = allowExpired;
TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
factory.init(keystore);
TrustManager[] trustmanagers = factory.getTrustManagers();
if (trustmanagers.length == 0) {
throw new NoSuchAlgorithmException("no trust manager found");
}
this.standardTrustManager = (X509TrustManager) trustmanagers[0];
}
/**
* @see javax.net.ssl.X509TrustManager#checkClientTrusted(X509Certificate[], String)
*/
public void checkClientTrusted(X509Certificate[] certificates, String authType) throws CertificateException {
standardTrustManager.checkClientTrusted(certificates, authType);
}
/**
* @see javax.net.ssl.X509TrustManager#checkServerTrusted(java.security.cert.X509Certificate[], String authType)
*/
public void checkServerTrusted(X509Certificate[] certificates, String authType) throws CertificateException {
if ((certificates != null) && log.isDebugEnabled()) {
log.debug("Server certificate chain:");
for (int i = 0; i < certificates.length; i++) {
log.debug("X509Certificate[{}] = {}", i, certificates[i]);
}
}
if ((certificates != null) && (certificates.length == 1)) {
if (!allowExpired) {
certificates[0].checkValidity();
}
} else {
standardTrustManager.checkServerTrusted(certificates, authType);
}
}
/**
* @see javax.net.ssl.X509TrustManager#getAcceptedIssuers()
*/
public X509Certificate[] getAcceptedIssuers() {
return this.standardTrustManager.getAcceptedIssuers();
}
}