• Home
• com.gitlab.summer-cattle
• cattle-commons-security
• 1.0.0-M1
• source code
• SslX509TrustManager.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.gitlab.summercattle.commons.security.ssl.SslX509TrustManager Maven / Gradle / Ivy

/*
 * Copyright (C) 2018 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.gitlab.summercattle.commons.security.ssl;

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import javax.net.ssl.X509TrustManager;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import com.gitlab.summercattle.commons.exception.CommonRuntimeException;

class SslX509TrustManager implements X509TrustManager {

	/** Log object for this class. */
	private static Logger logger = LoggerFactory.getLogger(SslX509TrustManager.class);

	private X509TrustManager defaultTrustManager = null;

	/**
	 * Constructor for AuthSSLX509TrustManager.
	 */
	public SslX509TrustManager(X509TrustManager defaultTrustManager) {
		if (defaultTrustManager == null) {
			throw new CommonRuntimeException("Trust管理器不可以为空");
		}
		this.defaultTrustManager = defaultTrustManager;
	}

	/**
	 * @see javax.net.ssl.X509TrustManager#checkClientTrusted(X509Certificate[],String authType)
	 */
	public void checkClientTrusted(X509Certificate[] certificates, String authType) throws CertificateException {
		if (logger.isInfoEnabled() && certificates != null) {
			for (int c = 0; c < certificates.length; c++) {
				X509Certificate cert = certificates[c];
				logger.info(" Client certificate " + (c + 1) + ":");
				logger.info("  Subject DN: " + cert.getSubjectX500Principal());
				logger.info("  Signature Algorithm: " + cert.getSigAlgName());
				logger.info("  Valid from: " + cert.getNotBefore());
				logger.info("  Valid until: " + cert.getNotAfter());
				logger.info("  Issuer: " + cert.getIssuerX500Principal());
			}
		}
		defaultTrustManager.checkClientTrusted(certificates, authType);
	}

	/**
	 * @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[],String authType)
	 */
	public void checkServerTrusted(X509Certificate[] certificates, String authType) throws CertificateException {
		if (logger.isInfoEnabled() && certificates != null) {
			for (int c = 0; c < certificates.length; c++) {
				X509Certificate cert = certificates[c];
				logger.info(" Server certificate " + (c + 1) + ":");
				logger.info("  Subject DN: " + cert.getSubjectX500Principal());
				logger.info("  Signature Algorithm: " + cert.getSigAlgName());
				logger.info("  Valid from: " + cert.getNotBefore());
				logger.info("  Valid until: " + cert.getNotAfter());
				logger.info("  Issuer: " + cert.getIssuerX500Principal());
			}
		}
		defaultTrustManager.checkServerTrusted(certificates, authType);
	}

	/**
	 * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers()
	 */
	public X509Certificate[] getAcceptedIssuers() {
		return this.defaultTrustManager.getAcceptedIssuers();
	}
}