All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.unboundid.util.ssl.ValidityDateTrustManager Maven / Gradle / Ivy

/*
 * Copyright 2012-2017 UnboundID Corp.
 * All Rights Reserved.
 */
/*
 * Copyright (C) 2012-2017 UnboundID Corp.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License (GPLv2 only)
 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only)
 * as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, see .
 */
package com.unboundid.util.ssl;



import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;

import com.unboundid.util.NotMutable;
import com.unboundid.util.ThreadSafety;
import com.unboundid.util.ThreadSafetyLevel;

import static com.unboundid.util.ssl.SSLMessages.*;



/**
 * This class provides an SSL trust manager that merely checks to see whether
 * a presented certificate is currently within its validity time window (i.e.,
 * the current time is not earlier than the certificate's notBefore timestamp
 * and not later than the certificate's notAfter timestamp).
 * 

* Note that no other elements of the certificate are examined, so it is * strongly recommended that this trust manager be used in an * {@link AggregateTrustManager} in conjunction with other trust managers that * perform other forms of validation. */ @NotMutable() @ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE) public final class ValidityDateTrustManager implements X509TrustManager { /** * A pre-allocated empty certificate array. */ private static final X509Certificate[] NO_CERTIFICATES = new X509Certificate[0]; /** * Creates a new validity date trust manager. */ public ValidityDateTrustManager() { // No implementation is required. } /** * Checks to determine whether the provided client certificate chain should be * trusted. * * @param chain The client certificate chain for which to make the * determination. * @param authType The authentication type based on the client certificate. * * @throws CertificateException If the provided client certificate chain * should not be trusted. */ public void checkClientTrusted(final X509Certificate[] chain, final String authType) throws CertificateException { checkCertificateValidity(chain[0]); } /** * Checks to determine whether the provided server certificate chain should be * trusted. * * @param chain The server certificate chain for which to make the * determination. * @param authType The key exchange algorithm used. * * @throws CertificateException If the provided server certificate chain * should not be trusted. */ public void checkServerTrusted(final X509Certificate[] chain, final String authType) throws CertificateException { checkCertificateValidity(chain[0]); } /** * Checks the provided certificate to determine whether the current time is * within the certificate's validity window. * * @param c The certificate to be checked. * * @throws CertificateException If the presented certificate is outside the * validity window. */ private static void checkCertificateValidity(final X509Certificate c) throws CertificateException { final Date currentTime = new Date(); final Date notBefore = c.getNotBefore(); final Date notAfter = c.getNotAfter(); if (currentTime.before(notBefore)) { throw new CertificateException(ERR_VALIDITY_TOO_EARLY.get( c.getSubjectX500Principal().getName(X500Principal.RFC2253), String.valueOf(notBefore))); } if (currentTime.after(c.getNotAfter())) { throw new CertificateException(ERR_VALIDITY_TOO_LATE.get( c.getSubjectX500Principal().getName(X500Principal.RFC2253), String.valueOf(notAfter))); } } /** * Retrieves the accepted issuer certificates for this trust manager. This * will always return an empty array. * * @return The accepted issuer certificates for this trust manager. */ public X509Certificate[] getAcceptedIssuers() { return NO_CERTIFICATES; } }




© 2015 - 2024 Weber Informatics LLC | Privacy Policy