com.predic8.membrane.core.transport.TrustManagerWrapper Maven / Gradle / Ivy

Show more of this group Show more artifacts with this name
Show all versions of service-proxy-core Show documentation
There is a newer version: 5.6.0
/* Copyright 2013 predic8 GmbH, www.predic8.com

   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at

   http://www.apache.org/licenses/LICENSE-2.0

   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License. */

package com.predic8.membrane.core.transport;

import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Date;
import java.util.List;
import java.util.Set;

import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;

public class TrustManagerWrapper implements X509TrustManager {
	private final boolean ignoreTimestampCheckFailure;
	private final X509TrustManager tm;

	public TrustManagerWrapper(TrustManager[] trustManagers, boolean ignoreTimestampCheckFailure) throws KeyManagementException {
		this.ignoreTimestampCheckFailure = ignoreTimestampCheckFailure;

		X509TrustManager tm2 = null;

		if (trustManagers != null)
			tm2 = chooseTrustManager(trustManagers);

		if (tm2 == null) {
			TrustManagerFactory tmf;
			try {
				tmf = TrustManagerFactory.getInstance(
						TrustManagerFactory.getDefaultAlgorithm());
			} catch (NoSuchAlgorithmException e) {
				throw new RuntimeException(e);
			}
			try {
				tmf.init((KeyStore)null);
			} catch (KeyStoreException e) {
				throw new RuntimeException(e);
			}
			tm2 = chooseTrustManager(tmf.getTrustManagers());
		}

		if (tm2 == null)
			throw new RuntimeException("No trust manager passed and could not create one.");

		tm = tm2;
	}

	private X509TrustManager chooseTrustManager(TrustManager[] tm)
			throws KeyManagementException {
		for (int i = 0; tm != null && i < tm.length; i++)
			if (tm[i] instanceof X509TrustManager)
				return (X509TrustManager) tm[i];

		return null;
	}

	@Override
	public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
		adjustChain(chain);
		tm.checkClientTrusted(chain, authType);
	}

	@Override
	public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
		adjustChain(chain);
		tm.checkServerTrusted(chain, authType);
	}

	private void adjustChain(X509Certificate[] chain) {
		for (int i = 0; i < chain.length; i++) {
			final X509Certificate x509 = chain[i];
			chain[i] = new X509Certificate() {

				public boolean hasUnsupportedCriticalExtension() {
					return x509.hasUnsupportedCriticalExtension();
				}

				public Set getCriticalExtensionOIDs() {
					return x509.getCriticalExtensionOIDs();
				}

				@Override
				public boolean equals(Object other) {
					return x509.equals(other);
				}

				@Override
				public int hashCode() {
					return x509.hashCode();
				}

				public Set getNonCriticalExtensionOIDs() {
					return x509.getNonCriticalExtensionOIDs();
				}

				@Override
				public byte[] getEncoded() throws CertificateEncodingException {
					return x509.getEncoded();
				}

				@Override
				public void verify(PublicKey key) throws CertificateException, NoSuchAlgorithmException,
				InvalidKeyException, NoSuchProviderException, SignatureException {
					x509.verify(key);
				}

				public byte[] getExtensionValue(String oid) {
					return x509.getExtensionValue(oid);
				}

				@Override
				public void verify(PublicKey key, String sigProvider) throws CertificateException,
				NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
					x509.verify(key, sigProvider);
				}

				@Override
				public int getVersion() {
					return x509.getVersion();
				}

				@Override
				public BigInteger getSerialNumber() {
					return x509.getSerialNumber();
				}

				@Override
				public String toString() {
					return x509.toString();
				}

				@Override
				public PublicKey getPublicKey() {
					return x509.getPublicKey();
				}

				@Override
				public Principal getIssuerDN() {
					return x509.getIssuerDN();
				}

				@Override
				public X500Principal getIssuerX500Principal() {
					return x509.getIssuerX500Principal();
				}

				@Override
				public Principal getSubjectDN() {
					return x509.getSubjectDN();
				}

				@Override
				public X500Principal getSubjectX500Principal() {
					return x509.getSubjectX500Principal();
				}

				@Override
				public Date getNotBefore() {
					return x509.getNotBefore();
				}

				@Override
				public Date getNotAfter() {
					return x509.getNotAfter();
				}

				@Override
				public byte[] getTBSCertificate() throws CertificateEncodingException {
					return x509.getTBSCertificate();
				}

				@Override
				public byte[] getSignature() {
					return x509.getSignature();
				}

				@Override
				public String getSigAlgName() {
					return x509.getSigAlgName();
				}

				@Override
				public String getSigAlgOID() {
					return x509.getSigAlgOID();
				}

				@Override
				public byte[] getSigAlgParams() {
					return x509.getSigAlgParams();
				}

				@Override
				public boolean[] getIssuerUniqueID() {
					return x509.getIssuerUniqueID();
				}

				@Override
				public boolean[] getSubjectUniqueID() {
					return x509.getSubjectUniqueID();
				}

				@Override
				public boolean[] getKeyUsage() {
					return x509.getKeyUsage();
				}

				@Override
				public List getExtendedKeyUsage() throws CertificateParsingException {
					return x509.getExtendedKeyUsage();
				}

				@Override
				public int getBasicConstraints() {
					return x509.getBasicConstraints();
				}

				@Override
				public Collection> getSubjectAlternativeNames() throws CertificateParsingException {
					return x509.getSubjectAlternativeNames();
				}

				@Override
				public Collection> getIssuerAlternativeNames() throws CertificateParsingException {
					return x509.getIssuerAlternativeNames();
				}

				@Override
				public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException {
					if (ignoreTimestampCheckFailure)
						return;
					x509.checkValidity(date);
				}

				@Override
				public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException {
					if (ignoreTimestampCheckFailure)
						return;
					x509.checkValidity();
				}
			};
		}
	}

	@Override
	public X509Certificate[] getAcceptedIssuers() {
		return tm.getAcceptedIssuers();
	}

}