org.nervousync.http.security.GeneX509TrustManager Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of utils-jdk11 Show documentation
Show all versions of utils-jdk11 Show documentation
Java utility collections, development by Nervousync Studio (NSYC)
/*
* Licensed to the Nervousync Studio (NSYC) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.nervousync.http.security;
import org.nervousync.http.cert.TrustCert;
import org.nervousync.exceptions.http.CertInfoException;
import org.nervousync.utils.FileUtils;
import org.nervousync.utils.LoggerUtils;
import org.nervousync.utils.StringUtils;
import org.nervousync.utils.SystemUtils;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import java.io.ByteArrayInputStream;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.List;
/**
* X509 trust manager
* X509证书管理器
*
* @author Steven Wee [email protected]
* @version $Revision: 1.0.0 $ $Date: Dec 18, 2020 20:51:28 $
*/
public class GeneX509TrustManager implements X509TrustManager {
/**
* Logger instance
* 日志对象
*/
private final LoggerUtils.Logger logger = LoggerUtils.getLogger(this.getClass());
/**
* Default password of read certificate from library
* 读取证书的默认密码
*/
private static final String DEFAULT_PASSPHRASE = "changeit";
/**
* Password of read certificate from library
* 读取证书的密码
*/
private final String passPhrase;
/**
* Trust certificate library list
* 信任证书库列表
*/
private final List trustCertList;
/**
* Trust manager instance
* 信任管理器实例对象
*/
private X509TrustManager trustManager = null;
/**
* Private constructor method for GeneX509TrustManager
* GeneX509TrustManager私有构造方法
*
* @param passPhrase Password of read certificate from library
* 读取证书的密码
* @param trustCertList Trust certificate library list
* 信任证书库列表
* @throws CertInfoException
* If not found X509TrustManager instance
* 当没有找到X509TrustManager实例对象时
*/
private GeneX509TrustManager(String passPhrase, List trustCertList) throws CertInfoException {
this.passPhrase = StringUtils.notBlank(passPhrase) ? passPhrase : DEFAULT_PASSPHRASE;
this.trustCertList = trustCertList;
this.initManager();
}
/**
* Static method for generate GeneX509TrustManager instance
* 静态方法用于生成GeneX509TrustManager实例对象
* Init gene x 509 trust manager.
*
* @param passPhrase Password of read certificate from library
* 读取证书的密码
* @param trustCertList Trust certificate library list
* 信任证书库列表
*
* @return Generated GeneX509TrustManager instance
* 生成的GeneX509TrustManager实例对象
* @throws CertInfoException
* If not found X509TrustManager instance
* 当没有找到X509TrustManager实例对象时
*/
public static GeneX509TrustManager newInstance(final String passPhrase, final List trustCertList)
throws CertInfoException {
return new GeneX509TrustManager(passPhrase, trustCertList);
}
/**
* Check client certificate is trusted
* 检查客户端证书信任状态
*
* @param x509certificates the peer certificate chain
* 对等证书链
* @param authType the authentication type based on the client certificate
* 基于客户端证书的身份验证类型
* @throws CertificateException
* If error occurs when check certificate
* 当检查证书时出现异常
*/
@Override
public void checkClientTrusted(final X509Certificate[] x509certificates, final String authType)
throws CertificateException {
this.trustManager.checkClientTrusted(x509certificates, authType);
}
/**
* Check server certificate is trusted
* 检查客户端证书信任状态
*
* @param x509certificates the peer certificate chain
* 对等证书链
* @param authType the authentication type based on the client certificate
* 基于客户端证书的身份验证类型
* @throws CertificateException
* If error occurs when check certificate
* 当检查证书时出现异常
*/
@Override
public void checkServerTrusted(X509Certificate[] x509certificates, String authType) throws CertificateException {
this.trustManager.checkServerTrusted(x509certificates, authType);
}
/**
* Retrieve accepted issuers certificate array
* 读取信任签发者的证书数组
*
* @return Return an array of certificate authority certificates which are trusted for authenticating peers.
* 返回一组受信任的证书颁发机构证书,可用于对对等方进行身份验证。
*/
@Override
public X509Certificate[] getAcceptedIssuers() {
return this.trustManager.getAcceptedIssuers();
}
/**
* Initialize TrustManager instance
* 初始化证书信任管理器实例对象
*
* @throws CertInfoException
* If not found X509TrustManager instance
* 当没有找到X509TrustManager实例对象时
*/
private void initManager() throws CertInfoException {
try {
KeyStore keyStore = KeyStore.getInstance("JKS");
if (!FileUtils.isExists(SystemUtils.systemCertPath())) {
this.logger.warn("System_Certificate_Not_Found_Warn");
} else {
keyStore.load(FileUtils.loadFile(SystemUtils.systemCertPath()), this.passPhrase.toCharArray());
}
for (TrustCert trustCert : this.trustCertList) {
keyStore.load(new ByteArrayInputStream(trustCert.getCertContent()),
trustCert.getCertPassword().toCharArray());
}
TrustManagerFactory trustManagerFactory =
TrustManagerFactory.getInstance("SunX509", "SunJSSE");
trustManagerFactory.init(keyStore);
for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
if (trustManager instanceof X509TrustManager) {
this.trustManager = (X509TrustManager) trustManager;
return;
}
}
} catch (Exception e) {
throw new CertInfoException(0x000000150001L, "Init_Trust_Manager_Certificate_Error", e);
}
throw new CertInfoException(0x000000150002L, "NotFound_X509TrustManager_Certificate_Error");
}
}