View Javadoc

1   package org.apache.maven.wagon.shared.http4;
2   
3   /*
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   *   http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  
22  import javax.net.ssl.SSLContext;
23  import javax.net.ssl.TrustManager;
24  import javax.net.ssl.TrustManagerFactory;
25  import javax.net.ssl.X509TrustManager;
26  import java.io.IOException;
27  import java.security.KeyStore;
28  import java.security.KeyStoreException;
29  import java.security.NoSuchAlgorithmException;
30  import java.security.cert.CertificateException;
31  import java.security.cert.CertificateExpiredException;
32  import java.security.cert.CertificateNotYetValidException;
33  import java.security.cert.X509Certificate;
34  
35  /**
36   * Relaxed X509 certificate trust manager: can ignore invalid certificate date.
37   *
38   * @author Olivier Lamy
39   * @since 2.0
40   * @see AbstractHttpClientWagon.IGNORE_SSL_VALIDITY_DATES
41   */
42  public class RelaxedX509TrustManager
43      implements X509TrustManager
44  {
45      private X509TrustManager standardTrustManager = null;
46  
47      protected static SSLContext createRelaxedSSLContext()
48          throws IOException
49      {
50          try
51          {
52              SSLContext context = SSLContext.getInstance( "SSL" );
53              context.init( null, new TrustManager[]{ new RelaxedX509TrustManager( null ) }, null );
54              return context;
55          }
56          catch ( Exception e )
57          {
58              IOException ioe = new IOException( e.getMessage() );
59              ioe.initCause( e );
60              throw ioe;
61          }
62      }
63  
64      /**
65       * Constructor for EasyX509TrustManager.
66       */
67      public RelaxedX509TrustManager( KeyStore keystore )
68          throws NoSuchAlgorithmException, KeyStoreException
69      {
70          super();
71          TrustManagerFactory factory = TrustManagerFactory.getInstance( TrustManagerFactory.getDefaultAlgorithm() );
72          factory.init( keystore );
73          TrustManager[] trustmanagers = factory.getTrustManagers();
74          if ( trustmanagers.length == 0 )
75          {
76              throw new NoSuchAlgorithmException( "no trust manager found" );
77          }
78          this.standardTrustManager = (X509TrustManager) trustmanagers[0];
79      }
80  
81      /**
82       * @see javax.net.ssl.X509TrustManager#checkClientTrusted(X509Certificate[], String authType)
83       */
84      public void checkClientTrusted( X509Certificate[] certificates, String authType )
85          throws CertificateException
86      {
87          standardTrustManager.checkClientTrusted( certificates, authType );
88      }
89  
90      /**
91       * @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[], String authType)
92       */
93      public void checkServerTrusted( X509Certificate[] certificates, String authType )
94          throws CertificateException
95      {
96  
97          if ( ( certificates != null ) && ( certificates.length == 1 ) )
98          {
99              try
100             {
101                 certificates[0].checkValidity();
102             }
103             catch ( CertificateExpiredException e )
104             {
105                 if ( !AbstractHttpClientWagon.IGNORE_SSL_VALIDITY_DATES )
106                 {
107                     throw e;
108                 }
109             }
110             catch ( CertificateNotYetValidException e )
111             {
112                 if ( !AbstractHttpClientWagon.IGNORE_SSL_VALIDITY_DATES )
113                 {
114                     throw e;
115                 }
116             }
117         }
118         else
119         {
120             standardTrustManager.checkServerTrusted( certificates, authType );
121         }
122     }
123 
124     /**
125      * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers()
126      */
127     public X509Certificate[] getAcceptedIssuers()
128     {
129         return this.standardTrustManager.getAcceptedIssuers();
130     }
131 }