001/*
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements.  See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License.  You may obtain a copy of the License at
008 *
009 *      http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017
018package org.apache.commons.net.util;
019
020import java.security.GeneralSecurityException;
021import java.security.KeyStore;
022import java.security.cert.CertificateException;
023import java.security.cert.X509Certificate;
024
025import javax.net.ssl.TrustManagerFactory;
026import javax.net.ssl.X509TrustManager;
027
028/**
029 * TrustManager utilities for generating TrustManagers.
030 *
031 * @since 3.0
032 */
033public final class TrustManagerUtils
034{
035    private static final X509Certificate[] EMPTY_X509CERTIFICATE_ARRAY = new X509Certificate[]{};
036
037    private static class TrustManager implements X509TrustManager {
038
039        private final boolean checkServerValidity;
040
041        TrustManager(boolean checkServerValidity) {
042            this.checkServerValidity = checkServerValidity;
043        }
044
045        /**
046         * Never generates a CertificateException.
047         */
048        public void checkClientTrusted(X509Certificate[] certificates, String authType)
049        {
050            return;
051        }
052
053        public void checkServerTrusted(X509Certificate[] certificates, String authType)
054            throws CertificateException
055        {
056            if (checkServerValidity) {
057                for (int i = 0; i < certificates.length; ++i)
058                {
059                    certificates[i].checkValidity();
060                }
061            }
062        }
063
064        /**
065         * @return an empty array of certificates
066         */
067        public X509Certificate[] getAcceptedIssuers()
068        {
069            return EMPTY_X509CERTIFICATE_ARRAY;
070        }
071    }
072
073    private static final X509TrustManager ACCEPT_ALL=new TrustManager(false);
074
075    private static final X509TrustManager CHECK_SERVER_VALIDITY=new TrustManager(true);
076
077    /**
078     * Generate a TrustManager that performs no checks.
079     *
080     * @return the TrustManager
081     */
082    public static X509TrustManager getAcceptAllTrustManager(){
083        return ACCEPT_ALL;
084    }
085
086    /**
087     * Generate a TrustManager that checks server certificates for validity,
088     * but otherwise performs no checks.
089     *
090     * @return the validating TrustManager
091     */
092    public static X509TrustManager getValidateServerCertificateTrustManager(){
093        return CHECK_SERVER_VALIDITY;
094    }
095
096    /**
097     * Return the default TrustManager provided by the JVM.
098     * <p>
099     * This should be the same as the default used by {@link javax.net.ssl.SSLContext#init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], java.security.SecureRandom)
100     * SSLContext#init(KeyManager[], TrustManager[], SecureRandom)}
101     * when the TrustManager parameter is set to {@code null}
102     * @param keyStore the KeyStore to use, may be {@code null}
103     * @return the default TrustManager
104     * @throws GeneralSecurityException
105     */
106    public static X509TrustManager getDefaultTrustManager(KeyStore keyStore) throws GeneralSecurityException {
107        String defaultAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
108        TrustManagerFactory instance = TrustManagerFactory.getInstance(defaultAlgorithm);
109        instance.init(keyStore);
110        return (X509TrustManager) instance.getTrustManagers()[0];
111    }
112
113}