Source code

001// ***************************************************************************************************************************
002// * Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements.  See the NOTICE file *
003// * distributed with this work for additional information regarding copyright ownership.  The ASF licenses this file        *
004// * to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance            *
005// * with the License.  You may obtain a copy of the License at                                                              *
006// *                                                                                                                         *
007// *  http://www.apache.org/licenses/LICENSE-2.0                                                                             *
008// *                                                                                                                         *
009// * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an  *
010// * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the License for the        *
011// * specific language governing permissions and limitations under the License.                                              *
012// ***************************************************************************************************************************
013package org.apache.juneau.rest.client;
014
015import java.security.*;
016import java.security.cert.*;
017
018import javax.net.ssl.*;
019
020/**
021 * A trust manager that optionally allows for self-signed certificates.
022 */
023public final class SimpleX509TrustManager implements X509TrustManager {
024
025   private X509TrustManager baseTrustManager;  // The JRE-provided trust manager used to validate certificates presented by a server.
026
027   /**
028    * Constructor.
029    *
030    * @param lax If <jk>true</jk>, allow self-signed and expired certificates.
031    * @throws KeyStoreException
032    * @throws NoSuchAlgorithmException
033    */
034   public SimpleX509TrustManager(boolean lax) throws KeyStoreException, NoSuchAlgorithmException {
035      if (! lax) {
036         // Find the JRE-provided X509 trust manager.
037         KeyStore ks = KeyStore.getInstance("jks");
038         TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
039         factory.init(ks);
040         for (TrustManager tm : factory.getTrustManagers()) {
041            if (tm instanceof X509TrustManager) {
042               baseTrustManager = (X509TrustManager)tm; // Take the first X509TrustManager we find
043               return;
044            }
045         }
046         throw new IllegalStateException("Couldn't find JRE's X509TrustManager");
047      }
048   }
049
050   @Override /* X509TrustManager */
051   public X509Certificate[] getAcceptedIssuers() {
052      return baseTrustManager == null ? new X509Certificate[0] : baseTrustManager.getAcceptedIssuers();
053   }
054
055   @Override /* X509TrustManager */
056   public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
057      if (baseTrustManager != null)
058         baseTrustManager.checkClientTrusted(chain, authType);
059   }
060
061   @Override /* X509TrustManager */
062   public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
063      if (baseTrustManager != null)
064         baseTrustManager.checkServerTrusted(chain, authType);
065   }
066}