001// *************************************************************************************************************************** 002// * Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file * 003// * distributed with this work for additional information regarding copyright ownership. The ASF licenses this file * 004// * to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance * 005// * with the License. You may obtain a copy of the License at * 006// * * 007// * http://www.apache.org/licenses/LICENSE-2.0 * 008// * * 009// * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an * 010// * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the * 011// * specific language governing permissions and limitations under the License. * 012// *************************************************************************************************************************** 013package org.apache.juneau.rest.client; 014 015import java.security.*; 016import java.security.cert.*; 017 018import javax.net.ssl.*; 019 020/** 021 * A trust manager that optionally allows for self-signed certificates. 022 */ 023public final class SimpleX509TrustManager implements X509TrustManager { 024 025 private X509TrustManager baseTrustManager; // The JRE-provided trust manager used to validate certificates presented by a server. 026 027 /** 028 * Constructor. 029 * 030 * @param lax If <jk>true</jk>, allow self-signed and expired certificates. 031 * @throws KeyStoreException 032 * @throws NoSuchAlgorithmException 033 */ 034 public SimpleX509TrustManager(boolean lax) throws KeyStoreException, NoSuchAlgorithmException { 035 if (! lax) { 036 // Find the JRE-provided X509 trust manager. 037 KeyStore ks = KeyStore.getInstance("jks"); 038 TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); 039 factory.init(ks); 040 for (TrustManager tm : factory.getTrustManagers()) { 041 if (tm instanceof X509TrustManager) { 042 baseTrustManager = (X509TrustManager)tm; // Take the first X509TrustManager we find 043 return; 044 } 045 } 046 throw new IllegalStateException("Couldn't find JRE's X509TrustManager"); 047 } 048 } 049 050 @Override /* X509TrustManager */ 051 public X509Certificate[] getAcceptedIssuers() { 052 return baseTrustManager == null ? new X509Certificate[0] : baseTrustManager.getAcceptedIssuers(); 053 } 054 055 @Override /* X509TrustManager */ 056 public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { 057 if (baseTrustManager != null) 058 baseTrustManager.checkClientTrusted(chain, authType); 059 } 060 061 @Override /* X509TrustManager */ 062 public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { 063 if (baseTrustManager != null) 064 baseTrustManager.checkServerTrusted(chain, authType); 065 } 066}