001// *************************************************************************************************************************** 002// * Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file * 003// * distributed with this work for additional information regarding copyright ownership. The ASF licenses this file * 004// * to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance * 005// * with the License. You may obtain a copy of the License at * 006// * * 007// * http://www.apache.org/licenses/LICENSE-2.0 * 008// * * 009// * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an * 010// * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the * 011// * specific language governing permissions and limitations under the License. * 012// *************************************************************************************************************************** 013package org.apache.juneau.rest.client; 014 015import java.security.*; 016import java.security.cert.*; 017 018import javax.net.ssl.*; 019 020/** 021 * A trust manager that optionally allows for self-signed certificates. 022 * 023 * @deprecated No replacement. 024 */ 025@Deprecated 026public final class SimpleX509TrustManager implements X509TrustManager { 027 028 private X509TrustManager baseTrustManager; // The JRE-provided trust manager used to validate certificates presented by a server. 029 030 /** 031 * Constructor. 032 * 033 * @param lax If <jk>true</jk>, allow self-signed and expired certificates. 034 * @throws KeyStoreException Generic keystore exception. 035 * @throws NoSuchAlgorithmException Unknown cryptographic algorithm. 036 */ 037 public SimpleX509TrustManager(boolean lax) throws KeyStoreException, NoSuchAlgorithmException { 038 if (! lax) { 039 // Find the JRE-provided X509 trust manager. 040 KeyStore ks = KeyStore.getInstance("jks"); 041 TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); 042 factory.init(ks); 043 for (TrustManager tm : factory.getTrustManagers()) { 044 if (tm instanceof X509TrustManager) { 045 baseTrustManager = (X509TrustManager)tm; // Take the first X509TrustManager we find 046 return; 047 } 048 } 049 throw new IllegalStateException("Couldn't find JRE's X509TrustManager"); 050 } 051 } 052 053 @Override /* X509TrustManager */ 054 public X509Certificate[] getAcceptedIssuers() { 055 return baseTrustManager == null ? new X509Certificate[0] : baseTrustManager.getAcceptedIssuers(); 056 } 057 058 @Override /* X509TrustManager */ 059 public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { 060 if (baseTrustManager != null) 061 baseTrustManager.checkClientTrusted(chain, authType); 062 } 063 064 @Override /* X509TrustManager */ 065 public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { 066 if (baseTrustManager != null) 067 baseTrustManager.checkServerTrusted(chain, authType); 068 } 069}