Source code

001// ***************************************************************************************************************************
002// * Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements.  See the NOTICE file *
003// * distributed with this work for additional information regarding copyright ownership.  The ASF licenses this file        *
004// * to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance            *
005// * with the License.  You may obtain a copy of the License at                                                              *
006// *                                                                                                                         *
007// *  http://www.apache.org/licenses/LICENSE-2.0                                                                             *
008// *                                                                                                                         *
009// * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an  *
010// * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the License for the        *
011// * specific language governing permissions and limitations under the License.                                              *
012// ***************************************************************************************************************************
013package org.apache.juneau.rest.client;
014
015import java.security.*;
016import java.security.cert.*;
017
018import javax.net.ssl.*;
019
020/**
021 * A trust manager that optionally allows for self-signed certificates.
022 *
023 * @deprecated No replacement.
024 */
025@Deprecated
026public final class SimpleX509TrustManager implements X509TrustManager {
027
028   private X509TrustManager baseTrustManager;  // The JRE-provided trust manager used to validate certificates presented by a server.
029
030   /**
031    * Constructor.
032    *
033    * @param lax If <jk>true</jk>, allow self-signed and expired certificates.
034    * @throws KeyStoreException Generic keystore exception.
035    * @throws NoSuchAlgorithmException Unknown cryptographic algorithm.
036    */
037   public SimpleX509TrustManager(boolean lax) throws KeyStoreException, NoSuchAlgorithmException {
038      if (! lax) {
039         // Find the JRE-provided X509 trust manager.
040         KeyStore ks = KeyStore.getInstance("jks");
041         TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
042         factory.init(ks);
043         for (TrustManager tm : factory.getTrustManagers()) {
044            if (tm instanceof X509TrustManager) {
045               baseTrustManager = (X509TrustManager)tm; // Take the first X509TrustManager we find
046               return;
047            }
048         }
049         throw new IllegalStateException("Couldn't find JRE's X509TrustManager");
050      }
051   }
052
053   @Override /* X509TrustManager */
054   public X509Certificate[] getAcceptedIssuers() {
055      return baseTrustManager == null ? new X509Certificate[0] : baseTrustManager.getAcceptedIssuers();
056   }
057
058   @Override /* X509TrustManager */
059   public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
060      if (baseTrustManager != null)
061         baseTrustManager.checkClientTrusted(chain, authType);
062   }
063
064   @Override /* X509TrustManager */
065   public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
066      if (baseTrustManager != null)
067         baseTrustManager.checkServerTrusted(chain, authType);
068   }
069}