001: /*
002: * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
003: *
004: * Copyright 1997-2007 Sun Microsystems, Inc. All rights reserved.
005: *
006: * The contents of this file are subject to the terms of either the GNU
007: * General Public License Version 2 only ("GPL") or the Common
008: * Development and Distribution License("CDDL") (collectively, the
009: * "License"). You may not use this file except in compliance with the
010: * License. You can obtain a copy of the License at
011: * http://www.netbeans.org/cddl-gplv2.html
012: * or nbbuild/licenses/CDDL-GPL-2-CP. See the License for the
013: * specific language governing permissions and limitations under the
014: * License. When distributing the software, include this License Header
015: * Notice in each file and include the License file at
016: * nbbuild/licenses/CDDL-GPL-2-CP. Sun designates this
017: * particular file as subject to the "Classpath" exception as provided
018: * by Sun in the GPL Version 2 section of the License file that
019: * accompanied this code. If applicable, add the following below the
020: * License Header, with the fields enclosed by brackets [] replaced by
021: * your own identifying information:
022: * "Portions Copyrighted [year] [name of copyright owner]"
023: *
024: * Contributor(s):
025: *
026: * The Original Software is NetBeans. The Initial Developer of the Original
027: * Software is Sun Microsystems, Inc. Portions Copyright 1997-2006 Sun
028: * Microsystems, Inc. All Rights Reserved.
029: *
030: * If you wish your version of this file to be governed by only the CDDL
031: * or only the GPL Version 2, indicate your decision by adding
032: * "[Contributor] elects to include this software in this distribution
033: * under the [CDDL or GPL Version 2] license." If you do not indicate a
034: * single choice of license, a recipient has the option to distribute
035: * your version of this file under either the CDDL, the GPL Version 2 or
036: * to extend the choice of license to its licensees as provided above.
037: * However, if you add GPL Version 2 code and therefore, elected the GPL
038: * Version 2 license, then the option applies only if the new code is
039: * made subject to such option by the copyright holder.
040: */
041:
042: package org.netbeans.lib.collab.util;
043:
044: import java.io.*;
045:
046: import javax.net.ssl.X509TrustManager;
047: import javax.net.ssl.TrustManagerFactory;
048: import javax.net.ssl.TrustManager;
049: import javax.net.ssl.SSLContext;
050: import javax.net.ssl.KeyManagerFactory;
051:
052: import javax.net.ssl.SSLSocketFactory;
053: import javax.net.ssl.SSLServerSocketFactory;
054:
055: import java.security.cert.X509Certificate;
056: import java.security.NoSuchAlgorithmException;
057: import java.security.KeyStore;
058: import java.security.KeyStoreException;
059: import java.security.cert.CertificateException;
060:
061: /**
062: *
063: * @author Jacques Belissent
064: * @author Rahul Shah
065: * @author Vijayakumar Palaniappan
066: *
067: */
068: public class JavaxX509TrustManager implements X509TrustManager {
069:
070: private static KeyStore ks = null;
071: private static TrustManagerFactory tmFactory = null;
072:
073: //member variables
074: TrustManager[] m_trustManagers = null;
075: CertificateVerify ci;
076: SSLContext ctx;
077:
078: public JavaxX509TrustManager(CertificateVerify ci)
079: throws NoSuchAlgorithmException, KeyStoreException,
080: FileNotFoundException,
081: java.security.KeyManagementException, IOException,
082: CertificateException {
083: this (ci, "SSLv3");
084: }
085:
086: public JavaxX509TrustManager(CertificateVerify ci, String algo)
087: throws NoSuchAlgorithmException, KeyStoreException,
088: FileNotFoundException,
089: java.security.KeyManagementException, IOException,
090: CertificateException {
091:
092: if (tmFactory == null)
093: init();
094:
095: this .ci = ci;
096: m_trustManagers = tmFactory.getTrustManagers();
097:
098: ctx = SSLContext.getInstance(algo);
099: TrustManager[] a_tm = new TrustManager[1];
100: a_tm[0] = this ;
101: ctx.init(null, a_tm, null);
102: }
103:
104: public void checkClientTrusted(X509Certificate[] chain,
105: String authType) throws CertificateException,
106: IllegalArgumentException {
107: //delegate to default trust managers
108: Exception failure = null;
109: for (int i = 0; i < m_trustManagers.length; i++) {
110: X509TrustManager tm = (X509TrustManager) m_trustManagers[i];
111: try {
112: tm.checkClientTrusted(chain, authType);
113: return;
114: } catch (Exception e) {
115: failure = e;
116: // try next
117: }
118: }
119:
120: //if it used on server side, we can filter client
121: //certificate decisions also
122: //but for now we can ignore this
123:
124: if (failure != null) {
125: if (failure instanceof CertificateException) {
126: throw (CertificateException) failure;
127: } else {
128: throw (IllegalArgumentException) failure;
129: }
130: }
131: }
132:
133: public void checkServerTrusted(X509Certificate[] chain,
134: String authType) throws CertificateException,
135: IllegalArgumentException {
136: Exception failure = null;
137: //System.out.println("trustmanagers " + m_trustManagers.length);
138: for (int i = 0; i < m_trustManagers.length; i++) {
139: X509TrustManager tm = (X509TrustManager) m_trustManagers[i];
140: //System.out.println("tm " + tm);
141: //System.out.println("chain " + chain);
142: try {
143: tm.checkServerTrusted(chain, authType);
144: return;
145: } catch (Exception e) {
146: failure = e;
147: // try next
148: }
149: }
150:
151: if (ci == null) {
152: if (failure != null) {
153: if (failure instanceof CertificateException) {
154: throw (CertificateException) failure;
155: } else {
156: throw (IllegalArgumentException) failure;
157: }
158: }
159:
160: } else {
161: if (!ci.doYouTrustCertificate(chain)) {
162: throw new CertificateException("Rejected");
163: }
164: }
165: }
166:
167: public X509Certificate[] getAcceptedIssuers() {
168: for (int i = 0; i < m_trustManagers.length; i++) {
169: if (m_trustManagers[i] instanceof X509TrustManager) {
170: return ((X509TrustManager) m_trustManagers[i])
171: .getAcceptedIssuers();
172: }
173: }
174: return null;
175: }
176:
177: public SSLSocketFactory getSocketFactory() throws IOException {
178: return ctx.getSocketFactory();
179: }
180:
181: private static void init() throws NoSuchAlgorithmException,
182: KeyStoreException, FileNotFoundException, IOException,
183: CertificateException {
184: String libdir = System.getProperty("java.home");
185: libdir += File.separator;
186: libdir += "lib";
187: libdir += File.separator;
188: libdir += "security";
189: libdir += File.separator;
190: //System.out.println(libdir);
191: File f = new File(libdir, "nlcacerts");
192: if (!f.exists()) {
193: f = new File(libdir, "cacerts");
194: if (!f.exists()) {
195: f = null;
196: }
197: }
198:
199: ks = null;
200: if (f == null) {
201: ks = null;
202: } else {
203: ks = KeyStore.getInstance("JKS");
204: ks.load(new FileInputStream(f), null);
205:
206: }
207:
208: tmFactory = TrustManagerFactory.getInstance("SunX509");
209: tmFactory.init(ks);
210: }
211:
212: public static SSLServerSocketFactory getServerSocketFactory(
213: KeyStore ks, String passphrase)
214: throws NoSuchAlgorithmException, KeyStoreException,
215: java.security.KeyManagementException,
216: java.security.UnrecoverableKeyException {
217: char[] c = passphrase.toCharArray();
218:
219: KeyManagerFactory kmf;
220: kmf = KeyManagerFactory.getInstance("SunX509");
221: kmf.init(ks, c);
222:
223: SSLContext ctx;
224: ctx = SSLContext.getInstance("SSLv3");
225: ctx.init(kmf.getKeyManagers(), null, null);
226: return ctx.getServerSocketFactory();
227: }
228:
229: }
|