PermissiveX509TrustManager.java example

Explorer
coprhd-controller-master
/*
 * Copyright (c) 2009 EMC Corporation
 * All Rights Reserved
 */
package com.emc.cloud.http.ssl;

import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

/**
 * A TrustManager which trusts everyone by default.
 * <p>
 * Testing with self-signed and expired certificates can be problematic. This TrustManager implementation allows the use of untrusted and
 * expired certificates for testing purposes.
 * <p>
 * WARNING: Do *not* use in production!
 * 
 * @author Ben Perkins
 */
public class PermissiveX509TrustManager implements X509TrustManager {
    private X509TrustManager defaultTrustManager = null;
    private boolean allowUntrusted = true;

    /**
     * Construct a TrustManager instance
     * 
     * @param keystore keystore to use. if null default will be used
     * @throws NoSuchAlgorithmException
     * @throws KeyStoreException
     */
    public PermissiveX509TrustManager(KeyStore keystore) throws NoSuchAlgorithmException, KeyStoreException {
        super();
        TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        factory.init(keystore);
        TrustManager[] trustmanagers = factory.getTrustManagers();
        if (trustmanagers.length == 0) {
            throw new NoSuchAlgorithmException("no trust managers available");
        }
        this.defaultTrustManager = (X509TrustManager) trustmanagers[0];
    }

    public X509Certificate[] getAcceptedIssuers() {
        return this.defaultTrustManager.getAcceptedIssuers();
    }

    public void checkClientTrusted(X509Certificate[] certificates, String authType) throws CertificateException {
        if (!allowUntrusted) {
            defaultTrustManager.checkClientTrusted(certificates, authType);
        }
    }

    public void checkServerTrusted(X509Certificate[] certificates, String authType) throws CertificateException {
        if (!allowUntrusted) {
            defaultTrustManager.checkServerTrusted(certificates, authType);
        }
    }

    /**
     * Direct the trust manager to allow untrusted certificates or not.
     * <p>
     * 
     * @param allowUntrusted true if untrusted certificates should be allowed, otherwise false
     */
    public void setAllowUntrusted(boolean allowUntrusted) {
        this.allowUntrusted = allowUntrusted;
    }

    /**
     * Determine if the trust manager is currently allowing untrusted certificates.
     * <p>
     * Default value is true.
     * <p>
     * 
     * @return true if we're allowing everyone, otherwise false
     */
    public boolean getAllowUntrusted() {
        return allowUntrusted;
    }
}