KeyStoresTrustManager.java example

Explorer
find-sec-bugs-master
package testcode.trustmanager;

import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.Set;

public class KeyStoresTrustManager implements X509TrustManager {
    private LinkedList<X509TrustManager> trustManagers = new LinkedList<X509TrustManager>();
    private X509Certificate[] acceptedIssuers;

    public KeyStoresTrustManager(KeyStore... keyStores) throws NoSuchAlgorithmException, KeyStoreException {
        super();

        for (KeyStore keystore : keyStores) {
            TrustManagerFactory factory = TrustManagerFactory.getInstance("JKS");
            factory.init(keystore);
            TrustManager[] tms = factory.getTrustManagers();
            if (tms.length == 0) {
                throw new NoSuchAlgorithmException("Unable to load keystore");
            }
            trustManagers.add((X509TrustManager) tms[0]);
        }

        //Build accepted issuers list
        Set<X509Certificate> issuers = new HashSet<X509Certificate>();
        for (X509TrustManager tm : trustManagers) {
            for (X509Certificate issuer : tm.getAcceptedIssuers()) {
                issuers.add(issuer);
            }
        }
        acceptedIssuers = issuers.toArray(new X509Certificate[issuers.size()]);
    }

    @Override
    public void checkClientTrusted(X509Certificate[] certificates, String authType) throws CertificateException {
        CertificateException catchException = null;
        for (X509TrustManager tm : trustManagers) {
            try {
                tm.checkClientTrusted(certificates, authType);
                return;
            } catch (CertificateException e) {
                catchException = e;
            }
        }
        throw catchException;
    }

    @Override
    public void checkServerTrusted(X509Certificate[] certificates, String authType) throws CertificateException {
        CertificateException catchException = null;
        for (X509TrustManager tm : trustManagers) {
            try {
                tm.checkServerTrusted(certificates, authType);
                return;
            } catch (CertificateException e) {
                catchException = e;
            }
        }
        throw catchException;
    }

    @Override
    public X509Certificate[] getAcceptedIssuers() {
        return acceptedIssuers;
    }
}