/*
Copyright 2012-2013, Polyvi Inc. (http://polyvi.github.io/openxface)
This program is distributed under the terms of the GNU General Public License.
This file is part of xFace.
xFace is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
xFace is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with xFace. If not, see <http://www.gnu.org/licenses/>.
*/
package com.polyvi.xface.ssl;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
public class XX509TrustManager implements X509TrustManager {
private X509TrustManager mStandardTrustManager;
public XX509TrustManager(KeyStore keystore)
throws NoSuchAlgorithmException, KeyStoreException {
super();
TrustManagerFactory factory = TrustManagerFactory
.getInstance(TrustManagerFactory.getDefaultAlgorithm());
factory.init(keystore);
TrustManager[] trustmanagers = factory.getTrustManagers();
if (trustmanagers.length == 0) {
throw new NoSuchAlgorithmException("no trust manager found");
}
this.mStandardTrustManager = (X509TrustManager) trustmanagers[0];
}
public void checkClientTrusted(X509Certificate[] certificates,
String authType) throws CertificateException {
mStandardTrustManager.checkClientTrusted(certificates, authType);
}
public void checkServerTrusted(X509Certificate[] certificates,
String authType) throws CertificateException {
try {
if ((certificates != null) && (certificates.length == 1)) {
certificates[0].checkValidity();
} else {
mStandardTrustManager
.checkServerTrusted(certificates, authType);
}
} catch (CertificateException e) {
if (e.getCause() instanceof CertPathValidatorException
|| e instanceof CertificateExpiredException) {
return;
}
throw e;
}
}
public X509Certificate[] getAcceptedIssuers() {
return this.mStandardTrustManager.getAcceptedIssuers();
}
}