TrustAndStoreTrustManager.java example

Explorer
wildfly-core-master
/*
 * JBoss, Home of Professional Open Source.
 * Copyright 2013, Red Hat, Inc., and individual contributors
 * as indicated by the @author tags. See the copyright.txt file in the
 * distribution for a full listing of individual contributors.
 *
 * This is free software; you can redistribute it and/or modify it
 * under the terms of the GNU Lesser General Public License as
 * published by the Free Software Foundation; either version 2.1 of
 * the License, or (at your option) any later version.
 *
 * This software is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this software; if not, write to the Free
 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
 * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
 */

package org.jboss.as.test.integration.security.common.config.realm;

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;

import javax.net.ssl.X509TrustManager;

/**
 *
 * @author Josef Cacek
 */
public class TrustAndStoreTrustManager implements X509TrustManager {

    private static final X509Certificate[] EMPTY_ACCEPTED_ISSUERS = new X509Certificate[0];

    private static final List<X509Certificate> CLIENT_CERTS_LIST = Collections
            .synchronizedList(new ArrayList<X509Certificate>());

    // Public methods --------------------------------------------------------

    /**
     * Trust all certificates and add them to the {@link #CLIENT_CERTS_LIST}.
     *
     * @see javax.net.ssl.X509TrustManager#checkClientTrusted(java.security.cert.X509Certificate[], java.lang.String)
     */
    @Override
    public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        if (chain != null && chain.length > 0) {
            // if the CLIENT_CERTS_LIST is getting too long, clear it
            if (CLIENT_CERTS_LIST.size() > 50) {
                CLIENT_CERTS_LIST.clear();
            }
            Collections.addAll(CLIENT_CERTS_LIST, chain);
        }
    }

    /**
     * Trust all server certificates.
     *
     * @see javax.net.ssl.X509TrustManager#checkServerTrusted(java.security.cert.X509Certificate[], java.lang.String)
     */
    @Override
    public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        // nothing to do here
    }

    /**
     * Returns empty array.
     *
     * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers()
     */
    @Override
    public X509Certificate[] getAcceptedIssuers() {
        return EMPTY_ACCEPTED_ISSUERS;
    }

    public static boolean isSubjectInClientCertChain(String rfc2253Name) {
        if (rfc2253Name != null) {
            synchronized (CLIENT_CERTS_LIST) {
                for (X509Certificate cert : CLIENT_CERTS_LIST) {
                    if (rfc2253Name.equals(cert.getSubjectX500Principal().getName())) {
                        return true;
                    }
                }
            }
        }
        return false;
    }
}