diff options
Diffstat (limited to 'qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/QpidMultipleTrustManager.java')
-rw-r--r-- | qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/QpidMultipleTrustManager.java | 103 |
1 files changed, 103 insertions, 0 deletions
diff --git a/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/QpidMultipleTrustManager.java b/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/QpidMultipleTrustManager.java new file mode 100644 index 0000000000..0705f31fcb --- /dev/null +++ b/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/QpidMultipleTrustManager.java @@ -0,0 +1,103 @@ +/* +* +* Licensed to the Apache Software Foundation (ASF) under one +* or more contributor license agreements. See the NOTICE file +* distributed with this work for additional information +* regarding copyright ownership. The ASF licenses this file +* to you under the Apache License, Version 2.0 (the +* "License"); you may not use this file except in compliance +* with the License. You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, +* software distributed under the License is distributed on an +* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +* KIND, either express or implied. See the License for the +* specific language governing permissions and limitations +* under the License. +* +*/ +package org.apache.qpid.transport.network.security.ssl; + +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.List; + +import javax.net.ssl.X509TrustManager; + +/** + * Supports multiple X509TrustManager(s). Check succeeds if any of the + * underlying managers succeeds. + */ +public class QpidMultipleTrustManager implements X509TrustManager { + + private List<X509TrustManager> trustManagers; + + public QpidMultipleTrustManager() { + this.trustManagers = new ArrayList<X509TrustManager>(); + } + + public boolean isEmpty() + { + return trustManagers.isEmpty(); + } + + public void addTrustManager(final X509TrustManager trustManager) + { + this.trustManagers.add(trustManager); + } + + @Override + public void checkClientTrusted(X509Certificate[] chain, String authType) + throws CertificateException { + for (X509TrustManager trustManager : this.trustManagers) + { + try + { + trustManager.checkClientTrusted(chain, authType); + // this trustManager check succeeded, no need to check another one + return; + } + catch(CertificateException ex) + { + // do nothing, try another one in a loop + } + } + // no trustManager call succeeded, throw an exception + throw new CertificateException(); + } + + @Override + public void checkServerTrusted(X509Certificate[] chain, String authType) + throws CertificateException { + for (X509TrustManager trustManager : this.trustManagers) + { + try + { + trustManager.checkServerTrusted(chain, authType); + // this trustManager check succeeded, no need to check another one + return; + } + catch(CertificateException ex) + { + // do nothing, try another one in a loop + } + } + // no trustManager call succeeded, throw an exception + throw new CertificateException(); + } + + @Override + public X509Certificate[] getAcceptedIssuers() { + final Collection<X509Certificate> accIssuersCol = new ArrayList<X509Certificate>(); + for (X509TrustManager trustManager : this.trustManagers) + { + accIssuersCol.addAll(Arrays.asList(trustManager.getAcceptedIssuers())); + } + return accIssuersCol.toArray(new X509Certificate[accIssuersCol.size()]); + } +} |