1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
|
/*
*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.apache.qpid.transport.network.security.ssl;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import javax.net.ssl.X509TrustManager;
/**
* Supports multiple X509TrustManager(s). Check succeeds if any of the
* underlying managers succeeds.
*/
public class QpidMultipleTrustManager implements X509TrustManager {
private List<X509TrustManager> trustManagers;
public QpidMultipleTrustManager() {
this.trustManagers = new ArrayList<X509TrustManager>();
}
public boolean isEmpty()
{
return trustManagers.isEmpty();
}
public void addTrustManager(final X509TrustManager trustManager)
{
this.trustManagers.add(trustManager);
}
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
for (X509TrustManager trustManager : this.trustManagers)
{
try
{
trustManager.checkClientTrusted(chain, authType);
// this trustManager check succeeded, no need to check another one
return;
}
catch(CertificateException ex)
{
// do nothing, try another one in a loop
}
}
// no trustManager call succeeded, throw an exception
throw new CertificateException();
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
for (X509TrustManager trustManager : this.trustManagers)
{
try
{
trustManager.checkServerTrusted(chain, authType);
// this trustManager check succeeded, no need to check another one
return;
}
catch(CertificateException ex)
{
// do nothing, try another one in a loop
}
}
// no trustManager call succeeded, throw an exception
throw new CertificateException();
}
@Override
public X509Certificate[] getAcceptedIssuers() {
final Collection<X509Certificate> accIssuersCol = new ArrayList<X509Certificate>();
for (X509TrustManager trustManager : this.trustManagers)
{
accIssuersCol.addAll(Arrays.asList(trustManager.getAcceptedIssuers()));
}
return accIssuersCol.toArray(new X509Certificate[accIssuersCol.size()]);
}
}
|