1 /** 2 * EGroupware - Notifications Java Desktop App 3 * 4 * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License 5 * @package notifications 6 * @subpackage jdesk 7 * @link http://www.egroupware.org 8 * @author Stefan Werfling <stefan.werfling@hw-softwareentwicklung.de> 9 * @author Maik Hüttner <maik.huettner@hw-softwareentwicklung.de> 10 */ 11 package egroupwaretray; 12 13 import java.io.ByteArrayInputStream; 14 import java.io.IOException; 15 import java.io.InputStream; 16 import java.security.Certificate; 17 import java.security.KeyStore; 18 import java.security.cert.CertificateEncodingException; 19 import java.security.cert.CertificateException; 20 import java.security.cert.CertificateFactory; 21 import java.security.cert.X509Certificate; 22 import java.util.ArrayList; 23 import java.util.logging.Level; 24 import javax.net.ssl.TrustManager; 25 import javax.net.ssl.TrustManagerFactory; 26 import javax.net.ssl.X509TrustManager; 27 import sun.misc.BASE64Encoder; 28 import sun.security.provider.X509Factory; 29 30 /** 31 * BaseHttpsTrustManager 32 * 33 * @author Stefan Werfling <stefan.werfling@hw-softwareentwicklung.de> 34 */ 35 public class BaseHttpsTrustManager implements javax.net.ssl.X509TrustManager 36 { 37 private ArrayList<X509Certificate> acceptcerts = new ArrayList<X509Certificate>(); 38 checkClientTrusted(X509Certificate[] xcs, String string)39 public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException { 40 } 41 checkServerTrusted(X509Certificate[] xcs, String string)42 public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException { 43 44 for( int i=0; i<xcs.length; i++ ) 45 { 46 X509Certificate cs = xcs[i]; 47 48 if( this.acceptcerts.indexOf(cs) != -1 ) 49 { 50 return; 51 } 52 53 try 54 { 55 cs.checkValidity(); 56 57 TrustManagerFactory tmf = TrustManagerFactory.getInstance( 58 TrustManagerFactory.getDefaultAlgorithm()); 59 60 tmf.init((KeyStore)null); 61 62 TrustManager[] tms = tmf.getTrustManagers(); 63 64 if( tms.length > 0 ) 65 { 66 X509TrustManager x509TrustManager = (X509TrustManager) tms[0]; 67 x509TrustManager.checkServerTrusted(xcs, string); 68 } 69 } 70 catch(Exception exp) 71 { 72 String certinfo = 73 jegwConst.getConstTag("egw_txt_tm_certinfo") + 74 "\r\n" + jegwConst.getConstTag("egw_txt_tm_issuer_dn") + 75 " " + cs.getIssuerDN().toString() + "\r\n" + 76 jegwConst.getConstTag("egw_txt_tm_subject_dn") + 77 " " + cs.getSubjectDN().toString() + "\r\n"; 78 79 String info = jegwConst.getConstTag("egw_msg_tm_certerror") + 80 "\r\n" + certinfo + 81 jegwConst.getConstTag("egw_msg_tm_connected"); 82 83 if( jegwMain.confirmDialog(info, 84 jegwConst.getConstTag("egw_msg_tm_title_errorssl")) != 0 ) 85 { 86 throw new CertificateException(exp.getMessage()); 87 } 88 89 this.acceptcerts.add(cs); 90 91 egwDebuging.log.log(Level.SEVERE, null, exp); 92 } 93 } 94 } 95 getAcceptedIssuers()96 public X509Certificate[] getAcceptedIssuers() { 97 98 return new java.security.cert.X509Certificate[] {}; 99 } 100 101 /** 102 * getAcceptedCerts 103 * return all accepted Certs 104 * 105 * @return String Certs in PEM 106 * @throws CertificateEncodingException 107 */ getAcceptedCerts()108 public String getAcceptedCerts() throws CertificateEncodingException 109 { 110 String certs = ""; 111 112 for( int i=0; i<this.acceptcerts.size(); i++ ) 113 { 114 X509Certificate cert = this.acceptcerts.get(i); 115 116 BASE64Encoder encoder = new BASE64Encoder(); 117 118 certs += X509Factory.BEGIN_CERT; 119 certs += encoder.encodeBuffer(cert.getEncoded()); 120 certs += X509Factory.END_CERT; 121 certs += "\r\n\r\n"; 122 } 123 124 return certs; 125 } 126 setAcceptedCerts(String strcerts)127 public void setAcceptedCerts(String strcerts) throws CertificateException 128 { 129 String[] tmp = strcerts.split("\r\n\r\n"); 130 131 for( int i=0; i<tmp.length; i++ ) 132 { 133 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 134 InputStream is = new ByteArrayInputStream(tmp[i].getBytes()); 135 136 X509Certificate cert = (X509Certificate) cf.generateCertificate(is); 137 138 this.acceptcerts.add(cert); 139 } 140 } 141 }