1 /* VariableX509TrustManagerJDK7.java 2 Copyright (C) 2012 Red Hat, Inc. 3 4 This file is part of IcedTea. 5 6 IcedTea is free software; you can redistribute it and/or 7 modify it under the terms of the GNU General Public License as published by 8 the Free Software Foundation, version 2. 9 10 IcedTea is distributed in the hope that it will be useful, 11 but WITHOUT ANY WARRANTY; without even the implied warranty of 12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 General Public License for more details. 14 15 You should have received a copy of the GNU General Public License 16 along with IcedTea; see the file COPYING. If not, write to 17 the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 18 02110-1301 USA. 19 20 Linking this library statically or dynamically with other modules is 21 making a combined work based on this library. Thus, the terms and 22 conditions of the GNU General Public License cover the whole 23 combination. 24 25 As a special exception, the copyright holders of this library give you 26 permission to link this library with independent modules to produce an 27 executable, regardless of the license terms of these independent 28 modules, and to copy and distribute the resulting executable under 29 terms of your choice, provided that you also meet, for each linked 30 independent module, the terms and conditions of the license of that 31 module. An independent module is a module which is not derived from 32 or based on this library. If you modify this library, you may extend 33 this exception to your version of the library, but you are not 34 obligated to do so. If you do not wish to do so, delete this 35 exception statement from your version. 36 */ 37 38 package net.sourceforge.jnlp.security; 39 40 import java.lang.reflect.InvocationTargetException; 41 import java.lang.reflect.Method; 42 import java.net.Socket; 43 import java.security.cert.CertificateException; 44 import java.security.cert.X509Certificate; 45 46 import javax.net.ssl.SSLEngine; 47 import javax.net.ssl.SSLSession; 48 import javax.net.ssl.SSLSocket; 49 import javax.net.ssl.X509ExtendedTrustManager; 50 51 public class VariableX509TrustManagerJDK7 extends X509ExtendedTrustManager { 52 53 private VariableX509TrustManager vX509TM = VariableX509TrustManager.getInstance(); 54 55 @Override checkClientTrusted(X509Certificate[] chain, String authType)56 public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { 57 vX509TM.checkTrustClient(chain, authType, null /* hostname*/); 58 } 59 60 @Override checkServerTrusted(X509Certificate[] chain, String authType)61 public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { 62 vX509TM.checkTrustServer(chain, authType, null /* hostname*/, null /* socket */, null /* engine */); 63 } 64 65 @Override getAcceptedIssuers()66 public X509Certificate[] getAcceptedIssuers() { 67 return vX509TM.getAcceptedIssuers(); 68 } 69 70 @Override checkClientTrusted(X509Certificate[] chain, String authType, Socket socket)71 public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException { 72 checkTrustClient(chain, authType, socket, null); 73 } 74 75 @Override checkServerTrusted(X509Certificate[] chain, String authType, Socket socket)76 public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException { 77 checkTrustServer(chain, authType, socket, null); 78 79 } 80 81 @Override checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine)82 public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException { 83 checkTrustClient(chain, authType, null, engine); 84 } 85 86 @Override checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine)87 public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException { 88 checkTrustServer(chain, authType, null, engine); 89 } 90 91 /** 92 * Check if the server is trusted 93 * 94 * @param chain The cert chain 95 * @param authType The auth type algorithm 96 * @param socket the SSLSocket, may be null 97 * @param engine the SSLEngine, may be null 98 */ checkTrustServer(X509Certificate[] chain, String authType, Socket socket, SSLEngine engine)99 private void checkTrustServer(X509Certificate[] chain, 100 String authType, Socket socket, 101 SSLEngine engine) throws CertificateException { 102 103 String hostName = null; 104 105 if (socket != null) { 106 hostName = ((SSLSocket) socket).getHandshakeSession().getPeerHost(); 107 } else if (engine != null) { 108 hostName = engine.getHandshakeSession().getPeerHost(); 109 } 110 111 vX509TM.checkTrustServer(chain, authType, hostName, (SSLSocket) socket, engine); 112 } 113 114 /** 115 * Check if the client is trusted 116 * 117 * @param chain The cert chain 118 * @param authType The auth type algorithm 119 * @param socket the SSLSocket, if provided 120 * @param engine the SSLEngine, if provided 121 */ checkTrustClient(X509Certificate[] chain, String authType, Socket socket, SSLEngine engine)122 private void checkTrustClient(X509Certificate[] chain, 123 String authType, Socket socket, 124 SSLEngine engine) throws CertificateException { 125 126 String hostName = null; 127 128 if (socket != null) { 129 hostName = ((SSLSocket) socket).getHandshakeSession().getPeerHost(); 130 } else if (engine != null) { 131 hostName = engine.getHandshakeSession().getPeerHost(); 132 } 133 134 vX509TM.checkTrustClient(chain, authType, hostName); 135 } 136 } 137