View Javadoc

1   /*
2    * Copyright 2009 Red Hat, Inc.
3    *
4    * Red Hat licenses this file to you under the Apache License, version 2.0
5    * (the "License"); you may not use this file except in compliance with the
6    * License.  You may obtain a copy of the License at:
7    *
8    *    http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12   * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the
13   * License for the specific language governing permissions and limitations
14   * under the License.
15   */
16  package org.jboss.netty.example.securechat;
17  
18  import java.security.InvalidAlgorithmParameterException;
19  import java.security.KeyStore;
20  import java.security.KeyStoreException;
21  import java.security.cert.CertificateException;
22  import java.security.cert.X509Certificate;
23  
24  import javax.net.ssl.ManagerFactoryParameters;
25  import javax.net.ssl.TrustManager;
26  import javax.net.ssl.TrustManagerFactorySpi;
27  import javax.net.ssl.X509TrustManager;
28  
29  /**
30   * Bogus {@link TrustManagerFactorySpi} which accepts any certificate
31   * even if it is invalid.
32   *
33   * @author <a href="http://www.jboss.org/netty/">The Netty Project</a>
34   * @author <a href="http://gleamynode.net/">Trustin Lee</a>
35   *
36   * @version $Rev: 2080 $, $Date: 2010-01-26 18:04:19 +0900 (Tue, 26 Jan 2010) $
37   */
38  public class SecureChatTrustManagerFactory extends TrustManagerFactorySpi {
39  
40      private static final TrustManager DUMMY_TRUST_MANAGER = new X509TrustManager() {
41          public X509Certificate[] getAcceptedIssuers() {
42              return new X509Certificate[0];
43          }
44  
45          public void checkClientTrusted(
46                  X509Certificate[] chain, String authType) throws CertificateException {
47              // Always trust - it is an example.
48              // You should do something in the real world.
49              // You will reach here only if you enabled client certificate auth,
50              // as described in SecureChatSslContextFactory.
51              System.err.println(
52                      "UNKNOWN CLIENT CERTIFICATE: " + chain[0].getSubjectDN());
53          }
54  
55          public void checkServerTrusted(
56                  X509Certificate[] chain, String authType) throws CertificateException {
57              // Always trust - it is an example.
58              // You should do something in the real world.
59              System.err.println(
60                      "UNKNOWN SERVER CERTIFICATE: " + chain[0].getSubjectDN());
61          }
62      };
63  
64      public static TrustManager[] getTrustManagers() {
65          return new TrustManager[] { DUMMY_TRUST_MANAGER };
66      }
67  
68      @Override
69      protected TrustManager[] engineGetTrustManagers() {
70          return getTrustManagers();
71      }
72  
73      @Override
74      protected void engineInit(KeyStore keystore) throws KeyStoreException {
75          // Unused
76      }
77  
78      @Override
79      protected void engineInit(ManagerFactoryParameters managerFactoryParameters)
80              throws InvalidAlgorithmParameterException {
81          // Unused
82      }
83  }