1 | /* |
---|
2 | * $HeadURL$ |
---|
3 | * $Revision$ |
---|
4 | * $Date$ |
---|
5 | * |
---|
6 | * ==================================================================== |
---|
7 | * |
---|
8 | * Licensed to the Apache Software Foundation (ASF) under one or more |
---|
9 | * contributor license agreements. See the NOTICE file distributed with |
---|
10 | * this work for additional information regarding copyright ownership. |
---|
11 | * The ASF licenses this file to You under the Apache License, Version 2.0 |
---|
12 | * (the "License"); you may not use this file except in compliance with |
---|
13 | * the License. You may obtain a copy of the License at |
---|
14 | * |
---|
15 | * http://www.apache.org/licenses/LICENSE-2.0 |
---|
16 | * |
---|
17 | * Unless required by applicable law or agreed to in writing, software |
---|
18 | * distributed under the License is distributed on an "AS IS" BASIS, |
---|
19 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
---|
20 | * See the License for the specific language governing permissions and |
---|
21 | * limitations under the License. |
---|
22 | * ==================================================================== |
---|
23 | * |
---|
24 | * This software consists of voluntary contributions made by many |
---|
25 | * individuals on behalf of the Apache Software Foundation. For more |
---|
26 | * information on the Apache Software Foundation, please see |
---|
27 | * <http://www.apache.org/>. |
---|
28 | * |
---|
29 | */ |
---|
30 | |
---|
31 | package br.gov.serpro.cert; |
---|
32 | |
---|
33 | import java.security.cert.X509Certificate; |
---|
34 | |
---|
35 | import javax.net.ssl.X509TrustManager; |
---|
36 | import javax.swing.JOptionPane; |
---|
37 | |
---|
38 | import java.security.cert.CertificateException; |
---|
39 | import org.apache.commons.logging.Log; |
---|
40 | import org.apache.commons.logging.LogFactory; |
---|
41 | |
---|
42 | /** |
---|
43 | * <p> |
---|
44 | * AuthSSLX509TrustManager can be used to extend the default {@link X509TrustManager} |
---|
45 | * with additional trust decisions. |
---|
46 | * </p> |
---|
47 | * |
---|
48 | * @author <a href="mailto:oleg@ural.ru">Oleg Kalnichevski</a> |
---|
49 | * |
---|
50 | * <p> |
---|
51 | * DISCLAIMER: HttpClient developers DO NOT actively support this component. |
---|
52 | * The component is provided as a reference material, which may be inappropriate |
---|
53 | * for use without additional customization. |
---|
54 | * </p> |
---|
55 | */ |
---|
56 | |
---|
57 | public class AuthSSLX509TrustManager implements X509TrustManager { |
---|
58 | |
---|
59 | private X509TrustManager defaultTrustManager = null; |
---|
60 | |
---|
61 | /** Log object for this class. */ |
---|
62 | private static final Log LOG = LogFactory.getLog(AuthSSLX509TrustManager.class); |
---|
63 | |
---|
64 | /** |
---|
65 | * Constructor for AuthSSLX509TrustManager. |
---|
66 | */ |
---|
67 | public AuthSSLX509TrustManager(final X509TrustManager defaultTrustManager) { |
---|
68 | super(); |
---|
69 | if (defaultTrustManager == null) { |
---|
70 | throw new IllegalArgumentException("Trust manager may not be null"); |
---|
71 | } |
---|
72 | this.defaultTrustManager = defaultTrustManager; |
---|
73 | } |
---|
74 | |
---|
75 | /** |
---|
76 | * @see javax.net.ssl.X509TrustManager#checkClientTrusted(X509Certificate[],String authType) |
---|
77 | */ |
---|
78 | public void checkClientTrusted(X509Certificate[] certificates,String authType) throws CertificateException { |
---|
79 | if (LOG.isInfoEnabled() && certificates != null) { |
---|
80 | for (int c = 0; c < certificates.length; c++) { |
---|
81 | X509Certificate cert = certificates[c]; |
---|
82 | LOG.info(" Client certificate " + (c + 1) + ":"); |
---|
83 | LOG.info(" Subject DN: " + cert.getSubjectDN()); |
---|
84 | LOG.info(" Signature Algorithm: " + cert.getSigAlgName()); |
---|
85 | LOG.info(" Valid from: " + cert.getNotBefore() ); |
---|
86 | LOG.info(" Valid until: " + cert.getNotAfter()); |
---|
87 | LOG.info(" Issuer: " + cert.getIssuerDN()); |
---|
88 | } |
---|
89 | } |
---|
90 | defaultTrustManager.checkClientTrusted(certificates,authType); |
---|
91 | } |
---|
92 | |
---|
93 | /** |
---|
94 | * @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[],String authType) |
---|
95 | */ |
---|
96 | public void checkServerTrusted(X509Certificate[] certificates,String authType) throws CertificateException { |
---|
97 | if (LOG.isInfoEnabled() && certificates != null) { |
---|
98 | for (int c = 0; c < certificates.length; c++) { |
---|
99 | X509Certificate cert = certificates[c]; |
---|
100 | LOG.info(" Server certificate " + (c + 1) + ":"); |
---|
101 | LOG.info(" Subject DN: " + cert.getSubjectDN()); |
---|
102 | LOG.info(" Signature Algorithm: " + cert.getSigAlgName()); |
---|
103 | LOG.info(" Valid from: " + cert.getNotBefore() ); |
---|
104 | LOG.info(" Valid until: " + cert.getNotAfter()); |
---|
105 | LOG.info(" Issuer: " + cert.getIssuerDN()); |
---|
106 | } |
---|
107 | } |
---|
108 | // TODO: Implementar uma caixa de diálogo que pergunta para o usuário se ele quer aceitar o certificado do site |
---|
109 | // Implementado com try/catch usando JOptionPanel |
---|
110 | |
---|
111 | try { |
---|
112 | defaultTrustManager.checkServerTrusted(certificates,authType); |
---|
113 | } catch (CertificateException e){ |
---|
114 | //Object[] options = {"Aceitar Certificado", "Aceitar Permanentemente", "Cancelar"}; |
---|
115 | Object[] options = {"Aceitar Certificado", "Cancelar"}; |
---|
116 | switch (JOptionPane.showOptionDialog(null, "Falha na validação do seguinte certificado:\n" + |
---|
117 | certificates[0].getSubjectX500Principal().getName(), |
---|
118 | "\nO que você quer fazer?", |
---|
119 | JOptionPane.YES_NO_CANCEL_OPTION, JOptionPane.WARNING_MESSAGE, null, |
---|
120 | options, options[0])) |
---|
121 | { |
---|
122 | case 2: |
---|
123 | // Rejeita certificado! |
---|
124 | throw e; |
---|
125 | case 1: |
---|
126 | // Aceita certificado permanentemente |
---|
127 | // TODO: Adicionar código para inserir o certificado como um certificado confiável |
---|
128 | break; |
---|
129 | // Aceita certificado para esta sessão |
---|
130 | |
---|
131 | } |
---|
132 | } |
---|
133 | } |
---|
134 | |
---|
135 | /** |
---|
136 | * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers() |
---|
137 | */ |
---|
138 | public X509Certificate[] getAcceptedIssuers() { |
---|
139 | return this.defaultTrustManager.getAcceptedIssuers(); |
---|
140 | } |
---|
141 | |
---|
142 | } |
---|