source: trunk/seguranca/ExpressoCert/src/br/gov/serpro/cert/AuthSSLX509TrustManager.java @ 1035

Revision 1035, 5.5 KB checked in by rafaelraymundo, 15 years ago (diff)

Ticket #558 - Adicionada funcionalidade de assinatura e criptografia de e-mails.

Line 
1/*
2 * $HeadURL$
3 * $Revision$
4 * $Date$
5 *
6 * ====================================================================
7 *
8 *  Licensed to the Apache Software Foundation (ASF) under one or more
9 *  contributor license agreements.  See the NOTICE file distributed with
10 *  this work for additional information regarding copyright ownership.
11 *  The ASF licenses this file to You under the Apache License, Version 2.0
12 *  (the "License"); you may not use this file except in compliance with
13 *  the License.  You may obtain a copy of the License at
14 *
15 *      http://www.apache.org/licenses/LICENSE-2.0
16 *
17 *  Unless required by applicable law or agreed to in writing, software
18 *  distributed under the License is distributed on an "AS IS" BASIS,
19 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20 *  See the License for the specific language governing permissions and
21 *  limitations under the License.
22 * ====================================================================
23 *
24 * This software consists of voluntary contributions made by many
25 * individuals on behalf of the Apache Software Foundation.  For more
26 * information on the Apache Software Foundation, please see
27 * <http://www.apache.org/>.
28 *
29 */
30
31package br.gov.serpro.cert;
32
33import java.security.cert.X509Certificate;
34
35import javax.net.ssl.X509TrustManager;
36import javax.swing.JOptionPane;
37
38import java.security.cert.CertificateException;
39import org.apache.commons.logging.Log;
40import org.apache.commons.logging.LogFactory;
41
42/**
43 * <p>
44 * AuthSSLX509TrustManager can be used to extend the default {@link X509TrustManager}
45 * with additional trust decisions.
46 * </p>
47 *
48 * @author <a href="mailto:oleg@ural.ru">Oleg Kalnichevski</a>
49 *
50 * <p>
51 * DISCLAIMER: HttpClient developers DO NOT actively support this component.
52 * The component is provided as a reference material, which may be inappropriate
53 * for use without additional customization.
54 * </p>
55 */
56
57public class AuthSSLX509TrustManager implements X509TrustManager {
58
59    private X509TrustManager defaultTrustManager = null;
60
61    /** Log object for this class. */
62    private static final Log LOG = LogFactory.getLog(AuthSSLX509TrustManager.class);
63
64    /**
65     * Constructor for AuthSSLX509TrustManager.
66     */
67    public AuthSSLX509TrustManager(final X509TrustManager defaultTrustManager) {
68        super();
69        if (defaultTrustManager == null) {
70            throw new IllegalArgumentException("Trust manager may not be null");
71        }
72        this.defaultTrustManager = defaultTrustManager;
73    }
74
75    /**
76     * @see javax.net.ssl.X509TrustManager#checkClientTrusted(X509Certificate[],String authType)
77     */
78    public void checkClientTrusted(X509Certificate[] certificates,String authType) throws CertificateException {
79        if (LOG.isInfoEnabled() && certificates != null) {
80            for (int c = 0; c < certificates.length; c++) {
81                X509Certificate cert = certificates[c];
82                LOG.info(" Client certificate " + (c + 1) + ":");
83                LOG.info("  Subject DN: " + cert.getSubjectDN());
84                LOG.info("  Signature Algorithm: " + cert.getSigAlgName());
85                LOG.info("  Valid from: " + cert.getNotBefore() );
86                LOG.info("  Valid until: " + cert.getNotAfter());
87                LOG.info("  Issuer: " + cert.getIssuerDN());
88            }
89        }
90        defaultTrustManager.checkClientTrusted(certificates,authType);
91    }
92
93    /**
94     * @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[],String authType)
95     */
96    public void checkServerTrusted(X509Certificate[] certificates,String authType) throws CertificateException {
97        if (LOG.isInfoEnabled() && certificates != null) {
98            for (int c = 0; c < certificates.length; c++) {
99                X509Certificate cert = certificates[c];
100                LOG.info(" Server certificate " + (c + 1) + ":");
101                LOG.info("  Subject DN: " + cert.getSubjectDN());
102                LOG.info("  Signature Algorithm: " + cert.getSigAlgName());
103                LOG.info("  Valid from: " + cert.getNotBefore() );
104                LOG.info("  Valid until: " + cert.getNotAfter());
105                LOG.info("  Issuer: " + cert.getIssuerDN());
106            }
107        }
108        // TODO: Implementar uma caixa de diálogo que pergunta para o usuário se ele quer aceitar o certificado do site
109        // Implementado com try/catch usando JOptionPanel
110
111        try {
112                defaultTrustManager.checkServerTrusted(certificates,authType);
113        } catch (CertificateException e){
114                //Object[] options = {"Aceitar Certificado", "Aceitar Permanentemente", "Cancelar"};
115            Object[] options = {"Aceitar Certificado", "Cancelar"};
116                switch (JOptionPane.showOptionDialog(null, "Falha na validação do seguinte certificado:\n" +
117                                certificates[0].getSubjectX500Principal().getName(),
118                                "\nO que você quer fazer?",
119                                JOptionPane.YES_NO_CANCEL_OPTION, JOptionPane.WARNING_MESSAGE, null,
120                                options, options[0]))
121                {
122                        case 2:
123                                // Rejeita certificado!
124                                throw e;
125                        case 1:
126                                // Aceita certificado permanentemente
127                                // TODO: Adicionar código para inserir o certificado como um certificado confiável
128                                break;
129                                // Aceita certificado para esta sessão
130
131                }
132        }
133    }
134
135    /**
136     * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers()
137     */
138    public X509Certificate[] getAcceptedIssuers() {
139        return this.defaultTrustManager.getAcceptedIssuers();
140    }
141
142}
Note: See TracBrowser for help on using the repository browser.