692 lines
24 KiB
Java
692 lines
24 KiB
Java
/*
|
|
* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
|
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
*
|
|
* This code is free software; you can redistribute it and/or modify it
|
|
* under the terms of the GNU General Public License version 2 only, as
|
|
* published by the Free Software Foundation. Oracle designates this
|
|
* particular file as subject to the "Classpath" exception as provided
|
|
* by Oracle in the LICENSE file that accompanied this code.
|
|
*
|
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
* version 2 for more details (a copy is included in the LICENSE file that
|
|
* accompanied this code).
|
|
*
|
|
* You should have received a copy of the GNU General Public License version
|
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
*
|
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
* or visit www.oracle.com if you need additional information or have any
|
|
* questions.
|
|
*/
|
|
|
|
/*
|
|
* NOTE: this file was copied from javax.net.ssl.SSLSecurity,
|
|
* but was heavily modified to allow com.sun.* users to
|
|
* access providers written using the javax.sun.* APIs.
|
|
*/
|
|
|
|
package com.sun.net.ssl;
|
|
|
|
import java.util.*;
|
|
import java.io.*;
|
|
import java.security.*;
|
|
import java.security.Provider.Service;
|
|
import java.net.Socket;
|
|
|
|
import sun.security.jca.*;
|
|
|
|
/**
|
|
* This class instantiates implementations of JSSE engine classes from
|
|
* providers registered with the java.security.Security object.
|
|
*
|
|
* @author Jan Luehe
|
|
* @author Jeff Nisewanger
|
|
* @author Brad Wetmore
|
|
*/
|
|
|
|
final class SSLSecurity {
|
|
|
|
/*
|
|
* Don't let anyone instantiate this.
|
|
*/
|
|
private SSLSecurity() {
|
|
}
|
|
|
|
|
|
// ProviderList.getService() is not accessible now, implement our own loop
|
|
private static Service getService(String type, String alg) {
|
|
ProviderList list = Providers.getProviderList();
|
|
for (Provider p : list.providers()) {
|
|
Service s = p.getService(type, alg);
|
|
if (s != null) {
|
|
return s;
|
|
}
|
|
}
|
|
return null;
|
|
}
|
|
|
|
/**
|
|
* The body of the driver for the getImpl method.
|
|
*/
|
|
private static Object[] getImpl1(String algName, String engineType,
|
|
Service service) throws NoSuchAlgorithmException
|
|
{
|
|
Provider provider = service.getProvider();
|
|
String className = service.getClassName();
|
|
Class<?> implClass;
|
|
try {
|
|
ClassLoader cl = provider.getClass().getClassLoader();
|
|
if (cl == null) {
|
|
// system class
|
|
implClass = Class.forName(className);
|
|
} else {
|
|
implClass = cl.loadClass(className);
|
|
}
|
|
} catch (ClassNotFoundException e) {
|
|
throw new NoSuchAlgorithmException("Class " + className +
|
|
" configured for " +
|
|
engineType +
|
|
" not found: " +
|
|
e.getMessage());
|
|
} catch (SecurityException e) {
|
|
throw new NoSuchAlgorithmException("Class " + className +
|
|
" configured for " +
|
|
engineType +
|
|
" cannot be accessed: " +
|
|
e.getMessage());
|
|
}
|
|
|
|
/*
|
|
* JSSE 1.0, 1.0.1, and 1.0.2 used the com.sun.net.ssl API as the
|
|
* API was being developed. As JSSE was folded into the main
|
|
* release, it was decided to promote the com.sun.net.ssl API to
|
|
* be javax.net.ssl. It is desired to keep binary compatibility
|
|
* with vendors of JSSE implementation written using the
|
|
* com.sun.net.sll API, so we do this magic to handle everything.
|
|
*
|
|
* API used Implementation used Supported?
|
|
* ======== =================== ==========
|
|
* com.sun javax Yes
|
|
* com.sun com.sun Yes
|
|
* javax javax Yes
|
|
* javax com.sun Not Currently
|
|
*
|
|
* Make sure the implementation class is a subclass of the
|
|
* corresponding engine class.
|
|
*
|
|
* In wrapping these classes, there's no way to know how to
|
|
* wrap all possible classes that extend the TrustManager/KeyManager.
|
|
* We only wrap the x509 variants.
|
|
*/
|
|
|
|
try { // catch instantiation errors
|
|
|
|
/*
|
|
* (The following Class.forName()s should alway work, because
|
|
* this class and all the SPI classes in javax.crypto are
|
|
* loaded by the same class loader.) That is, unless they
|
|
* give us a SPI class that doesn't exist, say SSLFoo,
|
|
* or someone has removed classes from the jsse.jar file.
|
|
*/
|
|
|
|
Class<?> typeClassJavax;
|
|
Class<?> typeClassCom;
|
|
Object obj = null;
|
|
|
|
/*
|
|
* Odds are more likely that we have a javax variant, try this
|
|
* first.
|
|
*/
|
|
if (((typeClassJavax = Class.forName("javax.net.ssl." +
|
|
engineType + "Spi")) != null) &&
|
|
(checkSuperclass(implClass, typeClassJavax))) {
|
|
|
|
if (engineType.equals("SSLContext")) {
|
|
obj = new SSLContextSpiWrapper(algName, provider);
|
|
} else if (engineType.equals("TrustManagerFactory")) {
|
|
obj = new TrustManagerFactorySpiWrapper(algName, provider);
|
|
} else if (engineType.equals("KeyManagerFactory")) {
|
|
obj = new KeyManagerFactorySpiWrapper(algName, provider);
|
|
} else {
|
|
/*
|
|
* We should throw an error if we get
|
|
* something totally unexpected. Don't ever
|
|
* expect to see this one...
|
|
*/
|
|
throw new IllegalStateException(
|
|
"Class " + implClass.getName() +
|
|
" unknown engineType wrapper:" + engineType);
|
|
}
|
|
|
|
} else if (((typeClassCom = Class.forName("com.sun.net.ssl." +
|
|
engineType + "Spi")) != null) &&
|
|
(checkSuperclass(implClass, typeClassCom))) {
|
|
obj = service.newInstance(null);
|
|
}
|
|
|
|
if (obj != null) {
|
|
return new Object[] { obj, provider };
|
|
} else {
|
|
throw new NoSuchAlgorithmException(
|
|
"Couldn't locate correct object or wrapper: " +
|
|
engineType + " " + algName);
|
|
}
|
|
|
|
} catch (ClassNotFoundException e) {
|
|
IllegalStateException exc = new IllegalStateException(
|
|
"Engine Class Not Found for " + engineType);
|
|
exc.initCause(e);
|
|
throw exc;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Returns an array of objects: the first object in the array is
|
|
* an instance of an implementation of the requested algorithm
|
|
* and type, and the second object in the array identifies the provider
|
|
* of that implementation.
|
|
* The <code>provName</code> argument can be null, in which case all
|
|
* configured providers will be searched in order of preference.
|
|
*/
|
|
static Object[] getImpl(String algName, String engineType, String provName)
|
|
throws NoSuchAlgorithmException, NoSuchProviderException
|
|
{
|
|
Service service;
|
|
if (provName != null) {
|
|
ProviderList list = Providers.getProviderList();
|
|
Provider prov = list.getProvider(provName);
|
|
if (prov == null) {
|
|
throw new NoSuchProviderException("No such provider: " +
|
|
provName);
|
|
}
|
|
service = prov.getService(engineType, algName);
|
|
} else {
|
|
service = getService(engineType, algName);
|
|
}
|
|
if (service == null) {
|
|
throw new NoSuchAlgorithmException("Algorithm " + algName
|
|
+ " not available");
|
|
}
|
|
return getImpl1(algName, engineType, service);
|
|
}
|
|
|
|
|
|
/**
|
|
* Returns an array of objects: the first object in the array is
|
|
* an instance of an implementation of the requested algorithm
|
|
* and type, and the second object in the array identifies the provider
|
|
* of that implementation.
|
|
* The <code>prov</code> argument can be null, in which case all
|
|
* configured providers will be searched in order of preference.
|
|
*/
|
|
static Object[] getImpl(String algName, String engineType, Provider prov)
|
|
throws NoSuchAlgorithmException
|
|
{
|
|
Service service = prov.getService(engineType, algName);
|
|
if (service == null) {
|
|
throw new NoSuchAlgorithmException("No such algorithm: " +
|
|
algName);
|
|
}
|
|
return getImpl1(algName, engineType, service);
|
|
}
|
|
|
|
/*
|
|
* Checks whether one class is the superclass of another
|
|
*/
|
|
private static boolean checkSuperclass(Class<?> subclass, Class<?> superclass) {
|
|
if ((subclass == null) || (superclass == null))
|
|
return false;
|
|
|
|
while (!subclass.equals(superclass)) {
|
|
subclass = subclass.getSuperclass();
|
|
if (subclass == null) {
|
|
return false;
|
|
}
|
|
}
|
|
return true;
|
|
}
|
|
|
|
/*
|
|
* Return at most the first "resize" elements of an array.
|
|
*
|
|
* Didn't want to use java.util.Arrays, as PJava may not have it.
|
|
*/
|
|
static Object[] truncateArray(Object[] oldArray, Object[] newArray) {
|
|
|
|
for (int i = 0; i < newArray.length; i++) {
|
|
newArray[i] = oldArray[i];
|
|
}
|
|
|
|
return newArray;
|
|
}
|
|
|
|
}
|
|
|
|
|
|
/*
|
|
* =================================================================
|
|
* The remainder of this file is for the wrapper and wrapper-support
|
|
* classes. When SSLSecurity finds something which extends the
|
|
* javax.net.ssl.*Spi, we need to go grab a real instance of the
|
|
* thing that the Spi supports, and wrap into a com.sun.net.ssl.*Spi
|
|
* object. This also mean that anything going down into the SPI
|
|
* needs to be wrapped, as well as anything coming back up.
|
|
*/
|
|
final class SSLContextSpiWrapper extends SSLContextSpi {
|
|
|
|
private javax.net.ssl.SSLContext theSSLContext;
|
|
|
|
SSLContextSpiWrapper(String algName, Provider prov) throws
|
|
NoSuchAlgorithmException {
|
|
theSSLContext = javax.net.ssl.SSLContext.getInstance(algName, prov);
|
|
}
|
|
|
|
protected void engineInit(KeyManager[] kma, TrustManager[] tma,
|
|
SecureRandom sr) throws KeyManagementException {
|
|
|
|
// Keep track of the actual number of array elements copied
|
|
int dst;
|
|
int src;
|
|
javax.net.ssl.KeyManager[] kmaw;
|
|
javax.net.ssl.TrustManager[] tmaw;
|
|
|
|
// Convert com.sun.net.ssl.kma to a javax.net.ssl.kma
|
|
// wrapper if need be.
|
|
if (kma != null) {
|
|
kmaw = new javax.net.ssl.KeyManager[kma.length];
|
|
for (src = 0, dst = 0; src < kma.length; ) {
|
|
/*
|
|
* These key managers may implement both javax
|
|
* and com.sun interfaces, so if they do
|
|
* javax, there's no need to wrap them.
|
|
*/
|
|
if (!(kma[src] instanceof javax.net.ssl.KeyManager)) {
|
|
/*
|
|
* Do we know how to convert them? If not, oh well...
|
|
* We'll have to drop them on the floor in this
|
|
* case, cause we don't know how to handle them.
|
|
* This will be pretty rare, but put here for
|
|
* completeness.
|
|
*/
|
|
if (kma[src] instanceof X509KeyManager) {
|
|
kmaw[dst] = (javax.net.ssl.KeyManager)
|
|
new X509KeyManagerJavaxWrapper(
|
|
(X509KeyManager)kma[src]);
|
|
dst++;
|
|
}
|
|
} else {
|
|
// We can convert directly, since they implement.
|
|
kmaw[dst] = (javax.net.ssl.KeyManager)kma[src];
|
|
dst++;
|
|
}
|
|
src++;
|
|
}
|
|
|
|
/*
|
|
* If dst != src, there were more items in the original array
|
|
* than in the new array. Compress the new elements to avoid
|
|
* any problems down the road.
|
|
*/
|
|
if (dst != src) {
|
|
kmaw = (javax.net.ssl.KeyManager [])
|
|
SSLSecurity.truncateArray(kmaw,
|
|
new javax.net.ssl.KeyManager [dst]);
|
|
}
|
|
} else {
|
|
kmaw = null;
|
|
}
|
|
|
|
// Now do the same thing with the TrustManagers.
|
|
if (tma != null) {
|
|
tmaw = new javax.net.ssl.TrustManager[tma.length];
|
|
|
|
for (src = 0, dst = 0; src < tma.length; ) {
|
|
/*
|
|
* These key managers may implement both...see above...
|
|
*/
|
|
if (!(tma[src] instanceof javax.net.ssl.TrustManager)) {
|
|
// Do we know how to convert them?
|
|
if (tma[src] instanceof X509TrustManager) {
|
|
tmaw[dst] = (javax.net.ssl.TrustManager)
|
|
new X509TrustManagerJavaxWrapper(
|
|
(X509TrustManager)tma[src]);
|
|
dst++;
|
|
}
|
|
} else {
|
|
tmaw[dst] = (javax.net.ssl.TrustManager)tma[src];
|
|
dst++;
|
|
}
|
|
src++;
|
|
}
|
|
|
|
if (dst != src) {
|
|
tmaw = (javax.net.ssl.TrustManager [])
|
|
SSLSecurity.truncateArray(tmaw,
|
|
new javax.net.ssl.TrustManager [dst]);
|
|
}
|
|
} else {
|
|
tmaw = null;
|
|
}
|
|
|
|
theSSLContext.init(kmaw, tmaw, sr);
|
|
}
|
|
|
|
protected javax.net.ssl.SSLSocketFactory
|
|
engineGetSocketFactory() {
|
|
return theSSLContext.getSocketFactory();
|
|
}
|
|
|
|
protected javax.net.ssl.SSLServerSocketFactory
|
|
engineGetServerSocketFactory() {
|
|
return theSSLContext.getServerSocketFactory();
|
|
}
|
|
|
|
}
|
|
|
|
final class TrustManagerFactorySpiWrapper extends TrustManagerFactorySpi {
|
|
|
|
private javax.net.ssl.TrustManagerFactory theTrustManagerFactory;
|
|
|
|
TrustManagerFactorySpiWrapper(String algName, Provider prov) throws
|
|
NoSuchAlgorithmException {
|
|
theTrustManagerFactory =
|
|
javax.net.ssl.TrustManagerFactory.getInstance(algName, prov);
|
|
}
|
|
|
|
protected void engineInit(KeyStore ks) throws KeyStoreException {
|
|
theTrustManagerFactory.init(ks);
|
|
}
|
|
|
|
protected TrustManager[] engineGetTrustManagers() {
|
|
|
|
int dst;
|
|
int src;
|
|
|
|
javax.net.ssl.TrustManager[] tma =
|
|
theTrustManagerFactory.getTrustManagers();
|
|
|
|
TrustManager[] tmaw = new TrustManager[tma.length];
|
|
|
|
for (src = 0, dst = 0; src < tma.length; ) {
|
|
if (!(tma[src] instanceof com.sun.net.ssl.TrustManager)) {
|
|
// We only know how to wrap X509TrustManagers, as
|
|
// TrustManagers don't have any methods to wrap.
|
|
if (tma[src] instanceof javax.net.ssl.X509TrustManager) {
|
|
tmaw[dst] = (TrustManager)
|
|
new X509TrustManagerComSunWrapper(
|
|
(javax.net.ssl.X509TrustManager)tma[src]);
|
|
dst++;
|
|
}
|
|
} else {
|
|
tmaw[dst] = (TrustManager)tma[src];
|
|
dst++;
|
|
}
|
|
src++;
|
|
}
|
|
|
|
if (dst != src) {
|
|
tmaw = (TrustManager [])
|
|
SSLSecurity.truncateArray(tmaw, new TrustManager [dst]);
|
|
}
|
|
|
|
return tmaw;
|
|
}
|
|
|
|
}
|
|
|
|
final class KeyManagerFactorySpiWrapper extends KeyManagerFactorySpi {
|
|
|
|
private javax.net.ssl.KeyManagerFactory theKeyManagerFactory;
|
|
|
|
KeyManagerFactorySpiWrapper(String algName, Provider prov) throws
|
|
NoSuchAlgorithmException {
|
|
theKeyManagerFactory =
|
|
javax.net.ssl.KeyManagerFactory.getInstance(algName, prov);
|
|
}
|
|
|
|
protected void engineInit(KeyStore ks, char[] password)
|
|
throws KeyStoreException, NoSuchAlgorithmException,
|
|
UnrecoverableKeyException {
|
|
theKeyManagerFactory.init(ks, password);
|
|
}
|
|
|
|
protected KeyManager[] engineGetKeyManagers() {
|
|
|
|
int dst;
|
|
int src;
|
|
|
|
javax.net.ssl.KeyManager[] kma =
|
|
theKeyManagerFactory.getKeyManagers();
|
|
|
|
KeyManager[] kmaw = new KeyManager[kma.length];
|
|
|
|
for (src = 0, dst = 0; src < kma.length; ) {
|
|
if (!(kma[src] instanceof com.sun.net.ssl.KeyManager)) {
|
|
// We only know how to wrap X509KeyManagers, as
|
|
// KeyManagers don't have any methods to wrap.
|
|
if (kma[src] instanceof javax.net.ssl.X509KeyManager) {
|
|
kmaw[dst] = (KeyManager)
|
|
new X509KeyManagerComSunWrapper(
|
|
(javax.net.ssl.X509KeyManager)kma[src]);
|
|
dst++;
|
|
}
|
|
} else {
|
|
kmaw[dst] = (KeyManager)kma[src];
|
|
dst++;
|
|
}
|
|
src++;
|
|
}
|
|
|
|
if (dst != src) {
|
|
kmaw = (KeyManager [])
|
|
SSLSecurity.truncateArray(kmaw, new KeyManager [dst]);
|
|
}
|
|
|
|
return kmaw;
|
|
}
|
|
|
|
}
|
|
|
|
// =================================
|
|
|
|
final class X509KeyManagerJavaxWrapper implements
|
|
javax.net.ssl.X509KeyManager {
|
|
|
|
private X509KeyManager theX509KeyManager;
|
|
|
|
X509KeyManagerJavaxWrapper(X509KeyManager obj) {
|
|
theX509KeyManager = obj;
|
|
}
|
|
|
|
public String[] getClientAliases(String keyType, Principal[] issuers) {
|
|
return theX509KeyManager.getClientAliases(keyType, issuers);
|
|
}
|
|
|
|
public String chooseClientAlias(String[] keyTypes, Principal[] issuers,
|
|
Socket socket) {
|
|
String retval;
|
|
|
|
if (keyTypes == null) {
|
|
return null;
|
|
}
|
|
|
|
/*
|
|
* Scan the list, look for something we can pass back.
|
|
*/
|
|
for (int i = 0; i < keyTypes.length; i++) {
|
|
if ((retval = theX509KeyManager.chooseClientAlias(keyTypes[i],
|
|
issuers)) != null)
|
|
return retval;
|
|
}
|
|
return null;
|
|
|
|
}
|
|
|
|
/*
|
|
* JSSE 1.0.x was only socket based, but it's possible someone might
|
|
* want to install a really old provider. We should at least
|
|
* try to be nice.
|
|
*/
|
|
public String chooseEngineClientAlias(
|
|
String[] keyTypes, Principal[] issuers,
|
|
javax.net.ssl.SSLEngine engine) {
|
|
String retval;
|
|
|
|
if (keyTypes == null) {
|
|
return null;
|
|
}
|
|
|
|
/*
|
|
* Scan the list, look for something we can pass back.
|
|
*/
|
|
for (int i = 0; i < keyTypes.length; i++) {
|
|
if ((retval = theX509KeyManager.chooseClientAlias(keyTypes[i],
|
|
issuers)) != null)
|
|
return retval;
|
|
}
|
|
|
|
return null;
|
|
}
|
|
|
|
public String[] getServerAliases(String keyType, Principal[] issuers) {
|
|
return theX509KeyManager.getServerAliases(keyType, issuers);
|
|
}
|
|
|
|
public String chooseServerAlias(String keyType, Principal[] issuers,
|
|
Socket socket) {
|
|
|
|
if (keyType == null) {
|
|
return null;
|
|
}
|
|
return theX509KeyManager.chooseServerAlias(keyType, issuers);
|
|
}
|
|
|
|
/*
|
|
* JSSE 1.0.x was only socket based, but it's possible someone might
|
|
* want to install a really old provider. We should at least
|
|
* try to be nice.
|
|
*/
|
|
public String chooseEngineServerAlias(
|
|
String keyType, Principal[] issuers,
|
|
javax.net.ssl.SSLEngine engine) {
|
|
|
|
if (keyType == null) {
|
|
return null;
|
|
}
|
|
return theX509KeyManager.chooseServerAlias(keyType, issuers);
|
|
}
|
|
|
|
public java.security.cert.X509Certificate[]
|
|
getCertificateChain(String alias) {
|
|
return theX509KeyManager.getCertificateChain(alias);
|
|
}
|
|
|
|
public PrivateKey getPrivateKey(String alias) {
|
|
return theX509KeyManager.getPrivateKey(alias);
|
|
}
|
|
}
|
|
|
|
final class X509TrustManagerJavaxWrapper implements
|
|
javax.net.ssl.X509TrustManager {
|
|
|
|
private X509TrustManager theX509TrustManager;
|
|
|
|
X509TrustManagerJavaxWrapper(X509TrustManager obj) {
|
|
theX509TrustManager = obj;
|
|
}
|
|
|
|
public void checkClientTrusted(
|
|
java.security.cert.X509Certificate[] chain, String authType)
|
|
throws java.security.cert.CertificateException {
|
|
if (!theX509TrustManager.isClientTrusted(chain)) {
|
|
throw new java.security.cert.CertificateException(
|
|
"Untrusted Client Certificate Chain");
|
|
}
|
|
}
|
|
|
|
public void checkServerTrusted(
|
|
java.security.cert.X509Certificate[] chain, String authType)
|
|
throws java.security.cert.CertificateException {
|
|
if (!theX509TrustManager.isServerTrusted(chain)) {
|
|
throw new java.security.cert.CertificateException(
|
|
"Untrusted Server Certificate Chain");
|
|
}
|
|
}
|
|
|
|
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
|
|
return theX509TrustManager.getAcceptedIssuers();
|
|
}
|
|
}
|
|
|
|
final class X509KeyManagerComSunWrapper implements X509KeyManager {
|
|
|
|
private javax.net.ssl.X509KeyManager theX509KeyManager;
|
|
|
|
X509KeyManagerComSunWrapper(javax.net.ssl.X509KeyManager obj) {
|
|
theX509KeyManager = obj;
|
|
}
|
|
|
|
public String[] getClientAliases(String keyType, Principal[] issuers) {
|
|
return theX509KeyManager.getClientAliases(keyType, issuers);
|
|
}
|
|
|
|
public String chooseClientAlias(String keyType, Principal[] issuers) {
|
|
String [] keyTypes = new String [] { keyType };
|
|
return theX509KeyManager.chooseClientAlias(keyTypes, issuers, null);
|
|
}
|
|
|
|
public String[] getServerAliases(String keyType, Principal[] issuers) {
|
|
return theX509KeyManager.getServerAliases(keyType, issuers);
|
|
}
|
|
|
|
public String chooseServerAlias(String keyType, Principal[] issuers) {
|
|
return theX509KeyManager.chooseServerAlias(keyType, issuers, null);
|
|
}
|
|
|
|
public java.security.cert.X509Certificate[]
|
|
getCertificateChain(String alias) {
|
|
return theX509KeyManager.getCertificateChain(alias);
|
|
}
|
|
|
|
public PrivateKey getPrivateKey(String alias) {
|
|
return theX509KeyManager.getPrivateKey(alias);
|
|
}
|
|
}
|
|
|
|
final class X509TrustManagerComSunWrapper implements X509TrustManager {
|
|
|
|
private javax.net.ssl.X509TrustManager theX509TrustManager;
|
|
|
|
X509TrustManagerComSunWrapper(javax.net.ssl.X509TrustManager obj) {
|
|
theX509TrustManager = obj;
|
|
}
|
|
|
|
public boolean isClientTrusted(
|
|
java.security.cert.X509Certificate[] chain) {
|
|
try {
|
|
theX509TrustManager.checkClientTrusted(chain, "UNKNOWN");
|
|
return true;
|
|
} catch (java.security.cert.CertificateException e) {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
public boolean isServerTrusted(
|
|
java.security.cert.X509Certificate[] chain) {
|
|
try {
|
|
theX509TrustManager.checkServerTrusted(chain, "UNKNOWN");
|
|
return true;
|
|
} catch (java.security.cert.CertificateException e) {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
|
|
return theX509TrustManager.getAcceptedIssuers();
|
|
}
|
|
}
|