private void init() {
    if (myTrustedCerts != null) {
      return;
    }
    Collection trustedCerts = new ArrayList();
    // load trusted certs from files.
    for (int i = 0; i < myServerCertFiles.length; i++) {
      X509Certificate cert = loadCertificate(myServerCertFiles[i]);
      if (cert != null) {
        trustedCerts.add(cert);
      }
    }

    X509TrustManager[] trustManagers = getDefaultTrustManagers();
    for (int i = 0; trustManagers != null && i < trustManagers.length; i++) {
      X509TrustManager trustManager = trustManagers[i];
      X509Certificate[] acceptedCerts = trustManager.getAcceptedIssuers();
      for (int c = 0; acceptedCerts != null && c < acceptedCerts.length; c++) {
        X509Certificate cert = acceptedCerts[c];
        trustedCerts.add(cert);
      }
    }
    myTrustedCerts =
        (X509Certificate[]) trustedCerts.toArray(new X509Certificate[trustedCerts.size()]);
  }
 @Override
 public X509Certificate[] getAcceptedIssuers() {
   final ArrayList<X509Certificate> list = new ArrayList<X509Certificate>();
   for (X509TrustManager tm : x509TrustManagers)
     list.addAll(Arrays.asList(tm.getAcceptedIssuers()));
   return list.toArray(new X509Certificate[list.size()]);
 }
  public RippleTrustManager(KeyStore localKeyStore) {
    try {
      TrustManagerFactory tmf =
          TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
      tmf.init((KeyStore) null);

      defaultTrustManager = findX509TrustManager(tmf);
      if (defaultTrustManager == null) {
        throw new IllegalStateException("not found X509TrustManager");
      }

      localTrustManager = new LocalStoreX509TrustManager(localKeyStore);

      ArrayList<X509Certificate> allIssuers = new ArrayList<X509Certificate>();
      for (X509Certificate cert : defaultTrustManager.getAcceptedIssuers()) {
        allIssuers.add(cert);
      }
      for (X509Certificate cert : localTrustManager.getAcceptedIssuers()) {
        allIssuers.add(cert);
      }
      acceptedIssuers = allIssuers.toArray(new X509Certificate[allIssuers.size()]);
    } catch (GeneralSecurityException e) {
      throw new RuntimeException(e);
    }
  }
 public void checkCertTrusted(
     X509Certificate[] chain, String authType, boolean isServer, boolean interactive)
     throws CertificateException {
   LOGGER.log(Level.FINE, "checkCertTrusted(" + chain + ", " + authType + ", " + isServer + ")");
   try {
     LOGGER.log(Level.FINE, "checkCertTrusted: trying appTrustManager");
     if (isServer) appTrustManager.checkServerTrusted(chain, authType);
     else appTrustManager.checkClientTrusted(chain, authType);
   } catch (CertificateException ae) {
     LOGGER.log(Level.FINER, "checkCertTrusted: appTrustManager failed", ae);
     // if the cert is stored in our appTrustManager, we ignore expiredness
     if (isExpiredException(ae)) {
       LOGGER.log(Level.INFO, "checkCertTrusted: accepting expired certificate from keystore");
       return;
     }
     if (isCertKnown(chain[0])) {
       LOGGER.log(Level.INFO, "checkCertTrusted: accepting cert already stored in keystore");
       return;
     }
     try {
       if (defaultTrustManager == null) throw ae;
       LOGGER.log(Level.FINE, "checkCertTrusted: trying defaultTrustManager");
       if (isServer) defaultTrustManager.checkServerTrusted(chain, authType);
       else defaultTrustManager.checkClientTrusted(chain, authType);
     } catch (CertificateException e) {
       e.printStackTrace();
       if (interactive) {
         interactCert(chain, authType, e);
       } else {
         throw e;
       }
     }
   }
 }
示例#5
0
    @Override
    public X509Certificate[] getAcceptedIssuers() {
      X509Certificate ret[] = null;

      X509Certificate customAcceptedIssuers[] =
          (mCustomTrustManager != null)
              ? mCustomTrustManager.getAcceptedIssuers()
              : new X509Certificate[0];
      X509Certificate sysAcceptedIssuers[] =
          (mSysTrustManager != null)
              ? mSysTrustManager.getAcceptedIssuers()
              : new X509Certificate[0];

      if (customAcceptedIssuers == null) {
        customAcceptedIssuers = new X509Certificate[0];
      }

      if (sysAcceptedIssuers == null) {
        sysAcceptedIssuers = new X509Certificate[0];
      }

      int size = customAcceptedIssuers.length + sysAcceptedIssuers.length;

      if (size > 0) {

        ret = new X509Certificate[size];

        System.arraycopy(sysAcceptedIssuers, 0, ret, 0, sysAcceptedIssuers.length);
        System.arraycopy(
            customAcceptedIssuers, 0, ret, sysAcceptedIssuers.length, customAcceptedIssuers.length);
      }

      return ret;
    }
 public void checkCertTrusted(X509Certificate[] chain, String authType, boolean isServer)
     throws CertificateException {
   Log.d(TAG, "checkCertTrusted(" + chain + ", " + authType + ", " + isServer + ")");
   try {
     Log.d(TAG, "checkCertTrusted: trying appTrustManager");
     if (isServer) appTrustManager.checkServerTrusted(chain, authType);
     else appTrustManager.checkClientTrusted(chain, authType);
   } catch (CertificateException ae) {
     // if the cert is stored in our appTrustManager, we ignore expiredness
     ae.printStackTrace();
     if (isExpiredException(ae)) {
       Log.i(TAG, "checkCertTrusted: accepting expired certificate from keystore");
       return;
     }
     if (isCertKnown(chain[0])) {
       Log.i(TAG, "checkCertTrusted: accepting cert already stored in keystore");
       return;
     }
     try {
       Log.d(TAG, "checkCertTrusted: trying defaultTrustManager");
       if (isServer) defaultTrustManager.checkServerTrusted(chain, authType);
       else defaultTrustManager.checkClientTrusted(chain, authType);
     } catch (CertificateException e) {
       e.printStackTrace();
       interact(chain, authType, e);
     }
   }
 }
 public void checkClientTrusted(X509Certificate[] chain, String authType)
     throws CertificateException {
   try {
     defaultTrustManager.checkClientTrusted(chain, authType);
   } catch (CertificateException ce) {
     localTrustManager.checkClientTrusted(chain, authType);
   }
 }
 /*
  * Loop over the trustmanagers until we find one that accepts our server
  */
 @Override
 public void checkServerTrusted(X509Certificate[] chain, String authType)
     throws CertificateException {
   for (X509TrustManager tm : x509TrustManagers) {
     try {
       tm.checkServerTrusted(chain, authType);
       return;
     } catch (CertificateException e) {
       // ignore
     }
   }
   throw new CertificateException();
 }
示例#9
0
 @Override
 public void checkServerTrusted(X509Certificate[] chain, String authType)
     throws CertificateException {
   try {
     if (mCustomTrustManager != null) {
       mCustomTrustManager.checkServerTrusted(chain, authType);
     }
   } catch (CertificateException e) {
     if (mSysTrustManager != null) {
       mSysTrustManager.checkServerTrusted(chain, authType);
     }
   }
 }
 @Override
 public void checkServerTrusted(X509Certificate[] chain, String authType)
     throws CertificateException {
   if (!trust.get()) {
     throw new CertificateException("Server certificate not trusted.");
   }
   tm.checkServerTrusted(chain, authType);
 }
示例#11
0
 /*
  * Delegate to the default trust manager.
  */
 public void checkClientTrusted(X509Certificate[] chain, String authType)
     throws CertificateException {
   try {
     pkixTrustManager.checkClientTrusted(chain, authType);
   } catch (CertificateException excep) {
     // do any special handling here, or rethrow exception.
   }
 }
 /** @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[],String authType) */
 public void checkServerTrusted(X509Certificate[] certificates, String authType)
     throws CertificateException {
   if ((certificates != null) && (certificates.length == 1)) {
     certificates[0].checkValidity();
   } else {
     standardTrustManager.checkServerTrusted(certificates, authType);
   }
 }
 @Override
 public X509Certificate[] getAcceptedIssuers() {
   if (defaultManager == null) {
     return new X509Certificate[0];
   } else {
     return defaultManager.getAcceptedIssuers();
   }
 }
示例#14
0
 /*
  * Delegate to the default trust manager.
  */
 public void checkClientTrusted(X509Certificate[] chain, String authType)
     throws CertificateException {
   try {
     pkixTrustManager.checkClientTrusted(chain, authType);
   } catch (CertificateException excep) {
     Logger.error(this.getClass(), excep.getMessage());
     Logger.debug(this.getClass(), excep.getMessage(), excep);
   }
 }
 @Override
 public void checkServerTrusted(X509Certificate[] chain, String authType)
     throws CertificateException {
   try {
     trustManager.checkServerTrusted(chain, authType);
   } catch (CertificateException e) {
     exception = e;
   }
 }
示例#16
0
 public void checkServerTrusted(X509Certificate ax509certificate[], String s)
     throws CertificateException {
   if (ax509certificate != null && ax509certificate.length == 1) {
     ax509certificate[0].checkValidity();
     return;
   } else {
     a.checkServerTrusted(ax509certificate, s);
     return;
   }
 }
示例#17
0
 private boolean checkServerTrustedByDefault(X509Certificate[] certs, String algorithm) {
   X509TrustManager[] trustManagers = getDefaultTrustManagers();
   if (trustManagers == null) {
     return false;
   }
   for (int i = 0; i < trustManagers.length; i++) {
     X509TrustManager trustManager = trustManagers[i];
     boolean trusted = true;
     try {
       trustManager.checkServerTrusted(certs, algorithm);
     } catch (CertificateException e) {
       trusted = false;
     }
     if (trusted) {
       return true;
     }
   }
   return false;
 }
示例#18
0
 /*
  * Delegate to the default trust manager.
  */
 public void checkServerTrusted(X509Certificate[] chain, String authType)
     throws CertificateException {
   try {
     pkixTrustManager.checkServerTrusted(chain, authType);
   } catch (CertificateException excep) {
     /*
      * Possibly pop up a dialog box asking whether to trust the
      * cert chain.
      */
   }
 }
 protected void checkCertifacteTrusted(X509Certificate[] chain, String authType)
     throws CertificateException {
   // Fail if we don't have a default manager
   if (defaultManager == null) {
     final String msg =
         String.format(
             "No trust manager in %s. Can't trust any certificates.", getClass().getName());
     throw new CertificateException(msg);
   } else {
     // Otherwise, check the certificate chain with the default manager
     defaultManager.checkClientTrusted(chain, authType);
   }
 }
示例#20
0
 public void checkServerTrusted(X509Certificate[] chain, String authType)
     throws CertificateException {
   try {
     tm.checkServerTrusted(chain, authType);
   } catch (CertificateException e) {
     Object[] answer = {"Proceed", "Exit"};
     int ret =
         JOptionPane.showOptionDialog(
             null,
             e.getCause().getLocalizedMessage() + "\n" + "Continue connecting to this host?",
             "Confirm certificate exception?",
             JOptionPane.YES_NO_OPTION,
             JOptionPane.WARNING_MESSAGE,
             null,
             answer,
             answer[0]);
     if (ret == JOptionPane.NO_OPTION) System.exit(1);
   } catch (java.lang.Exception e) {
     throw new Exception(e.toString());
   }
 }
示例#21
0
  /**
   * @return
   * @param trustManager der Trustmanager mit den Zertifikaten.
   */
  private static GenericIterator init(X509TrustManager trustManager) {
    try {
      X509Certificate[] list = trustManager.getAcceptedIssuers();
      List<CertObject> al = new ArrayList<CertObject>();
      for (int i = 0; i < list.length; ++i) {
        al.add(new CertObject(list[i]));
      }

      if (trustManager == Application.getSSLFactory().getTrustManager()) {
        // System-Zertifikat noch hinzufuegen
        al.add(new CertObject(Application.getSSLFactory().getSystemCertificate()));
      }
      Collections.sort(al);
      return PseudoIterator.fromArray(al.toArray(new CertObject[al.size()]));
    } catch (Exception e) {
      Logger.error("error while loading certificate list", e);
      try {
        return PseudoIterator.fromArray(new GenericObject[] {});
      } catch (Exception e2) {
        Logger.error("error while loading dummy list, useless", e2);
        return null;
      }
    }
  }
 public X509Certificate[] getAcceptedIssuers() {
   LOGGER.log(Level.FINE, "getAcceptedIssuers()");
   return defaultTrustManager.getAcceptedIssuers();
 }
 @Override
 public X509Certificate[] getAcceptedIssuers() {
   return tm.getAcceptedIssuers();
 }
 /**
  * @see com.innovaturelabs.net.ssl.X509TrustManager#checkClientTrusted(X509Certificate[],String
  *     authType)
  */
 public void checkClientTrusted(X509Certificate[] certificates, String authType)
     throws CertificateException {
   standardTrustManager.checkClientTrusted(certificates, authType);
 }
 /*
  * Delegate to the default trust manager.
  */
 @Override
 public void checkClientTrusted(X509Certificate[] chain, String authType)
     throws CertificateException {
   final X509TrustManager defaultX509TrustManager = x509TrustManagers.get(0);
   defaultX509TrustManager.checkClientTrusted(chain, authType);
 }
 @Override
 public void checkClientTrusted(X509Certificate[] chain, String authType)
     throws CertificateException {
   tm.checkClientTrusted(chain, authType);
 }
 private void checkSystemTrust(X509Certificate[] chain, String authType)
     throws CertificateException {
   for (TrustManager systemTrustManager : systemTrustManagers) {
     ((X509TrustManager) systemTrustManager).checkServerTrusted(chain, authType);
   }
 }
示例#28
0
 /*
  * Merely pass this through.
  */
 public X509Certificate[] getAcceptedIssuers() {
   return pkixTrustManager.getAcceptedIssuers();
 }
示例#29
0
 @Override
 public void checkServerTrusted(X509Certificate[] chain, String authType)
     throws CertificateException {
   this.chain = chain;
   tm.checkServerTrusted(chain, authType);
 }
 @Override
 public X509Certificate[] getAcceptedIssuers() {
   return trustManager.getAcceptedIssuers();
 }