[55de6a9] | 1 | /* |
---|
| 2 | * The contents of this file are subject to the "END USER LICENSE AGREEMENT FOR F5 |
---|
| 3 | * Software Development Kit for iControl"; you may not use this file except in |
---|
| 4 | * compliance with the License. The License is included in the iControl |
---|
| 5 | * Software Development Kit. |
---|
| 6 | * |
---|
| 7 | * Software distributed under the License is distributed on an "AS IS" |
---|
| 8 | * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See |
---|
| 9 | * the License for the specific language governing rights and limitations |
---|
| 10 | * under the License. |
---|
| 11 | * |
---|
| 12 | * The Original Code is iControl Code and related documentation |
---|
| 13 | * distributed by F5. |
---|
| 14 | * |
---|
| 15 | * Portions created by F5 are Copyright (C) 1996-2004 F5 Networks |
---|
| 16 | * Inc. All Rights Reserved. iControl (TM) is a registered trademark of |
---|
| 17 | * F5 Networks, Inc. |
---|
| 18 | * |
---|
| 19 | * Alternatively, the contents of this file may be used under the terms |
---|
| 20 | * of the GNU General Public License (the "GPL"), in which case the |
---|
| 21 | * provisions of GPL are applicable instead of those above. If you wish |
---|
| 22 | * to allow use of your version of this file only under the terms of the |
---|
| 23 | * GPL and not to allow others to use your version of this file under the |
---|
| 24 | * License, indicate your decision by deleting the provisions above and |
---|
| 25 | * replace them with the notice and other provisions required by the GPL. |
---|
| 26 | * If you do not delete the provisions above, a recipient may use your |
---|
| 27 | * version of this file under either the License or the GPL. |
---|
| 28 | * |
---|
| 29 | * This code has been slightly tweaked from that implementation described |
---|
| 30 | * above. Comments are mostly mine (tvf) and are more notes of what I |
---|
| 31 | * understand of it. |
---|
[a3bbb4a] | 32 | * |
---|
| 33 | * The lisence in question is compatible with the BSD style license under which |
---|
| 34 | * fedd is released. -- tvf |
---|
[55de6a9] | 35 | */ |
---|
| 36 | |
---|
| 37 | package net.deterlab.isi; |
---|
| 38 | |
---|
| 39 | import java.security.AccessController; |
---|
| 40 | import java.security.InvalidAlgorithmParameterException; |
---|
| 41 | import java.security.KeyStore; |
---|
| 42 | import java.security.KeyStoreException; |
---|
| 43 | import java.security.PrivilegedAction; |
---|
| 44 | import java.security.Security; |
---|
| 45 | import java.security.cert.X509Certificate; |
---|
| 46 | |
---|
| 47 | import javax.net.ssl.ManagerFactoryParameters; |
---|
| 48 | import javax.net.ssl.TrustManager; |
---|
| 49 | import javax.net.ssl.TrustManagerFactorySpi; |
---|
| 50 | import javax.net.ssl.X509TrustManager; |
---|
| 51 | |
---|
| 52 | import java.math.BigInteger; |
---|
| 53 | import java.util.Date; |
---|
| 54 | import java.security.Principal; |
---|
| 55 | import java.security.PublicKey; |
---|
| 56 | import java.util.Set; |
---|
| 57 | import java.util.TreeSet; |
---|
| 58 | |
---|
| 59 | import java.io.File; |
---|
| 60 | import java.io.IOException; |
---|
| 61 | import java.io.PrintStream; |
---|
| 62 | |
---|
| 63 | public final class XTrustProvider extends java.security.Provider { |
---|
| 64 | private final static String NAME = "XTrustJSSE"; |
---|
| 65 | private final static String INFO = |
---|
| 66 | "XTrust JSSE Provider (implements trust factory with " + |
---|
| 67 | "truststore validation disabled)"; |
---|
| 68 | private final static double VERSION = 1.0D; |
---|
| 69 | private static PrintStream log = null; |
---|
| 70 | |
---|
| 71 | /** |
---|
| 72 | * Constructor |
---|
| 73 | */ |
---|
| 74 | public XTrustProvider() { |
---|
| 75 | super(NAME, VERSION, INFO); |
---|
| 76 | |
---|
| 77 | AccessController.doPrivileged(new PrivilegedAction() { |
---|
| 78 | public Object run() { |
---|
| 79 | put("TrustManagerFactory." + |
---|
| 80 | TrustManagerFactoryImpl.getAlgorithm(), |
---|
| 81 | TrustManagerFactoryImpl.class.getName()); |
---|
| 82 | return null; |
---|
| 83 | } |
---|
| 84 | }); |
---|
| 85 | } |
---|
| 86 | |
---|
| 87 | /** |
---|
| 88 | * Install this null provider as an SSL truststore validator. |
---|
| 89 | */ |
---|
| 90 | public static void install() { |
---|
| 91 | if(Security.getProvider(NAME) == null) { |
---|
| 92 | Security.insertProviderAt(new XTrustProvider(), 2); |
---|
| 93 | Security.setProperty("ssl.TrustManagerFactory.algorithm", |
---|
| 94 | TrustManagerFactoryImpl.getAlgorithm()); |
---|
| 95 | } |
---|
| 96 | } |
---|
| 97 | |
---|
| 98 | /** |
---|
| 99 | * The TrustManager implementation. |
---|
| 100 | */ |
---|
| 101 | public final static class TrustManagerFactoryImpl |
---|
| 102 | extends TrustManagerFactorySpi { |
---|
| 103 | public TrustManagerFactoryImpl() { } |
---|
| 104 | public static String getAlgorithm() { return "XTrust509"; } |
---|
| 105 | protected void engineInit(KeyStore keystore) throws KeyStoreException { } |
---|
| 106 | protected void engineInit(ManagerFactoryParameters mgrparams) |
---|
| 107 | throws InvalidAlgorithmParameterException { |
---|
| 108 | throw new InvalidAlgorithmParameterException( |
---|
| 109 | XTrustProvider.NAME + " does not use ManagerFactoryParameters"); |
---|
| 110 | } |
---|
| 111 | |
---|
| 112 | /** |
---|
| 113 | * The getAcceptedIssuers method below needs to return an empty array of |
---|
| 114 | * X509Certificates, but to do that we need a concrete X509Certificate |
---|
| 115 | * Class. This is a null implementation of that bastract class so we |
---|
| 116 | * can return an empty array of them. Java's funny sometimes. |
---|
| 117 | */ |
---|
| 118 | public static class NullX509Certificate extends X509Certificate { |
---|
| 119 | public NullX509Certificate() { super(); } |
---|
| 120 | |
---|
| 121 | public byte[] getEncoded() { return new byte[0]; } |
---|
| 122 | public PublicKey getPublicKey() { return null; } |
---|
| 123 | public String toString() { |
---|
| 124 | return "Where'd you get this??? " + |
---|
| 125 | "Dummy class for allocating a null array"; |
---|
| 126 | } |
---|
| 127 | public void verify(PublicKey key) { } |
---|
| 128 | public void verify(PublicKey key, String prov) { } |
---|
| 129 | |
---|
| 130 | public void checkValidity() { } |
---|
| 131 | public void checkValidity(Date d) { } |
---|
| 132 | public int getBasicConstraints() { return 0; } |
---|
| 133 | public Principal getIssuerDN() { return null; } |
---|
| 134 | public boolean[] getIssuerUniqueID() { return new boolean[0]; } |
---|
| 135 | public boolean[] getKeyUsage() { return new boolean[0]; } |
---|
| 136 | public Date getNotAfter() { return null; } |
---|
| 137 | public Date getNotBefore() { return null; } |
---|
| 138 | public BigInteger getSerialNumber() { return null; } |
---|
| 139 | public String getSigAlgName() { return null;} |
---|
| 140 | public String getSigAlgOID() { return null;} |
---|
| 141 | public byte[] getSigAlgParams() { return new byte[0]; } |
---|
| 142 | public byte[] getSignature() { return new byte[0]; } |
---|
| 143 | public Principal getSubjectDN() { return null; } |
---|
| 144 | public boolean[] getSubjectUniqueID() { return new boolean[0]; } |
---|
| 145 | public byte[] getTBSCertificate() { return new byte[0]; } |
---|
| 146 | public int getVersion() { return 0;} |
---|
| 147 | |
---|
| 148 | public Set<String> getCriticalExtensionOIDs() { |
---|
| 149 | return new TreeSet<String>(); |
---|
| 150 | } |
---|
| 151 | public byte[] getExtensionValue(String o) { return null; } |
---|
| 152 | public Set<String> getNonCriticalExtensionOIDs() { |
---|
| 153 | return new TreeSet<String>(); |
---|
| 154 | } |
---|
| 155 | public boolean hasUnsupportedCriticalExtension() { return true; } |
---|
| 156 | } |
---|
| 157 | |
---|
| 158 | /** |
---|
| 159 | * This is some fairly aggressive inlining to return a TrustManager that |
---|
| 160 | * accepts all chains (it throws no exceptions out of the check |
---|
| 161 | * functions) and returns no trusted issuers. |
---|
| 162 | */ |
---|
| 163 | protected TrustManager[] engineGetTrustManagers() { |
---|
| 164 | return new TrustManager[] { new X509TrustManager() { |
---|
| 165 | public X509Certificate[] getAcceptedIssuers() { |
---|
| 166 | return new NullX509Certificate[0]; |
---|
| 167 | } |
---|
| 168 | public void checkClientTrusted(X509Certificate[] certs, |
---|
| 169 | String authType) { } |
---|
| 170 | public void checkServerTrusted(X509Certificate[] certs, |
---|
| 171 | String authType) { } |
---|
| 172 | }}; |
---|
| 173 | } |
---|
| 174 | } |
---|
| 175 | } |
---|