source: axis/net/deterlab/fedd/XTrustProvider.java @ 5bbad08

compt_changesinfo-ops
Last change on this file since 5bbad08 was a3bbb4a, checked in by Ted Faber <faber@…>, 13 years ago

Note on XTrustProvider license.

  • Property mode set to 100644
File size: 6.6 KB
RevLine 
[55de6a9]1/*
2 * The contents of this file are subject to the "END USER LICENSE AGREEMENT FOR F5
3 * Software Development Kit for iControl"; you may not use this file except in
4 * compliance with the License. The License is included in the iControl
5 * Software Development Kit.
6 *
7 * Software distributed under the License is distributed on an "AS IS"
8 * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
9 * the License for the specific language governing rights and limitations
10 * under the License.
11 *
12 * The Original Code is iControl Code and related documentation
13 * distributed by F5.
14 *
15 * Portions created by F5 are Copyright (C) 1996-2004 F5 Networks
16 * Inc. All Rights Reserved.  iControl (TM) is a registered trademark of
17 * F5 Networks, Inc.
18 *
19 * Alternatively, the contents of this file may be used under the terms
20 * of the GNU General Public License (the "GPL"), in which case the
21 * provisions of GPL are applicable instead of those above.  If you wish
22 * to allow use of your version of this file only under the terms of the
23 * GPL and not to allow others to use your version of this file under the
24 * License, indicate your decision by deleting the provisions above and
25 * replace them with the notice and other provisions required by the GPL.
26 * If you do not delete the provisions above, a recipient may use your
27 * version of this file under either the License or the GPL.
28 *
29 * This code has been slightly tweaked from that implementation described
30 * above.  Comments are mostly mine (tvf) and are more notes of what I
31 * understand of it.
[a3bbb4a]32 *
33 * The lisence in question is compatible with the BSD style license under which
34 * fedd is released. -- tvf
[55de6a9]35 */
36
37package net.deterlab.isi;
38
39import java.security.AccessController; 
40import java.security.InvalidAlgorithmParameterException; 
41import java.security.KeyStore; 
42import java.security.KeyStoreException; 
43import java.security.PrivilegedAction; 
44import java.security.Security; 
45import java.security.cert.X509Certificate; 
46 
47import javax.net.ssl.ManagerFactoryParameters; 
48import javax.net.ssl.TrustManager; 
49import javax.net.ssl.TrustManagerFactorySpi; 
50import javax.net.ssl.X509TrustManager; 
51
52import java.math.BigInteger;
53import java.util.Date;
54import java.security.Principal;
55import java.security.PublicKey;
56import java.util.Set;
57import java.util.TreeSet;
58
59import java.io.File;
60import java.io.IOException;
61import java.io.PrintStream;
62 
63public final class XTrustProvider extends java.security.Provider { 
64    private final static String NAME = "XTrustJSSE"; 
65    private final static String INFO =
66        "XTrust JSSE Provider (implements trust factory with " + 
67        "truststore validation disabled)"; 
68    private final static double VERSION = 1.0D; 
69    private static PrintStream log = null;
70   
71    /**
72     * Constructor
73     */
74    public XTrustProvider() { 
75       super(NAME, VERSION, INFO); 
76       
77       AccessController.doPrivileged(new PrivilegedAction() { 
78         public Object run() { 
79             put("TrustManagerFactory." + 
80                 TrustManagerFactoryImpl.getAlgorithm(), 
81                 TrustManagerFactoryImpl.class.getName()); 
82             return null; 
83         } 
84       }); 
85    } 
86
87    /**
88     * Install this null provider as an SSL truststore validator.
89     */
90    public static void install() {
91       if(Security.getProvider(NAME) == null) { 
92          Security.insertProviderAt(new XTrustProvider(), 2); 
93          Security.setProperty("ssl.TrustManagerFactory.algorithm",
94              TrustManagerFactoryImpl.getAlgorithm()); 
95       } 
96    } 
97   
98    /**
99     * The TrustManager implementation.
100     */
101    public final static class TrustManagerFactoryImpl 
102            extends TrustManagerFactorySpi { 
103       public TrustManagerFactoryImpl() { } 
104       public static String getAlgorithm() { return "XTrust509"; } 
105       protected void engineInit(KeyStore keystore) throws KeyStoreException { } 
106       protected void engineInit(ManagerFactoryParameters mgrparams)
107         throws InvalidAlgorithmParameterException { 
108          throw new InvalidAlgorithmParameterException(
109              XTrustProvider.NAME + " does not use ManagerFactoryParameters"); 
110       } 
111
112       /**
113        * The getAcceptedIssuers method below needs to return an empty array of
114        * X509Certificates, but to do that we need a concrete X509Certificate
115        * Class.  This is a null implementation of that bastract class so we
116        * can return an empty array of them.  Java's funny sometimes.
117        */
118       public static class NullX509Certificate extends X509Certificate {
119           public NullX509Certificate() { super(); }
120
121           public byte[] getEncoded() { return new byte[0]; }
122           public PublicKey getPublicKey() { return null; }
123           public String toString() { 
124               return "Where'd you get this??? " + 
125                   "Dummy class for allocating a null array";
126           }
127           public void verify(PublicKey key) { }
128           public void verify(PublicKey key, String prov) { }
129
130           public void checkValidity() { }
131           public void checkValidity(Date d) { }
132           public int getBasicConstraints() { return 0; }
133           public Principal getIssuerDN() { return null; }
134           public boolean[] getIssuerUniqueID() { return new boolean[0]; }
135           public boolean[] getKeyUsage() { return new boolean[0]; }
136           public Date getNotAfter() { return null; }
137           public Date getNotBefore() { return null; }
138           public BigInteger getSerialNumber() { return null; }
139           public String getSigAlgName() { return null;} 
140           public String getSigAlgOID() { return null;} 
141           public byte[] getSigAlgParams() { return new byte[0]; }
142           public byte[] getSignature() { return new byte[0]; }
143           public Principal getSubjectDN() { return null; }
144           public boolean[] getSubjectUniqueID() { return new boolean[0]; }
145           public byte[] getTBSCertificate() { return new byte[0]; }
146           public int getVersion() { return 0;}
147
148           public Set<String> getCriticalExtensionOIDs() { 
149               return new TreeSet<String>();
150           } 
151           public byte[] getExtensionValue(String o) { return null; }
152           public Set<String> getNonCriticalExtensionOIDs() { 
153               return new TreeSet<String>();
154           } 
155           public boolean hasUnsupportedCriticalExtension() { return true; }
156       }
157
158       /**
159        * This is some fairly aggressive inlining to return a TrustManager that
160        * accepts all chains (it throws no exceptions out of the check
161        * functions) and returns no trusted issuers.
162        */
163       protected TrustManager[] engineGetTrustManagers() { 
164            return new TrustManager[] { new X509TrustManager() { 
165                public X509Certificate[] getAcceptedIssuers() {
166                    return new NullX509Certificate[0];
167                } 
168                 public void checkClientTrusted(X509Certificate[] certs,
169                         String authType) { } 
170                 public void checkServerTrusted(X509Certificate[] certs,
171                         String authType) { } 
172            }}; 
173        } 
174    } 
175} 
Note: See TracBrowser for help on using the repository browser.