1 | /* |
---|
2 | * The contents of this file are subject to the "END USER LICENSE AGREEMENT FOR F5 |
---|
3 | * Software Development Kit for iControl"; you may not use this file except in |
---|
4 | * compliance with the License. The License is included in the iControl |
---|
5 | * Software Development Kit. |
---|
6 | * |
---|
7 | * Software distributed under the License is distributed on an "AS IS" |
---|
8 | * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See |
---|
9 | * the License for the specific language governing rights and limitations |
---|
10 | * under the License. |
---|
11 | * |
---|
12 | * The Original Code is iControl Code and related documentation |
---|
13 | * distributed by F5. |
---|
14 | * |
---|
15 | * Portions created by F5 are Copyright (C) 1996-2004 F5 Networks |
---|
16 | * Inc. All Rights Reserved. iControl (TM) is a registered trademark of |
---|
17 | * F5 Networks, Inc. |
---|
18 | * |
---|
19 | * Alternatively, the contents of this file may be used under the terms |
---|
20 | * of the GNU General Public License (the "GPL"), in which case the |
---|
21 | * provisions of GPL are applicable instead of those above. If you wish |
---|
22 | * to allow use of your version of this file only under the terms of the |
---|
23 | * GPL and not to allow others to use your version of this file under the |
---|
24 | * License, indicate your decision by deleting the provisions above and |
---|
25 | * replace them with the notice and other provisions required by the GPL. |
---|
26 | * If you do not delete the provisions above, a recipient may use your |
---|
27 | * version of this file under either the License or the GPL. |
---|
28 | * |
---|
29 | * This code has been slightly tweaked from that implementation described |
---|
30 | * above. Comments are mostly mine (tvf) and are more notes of what I |
---|
31 | * understand of it. |
---|
32 | * |
---|
33 | * The lisence in question is compatible with the BSD style license under which |
---|
34 | * fedd is released. -- tvf |
---|
35 | */ |
---|
36 | |
---|
37 | package net.deterlab.isi; |
---|
38 | |
---|
39 | import java.security.AccessController; |
---|
40 | import java.security.InvalidAlgorithmParameterException; |
---|
41 | import java.security.KeyStore; |
---|
42 | import java.security.KeyStoreException; |
---|
43 | import java.security.PrivilegedAction; |
---|
44 | import java.security.Security; |
---|
45 | import java.security.cert.X509Certificate; |
---|
46 | |
---|
47 | import javax.net.ssl.ManagerFactoryParameters; |
---|
48 | import javax.net.ssl.TrustManager; |
---|
49 | import javax.net.ssl.TrustManagerFactorySpi; |
---|
50 | import javax.net.ssl.X509TrustManager; |
---|
51 | |
---|
52 | import java.math.BigInteger; |
---|
53 | import java.util.Date; |
---|
54 | import java.security.Principal; |
---|
55 | import java.security.PublicKey; |
---|
56 | import java.util.Set; |
---|
57 | import java.util.TreeSet; |
---|
58 | |
---|
59 | import java.io.File; |
---|
60 | import java.io.IOException; |
---|
61 | import java.io.PrintStream; |
---|
62 | |
---|
63 | public final class XTrustProvider extends java.security.Provider { |
---|
64 | private final static String NAME = "XTrustJSSE"; |
---|
65 | private final static String INFO = |
---|
66 | "XTrust JSSE Provider (implements trust factory with " + |
---|
67 | "truststore validation disabled)"; |
---|
68 | private final static double VERSION = 1.0D; |
---|
69 | private static PrintStream log = null; |
---|
70 | |
---|
71 | /** |
---|
72 | * Constructor |
---|
73 | */ |
---|
74 | public XTrustProvider() { |
---|
75 | super(NAME, VERSION, INFO); |
---|
76 | |
---|
77 | AccessController.doPrivileged(new PrivilegedAction() { |
---|
78 | public Object run() { |
---|
79 | put("TrustManagerFactory." + |
---|
80 | TrustManagerFactoryImpl.getAlgorithm(), |
---|
81 | TrustManagerFactoryImpl.class.getName()); |
---|
82 | return null; |
---|
83 | } |
---|
84 | }); |
---|
85 | } |
---|
86 | |
---|
87 | /** |
---|
88 | * Install this null provider as an SSL truststore validator. |
---|
89 | */ |
---|
90 | public static void install() { |
---|
91 | if(Security.getProvider(NAME) == null) { |
---|
92 | Security.insertProviderAt(new XTrustProvider(), 2); |
---|
93 | Security.setProperty("ssl.TrustManagerFactory.algorithm", |
---|
94 | TrustManagerFactoryImpl.getAlgorithm()); |
---|
95 | } |
---|
96 | } |
---|
97 | |
---|
98 | /** |
---|
99 | * The TrustManager implementation. |
---|
100 | */ |
---|
101 | public final static class TrustManagerFactoryImpl |
---|
102 | extends TrustManagerFactorySpi { |
---|
103 | public TrustManagerFactoryImpl() { } |
---|
104 | public static String getAlgorithm() { return "XTrust509"; } |
---|
105 | protected void engineInit(KeyStore keystore) throws KeyStoreException { } |
---|
106 | protected void engineInit(ManagerFactoryParameters mgrparams) |
---|
107 | throws InvalidAlgorithmParameterException { |
---|
108 | throw new InvalidAlgorithmParameterException( |
---|
109 | XTrustProvider.NAME + " does not use ManagerFactoryParameters"); |
---|
110 | } |
---|
111 | |
---|
112 | /** |
---|
113 | * The getAcceptedIssuers method below needs to return an empty array of |
---|
114 | * X509Certificates, but to do that we need a concrete X509Certificate |
---|
115 | * Class. This is a null implementation of that bastract class so we |
---|
116 | * can return an empty array of them. Java's funny sometimes. |
---|
117 | */ |
---|
118 | public static class NullX509Certificate extends X509Certificate { |
---|
119 | public NullX509Certificate() { super(); } |
---|
120 | |
---|
121 | public byte[] getEncoded() { return new byte[0]; } |
---|
122 | public PublicKey getPublicKey() { return null; } |
---|
123 | public String toString() { |
---|
124 | return "Where'd you get this??? " + |
---|
125 | "Dummy class for allocating a null array"; |
---|
126 | } |
---|
127 | public void verify(PublicKey key) { } |
---|
128 | public void verify(PublicKey key, String prov) { } |
---|
129 | |
---|
130 | public void checkValidity() { } |
---|
131 | public void checkValidity(Date d) { } |
---|
132 | public int getBasicConstraints() { return 0; } |
---|
133 | public Principal getIssuerDN() { return null; } |
---|
134 | public boolean[] getIssuerUniqueID() { return new boolean[0]; } |
---|
135 | public boolean[] getKeyUsage() { return new boolean[0]; } |
---|
136 | public Date getNotAfter() { return null; } |
---|
137 | public Date getNotBefore() { return null; } |
---|
138 | public BigInteger getSerialNumber() { return null; } |
---|
139 | public String getSigAlgName() { return null;} |
---|
140 | public String getSigAlgOID() { return null;} |
---|
141 | public byte[] getSigAlgParams() { return new byte[0]; } |
---|
142 | public byte[] getSignature() { return new byte[0]; } |
---|
143 | public Principal getSubjectDN() { return null; } |
---|
144 | public boolean[] getSubjectUniqueID() { return new boolean[0]; } |
---|
145 | public byte[] getTBSCertificate() { return new byte[0]; } |
---|
146 | public int getVersion() { return 0;} |
---|
147 | |
---|
148 | public Set<String> getCriticalExtensionOIDs() { |
---|
149 | return new TreeSet<String>(); |
---|
150 | } |
---|
151 | public byte[] getExtensionValue(String o) { return null; } |
---|
152 | public Set<String> getNonCriticalExtensionOIDs() { |
---|
153 | return new TreeSet<String>(); |
---|
154 | } |
---|
155 | public boolean hasUnsupportedCriticalExtension() { return true; } |
---|
156 | } |
---|
157 | |
---|
158 | /** |
---|
159 | * This is some fairly aggressive inlining to return a TrustManager that |
---|
160 | * accepts all chains (it throws no exceptions out of the check |
---|
161 | * functions) and returns no trusted issuers. |
---|
162 | */ |
---|
163 | protected TrustManager[] engineGetTrustManagers() { |
---|
164 | return new TrustManager[] { new X509TrustManager() { |
---|
165 | public X509Certificate[] getAcceptedIssuers() { |
---|
166 | return new NullX509Certificate[0]; |
---|
167 | } |
---|
168 | public void checkClientTrusted(X509Certificate[] certs, |
---|
169 | String authType) { } |
---|
170 | public void checkServerTrusted(X509Certificate[] certs, |
---|
171 | String authType) { } |
---|
172 | }}; |
---|
173 | } |
---|
174 | } |
---|
175 | } |
---|