source: axis/net/deterlab/fedd/XTrustProvider.java @ 55de6a9

axis_examplecompt_changesinfo-ops
Last change on this file since 55de6a9 was 55de6a9, checked in by Ted Faber <faber@…>, 13 years ago

Example of using java to talk to fedd
  • Property mode set to 100644
File size: 6.5 KB
Line 
1/*
2 * The contents of this file are subject to the "END USER LICENSE AGREEMENT FOR F5
3 * Software Development Kit for iControl"; you may not use this file except in
4 * compliance with the License. The License is included in the iControl
5 * Software Development Kit.
6 *
7 * Software distributed under the License is distributed on an "AS IS"
8 * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
9 * the License for the specific language governing rights and limitations
10 * under the License.
11 *
12 * The Original Code is iControl Code and related documentation
13 * distributed by F5.
14 *
15 * Portions created by F5 are Copyright (C) 1996-2004 F5 Networks
16 * Inc. All Rights Reserved.  iControl (TM) is a registered trademark of
17 * F5 Networks, Inc.
18 *
19 * Alternatively, the contents of this file may be used under the terms
20 * of the GNU General Public License (the "GPL"), in which case the
21 * provisions of GPL are applicable instead of those above.  If you wish
22 * to allow use of your version of this file only under the terms of the
23 * GPL and not to allow others to use your version of this file under the
24 * License, indicate your decision by deleting the provisions above and
25 * replace them with the notice and other provisions required by the GPL.
26 * If you do not delete the provisions above, a recipient may use your
27 * version of this file under either the License or the GPL.
28 *
29 * This code has been slightly tweaked from that implementation described
30 * above.  Comments are mostly mine (tvf) and are more notes of what I
31 * understand of it.
32 */
33
34package net.deterlab.isi;
35
36import java.security.AccessController; 
37import java.security.InvalidAlgorithmParameterException; 
38import java.security.KeyStore; 
39import java.security.KeyStoreException; 
40import java.security.PrivilegedAction; 
41import java.security.Security; 
42import java.security.cert.X509Certificate; 
43 
44import javax.net.ssl.ManagerFactoryParameters; 
45import javax.net.ssl.TrustManager; 
46import javax.net.ssl.TrustManagerFactorySpi; 
47import javax.net.ssl.X509TrustManager; 
48
49import java.math.BigInteger;
50import java.util.Date;
51import java.security.Principal;
52import java.security.PublicKey;
53import java.util.Set;
54import java.util.TreeSet;
55
56import java.io.File;
57import java.io.IOException;
58import java.io.PrintStream;
59 
60public final class XTrustProvider extends java.security.Provider { 
61    private final static String NAME = "XTrustJSSE"; 
62    private final static String INFO =
63        "XTrust JSSE Provider (implements trust factory with " + 
64        "truststore validation disabled)"; 
65    private final static double VERSION = 1.0D; 
66    private static PrintStream log = null;
67   
68    /**
69     * Constructor
70     */
71    public XTrustProvider() { 
72       super(NAME, VERSION, INFO); 
73       
74       AccessController.doPrivileged(new PrivilegedAction() { 
75         public Object run() { 
76             put("TrustManagerFactory." + 
77                 TrustManagerFactoryImpl.getAlgorithm(), 
78                 TrustManagerFactoryImpl.class.getName()); 
79             return null; 
80         } 
81       }); 
82    } 
83
84    /**
85     * Install this null provider as an SSL truststore validator.
86     */
87    public static void install() {
88       if(Security.getProvider(NAME) == null) { 
89          Security.insertProviderAt(new XTrustProvider(), 2); 
90          Security.setProperty("ssl.TrustManagerFactory.algorithm",
91              TrustManagerFactoryImpl.getAlgorithm()); 
92       } 
93    } 
94   
95    /**
96     * The TrustManager implementation.
97     */
98    public final static class TrustManagerFactoryImpl 
99            extends TrustManagerFactorySpi { 
100       public TrustManagerFactoryImpl() { } 
101       public static String getAlgorithm() { return "XTrust509"; } 
102       protected void engineInit(KeyStore keystore) throws KeyStoreException { } 
103       protected void engineInit(ManagerFactoryParameters mgrparams)
104         throws InvalidAlgorithmParameterException { 
105          throw new InvalidAlgorithmParameterException(
106              XTrustProvider.NAME + " does not use ManagerFactoryParameters"); 
107       } 
108
109       /**
110        * The getAcceptedIssuers method below needs to return an empty array of
111        * X509Certificates, but to do that we need a concrete X509Certificate
112        * Class.  This is a null implementation of that bastract class so we
113        * can return an empty array of them.  Java's funny sometimes.
114        */
115       public static class NullX509Certificate extends X509Certificate {
116           public NullX509Certificate() { super(); }
117
118           public byte[] getEncoded() { return new byte[0]; }
119           public PublicKey getPublicKey() { return null; }
120           public String toString() { 
121               return "Where'd you get this??? " + 
122                   "Dummy class for allocating a null array";
123           }
124           public void verify(PublicKey key) { }
125           public void verify(PublicKey key, String prov) { }
126
127           public void checkValidity() { }
128           public void checkValidity(Date d) { }
129           public int getBasicConstraints() { return 0; }
130           public Principal getIssuerDN() { return null; }
131           public boolean[] getIssuerUniqueID() { return new boolean[0]; }
132           public boolean[] getKeyUsage() { return new boolean[0]; }
133           public Date getNotAfter() { return null; }
134           public Date getNotBefore() { return null; }
135           public BigInteger getSerialNumber() { return null; }
136           public String getSigAlgName() { return null;} 
137           public String getSigAlgOID() { return null;} 
138           public byte[] getSigAlgParams() { return new byte[0]; }
139           public byte[] getSignature() { return new byte[0]; }
140           public Principal getSubjectDN() { return null; }
141           public boolean[] getSubjectUniqueID() { return new boolean[0]; }
142           public byte[] getTBSCertificate() { return new byte[0]; }
143           public int getVersion() { return 0;}
144
145           public Set<String> getCriticalExtensionOIDs() { 
146               return new TreeSet<String>();
147           } 
148           public byte[] getExtensionValue(String o) { return null; }
149           public Set<String> getNonCriticalExtensionOIDs() { 
150               return new TreeSet<String>();
151           } 
152           public boolean hasUnsupportedCriticalExtension() { return true; }
153       }
154
155       /**
156        * This is some fairly aggressive inlining to return a TrustManager that
157        * accepts all chains (it throws no exceptions out of the check
158        * functions) and returns no trusted issuers.
159        */
160       protected TrustManager[] engineGetTrustManagers() { 
161            return new TrustManager[] { new X509TrustManager() { 
162                public X509Certificate[] getAcceptedIssuers() {
163                    return new NullX509Certificate[0];
164                } 
165                 public void checkClientTrusted(X509Certificate[] certs,
166                         String authType) { } 
167                 public void checkServerTrusted(X509Certificate[] certs,
168                         String authType) { } 
169            }}; 
170        } 
171    } 
172} 
Note: See TracBrowser for help on using the repository browser.