wjhk.jupload2.upload.helper
Class InteractiveTrustManager

java.lang.Object
  extended by wjhk.jupload2.upload.helper.InteractiveTrustManager
All Implemented Interfaces:
javax.net.ssl.TrustManager, javax.net.ssl.X509TrustManager, javax.security.auth.callback.CallbackHandler

public class InteractiveTrustManager
extends java.lang.Object
implements javax.net.ssl.X509TrustManager, javax.security.auth.callback.CallbackHandler

An implementation of X509TrustManager which can operate in different modes. If mode is NONE, then any server certificate is accepted and no certificate-based client authentication is performed. If mode is SERVER, then server certificates are verified and if verification is unsuccessful, a dialog is presented to the user, which allows accepting a certificate temporarily or permanently. If mode is CLIENT, then certificate-based client authentication is performed. Finally, there is a mode STRICT, which combines both SERVER and CLIENT modes.

Author:
felfert

Field Summary
static int CLIENT
          Mode for using client certificates.
private  java.lang.String hostname
           
private  javax.net.ssl.KeyManagerFactory kmf
           
private  java.security.KeyStore ks
          The keystore for client certificates.
private  int mode
           
static int NONE
          Mode for accepting any certificate.
static int SERVER
          Mode for verifying server certificate chains.
static int STRICT
          Mode for performing both client authentication and server cert verification.
private  javax.net.ssl.TrustManagerFactory tmf
           
private  java.security.KeyStore ts
          The truststore for validation of server certificates
private static java.lang.String TS
           
private static java.lang.String TSKEY
           
private  java.lang.String tsname
          Absolute path of the truststore to use.
private  java.lang.String tspasswd
           
private  UploadPolicy uploadPolicy
           
private static java.lang.String USERTS
           
 
Constructor Summary
InteractiveTrustManager(UploadPolicy p, java.lang.String hostname, java.lang.String passwd)
          Create a new instance.
 
Method Summary
private  void CertDialog(java.security.cert.X509Certificate c)
           
 void checkClientTrusted(java.security.cert.X509Certificate[] arg0, java.lang.String arg1)
          As this class is used on the client side only, The implementation of this method does nothing.
 void checkServerTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType)
           
private  java.lang.String formatDN(java.lang.String dn, java.lang.String cn, java.util.Vector<java.lang.String> reason)
          Format a DN.
 java.security.cert.X509Certificate[] getAcceptedIssuers()
           
 javax.net.ssl.KeyManager[] getKeyManagers()
          Retrieve key managers.
private  java.lang.String getPassword(java.lang.String storename)
           
 javax.net.ssl.X509TrustManager[] getTrustManagers()
          Retrieve trust managers.
 void handle(javax.security.auth.callback.Callback[] callbacks)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

NONE

public static final int NONE
Mode for accepting any certificate.

See Also:
Constant Field Values

SERVER

public static final int SERVER
Mode for verifying server certificate chains.

See Also:
Constant Field Values

CLIENT

public static final int CLIENT
Mode for using client certificates.

See Also:
Constant Field Values

STRICT

public static final int STRICT
Mode for performing both client authentication and server cert verification.

See Also:
Constant Field Values

uploadPolicy

private UploadPolicy uploadPolicy

mode

private int mode

hostname

private java.lang.String hostname

TS

private static final java.lang.String TS
See Also:
Constant Field Values

TSKEY

private static final java.lang.String TSKEY
See Also:
Constant Field Values

USERTS

private static final java.lang.String USERTS

tsname

private java.lang.String tsname
Absolute path of the truststore to use.


tspasswd

private java.lang.String tspasswd

tmf

private javax.net.ssl.TrustManagerFactory tmf

kmf

private javax.net.ssl.KeyManagerFactory kmf

ts

private java.security.KeyStore ts
The truststore for validation of server certificates


ks

private java.security.KeyStore ks
The keystore for client certificates.

Constructor Detail

InteractiveTrustManager

public InteractiveTrustManager(UploadPolicy p,
                               java.lang.String hostname,
                               java.lang.String passwd)
                        throws java.security.NoSuchAlgorithmException,
                               java.security.KeyStoreException,
                               java.security.cert.CertificateException,
                               java.lang.IllegalArgumentException,
                               java.security.UnrecoverableKeyException
Create a new instance.

Parameters:
p - The UploadPolicy to use for this instance.
hostname -
passwd - An optional password for the truststore.
Throws:
java.security.NoSuchAlgorithmException
java.security.KeyStoreException
java.security.cert.CertificateException
java.lang.IllegalArgumentException
java.security.UnrecoverableKeyException
Method Detail

getPassword

private java.lang.String getPassword(java.lang.String storename)

handle

public void handle(javax.security.auth.callback.Callback[] callbacks)
            throws javax.security.auth.callback.UnsupportedCallbackException
Specified by:
handle in interface javax.security.auth.callback.CallbackHandler
Throws:
javax.security.auth.callback.UnsupportedCallbackException
See Also:
CallbackHandler.handle(javax.security.auth.callback.Callback[])

getKeyManagers

public javax.net.ssl.KeyManager[] getKeyManagers()
Retrieve key managers.

Returns:
The current array of key managers.

getTrustManagers

public javax.net.ssl.X509TrustManager[] getTrustManagers()
Retrieve trust managers.

Returns:
The current array of trust managers

checkClientTrusted

public void checkClientTrusted(java.security.cert.X509Certificate[] arg0,
                               java.lang.String arg1)
As this class is used on the client side only, The implementation of this method does nothing.

Specified by:
checkClientTrusted in interface javax.net.ssl.X509TrustManager
See Also:
X509TrustManager.checkClientTrusted(java.security.cert.X509Certificate[], java.lang.String)

formatDN

private java.lang.String formatDN(java.lang.String dn,
                                  java.lang.String cn,
                                  java.util.Vector<java.lang.String> reason)
Format a DN. This method formats a DN (Distinguished Name) string as returned from X500Principal.getName() to HTML table columns.

Parameters:
dn - The DN to format.
cn - An optional CN (Common Name) to match against the CN in the DN. If this parameter is non null and the CN, encoded in the DN does not match the CN specified, it is considered an error and the CN is printed accordingly (red).
reason - A vector of error-strings. If the CN-comparison fails, an explanation is added to this vector.
Returns:
A string, containing the HTML code rendering the given DN in a table.

CertDialog

private void CertDialog(java.security.cert.X509Certificate c)
                 throws java.security.cert.CertificateException
Throws:
java.security.cert.CertificateException

checkServerTrusted

public void checkServerTrusted(java.security.cert.X509Certificate[] chain,
                               java.lang.String authType)
                        throws java.security.cert.CertificateException
Specified by:
checkServerTrusted in interface javax.net.ssl.X509TrustManager
Throws:
java.security.cert.CertificateException
See Also:
X509TrustManager.checkServerTrusted(java.security.cert.X509Certificate[], java.lang.String)

getAcceptedIssuers

public java.security.cert.X509Certificate[] getAcceptedIssuers()
Specified by:
getAcceptedIssuers in interface javax.net.ssl.X509TrustManager
See Also:
X509TrustManager.getAcceptedIssuers()