[ebxmlms-commits] ebxmlms/src/hk/hku/cecid/phoenix/pki KeyStoreTrustManager.java,NONE,1.1

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/pki
In directory sc8-pr-cvs1:/tmp/cvs-serv2295

Added Files:
	KeyStoreTrustManager.java 
Log Message:
add the KeyStoreTrustManger, which is the class for SSL Authentication
such that it trust the certificate chain if any of the certificate in the chain
is stored in a specify keystore.

--- NEW FILE: KeyStoreTrustManager.java ---
/*
 * Copyright(c) 2002 Center for E-Commerce Infrastructure Development, The
 * University of Hong Kong (HKU). All Rights Reserved.
 *
 * This software is licensed under the Academic Free License Version 1.0
 *
 * Academic Free License
 * Version 1.0
 *
 * This Academic Free License applies to any software and associated
 * documentation (the "Software") whose owner (the "Licensor") has placed the
 * statement "Licensed under the Academic Free License Version 1.0" immediately
 * after the copyright notice that applies to the Software.
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of the Software (1) to use, copy, modify, merge, publish, perform,
 * distribute, sublicense, and/or sell copies of the Software, and to permit
 * persons to whom the Software is furnished to do so, and (2) under patent
 * claims owned or controlled by the Licensor that are embodied in the Software
 * as furnished by the Licensor, to make, use, sell and offer for sale the
 * Software and derivative works thereof, subject to the following conditions:
 *
 * - Redistributions of the Software in source code form must retain all
 *   copyright notices in the Software as furnished by the Licensor, this list
 *   of conditions, and the following disclaimers.
 * - Redistributions of the Software in executable form must reproduce all
 *   copyright notices in the Software as furnished by the Licensor, this list
 *   of conditions, and the following disclaimers in the documentation and/or
 *   other materials provided with the distribution.
 * - Neither the names of Licensor, nor the names of any contributors to the
 *   Software, nor any of their trademarks or service marks, may be used to
 *   endorse or promote products derived from this Software without express
 *   prior written permission of the Licensor.
 *
 * DISCLAIMERS: LICENSOR WARRANTS THAT THE COPYRIGHT IN AND TO THE SOFTWARE IS
 * OWNED BY THE LICENSOR OR THAT THE SOFTWARE IS DISTRIBUTED BY LICENSOR UNDER
 * A VALID CURRENT LICENSE. EXCEPT AS EXPRESSLY STATED IN THE IMMEDIATELY
 * PRECEDING SENTENCE, THE SOFTWARE IS PROVIDED BY THE LICENSOR, CONTRIBUTORS
 * AND COPYRIGHT OWNERS "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
 * LICENSOR, CONTRIBUTORS OR COPYRIGHT OWNERS BE LIABLE FOR ANY CLAIM, DAMAGES
 * OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
 * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE.
 *
 * This license is Copyright (C) 2002 Lawrence E. Rosen. All rights reserved.
 * Permission is hereby granted to copy and distribute this license without
 * modification. This license may not be modified without the express written
 * permission of its copyright owner.
 */

/* =====
 *
 * $Header: /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/pki/KeyStoreTrustManager.java,v 1.1 2003/09/09 06:52:59 bobpykoon Exp $
 *
 * Code authored by:
 *
 * Bob Koon [2003-09-09]
 *
 * Code reviewed by:
 *
 * username [YYYY-MM-DD]
 *
 * Remarks:
 *
 * =====
 */

package hk.hku.cecid.phoenix.pki;
import java.util.Enumeration;
import javax.net.ssl.X509TrustManager;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.X509Certificate;
import java.security.cert.CertificateException;
import org.apache.log4j.Logger;
/**
 * This class implements the javax.net.ssl.X509TrustManager, which Trust the
 * Certificate Chain if any of the certificate in the certificate chain is
 * stored in the KeyStore.
 *
 * @author pykoon
 * @version $Revision: 1.1 $
 */
public class KeyStoreTrustManager implements X509TrustManager {
    /**
     * Logger
     */
    protected static Logger logger = Logger.getLogger(
            KeyStoreTrustManager.class);
    
    private KeyStore keyStore;
    /**
     construct the TrustManger using the KeyStore provided. The Keystore must
     be loaded before passed as parameter.
     */
    public KeyStoreTrustManager(KeyStore keyStore) throws KeyStoreException {
        this.keyStore = keyStore;
        logger.debug("Initial KeyStore Trust Manager with keyStore having "
                + keyStore.size() + " entries.");
    }
    
    /**
     getAcceptedIssuers retrieves all of the certificates in the keyStore
     and returns them in an X509Certificate array.
     */
    public X509Certificate[] getAcceptedIssuers() {
        X509Certificate[] certs = null;
        try {
            // See how many certificates are in the keystore.
            int numberOfEntry = keyStore.size();
            // If there are any certificates in the keystore.
            if(numberOfEntry > 0) {
                // Create an array of X509Certificates
                certs = new X509Certificate[numberOfEntry];

                // Get all of the certificate alias out of the keystore.
                Enumeration aliases = keyStore.aliases();

                // Retrieve all of the certificates out of the keystore
                // via the alias name.
                int i = 0;
                while (aliases.hasMoreElements()) {
                    certs[i] = (X509Certificate) keyStore.getCertificate(
                            (String) aliases.nextElement());
                    i++;
                }
            }
        } catch(KeyStoreException e) {
            certs = null;
        }
        return certs;
    }

    /**
     isChainTrusted searches the keyStore for any certificate in the
     certificate chain.
     */
    private boolean isChainTrusted(X509Certificate[] chain) {
        boolean trusted = false;
        try {
            for (int i = chain.length - 1; i >= 0; i-- ) {
                if (keyStore.getCertificateAlias(chain[i]) != null) {
                    return true;
                }
            }
        } catch(KeyStoreException e) {
            String err = "Unexpected error on loading KeyStore.";
            logger.error(err, e);
            throw new Error(err, e);
        }
        return false;
    }

    private void checkTrusted(X509Certificate[] chain)
            throws CertificateException {
        if (chain == null || chain.length == 0) {
            String err = "Null or zero length chain";
            logger.error("error in call KeyStoreTrustManager.checkTrusted : "
                    + err);
            throw new IllegalArgumentException(err);
        }
        if (!isChainTrusted(chain)) {
            throw new CertificateException("Certificate chain is not trusted");
        }
    }

    /**
     Implemented the TrustManager function. It trust the chain if the KeyStore
     contains one of the certificate in the chain.
     */
    public void checkClientTrusted(X509Certificate[] chain, String authType)
            throws CertificateException {
        checkTrusted(chain);
    }
    
    /**
     Implemented the TrustManager function. It trust the chain if the KeyStore
     contains one of the certificate in the chain.
     */
    public void checkServerTrusted(X509Certificate[] chain, String authType)
            throws CertificateException {
        checkTrusted(chain);
    }
}