1 files changed, 85 insertions, 0 deletions

diff --git a/src/org/noreply/fancydress/type3/mmtp/MMTPTrustManager.java b/src/org/noreply/fancydress/type3/mmtp/MMTPTrustManager.java
new file mode 100644
index 0000000..e39f5f9
--- /dev/null
+++ b/src/org/noreply/fancydress/type3/mmtp/MMTPTrustManager.java
@@ -0,0 +1,85 @@
+/* $Id$ */
+package org.noreply.fancydress.type3.mmtp;
+
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import javax.net.ssl.X509TrustManager;
+import java.security.AlgorithmParameters;
+import java.math.*;
+import org.bouncycastle.util.encoders.Base64;
+import org.noreply.fancydress.misc.*;
+import org.noreply.fancydress.crypto.*;
+
+public class MMTPTrustManager implements X509TrustManager {
+	public MMTPTrustManager() {
+	}
+
+	/**
+	 * Given the partial or complete certificate chain provided by the
+	 * peer, build a certificate path to a trusted root and return if it
+	 * can be validated and is trusted for client SSL authentication based
+	 * on the authentication type.
+	 *
+	 * @param chain the peer certificate chain
+	 * @param authType the authentication type based on the client certificate
+	 * @throws IllegalArgumentException if null or zero-length chain is
+	 *                                  passed in for the chain parameter
+	 *                                  or if null or zero-length string is
+	 *                                  passed in for the authType
+	 *                                  parameter 
+	 * @throws CertificateException  if the certificate chain is not
+	 *                               trusted by this TrustManager.
+	 */
+	public void checkClientTrusted(X509Certificate[] chain, String authType)
+		throws CertificateException
+	{
+		throw new Error("Not needed\n");
+	}
+
+	/**
+	 * Given the partial or complete certificate chain provided by the
+	 * peer, build a certificate path to a trusted root and return if it
+	 * can be validated and is trusted for server SSL authentication based
+	 * on the authentication type.
+	 *
+	 * @param chain the peer certificate chain
+	 * @param authType the key exchange algorithm used
+	 * @throws IllegalArgumentException if null or zero-length chain is
+	 *                                  passed in for the chain parameter
+	 *                                  or if null or zero-length string is
+	 *                                  passed in for the authType
+	 *                                  parameter 
+	 * @throws CertificateException  if the certificate chain is not
+	 *                               trusted by this TrustManager.
+	 */
+	public void checkServerTrusted(X509Certificate[] chain, String authType)
+		throws CertificateException
+	{
+		System.out.println("call to checkServerTrusted()\n");
+		System.out.println("certs: " + chain.length);
+		for (int i=0; i<chain.length; i++) {
+			System.out.println("cert "+i+"\n" + chain[i]);
+			System.out.println("alg name: " + chain[i].getSigAlgName() );
+			java.security.interfaces.RSAPublicKey pk = (java.security.interfaces.RSAPublicKey) chain[i].getPublicKey();
+			BigInteger modulus = pk.getModulus();
+			BigInteger exp = pk.getPublicExponent();
+			RSAPublicKey rsa = new RSAPublicKey(modulus,exp);
+			System.out.println("fpr: " + Util.asHex( rsa.getFingerprint() ));
+			//System.out.println("fpr: " + chain[i].getSigAlgParams() == null ? "null" : Util.asHex( CryptoPrimitives.hash( chain[i].getSigAlgParams() )));
+		}
+		System.out.println("authtype: " + authType);
+
+	}
+
+	/**
+	 * Return an array of certificate authority certificates which are
+	 * trusted for authenticating peers.
+	 *
+	 * @return a non-null (possibly empty) array of acceptable CA issuer
+	 *         certificates.
+	 */
+	public X509Certificate[] getAcceptedIssuers() {
+		System.out.println("call to getAcceptedIssuers()\n");
+		return new X509Certificate[0];
+	}
+}