diff options
Diffstat (limited to 'src/org/noreply/fancydress/type3/mmtp/MMTPTrustManager.java')
-rw-r--r-- | src/org/noreply/fancydress/type3/mmtp/MMTPTrustManager.java | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/src/org/noreply/fancydress/type3/mmtp/MMTPTrustManager.java b/src/org/noreply/fancydress/type3/mmtp/MMTPTrustManager.java new file mode 100644 index 0000000..e39f5f9 --- /dev/null +++ b/src/org/noreply/fancydress/type3/mmtp/MMTPTrustManager.java @@ -0,0 +1,85 @@ +/* $Id$ */ +package org.noreply.fancydress.type3.mmtp; + +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; +import javax.net.ssl.X509TrustManager; +import java.security.AlgorithmParameters; +import java.math.*; +import org.bouncycastle.util.encoders.Base64; +import org.noreply.fancydress.misc.*; +import org.noreply.fancydress.crypto.*; + +public class MMTPTrustManager implements X509TrustManager { + public MMTPTrustManager() { + } + + /** + * Given the partial or complete certificate chain provided by the + * peer, build a certificate path to a trusted root and return if it + * can be validated and is trusted for client SSL authentication based + * on the authentication type. + * + * @param chain the peer certificate chain + * @param authType the authentication type based on the client certificate + * @throws IllegalArgumentException if null or zero-length chain is + * passed in for the chain parameter + * or if null or zero-length string is + * passed in for the authType + * parameter + * @throws CertificateException if the certificate chain is not + * trusted by this TrustManager. + */ + public void checkClientTrusted(X509Certificate[] chain, String authType) + throws CertificateException + { + throw new Error("Not needed\n"); + } + + /** + * Given the partial or complete certificate chain provided by the + * peer, build a certificate path to a trusted root and return if it + * can be validated and is trusted for server SSL authentication based + * on the authentication type. + * + * @param chain the peer certificate chain + * @param authType the key exchange algorithm used + * @throws IllegalArgumentException if null or zero-length chain is + * passed in for the chain parameter + * or if null or zero-length string is + * passed in for the authType + * parameter + * @throws CertificateException if the certificate chain is not + * trusted by this TrustManager. + */ + public void checkServerTrusted(X509Certificate[] chain, String authType) + throws CertificateException + { + System.out.println("call to checkServerTrusted()\n"); + System.out.println("certs: " + chain.length); + for (int i=0; i<chain.length; i++) { + System.out.println("cert "+i+"\n" + chain[i]); + System.out.println("alg name: " + chain[i].getSigAlgName() ); + java.security.interfaces.RSAPublicKey pk = (java.security.interfaces.RSAPublicKey) chain[i].getPublicKey(); + BigInteger modulus = pk.getModulus(); + BigInteger exp = pk.getPublicExponent(); + RSAPublicKey rsa = new RSAPublicKey(modulus,exp); + System.out.println("fpr: " + Util.asHex( rsa.getFingerprint() )); + //System.out.println("fpr: " + chain[i].getSigAlgParams() == null ? "null" : Util.asHex( CryptoPrimitives.hash( chain[i].getSigAlgParams() ))); + } + System.out.println("authtype: " + authType); + + } + + /** + * Return an array of certificate authority certificates which are + * trusted for authenticating peers. + * + * @return a non-null (possibly empty) array of acceptable CA issuer + * certificates. + */ + public X509Certificate[] getAcceptedIssuers() { + System.out.println("call to getAcceptedIssuers()\n"); + return new X509Certificate[0]; + } +} |