From 36655a8f9b45442647b01adbdc1f4fc2c4e4b66d Mon Sep 17 00:00:00 2001 From: Peter Palfrader Date: Wed, 15 Oct 2003 16:22:36 +0000 Subject: Add a first go at MMTP. Still lacks verification of peer, but it should not be too hard to add that since all the info is already there --- .../fancydress/type3/mmtp/MMTPTrustManager.java | 85 ++++++++++++++++++++++ 1 file changed, 85 insertions(+) create mode 100644 src/org/noreply/fancydress/type3/mmtp/MMTPTrustManager.java (limited to 'src/org/noreply/fancydress/type3/mmtp/MMTPTrustManager.java') diff --git a/src/org/noreply/fancydress/type3/mmtp/MMTPTrustManager.java b/src/org/noreply/fancydress/type3/mmtp/MMTPTrustManager.java new file mode 100644 index 0000000..e39f5f9 --- /dev/null +++ b/src/org/noreply/fancydress/type3/mmtp/MMTPTrustManager.java @@ -0,0 +1,85 @@ +/* $Id$ */ +package org.noreply.fancydress.type3.mmtp; + +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; +import javax.net.ssl.X509TrustManager; +import java.security.AlgorithmParameters; +import java.math.*; +import org.bouncycastle.util.encoders.Base64; +import org.noreply.fancydress.misc.*; +import org.noreply.fancydress.crypto.*; + +public class MMTPTrustManager implements X509TrustManager { + public MMTPTrustManager() { + } + + /** + * Given the partial or complete certificate chain provided by the + * peer, build a certificate path to a trusted root and return if it + * can be validated and is trusted for client SSL authentication based + * on the authentication type. + * + * @param chain the peer certificate chain + * @param authType the authentication type based on the client certificate + * @throws IllegalArgumentException if null or zero-length chain is + * passed in for the chain parameter + * or if null or zero-length string is + * passed in for the authType + * parameter + * @throws CertificateException if the certificate chain is not + * trusted by this TrustManager. + */ + public void checkClientTrusted(X509Certificate[] chain, String authType) + throws CertificateException + { + throw new Error("Not needed\n"); + } + + /** + * Given the partial or complete certificate chain provided by the + * peer, build a certificate path to a trusted root and return if it + * can be validated and is trusted for server SSL authentication based + * on the authentication type. + * + * @param chain the peer certificate chain + * @param authType the key exchange algorithm used + * @throws IllegalArgumentException if null or zero-length chain is + * passed in for the chain parameter + * or if null or zero-length string is + * passed in for the authType + * parameter + * @throws CertificateException if the certificate chain is not + * trusted by this TrustManager. + */ + public void checkServerTrusted(X509Certificate[] chain, String authType) + throws CertificateException + { + System.out.println("call to checkServerTrusted()\n"); + System.out.println("certs: " + chain.length); + for (int i=0; i