/* $Id$ */
package org.noreply.fancydress.type3.mmtp;

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.X509TrustManager;
import java.security.AlgorithmParameters;
import java.math.*;
import org.bouncycastle.util.encoders.Base64;
import org.noreply.fancydress.misc.*;
import org.noreply.fancydress.crypto.*;

public class MMTPTrustManager implements X509TrustManager {
	public MMTPTrustManager() {
	}

	/**
	 * Given the partial or complete certificate chain provided by the
	 * peer, build a certificate path to a trusted root and return if it
	 * can be validated and is trusted for client SSL authentication based
	 * on the authentication type.
	 *
	 * @param chain the peer certificate chain
	 * @param authType the authentication type based on the client certificate
	 * @throws IllegalArgumentException if null or zero-length chain is
	 *                                  passed in for the chain parameter
	 *                                  or if null or zero-length string is
	 *                                  passed in for the authType
	 *                                  parameter 
	 * @throws CertificateException  if the certificate chain is not
	 *                               trusted by this TrustManager.
	 */
	public void checkClientTrusted(X509Certificate[] chain, String authType)
		throws CertificateException
	{
		throw new Error("Not needed\n");
	}

	/**
	 * Given the partial or complete certificate chain provided by the
	 * peer, build a certificate path to a trusted root and return if it
	 * can be validated and is trusted for server SSL authentication based
	 * on the authentication type.
	 *
	 * @param chain the peer certificate chain
	 * @param authType the key exchange algorithm used
	 * @throws IllegalArgumentException if null or zero-length chain is
	 *                                  passed in for the chain parameter
	 *                                  or if null or zero-length string is
	 *                                  passed in for the authType
	 *                                  parameter 
	 * @throws CertificateException  if the certificate chain is not
	 *                               trusted by this TrustManager.
	 */
	public void checkServerTrusted(X509Certificate[] chain, String authType)
		throws CertificateException
	{
		System.out.println("call to checkServerTrusted()\n");
		System.out.println("certs: " + chain.length);
		for (int i=0; i<chain.length; i++) {
			System.out.println("cert "+i+"\n" + chain[i]);
			System.out.println("alg name: " + chain[i].getSigAlgName() );
			java.security.interfaces.RSAPublicKey pk = (java.security.interfaces.RSAPublicKey) chain[i].getPublicKey();
			BigInteger modulus = pk.getModulus();
			BigInteger exp = pk.getPublicExponent();
			RSAPublicKey rsa = new RSAPublicKey(modulus,exp);
			System.out.println("fpr: " + Util.asHex( rsa.getFingerprint() ));
			//System.out.println("fpr: " + chain[i].getSigAlgParams() == null ? "null" : Util.asHex( CryptoPrimitives.hash( chain[i].getSigAlgParams() )));
		}
		System.out.println("authtype: " + authType);

	}

	/**
	 * Return an array of certificate authority certificates which are
	 * trusted for authenticating peers.
	 *
	 * @return a non-null (possibly empty) array of acceptable CA issuer
	 *         certificates.
	 */
	public X509Certificate[] getAcceptedIssuers() {
		System.out.println("call to getAcceptedIssuers()\n");
		return new X509Certificate[0];
	}
}