blob: e39f5f98d9b9ebfb865a152bb23f40ba7771c459 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
/* $Id$ */
package org.noreply.fancydress.type3.mmtp;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.X509TrustManager;
import java.security.AlgorithmParameters;
import java.math.*;
import org.bouncycastle.util.encoders.Base64;
import org.noreply.fancydress.misc.*;
import org.noreply.fancydress.crypto.*;
public class MMTPTrustManager implements X509TrustManager {
public MMTPTrustManager() {
}
/**
* Given the partial or complete certificate chain provided by the
* peer, build a certificate path to a trusted root and return if it
* can be validated and is trusted for client SSL authentication based
* on the authentication type.
*
* @param chain the peer certificate chain
* @param authType the authentication type based on the client certificate
* @throws IllegalArgumentException if null or zero-length chain is
* passed in for the chain parameter
* or if null or zero-length string is
* passed in for the authType
* parameter
* @throws CertificateException if the certificate chain is not
* trusted by this TrustManager.
*/
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException
{
throw new Error("Not needed\n");
}
/**
* Given the partial or complete certificate chain provided by the
* peer, build a certificate path to a trusted root and return if it
* can be validated and is trusted for server SSL authentication based
* on the authentication type.
*
* @param chain the peer certificate chain
* @param authType the key exchange algorithm used
* @throws IllegalArgumentException if null or zero-length chain is
* passed in for the chain parameter
* or if null or zero-length string is
* passed in for the authType
* parameter
* @throws CertificateException if the certificate chain is not
* trusted by this TrustManager.
*/
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException
{
System.out.println("call to checkServerTrusted()\n");
System.out.println("certs: " + chain.length);
for (int i=0; i<chain.length; i++) {
System.out.println("cert "+i+"\n" + chain[i]);
System.out.println("alg name: " + chain[i].getSigAlgName() );
java.security.interfaces.RSAPublicKey pk = (java.security.interfaces.RSAPublicKey) chain[i].getPublicKey();
BigInteger modulus = pk.getModulus();
BigInteger exp = pk.getPublicExponent();
RSAPublicKey rsa = new RSAPublicKey(modulus,exp);
System.out.println("fpr: " + Util.asHex( rsa.getFingerprint() ));
//System.out.println("fpr: " + chain[i].getSigAlgParams() == null ? "null" : Util.asHex( CryptoPrimitives.hash( chain[i].getSigAlgParams() )));
}
System.out.println("authtype: " + authType);
}
/**
* Return an array of certificate authority certificates which are
* trusted for authenticating peers.
*
* @return a non-null (possibly empty) array of acceptable CA issuer
* certificates.
*/
public X509Certificate[] getAcceptedIssuers() {
System.out.println("call to getAcceptedIssuers()\n");
return new X509Certificate[0];
}
}
|