@SuppressWarnings("unused") @Test public void testConstructor() { String keyStoreName = custom.getFullPath(option.getKeyStore()); char[] keyStoreValue = custom.decode(option.getKeyStoreValue().toCharArray()); String trustStoreName = custom.getFullPath(option.getTrustStore()); char[] trustStoreValue = custom.decode(option.getTrustStoreValue().toCharArray()); KeyStore trustStore = KeyStoreUtil.createKeyStore(trustStoreName, option.getTrustStoreType(), trustStoreValue); TrustManager[] trustManager = KeyStoreUtil.createTrustManagers(trustStore); TrustManagerExt trustManagerExt = new TrustManagerExt((X509ExtendedTrustManager) trustManager[0], option, custom); Assert.assertEquals(3, trustManagerExt.getAcceptedIssuers()[0].getVersion()); Assert.assertNotNull(trustManagerExt); }
@Override protected final TrustManager[] engineGetTrustManagers() { List<X509ExtendedTrustManager> delegates = new ArrayList<>(); X509ExtendedTrustManager systemTrustManager = getSystemTrustManager(); if (systemTrustManager != null) { delegates.add(systemTrustManager); } FileWatchingX509ExtendedTrustManager containerTrustManager = getContainerTrustManager(); if (containerTrustManager != null) { delegates.add(containerTrustManager); } return new TrustManager[]{new DelegatingX509ExtendedTrustManager(delegates)}; }
private void with(Consumer consumer) throws CertificateException { CertificateException exception = null; for (X509ExtendedTrustManager delegate : this.delegates) { try { consumer.accept(delegate); return; } catch (CertificateException e) { exception = e; } } if (exception != null) { throw exception; } }
/** * Create a {@link TrustManager} that validates server certificates against this trust store. * The returned trust manager is configured to throw a {@link NotTrustedException} with the * certificates presented by the server if they are not trusted. * * @return the trust manager * @throws GeneralSecurityException */ public TrustManager createTrustManager() { try { KeyStore trustStore = getTrustStore(); if (trustStore.aliases().hasMoreElements()) { TrustManagerFactory tmfactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmfactory.init(trustStore); TrustManager[] trustManagers = tmfactory.getTrustManagers(); if (trustManagers.length != 1) { throw new RuntimeException("Expected a TrustManager array with a single entry"); } return new TrustManagerWrapper((X509ExtendedTrustManager)trustManagers[0]); } else { return new NoTrustManager(); } } catch (GeneralSecurityException ex) { throw new TrustStoreError(ex); } }
private X509ExtendedTrustManager getTrustManager(KeyStore keyStore) { try { this.trustManagerFactory.init(keyStore); for (TrustManager trustManager : this.trustManagerFactory.getTrustManagers()) { if (trustManager instanceof X509ExtendedTrustManager) { return (X509ExtendedTrustManager) trustManager; } } throw new IllegalStateException("No X509ExtendedTrustManager available"); } catch (KeyStoreException e) { throw new UndeclaredThrowableException(e); } }
private X509ExtendedTrustManager getSystemTrustManager() { synchronized (MONITOR) { if (this.cachedSystemTrustManager == null) { for (TrustManager candidate : this.systemTrustManagerFactory.getTrustManagers()) { if (candidate instanceof X509ExtendedTrustManager) { this.logger.info("Adding System Trust Manager"); this.cachedSystemTrustManager = (X509ExtendedTrustManager) candidate; break; } } } return this.cachedSystemTrustManager; } }
@Override public void checkClientTrusted(final X509Certificate[] x509Certificates, final String s, final Socket socket) throws CertificateException { with(new Consumer() { @Override public void accept(X509ExtendedTrustManager delegate) throws CertificateException { delegate.checkClientTrusted(x509Certificates, s, socket); } }); }
@Override public void checkClientTrusted(final X509Certificate[] x509Certificates, final String s) throws CertificateException { with(new Consumer() { @Override public void accept(X509ExtendedTrustManager delegate) throws CertificateException { delegate.checkClientTrusted(x509Certificates, s); } }); }
@Override public void checkClientTrusted(final X509Certificate[] x509Certificates, final String s, final SSLEngine sslEngine) throws CertificateException { with(new Consumer() { @Override public void accept(X509ExtendedTrustManager delegate) throws CertificateException { delegate.checkClientTrusted(x509Certificates, s, sslEngine); } }); }
@Override public void checkServerTrusted(final X509Certificate[] x509Certificates, final String s, final Socket socket) throws CertificateException { with(new Consumer() { @Override public void accept(X509ExtendedTrustManager delegate) throws CertificateException { delegate.checkServerTrusted(x509Certificates, s, socket); } }); }
@Override public void checkServerTrusted(final X509Certificate[] x509Certificates, final String s) throws CertificateException { with(new Consumer() { @Override public void accept(X509ExtendedTrustManager delegate) throws CertificateException { delegate.checkServerTrusted(x509Certificates, s); } }); }
@Override public void checkServerTrusted(final X509Certificate[] x509Certificates, final String s, final SSLEngine sslEngine) throws CertificateException { with(new Consumer() { @Override public void accept(X509ExtendedTrustManager delegate) throws CertificateException { delegate.checkServerTrusted(x509Certificates, s, sslEngine); } }); }
@Override public X509Certificate[] getAcceptedIssuers() { return collect(new Function() { @Override public X509Certificate[] apply(X509ExtendedTrustManager delegate) { return delegate.getAcceptedIssuers(); } }); }
private X509Certificate[] collect(Function function) { List<X509Certificate> collected = new ArrayList<>(); for (X509ExtendedTrustManager delegate : this.delegates) { X509Certificate[] candidate = function.apply(delegate); if (candidate != null) { Collections.addAll(collected, candidate); } } return collected.toArray(new X509Certificate[collected.size()]); }
static void checkClientTrusted(X509TrustManager tm, X509Certificate[] chain, String authType, AbstractConscryptSocket socket) throws CertificateException { if (tm instanceof X509ExtendedTrustManager) { X509ExtendedTrustManager x509etm = (X509ExtendedTrustManager) tm; x509etm.checkClientTrusted(chain, authType, socket); } else if (!checkTrusted("checkClientTrusted", tm, chain, authType, Socket.class, socket) && !checkTrusted("checkClientTrusted", tm, chain, authType, String.class, socket.getHandshakeSession().getPeerHost())) { tm.checkClientTrusted(chain, authType); } }
static void checkServerTrusted(X509TrustManager tm, X509Certificate[] chain, String authType, AbstractConscryptSocket socket) throws CertificateException { if (tm instanceof X509ExtendedTrustManager) { X509ExtendedTrustManager x509etm = (X509ExtendedTrustManager) tm; x509etm.checkServerTrusted(chain, authType, socket); } else if (!checkTrusted("checkServerTrusted", tm, chain, authType, Socket.class, socket) && !checkTrusted("checkServerTrusted", tm, chain, authType, String.class, socket.getHandshakeSession().getPeerHost())) { tm.checkServerTrusted(chain, authType); } }
static void checkClientTrusted(X509TrustManager tm, X509Certificate[] chain, String authType, ConscryptEngine engine) throws CertificateException { if (tm instanceof X509ExtendedTrustManager) { X509ExtendedTrustManager x509etm = (X509ExtendedTrustManager) tm; x509etm.checkClientTrusted(chain, authType, engine); } else if (!checkTrusted("checkClientTrusted", tm, chain, authType, SSLEngine.class, engine) && !checkTrusted("checkClientTrusted", tm, chain, authType, String.class, engine.getHandshakeSession().getPeerHost())) { tm.checkClientTrusted(chain, authType); } }
static void checkServerTrusted(X509TrustManager tm, X509Certificate[] chain, String authType, ConscryptEngine engine) throws CertificateException { if (tm instanceof X509ExtendedTrustManager) { X509ExtendedTrustManager x509etm = (X509ExtendedTrustManager) tm; x509etm.checkServerTrusted(chain, authType, engine); } else if (!checkTrusted("checkServerTrusted", tm, chain, authType, SSLEngine.class, engine) && !checkTrusted("checkServerTrusted", tm, chain, authType, String.class, engine.getHandshakeSession().getPeerHost())) { tm.checkServerTrusted(chain, authType); } }
static void checkClientTrusted(X509TrustManager tm, X509Certificate[] chain, String authType, AbstractConscryptSocket socket) throws CertificateException { if (tm instanceof X509ExtendedTrustManager) { X509ExtendedTrustManager x509etm = (X509ExtendedTrustManager) tm; x509etm.checkClientTrusted(chain, authType, socket); } else { tm.checkClientTrusted(chain, authType); } }
static void checkServerTrusted(X509TrustManager tm, X509Certificate[] chain, String authType, AbstractConscryptSocket socket) throws CertificateException { if (tm instanceof X509ExtendedTrustManager) { X509ExtendedTrustManager x509etm = (X509ExtendedTrustManager) tm; x509etm.checkServerTrusted(chain, authType, socket); } else { tm.checkServerTrusted(chain, authType); } }
static void checkClientTrusted(X509TrustManager tm, X509Certificate[] chain, String authType, ConscryptEngine engine) throws CertificateException { if (tm instanceof X509ExtendedTrustManager) { X509ExtendedTrustManager x509etm = (X509ExtendedTrustManager) tm; x509etm.checkClientTrusted(chain, authType, engine); } else { tm.checkClientTrusted(chain, authType); } }
static void checkServerTrusted(X509TrustManager tm, X509Certificate[] chain, String authType, ConscryptEngine engine) throws CertificateException { if (tm instanceof X509ExtendedTrustManager) { X509ExtendedTrustManager x509etm = (X509ExtendedTrustManager) tm; x509etm.checkServerTrusted(chain, authType, engine); } else { tm.checkServerTrusted(chain, authType); } }
public static TrustManager wrap(TrustManager trustManager) { if (EXTENDED_TRUST_MANAGER_CLASS != null && EXTENDED_TRUST_MANAGER_CLASS.isInstance(trustManager)) { return new ExtendedWrapper((X509ExtendedTrustManager) trustManager); } else if (trustManager instanceof X509TrustManager) { return new Wrapper((X509TrustManager) trustManager); } return trustManager; }
@Test public void testTrustManagerProxyCheckClientTrusted(@Mocked X509ExtendedTrustManager mockedTrustManager) throws CertificateException { new Expectations() {{ mockedTrustManager.checkClientTrusted((X509Certificate[]) any, "cert"); times = 1; }}; TrustManagerProxy trustManagerProxy = new TrustManagerProxy(new TrustManager[]{mockedTrustManager}); trustManagerProxy.checkClientTrusted(null, "cert"); }
@Test public void testTrustManagerProxyCheckServerTrusted(@Mocked X509ExtendedTrustManager mockedTrustManager) throws CertificateException { new Expectations() {{ mockedTrustManager.checkServerTrusted((X509Certificate[]) any, "cert"); times = 1; }}; TrustManagerProxy trustManagerProxy = new TrustManagerProxy(new TrustManager[]{mockedTrustManager}); trustManagerProxy.checkServerTrusted(null, "cert"); }
@Test public void testTrustManagerProxyGetAcceptedIssuers(@Mocked X509ExtendedTrustManager mockedTrustManager) throws CertificateException { new Expectations() {{ mockedTrustManager.getAcceptedIssuers(); times = 1; result = null; }}; TrustManagerProxy trustManagerProxy = new TrustManagerProxy(new TrustManager[]{mockedTrustManager}); assertNull(trustManagerProxy.getAcceptedIssuers()); }
private static X509ExtendedTrustManager getX509TrustManager(TrustManager trustManager) throws StartException { if (trustManager == null) { return null; } if (trustManager instanceof X509ExtendedTrustManager) { return (X509ExtendedTrustManager) trustManager; } throw ROOT_LOGGER.invalidTypeInjected(X509ExtendedTrustManager.class.getSimpleName()); }
public TrustManagerExt(X509ExtendedTrustManager manager, SSLOption option, SSLCustom custom) { this.trustManager = manager; this.option = option; this.custom = custom; }
DelegatingX509ExtendedTrustManager(List<X509ExtendedTrustManager> delegates) { this.delegates = delegates; }
ExtendedWrapper(X509ExtendedTrustManager trustManager) { out.println("TestTrustManager.<init> extendedTrustManager=" + trustManager); this.extendedTrustManager = trustManager; this.trustManager = trustManager; }
X509ExtendedTrustManagerProxy(X509ExtendedTrustManager trustManager) { this.trustManager = trustManager; }
public TrackingTrustManager(X509TrustManager trustManager, TealessSSLContextBuilder.SSLCertificateVerificationTracker tracker) { super((X509ExtendedTrustManager) trustManager); this.tracker = tracker; }
static boolean useExtendedTrustManager(X509TrustManager trustManager) { return PlatformDependent.javaVersion() >= 7 && trustManager instanceof X509ExtendedTrustManager; }
/** * overwrites the existing key manager. * @param trustManagers only the first element will be used, and MUST be a X509ExtendedTrustManager */ public void setTrustManager(final TrustManager[] trustManagers) { trustManager = (X509ExtendedTrustManager) trustManagers[0]; }
void accept(X509ExtendedTrustManager delegate) throws CertificateException;
X509Certificate[] apply(X509ExtendedTrustManager delegate);
