From 12fe32df6f5b17abb5d1f9bac9f5fb87b961f0c2 Mon Sep 17 00:00:00 2001
From: tkellner <tkellner@174cde9d-5d70-4d2a-aa98-46368bc2aaf7>
Date: Wed, 10 Apr 2013 18:56:29 +0000
Subject: Configuration Changes

git-svn-id: https://joinup.ec.europa.eu/svn/pdf-over/trunk@49 174cde9d-5d70-4d2a-aa98-46368bc2aaf7
---
 .../states/mobilebku/ASITTrustManager.java         | 179 +++++++++++++++++++--
 1 file changed, 169 insertions(+), 10 deletions(-)

(limited to 'pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow/states/mobilebku/ASITTrustManager.java')

diff --git a/pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow/states/mobilebku/ASITTrustManager.java b/pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow/states/mobilebku/ASITTrustManager.java
index 2428ef65..6f557bc6 100644
--- a/pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow/states/mobilebku/ASITTrustManager.java
+++ b/pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow/states/mobilebku/ASITTrustManager.java
@@ -16,13 +16,22 @@
 package at.asit.pdfover.gui.workflow.states.mobilebku;
 
 // Imports
+import java.security.KeyStore;
 import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
-
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
 import javax.net.ssl.X509TrustManager;
 
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.apache.commons.lang.ArrayUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.w3c.dom.Document;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
 
 /**
  * 
@@ -34,31 +43,181 @@ public class ASITTrustManager implements X509TrustManager {
 	private static final Logger log = LoggerFactory
 			.getLogger(ASITTrustManager.class);
 
-	/* (non-Javadoc)
-	 * @see javax.net.ssl.X509TrustManager#checkClientTrusted(java.security.cert.X509Certificate[], java.lang.String)
+	/*
+	 * The default X509TrustManager returned by SunX509. We'll delegate
+	 * decisions to it, and fall back to the logic in this class if the default
+	 * X509TrustManager doesn't trust it.
+	 */
+	X509TrustManager sunJSSEX509TrustManager;
+
+	/**
+	 * Trust Manager for A-Trust Certificates
+	 */
+	X509TrustManager atrustTrustManager;
+
+	/**
+	 * Constructs the TrustManager
+	 * 
+	 * @throws Exception
+	 */
+	public ASITTrustManager() throws Exception {
+		// create a "default" JSSE X509TrustManager.
+
+		TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); //$NON-NLS-1$
+		tmf.init((KeyStore) null);
+
+		TrustManager tms[] = tmf.getTrustManagers();
+
+		/*
+		 * Iterate over the returned trustmanagers, look for an instance of
+		 * X509TrustManager. If found, use that as our "default" trust manager.
+		 */
+		for (int i = 0; i < tms.length; i++) {
+			if (tms[i] instanceof X509TrustManager) {
+				this.sunJSSEX509TrustManager = (X509TrustManager) tms[i];
+				break;
+			}
+		}
+
+		/*
+		 * A-Trust Certificates
+		 */
+
+		KeyStore atrustKeyStore = KeyStore.getInstance(KeyStore
+				.getDefaultType());
+
+		atrustKeyStore.load(null);
+
+		String usedCertificates = "/certificates/used_certificates.xml"; //$NON-NLS-1$
+
+		Document doc = DocumentBuilderFactory.newInstance()
+				.newDocumentBuilder()
+				.parse(this.getClass().getResourceAsStream(usedCertificates));
+
+		Node certificates = doc.getFirstChild();
+
+		if (!certificates.getNodeName().equals("certificates")) { //$NON-NLS-1$
+			throw new Exception(
+					"Used certificates xml is invalid! no certificates node"); //$NON-NLS-1$
+		}
+
+		NodeList certificateList = certificates.getChildNodes();
+
+		for (int i = 0; i < certificateList.getLength(); i++) {
+			try {
+
+				Node certificateNode = certificateList.item(i);
+
+				if (certificateNode.getNodeName().equals("#text")) { //$NON-NLS-1$
+					continue; // Ignore dummy text node ..
+				}
+
+				if (!certificateNode.getNodeName().equals("certificate")) { //$NON-NLS-1$
+					log.warn("Ignoring XML node: " + certificateNode.getNodeName()); //$NON-NLS-1$
+					continue;
+				}
+
+				String certResource = "/certificates/" + certificateNode.getTextContent() + ".crt"; //$NON-NLS-1$ //$NON-NLS-2$
+
+				X509Certificate cert = (X509Certificate) CertificateFactory
+						.getInstance("X509"). //$NON-NLS-1$
+						generateCertificate(
+								this.getClass().getResourceAsStream(
+										certResource));
+
+				atrustKeyStore.setCertificateEntry(certificateNode.getTextContent(), cert);
+
+				log.debug("Loaded certificate : " + certResource); //$NON-NLS-1$
+
+			} catch (Exception ex) {
+				log.error("Failed to load certificate [" + "]", ex); //$NON-NLS-1$ //$NON-NLS-2$
+			}
+		}
+
+		tmf.init(atrustKeyStore);
+
+		tms = tmf.getTrustManagers();
+
+		/*
+		 * Iterate over the returned trustmanagers, look for an instance of
+		 * X509TrustManager. If found, use that as our "default" trust manager.
+		 */
+		for (int i = 0; i < tms.length; i++) {
+			if (tms[i] instanceof X509TrustManager) {
+				this.atrustTrustManager = (X509TrustManager) tms[i];
+				break;
+			}
+		}
+
+		if (this.sunJSSEX509TrustManager != null
+				&& this.atrustTrustManager != null) {
+			return;
+		}
+
+		/*
+		 * Find some other way to initialize, or else we have to fail the
+		 * constructor.
+		 */
+		throw new Exception("Couldn't initialize ASITTrustManager"); //$NON-NLS-1$
+	}
+
+	/*
+	 * (non-Javadoc)
+	 * 
+	 * @see
+	 * javax.net.ssl.X509TrustManager#checkClientTrusted(java.security.cert.
+	 * X509Certificate[], java.lang.String)
 	 */
 	@Override
 	public void checkClientTrusted(X509Certificate[] arg0, String arg1)
 			throws CertificateException {
-		// Ignore client certificates ...
+		try {
+			this.atrustTrustManager.checkServerTrusted(arg0, arg1);
+		} catch (CertificateException ex) {
+			try {
+				this.sunJSSEX509TrustManager.checkClientTrusted(arg0, arg1);
+			} catch (CertificateException ex2) {
+				log.info("checkClientTrusted: ", ex2); //$NON-NLS-1$
+				throw ex2;
+			}
+		}
 	}
 
-	/* (non-Javadoc)
-	 * @see javax.net.ssl.X509TrustManager#checkServerTrusted(java.security.cert.X509Certificate[], java.lang.String)
+	/*
+	 * (non-Javadoc)
+	 * 
+	 * @see
+	 * javax.net.ssl.X509TrustManager#checkServerTrusted(java.security.cert.
+	 * X509Certificate[], java.lang.String)
 	 */
 	@Override
 	public void checkServerTrusted(X509Certificate[] arg0, String arg1)
 			throws CertificateException {
-		// TODO: Check trusted server certificate!
+		try {
+			this.atrustTrustManager.checkServerTrusted(arg0, arg1);
+		} catch (CertificateException ex) {
+			try {
+				this.sunJSSEX509TrustManager.checkServerTrusted(arg0, arg1);
+			} catch (CertificateException ex2) {
+				log.info("checkServerTrusted: ", ex2); //$NON-NLS-1$
+				throw ex2;
+			}
+		}
 	}
 
-	/* (non-Javadoc)
+	/*
+	 * (non-Javadoc)
+	 * 
 	 * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers()
 	 */
 	@Override
 	public X509Certificate[] getAcceptedIssuers() {
-		// TODO: Build accepted issuers
-		return null;
+
+		X509Certificate[] default_certs = this.sunJSSEX509TrustManager.getAcceptedIssuers();
+
+		X509Certificate[] atrust_cerst = this.atrustTrustManager.getAcceptedIssuers();
+		
+		return (X509Certificate[]) ArrayUtils.addAll(default_certs, atrust_cerst);
 	}
 
 }
-- 
cgit v1.2.3