18a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom/* 28a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom * Copyright (C) 2010 The Android Open Source Project 38a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom * 48a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom * Licensed under the Apache License, Version 2.0 (the "License"); 58a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom * you may not use this file except in compliance with the License. 68a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom * You may obtain a copy of the License at 78a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom * 88a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom * http://www.apache.org/licenses/LICENSE-2.0 98a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom * 108a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom * Unless required by applicable law or agreed to in writing, software 118a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom * distributed under the License is distributed on an "AS IS" BASIS, 128a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 138a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom * See the License for the specific language governing permissions and 148a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom * limitations under the License. 158a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom */ 168a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom 178a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrompackage libcore.javax.net.ssl; 188a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom 198a720cceee7ce319d647738dfeda3f302879f370Brian Carlstromimport java.io.PrintStream; 208a720cceee7ce319d647738dfeda3f302879f370Brian Carlstromimport javax.net.ssl.TrustManager; 218a720cceee7ce319d647738dfeda3f302879f370Brian Carlstromimport javax.net.ssl.X509TrustManager; 228a720cceee7ce319d647738dfeda3f302879f370Brian Carlstromimport java.security.cert.CertificateException; 238a720cceee7ce319d647738dfeda3f302879f370Brian Carlstromimport java.security.cert.X509Certificate; 246c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstromimport libcore.java.io.NullPrintStream; 254ae3fd787741bfe1b808f447dcb0785250024119Brian Carlstromimport libcore.java.security.StandardNames; 268a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom 278a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom/** 288a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom * TestTrustManager is a simple proxy class that wraps an existing 296c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom * X509TrustManager to provide debug logging and recording of 306c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom * values. 318a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom */ 328a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrompublic final class TestTrustManager implements X509TrustManager { 338a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom 346c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom private static final boolean LOG = false; 356c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom private static final PrintStream out = LOG ? System.out : new NullPrintStream(); 368a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom 378a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom private final X509TrustManager trustManager; 388a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom 398a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom public static TrustManager[] wrap(TrustManager[] trustManagers) { 408a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom TrustManager[] result = trustManagers.clone(); 418a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom for (int i = 0; i < result.length; i++) { 428a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom result[i] = wrap(result[i]); 438a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom } 448a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom return result; 458a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom } 468a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom 478a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom public static TrustManager wrap(TrustManager trustManager) { 488a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom if (!(trustManager instanceof X509TrustManager)) { 498a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom return trustManager; 508a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom } 518a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom return new TestTrustManager((X509TrustManager) trustManager); 528a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom } 538a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom 548a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom public TestTrustManager(X509TrustManager trustManager) { 556c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom out.println("TestTrustManager.<init> trustManager=" + trustManager); 568a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom this.trustManager = trustManager; 578a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom } 588a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom 598a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom public void checkClientTrusted(X509Certificate[] chain, String authType) 608a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom throws CertificateException { 618a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom out.print("TestTrustManager.checkClientTrusted " 628a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom + "chain=" + chain.length + " " 638a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom + "authType=" + authType + " "); 648a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom try { 654ae3fd787741bfe1b808f447dcb0785250024119Brian Carlstrom assertClientAuthType(authType); 668a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom trustManager.checkClientTrusted(chain, authType); 678a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom out.println("OK"); 688a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom } catch (CertificateException e) { 698a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom e.printStackTrace(out); 708a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom throw e; 718a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom } 728a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom } 738a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom 744ae3fd787741bfe1b808f447dcb0785250024119Brian Carlstrom private void assertClientAuthType(String authType) { 754ae3fd787741bfe1b808f447dcb0785250024119Brian Carlstrom if (!StandardNames.CLIENT_AUTH_TYPES.contains(authType)) { 764ae3fd787741bfe1b808f447dcb0785250024119Brian Carlstrom throw new AssertionError("Unexpected client auth type " + authType); 774ae3fd787741bfe1b808f447dcb0785250024119Brian Carlstrom } 784ae3fd787741bfe1b808f447dcb0785250024119Brian Carlstrom } 794ae3fd787741bfe1b808f447dcb0785250024119Brian Carlstrom 808a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom public void checkServerTrusted(X509Certificate[] chain, String authType) 818a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom throws CertificateException { 828a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom out.print("TestTrustManager.checkServerTrusted " 838a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom + "chain=" + chain.length + " " 848a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom + "authType=" + authType + " "); 858a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom try { 864ae3fd787741bfe1b808f447dcb0785250024119Brian Carlstrom assertServerAuthType(authType); 878a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom trustManager.checkServerTrusted(chain, authType); 888a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom out.println("OK"); 898a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom } catch (CertificateException e) { 908a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom e.printStackTrace(out); 918a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom throw e; 928a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom } 938a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom } 948a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom 954ae3fd787741bfe1b808f447dcb0785250024119Brian Carlstrom private void assertServerAuthType(String authType) { 964ae3fd787741bfe1b808f447dcb0785250024119Brian Carlstrom if (!StandardNames.SERVER_AUTH_TYPES.contains(authType)) { 974ae3fd787741bfe1b808f447dcb0785250024119Brian Carlstrom throw new AssertionError("Unexpected server auth type " + authType); 984ae3fd787741bfe1b808f447dcb0785250024119Brian Carlstrom } 994ae3fd787741bfe1b808f447dcb0785250024119Brian Carlstrom } 1004ae3fd787741bfe1b808f447dcb0785250024119Brian Carlstrom 1018a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom /** 1028a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom * Returns the list of certificate issuer authorities which are trusted for 1038a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom * authentication of peers. 1048a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom * 1058a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom * @return the list of certificate issuer authorities which are trusted for 1068a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom * authentication of peers. 1078a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom */ 1088a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom public X509Certificate[] getAcceptedIssuers() { 1098a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom X509Certificate[] result = trustManager.getAcceptedIssuers(); 1108a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom out.print("TestTrustManager.getAcceptedIssuers result=" + result.length); 1118a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom return result; 1128a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom } 1138a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom} 1148a720cceee7ce319d647738dfeda3f302879f370Brian Carlstrom 115