HX509TrustManager.java example

Explorer
appcan-android-master
- Engine
  - src
/*
 *  Copyright (C) 2014 The AppCan Open Source Project.
 *
 *  This program is free software: you can redistribute it and/or modify
 *  it under the terms of the GNU Lesser General Public License as published by
 *  the Free Software Foundation, either version 3 of the License, or
 *  (at your option) any later version.

 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU Lesser General Public License for more details.

 *  You should have received a copy of the GNU Lesser General Public License
 *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 *
 */

package org.zywx.wbpalmstar.platform.certificates;


import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

public class HX509TrustManager implements X509TrustManager {

    private static X509TrustManager mDefaultTrustManager;
    private X509TrustManager mTrustManager;

    public HX509TrustManager(KeyStore ksP12) throws Exception {

        TrustManagerFactory tfactory = TrustManagerFactory.getInstance(Http.algorithm);
        tfactory.init(ksP12);
        TrustManager[] trustMgr = tfactory.getTrustManagers();
        if (trustMgr.length == 0) {
            throw new NoSuchAlgorithmException("no trust manager found");
        }
        mTrustManager = (X509TrustManager) trustMgr[0];
        if (mDefaultTrustManager == null) {
            // 初始化系统默认证书库的trustManager
            TrustManagerFactory defaultTfactory = TrustManagerFactory
                    .getInstance(Http.algorithm);
            defaultTfactory.init((KeyStore) null);
            TrustManager[] defaultTrustMgr = defaultTfactory.getTrustManagers();
            if (defaultTrustMgr.length == 0) {
                throw new NoSuchAlgorithmException(
                        "no default trust manager found");
            }
            mDefaultTrustManager = (X509TrustManager) defaultTrustMgr[0];
        }
    }

    @Override
    public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        if (Http.isCheckTrustCert()) {
            try {
                mTrustManager.checkClientTrusted(chain, authType);
            } catch (Exception e) {
                e.printStackTrace();
                mDefaultTrustManager.checkClientTrusted(chain, authType);
            }
        }
    }

    @Override
    public void checkServerTrusted(X509Certificate[] chain, String authType)
            throws CertificateException {
        if (Http.isCheckTrustCert()) {
            try {
                if ((chain != null) && (chain.length == 1)) {
                    chain[0].checkValidity();
                } else {
                    mTrustManager.checkServerTrusted(chain, authType);
                }
            } catch (Exception e) {
                e.printStackTrace();
                mDefaultTrustManager.checkServerTrusted(chain, authType);
            }
        }
    }

    @Override
    public X509Certificate[] getAcceptedIssuers() {
        X509Certificate[] certs = mTrustManager.getAcceptedIssuers();
        return certs;
    }

}