package won.cryptography.ssl;
import org.apache.http.conn.ssl.TrustStrategy;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import won.cryptography.service.TrustStoreService;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
/**
* Can be useful for development: a certificate will become trusted after application of this strategy, while if
* already a certificated under the same alias is stored, it will be replaced by this latest certificate.
*
* User: ypanchenko
* Date: 05.08.2015
*/
public class TOLUStrategy implements TrustStrategy
{
private TrustStoreService trustStoreService;
private AliasGenerator aliasGenerator;
private final Logger logger = LoggerFactory.getLogger(getClass());
public void setTrustStoreService(TrustStoreService trustStoreService) {
this.trustStoreService = trustStoreService;
}
public void setAliasGenerator(AliasGenerator aliasGenerator) {
this.aliasGenerator = aliasGenerator;
}
public boolean isTrusted(final X509Certificate[] x509Certificates, final String authType) throws
CertificateException {
if (x509Certificates == null || x509Certificates.length < 1) {
return false;
}
// extract certificate
X509Certificate cert = x509Certificates[0];
// prepare alias
String alias = aliasGenerator.generateAlias(cert);
if (trustStoreService.isCertKnown(cert)) {
return true;
}
try {
trustStoreService.addCertificate(alias, cert, true);
logger.info("Certificate is added based on TOLU and from now on it is trusted!");
return true;
} catch (Exception e) {
logger.warn("Certificate could not be added as trusted for TOLU for alias " + alias, e);
return false;
}
}
}