SSLSavingTrustManager.java

/*
 * GovWay - A customizable API Gateway 
 * https://govway.org
 * 
 * Copyright (c) 2005-2025 Link.it srl (https://link.it). 
 * 
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 3, as published by
 * the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 *
 */

package org.openspcoop2.utils.transport.http;

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

/**
 * SSLSavingTrustManager
 *
 * @author Poli Andrea (apoli@link.it)
 * @author $Author$
 * @version $Rev$, $Date$
 */
public class SSLSavingTrustManager implements X509TrustManager {

    private X509TrustManager tm;
    private X509Certificate[] chain;
    private boolean processClient;

    public X509Certificate[] getPeerCertificates() {
        return this.chain;
    }

    public SSLSavingTrustManager(X509TrustManager tm) {
        this(tm, false);
    }
    public SSLSavingTrustManager(X509TrustManager tm, boolean processClient) {
        this.tm = tm;
        this.processClient = processClient;
    }

    @Override
    public X509Certificate[] getAcceptedIssuers() {
        if(this.processClient) {
            return this.tm.getAcceptedIssuers();
        }
        else {
            throw new UnsupportedOperationException();
        }
    }

    @Override
    public void checkClientTrusted(X509Certificate[] chain, String authType)
            throws CertificateException {
        if(this.processClient) {
            this.tm.checkClientTrusted(chain, authType);
        }
        else {
            throw new UnsupportedOperationException();
        }
    }

    @Override
    public void checkServerTrusted(X509Certificate[] chain, String authType)
            throws CertificateException {
        this.chain = chain;
        this.tm.checkServerTrusted(chain, authType);
    }

    public static TrustManager[] wrap(TrustManager[] tmArray) {
        if(tmArray!=null && tmArray.length>0) {
            for (int i = 0; i < tmArray.length; i++) {
                TrustManager tm = tmArray[i];
                if(tm!=null && tm instanceof X509TrustManager) {
                    // wrap

                    // clono perche' nel caso di SSLTrustAll si tratta di una istanza statica
                    TrustManager[] cloned = new TrustManager[tmArray.length];
                    for (int j = 0; j < tmArray.length; j++) {
                        if(j == i) {
                            cloned[j] = new SSLSavingTrustManager((X509TrustManager)tm, true);
                        }
                        else {
                            cloned[j] = tmArray[j];
                        }
                    }
                    return cloned;
                }
            }
        }
        return tmArray;
    }
    
    public static SSLSavingTrustManager read(TrustManager[] tmArray) {
        if(tmArray!=null && tmArray.length>0) {
            for (int i = 0; i < tmArray.length; i++) {
                TrustManager tm = tmArray[i];
                if(tm!=null && tm instanceof SSLSavingTrustManager) {
                    return (SSLSavingTrustManager) tm;
                }
            }
        }
        return null;
    }
}