svn commit: r1804905 - /tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java

Sun, 13 Aug 2017 05:01:49 -0700 

Author: rjung
Date: Sun Aug 13 12:01:16 2017
New Revision: 1804905

URL: http://svn.apache.org/viewvc?rev=1804905&view=rev
Log:
Add custom class that allows to test client
certificate handshake with a trustmanager
(named SequentialTrustManager), that should
be equivalent to our default trust store.

Modified:
    tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java

Modified: tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java?rev=1804905&r1=1804904&r2=1804905&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java Sun Aug 13 
12:01:16 2017
@@ -21,6 +21,7 @@ import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.security.KeyStore;
+import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 import java.util.Locale;
 
@@ -122,7 +123,6 @@ public final class TesterSupport {
         return tmf.getTrustManagers();
     }
 
-
     protected static void configureClientSsl() {
         try {
             SSLContext sc = SSLContext.getInstance("TLS");
@@ -274,4 +274,81 @@ public final class TesterSupport {
             // NOOP - Trust everything
         }
     }
+
+    public static class SequentialTrustManager implements X509TrustManager {
+
+        private static X509TrustManager[] tms;
+        private static X509Certificate[] certs;
+
+        static {
+            try {
+                TrustManager[] managers = getTrustManagers();
+                int mcount = 0;
+                int ccount = 0;
+                for (TrustManager tm : managers) {
+                    if (tm instanceof X509TrustManager) {
+                        mcount++;
+                        ccount += 
((X509TrustManager)tm).getAcceptedIssuers().length;
+                    }
+                }
+                tms = new X509TrustManager[mcount];
+                certs = new X509Certificate[ccount];
+                mcount = 0;
+                ccount = 0;
+                for (TrustManager tm : managers) {
+                    if (tm instanceof X509TrustManager) {
+                        tms[mcount] = (X509TrustManager)tm;
+                        mcount++;
+                        for (X509Certificate cert : 
((X509TrustManager)tm).getAcceptedIssuers()) {
+                            certs[ccount] = cert;
+                            ccount++;
+                        }
+                    }
+                }
+            } catch (Exception ex) {
+                tms = new X509TrustManager[1];
+                tms[0] = new TrustAllCerts();
+                certs = new X509Certificate[0];
+            }
+        }
+
+        @Override
+        public X509Certificate[] getAcceptedIssuers() {
+            return certs;
+        }
+
+        @Override
+        public void checkClientTrusted(X509Certificate[] certs,
+                String authType) throws CertificateException {
+            boolean trust = false;
+            for (X509TrustManager tm : tms) {
+                try {
+                    tm.checkClientTrusted(certs, authType);
+                    trust = true;
+                } catch (CertificateException ex) {
+                    // Ignore
+                }
+            }
+            if (!trust) {
+                throw new CertificateException();
+            }
+        }
+
+        @Override
+        public void checkServerTrusted(X509Certificate[] certs,
+                String authType) throws CertificateException {
+            boolean trust = false;
+            for (X509TrustManager tm : tms) {
+                try {
+                    tm.checkServerTrusted(certs, authType);
+                    trust = true;
+                } catch (CertificateException ex) {
+                    // Ignore
+                }
+            }
+            if (!trust) {
+                throw new CertificateException();
+            }
+        }
+    }
 }



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to