/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at legal-notices/CDDLv1_0.txt.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information:
* Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*
* Copyright 2008-2010 Sun Microsystems, Inc.
* Portions Copyright 2014-2015 ForgeRock AS
*/
/**
* This class provides an implementation of an X.509 trust manager which will
* interactively prompt the user (via the CLI) whether a given certificate
* should be trusted. It should only be used by interactive command-line tools,
* since it will block until it gets a response from the user.
* <BR><BR>
* Note that this class is only intended for client-side use, and therefore may
* not be used by a server to determine whether a client certificate is trusted.
*/
public class PromptTrustManager
implements X509TrustManager
{
/** The singleton trust manager array for this class. */
new TrustManager[] { new PromptTrustManager() };
/**
* Creates a new instance of this prompt trust manager.
*/
private PromptTrustManager()
{
// No implementation is required.
}
/**
* Retrieves the trust manager array that should be used to initialize an SSL
* context in cases where the user should be interactively prompted about
* whether to trust the server certificate.
*
* @return The trust manager array that should be used to initialize an SSL
* context in cases where the user should be interactively prompted
* about whether to trust the server certificate.
*/
{
return trustManagerArray;
}
/**
* Determines whether an SSL client with the provided certificate chain should
* be trusted. This implementation is not intended for server-side use, and
* therefore this method will always throw an exception.
*
* @param chain The certificate chain for the SSL client.
* @param authType The authentication type based on the client certificate.
*
* @throws CertificateException To indicate that the provided client
* certificate is not trusted.
*/
throws CertificateException
{
}
/**
* Determines whether an SSL server with the provided certificate chain should
* be trusted. In this case, the user will be interactively prompted as to
* whether the certificate should be trusted.
*
* @param chain The certificate chain for the SSL server.
* @param authType The key exchange algorithm used.
*
* @throws CertificateException If the user rejects the certificate.
*/
throws CertificateException
{
{
}
else
{
{
}
{
}
notAfterDate));
}
while (true)
{
try
{
if (line.equalsIgnoreCase(
{
// Returning without an exception is sufficient to consider the
// certificate trusted.
return;
}
if (line.equalsIgnoreCase(
{
}
} catch (IOException ioe) {}
}
}
/**
* Retrieves the set of certificate authority certificates which are trusted
* for authenticating peers.
*
* @return An empty array, since we don't care what certificates are
* presented because we will always prompt the user.
*/
{
return new X509Certificate[0];
}
}