Mail送信先確認プログラムβプロジェクト
Revision | 96d06f1fb33a77d0a6babb434d2d80bc054ab4c2 (tree) |
---|---|
Time | 2011-05-08 03:34:49 |
Author | Takuya Ono <takuya-o@user...> |
Commiter | Takuya Ono |
Support: [ #25090 ] TLS/SSL SMTP server connection suuport. Ph.1
@@ -0,0 +1,155 @@ | ||
1 | +/* | |
2 | + * Orignal X509TrustManager | |
3 | + * User can connect to untrusted SMTP server aka OreOre server. | |
4 | + */ | |
5 | +package org.jent.checksmtp.ssl; | |
6 | + | |
7 | +import java.io.File; | |
8 | +import java.io.FileInputStream; | |
9 | +import java.io.FileNotFoundException; | |
10 | +import java.security.KeyStore; | |
11 | +import java.security.cert.CertificateException; | |
12 | +import java.security.cert.X509Certificate; | |
13 | +import javax.net.ssl.TrustManager; | |
14 | +import javax.net.ssl.TrustManagerFactory; | |
15 | +import javax.net.ssl.X509TrustManager; | |
16 | + | |
17 | +/** | |
18 | + * Baseed on sample code from http://java.sun.com/javase/ja/6/docs/ja/technotes/guides/security/jsse/JSSERefGuide.html#X509TrustManager | |
19 | + * | |
20 | + * @author takuya-o@users.sourceforge.jp "Takuya Ono" | |
21 | + */ | |
22 | +public class RespondingX509TrustManager implements X509TrustManager { | |
23 | + /* | |
24 | + * The default PKIX X509TrustManager9. We'll delegate | |
25 | + * decisions to it, and fall back to the logic in this class if the | |
26 | + * default X509TrustManager doesn't trust it. | |
27 | + */ | |
28 | + | |
29 | + X509TrustManager pkixTrustManager; | |
30 | + | |
31 | + public RespondingX509TrustManager() throws Exception { | |
32 | + // create a "default" JSSE X509TrustManager. | |
33 | + File file = null; | |
34 | + FileInputStream cacertsFileInputStream = null; | |
35 | + char cacertsPass[] = null; | |
36 | + | |
37 | + //Create&load KeyStore | |
38 | + KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); | |
39 | + //KeyStore ks = KeyStore.getInstance("JKS"); | |
40 | + //ks.load(new FileInputStream("trustedCerts"), "passphrase".toCharArray()); | |
41 | + try { | |
42 | + //Check file at sytem property javax.net.ssl.trustStore. | |
43 | + String cacertsFileName = System.getProperty("javax.net.ssl.trustStore"); | |
44 | + if (cacertsFileName != null) { | |
45 | + file = new File(cacertsFileName); | |
46 | + System.out.println("System property javax.net.ssl.trustStore:" | |
47 | + + cacertsFileName); | |
48 | + } | |
49 | + if (file == null) { | |
50 | + //Check Default trustStore | |
51 | + char SEP = File.separatorChar; | |
52 | + String cacertsDirName = System.getProperty("java.home") + SEP + "lib" | |
53 | + + SEP + "security"; | |
54 | + file = new File(cacertsDirName, "jssecacerts"); | |
55 | + if (!file.canRead()) { | |
56 | + System.err.println("NotFound:" + file.getPath()); | |
57 | + file = new File(cacertsDirName, "cacerts"); | |
58 | + } | |
59 | + } | |
60 | + if (!file.canRead()) { | |
61 | + System.err.println("NotFound:" + file.getPath()); | |
62 | + cacertsFileInputStream = null; | |
63 | + } else { | |
64 | + cacertsFileInputStream = new FileInputStream(file); | |
65 | + System.err.println("Load trustStore:" + file.getPath()); | |
66 | + String cacertsPassString = System.getProperty("javax.net.ssl.trustStorePassword"); | |
67 | + if (cacertsPassString != null) { | |
68 | + cacertsPass = cacertsPassString.toCharArray(); | |
69 | + } | |
70 | + } | |
71 | + } catch (NullPointerException npEx) { | |
72 | + npEx.printStackTrace(System.out); | |
73 | + cacertsFileInputStream = null; | |
74 | + } catch (FileNotFoundException fnfEx) { | |
75 | + System.err.println("CanNotRead(" + fnfEx + "):" + file.getPath()); | |
76 | + cacertsFileInputStream = null; | |
77 | + } catch (SecurityException ex) { | |
78 | + cacertsFileInputStream = null; | |
79 | + System.err.println("CanNotRead(" + ex + "):" + file.getPath()); | |
80 | + } | |
81 | + ks.load(cacertsFileInputStream, cacertsPass); | |
82 | + cacertsFileInputStream.close(); | |
83 | + | |
84 | + TrustManagerFactory tmf = | |
85 | + TrustManagerFactory.getInstance("PKIX"); | |
86 | + tmf.init(ks); | |
87 | + | |
88 | + TrustManager tms[] = tmf.getTrustManagers(); | |
89 | + | |
90 | + /* | |
91 | + * Iterate over the returned trustmanagers, look | |
92 | + * for an instance of X509TrustManager. If found, | |
93 | + * use that as our "default" trust manager. | |
94 | + */ | |
95 | + for (int i = 0; i < tms.length; i++) { | |
96 | + if (tms[i] instanceof X509TrustManager) { | |
97 | + pkixTrustManager = (X509TrustManager) tms[i]; | |
98 | + //sun.security.ssl.X509TrustManagerImpl(); | |
99 | + return; | |
100 | + } | |
101 | + } | |
102 | + | |
103 | + /* | |
104 | + * Find some other way to initialize, or else we have to fail the | |
105 | + * constructor. | |
106 | + */ | |
107 | + throw new Exception("Couldn't initialize"); | |
108 | + } | |
109 | + | |
110 | + /* | |
111 | + * Delegate to the default trust manager. | |
112 | + */ | |
113 | + public void checkClientTrusted(X509Certificate[] chain, String authType) | |
114 | + throws CertificateException { | |
115 | + try { | |
116 | + pkixTrustManager.checkClientTrusted(chain, authType); | |
117 | + } catch (CertificateException excep) { | |
118 | + // do any special handling here, or rethrow exception. | |
119 | + throw excep; // Same as X509TrustManager | |
120 | + } | |
121 | + } | |
122 | + | |
123 | + /* | |
124 | + * Delegate to the default trust manager. | |
125 | + */ | |
126 | + public void checkServerTrusted(X509Certificate[] chain, String authType) | |
127 | + throws CertificateException { | |
128 | + | |
129 | + //List chain from | |
130 | + //http://code.google.com/p/openmeetings/source/browse/trunk/singlewebapp/src/app/org/openmeetings/app/sip/xmlrpc/EasyX509TrustManager.java?r=3132 | |
131 | + if (chain != null) { | |
132 | + System.out.println("Server certificate chain:"); | |
133 | + for (int i = 0; i < chain.length; i++) { | |
134 | + System.out.println("X509Certificate[" + i + "]=" + chain[i].getSubjectDN() ); | |
135 | + } | |
136 | + } | |
137 | + try { | |
138 | + pkixTrustManager.checkServerTrusted(chain, authType); | |
139 | + } catch (CertificateException excep) { | |
140 | + /* | |
141 | + * Possibly pop up a dialog box asking whether to trust the | |
142 | + * cert chain. | |
143 | + */ | |
144 | + //TODO: Pop up waring dialog. | |
145 | + System.err.println("Connecting untrusted SMTP server." + chain[0].getSubjectDN() ); | |
146 | + } | |
147 | + } | |
148 | + | |
149 | + /* | |
150 | + * Merely pass this through. | |
151 | + */ | |
152 | + public X509Certificate[] getAcceptedIssuers() { | |
153 | + return pkixTrustManager.getAcceptedIssuers(); | |
154 | + } | |
155 | +} |