Skip to content

Commit

Permalink
Provide implementation delegate for use by trust all trust manager, a…
Browse files Browse the repository at this point in the history
…voiding empty implementation (#1066)
  • Loading branch information
scottf authored Jan 30, 2024
1 parent 9e01723 commit 9ec9788
Showing 1 changed file with 30 additions and 8 deletions.
38 changes: 30 additions & 8 deletions src/main/java/io/nats/client/support/SSLUtils.java
Original file line number Diff line number Diff line change
Expand Up @@ -31,15 +31,37 @@ public class SSLUtils {
public static final String DEFAULT_TLS_ALGORITHM = "SunX509";
public static final String DEFAULT_KEYSTORE_TYPE = "JKS";

private static final TrustManager[] TRUST_ALL_CERTS = new TrustManager[] { new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
private static TrustManagerDelegate TRUST_MANAGER_DELEGATE;

public static void setDefaultTrustManagerDelegate(TrustManagerDelegate trustManagerDelegate) {
SSLUtils.TRUST_MANAGER_DELEGATE = trustManagerDelegate;
}

public void checkClientTrusted(X509Certificate[] certs, String authType) {}
public interface TrustManagerDelegate {
java.security.cert.X509Certificate[] getAcceptedIssuers();
void checkClientTrusted(X509Certificate[] certs, String authType);
void checkServerTrusted(X509Certificate[] certs, String authType);
}

public void checkServerTrusted(X509Certificate[] certs, String authType) {}
} };
private static final TrustManager[] DEFAULT_TRUST_MANAGERS = new TrustManager[] {
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return TRUST_MANAGER_DELEGATE == null ? null : TRUST_MANAGER_DELEGATE.getAcceptedIssuers();
}

public void checkClientTrusted(X509Certificate[] certs, String authType) {
if (TRUST_MANAGER_DELEGATE != null) {
TRUST_MANAGER_DELEGATE.checkClientTrusted(certs, authType);
}
}

public void checkServerTrusted(X509Certificate[] certs, String authType) {
if (TRUST_MANAGER_DELEGATE != null) {
TRUST_MANAGER_DELEGATE.checkServerTrusted(certs, authType);
}
}
}
};

public static SSLContext createOpenTLSContext() {
try {
Expand All @@ -52,7 +74,7 @@ public static SSLContext createOpenTLSContext() {

public static SSLContext createTrustAllTlsContext() throws GeneralSecurityException {
SSLContext context = SSLContext.getInstance(Options.DEFAULT_SSL_PROTOCOL);
context.init(null, TRUST_ALL_CERTS, SRAND);
context.init(null, DEFAULT_TRUST_MANAGERS, SRAND);
return context;
}

Expand Down

0 comments on commit 9ec9788

Please sign in to comment.