• R/O
  • HTTP
  • SSH
  • HTTPS

BetaProject: 提交

Mail送信先確認プログラムβプロジェクト


Commit MetaInfo

修訂96d06f1fb33a77d0a6babb434d2d80bc054ab4c2 (tree)
時間2011-05-08 03:34:49
作者Takuya Ono <takuya-o@user...>
CommiterTakuya Ono

Log Message

Support: [ #25090 ] TLS/SSL SMTP server connection suuport. Ph.1

Change Summary

差異

--- /dev/null
+++ b/src/org/jent/checksmtp/ssl/RespondingX509TrustManager.java
@@ -0,0 +1,155 @@
1+/*
2+ * Orignal X509TrustManager
3+ * User can connect to untrusted SMTP server aka OreOre server.
4+ */
5+package org.jent.checksmtp.ssl;
6+
7+import java.io.File;
8+import java.io.FileInputStream;
9+import java.io.FileNotFoundException;
10+import java.security.KeyStore;
11+import java.security.cert.CertificateException;
12+import java.security.cert.X509Certificate;
13+import javax.net.ssl.TrustManager;
14+import javax.net.ssl.TrustManagerFactory;
15+import javax.net.ssl.X509TrustManager;
16+
17+/**
18+ * Baseed on sample code from http://java.sun.com/javase/ja/6/docs/ja/technotes/guides/security/jsse/JSSERefGuide.html#X509TrustManager
19+ *
20+ * @author takuya-o@users.sourceforge.jp "Takuya Ono"
21+ */
22+public class RespondingX509TrustManager implements X509TrustManager {
23+ /*
24+ * The default PKIX X509TrustManager9. We'll delegate
25+ * decisions to it, and fall back to the logic in this class if the
26+ * default X509TrustManager doesn't trust it.
27+ */
28+
29+ X509TrustManager pkixTrustManager;
30+
31+ public RespondingX509TrustManager() throws Exception {
32+ // create a "default" JSSE X509TrustManager.
33+ File file = null;
34+ FileInputStream cacertsFileInputStream = null;
35+ char cacertsPass[] = null;
36+
37+ //Create&load KeyStore
38+ KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
39+ //KeyStore ks = KeyStore.getInstance("JKS");
40+ //ks.load(new FileInputStream("trustedCerts"), "passphrase".toCharArray());
41+ try {
42+ //Check file at sytem property javax.net.ssl.trustStore.
43+ String cacertsFileName = System.getProperty("javax.net.ssl.trustStore");
44+ if (cacertsFileName != null) {
45+ file = new File(cacertsFileName);
46+ System.out.println("System property javax.net.ssl.trustStore:"
47+ + cacertsFileName);
48+ }
49+ if (file == null) {
50+ //Check Default trustStore
51+ char SEP = File.separatorChar;
52+ String cacertsDirName = System.getProperty("java.home") + SEP + "lib"
53+ + SEP + "security";
54+ file = new File(cacertsDirName, "jssecacerts");
55+ if (!file.canRead()) {
56+ System.err.println("NotFound:" + file.getPath());
57+ file = new File(cacertsDirName, "cacerts");
58+ }
59+ }
60+ if (!file.canRead()) {
61+ System.err.println("NotFound:" + file.getPath());
62+ cacertsFileInputStream = null;
63+ } else {
64+ cacertsFileInputStream = new FileInputStream(file);
65+ System.err.println("Load trustStore:" + file.getPath());
66+ String cacertsPassString = System.getProperty("javax.net.ssl.trustStorePassword");
67+ if (cacertsPassString != null) {
68+ cacertsPass = cacertsPassString.toCharArray();
69+ }
70+ }
71+ } catch (NullPointerException npEx) {
72+ npEx.printStackTrace(System.out);
73+ cacertsFileInputStream = null;
74+ } catch (FileNotFoundException fnfEx) {
75+ System.err.println("CanNotRead(" + fnfEx + "):" + file.getPath());
76+ cacertsFileInputStream = null;
77+ } catch (SecurityException ex) {
78+ cacertsFileInputStream = null;
79+ System.err.println("CanNotRead(" + ex + "):" + file.getPath());
80+ }
81+ ks.load(cacertsFileInputStream, cacertsPass);
82+ cacertsFileInputStream.close();
83+
84+ TrustManagerFactory tmf =
85+ TrustManagerFactory.getInstance("PKIX");
86+ tmf.init(ks);
87+
88+ TrustManager tms[] = tmf.getTrustManagers();
89+
90+ /*
91+ * Iterate over the returned trustmanagers, look
92+ * for an instance of X509TrustManager. If found,
93+ * use that as our "default" trust manager.
94+ */
95+ for (int i = 0; i < tms.length; i++) {
96+ if (tms[i] instanceof X509TrustManager) {
97+ pkixTrustManager = (X509TrustManager) tms[i];
98+ //sun.security.ssl.X509TrustManagerImpl();
99+ return;
100+ }
101+ }
102+
103+ /*
104+ * Find some other way to initialize, or else we have to fail the
105+ * constructor.
106+ */
107+ throw new Exception("Couldn't initialize");
108+ }
109+
110+ /*
111+ * Delegate to the default trust manager.
112+ */
113+ public void checkClientTrusted(X509Certificate[] chain, String authType)
114+ throws CertificateException {
115+ try {
116+ pkixTrustManager.checkClientTrusted(chain, authType);
117+ } catch (CertificateException excep) {
118+ // do any special handling here, or rethrow exception.
119+ throw excep; // Same as X509TrustManager
120+ }
121+ }
122+
123+ /*
124+ * Delegate to the default trust manager.
125+ */
126+ public void checkServerTrusted(X509Certificate[] chain, String authType)
127+ throws CertificateException {
128+
129+ //List chain from
130+ //http://code.google.com/p/openmeetings/source/browse/trunk/singlewebapp/src/app/org/openmeetings/app/sip/xmlrpc/EasyX509TrustManager.java?r=3132
131+ if (chain != null) {
132+ System.out.println("Server certificate chain:");
133+ for (int i = 0; i < chain.length; i++) {
134+ System.out.println("X509Certificate[" + i + "]=" + chain[i].getSubjectDN() );
135+ }
136+ }
137+ try {
138+ pkixTrustManager.checkServerTrusted(chain, authType);
139+ } catch (CertificateException excep) {
140+ /*
141+ * Possibly pop up a dialog box asking whether to trust the
142+ * cert chain.
143+ */
144+ //TODO: Pop up waring dialog.
145+ System.err.println("Connecting untrusted SMTP server." + chain[0].getSubjectDN() );
146+ }
147+ }
148+
149+ /*
150+ * Merely pass this through.
151+ */
152+ public X509Certificate[] getAcceptedIssuers() {
153+ return pkixTrustManager.getAcceptedIssuers();
154+ }
155+}
Show on old repository browser