View Javadoc
1   /*
2    * Copyright 2014 The Netty Project
3    *
4    * The Netty Project licenses this file to you under the Apache License,
5    * version 2.0 (the "License"); you may not use this file except in compliance
6    * with the License. You may obtain a copy of the License at:
7    *
8    *   https://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12   * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13   * License for the specific language governing permissions and limitations
14   * under the License.
15   */
16  
17  package io.netty.handler.ssl.util;
18  
19  import io.netty.util.internal.EmptyArrays;
20  import io.netty.util.internal.PlatformDependent;
21  import io.netty.util.internal.SuppressJava6Requirement;
22  import io.netty.util.internal.logging.InternalLogger;
23  import io.netty.util.internal.logging.InternalLoggerFactory;
24  
25  import javax.net.ssl.ManagerFactoryParameters;
26  import javax.net.ssl.TrustManager;
27  import javax.net.ssl.TrustManagerFactory;
28  import javax.net.ssl.X509TrustManager;
29  import java.security.KeyStore;
30  import java.security.cert.X509Certificate;
31  
32  /**
33   * An insecure {@link TrustManagerFactory} that trusts all X.509 certificates without any verification.
34   * <p>
35   * <strong>NOTE:</strong>
36   * Never use this {@link TrustManagerFactory} in production.
37   * It is purely for testing purposes, and thus it is very insecure.
38   * </p>
39   */
40  public final class InsecureTrustManagerFactory extends SimpleTrustManagerFactory {
41  
42      private static final InternalLogger logger = InternalLoggerFactory.getInstance(InsecureTrustManagerFactory.class);
43  
44      public static final TrustManagerFactory INSTANCE = new InsecureTrustManagerFactory();
45  
46      private static final TrustManager tm = wrapIfNeeded(new X509TrustManager() {
47  
48          @Override
49          public void checkClientTrusted(X509Certificate[] chain, String s) {
50              if (logger.isDebugEnabled()) {
51                  logger.debug("Accepting a client certificate: " + chain[0].getSubjectDN());
52              }
53          }
54  
55          @Override
56          public void checkServerTrusted(X509Certificate[] chain, String s) {
57              if (logger.isDebugEnabled()) {
58                  logger.debug("Accepting a server certificate: " + chain[0].getSubjectDN());
59              }
60          }
61  
62          @Override
63          public X509Certificate[] getAcceptedIssuers() {
64              return EmptyArrays.EMPTY_X509_CERTIFICATES;
65          }
66      });
67  
68      @SuppressJava6Requirement(reason = "Usage guarded by java version check")
69      static X509TrustManager wrapIfNeeded(X509TrustManager tm) {
70          if (PlatformDependent.javaVersion() >= 7) {
71              // This needs to be X509ExtendedTrustManager so hostname verification is skipped as well.
72              // Otherwise the JDK will internally wrap it with AbstractTrustManagerWrapper and add hostname verification
73              // by itself.
74              return new X509TrustManagerWrapper(tm);
75          }
76          return tm;
77      }
78  
79      private InsecureTrustManagerFactory() { }
80  
81      @Override
82      protected void engineInit(KeyStore keyStore) throws Exception { }
83  
84      @Override
85      protected void engineInit(ManagerFactoryParameters managerFactoryParameters) throws Exception { }
86  
87      @Override
88      protected TrustManager[] engineGetTrustManagers() {
89          return new TrustManager[] { tm };
90      }
91  }