001/*
002 * The contents of this file are subject to the terms of the Common Development and
003 * Distribution License (the License). You may not use this file except in compliance with the
004 * License.
005 *
006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
007 * specific language governing permission and limitations under the License.
008 *
009 * When distributing Covered Software, include this CDDL Header Notice in each file and include
010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
011 * Header, with the fields enclosed by brackets [] replaced by your own identifying
012 * information: "Portions Copyright [year] [name of copyright owner]".
013 *
014 * Copyright 2015 ForgeRock AS.
015 */
016
017package org.forgerock.openig.security;
018
019import java.security.cert.CertificateException;
020import java.security.cert.X509Certificate;
021
022import javax.net.ssl.X509TrustManager;
023
024import org.forgerock.openig.heap.GenericHeaplet;
025import org.forgerock.openig.heap.HeapException;
026
027/**
028 * Trust all certificates that this class is asked to check.
029 */
030public class TrustAllManager implements X509TrustManager {
031
032    @Override
033    public void checkClientTrusted(final X509Certificate[] certificates, final String authType)
034            throws CertificateException { }
035
036    @Override
037    public void checkServerTrusted(final X509Certificate[] certificates, final String authType)
038            throws CertificateException { }
039
040    @Override
041    public X509Certificate[] getAcceptedIssuers() {
042        return new X509Certificate[0];
043    }
044
045    /**
046     * Creates and initializes a trust-all manager in a heap environment.
047     */
048    public static class Heaplet extends GenericHeaplet {
049        @Override
050        public Object create() throws HeapException {
051            logger.warning("Using TrustAllManager is not safe when deployed in production. "
052                                   + "Declare the appropriate KeyStore and linked TrustManager(s) instead.");
053            return new TrustAllManager();
054        }
055    }
056}