001/* 002 * Copyright 2015-2024 the original author or authors 003 * 004 * This software is licensed under the Apache License, Version 2.0, 005 * the GNU Lesser General Public License version 2 or later ("LGPL") 006 * and the WTFPL. 007 * You may choose either license to govern your use of this software only 008 * upon the condition that you accept all of the terms of either 009 * the Apache License 2.0, the LGPL 2.1+ or the WTFPL. 010 */ 011package org.minidns.dane; 012 013import javax.net.ssl.X509TrustManager; 014import java.security.cert.CertificateException; 015import java.security.cert.X509Certificate; 016 017public class ExpectingTrustManager implements X509TrustManager { 018 private CertificateException exception; 019 private final X509TrustManager trustManager; 020 021 /** 022 * Creates a new instance of ExpectingTrustManager. 023 * 024 * @param trustManager The {@link X509TrustManager} to be used for verification. 025 * {@code null} to use the system default. 026 */ 027 public ExpectingTrustManager(X509TrustManager trustManager) { 028 this.trustManager = trustManager == null ? X509TrustManagerUtil.getDefault() : trustManager; 029 } 030 031 public boolean hasException() { 032 return exception != null; 033 } 034 035 public CertificateException getException() { 036 CertificateException e = exception; 037 exception = null; 038 return e; 039 } 040 041 @Override 042 public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { 043 try { 044 trustManager.checkClientTrusted(chain, authType); 045 } catch (CertificateException e) { 046 exception = e; 047 } 048 } 049 050 @Override 051 public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { 052 try { 053 trustManager.checkServerTrusted(chain, authType); 054 } catch (CertificateException e) { 055 exception = e; 056 } 057 } 058 059 @Override 060 public X509Certificate[] getAcceptedIssuers() { 061 return trustManager.getAcceptedIssuers(); 062 } 063}