package usda.weru.util.ssl;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import java.util.stream.Collectors;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
/**
*
* @author mark
*/
public class WepsSslUtils {
private static final Logger logger = LogManager.getLogger(WepsSslUtils.class);
static public List<X509Certificate> defaultSslCertificates = WepsSslUtils.getDefaultCerts(false);
// temp cheat fix for NRCS
public static SSLSocketFactory wepsTrustManagerAcceptWepsMapLayers () {
// X509TrustManager defTrustManager;
SSLSocketFactory defFactory = null;
try {
defFactory = HttpsURLConnection.getDefaultSSLSocketFactory();
// Provider[] secProviders = Security.getProviders();
// TrustManagerFactory trustFact = TrustManagerFactory.getInstance("PKIX");
// KeyStore keyStore = KeyStore.getInstance("jks");
// trustFact.init(keyStore);
// TrustManager tmList[] = trustFact.getTrustManagers();
// defTrustManager = (X509TrustManager)tmList[0];
TrustManager trustManager = new WepsTrustManager(defaultSslCertificates);
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, new TrustManager[] { trustManager }, null);
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
System.out.println("set Weps custom ssl trust manager");
logger.info("set Weps custom ssl trust manager");
} catch (KeyManagementException | NoSuchAlgorithmException e) {
}
return defFactory;
}
// temp cheat fix for NRCS
public static void mapLayerResetDefaultTrustManager (SSLSocketFactory defFactory) {
HttpsURLConnection.setDefaultSSLSocketFactory(defFactory);
System.out.println("Weps mapLayer TrustManager reset to default");
logger.info("Weps mapLayer TrustManager reset to default");
}
public static List<X509Certificate> getDefaultCerts (boolean show) {
List<X509Certificate> certificates = null;
try {
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init((KeyStore) null);
List<TrustManager> trustManagers = Arrays.asList(trustManagerFactory.getTrustManagers());
certificates = trustManagers.stream()
.filter(X509TrustManager.class::isInstance)
.map(X509TrustManager.class::cast)
.map(trustManager -> Arrays.asList(trustManager.getAcceptedIssuers()))
.flatMap(Collection::stream)
.collect(Collectors.toList());
if (show) {
System.out.println("Weps AcceptAll: showDefaultCerts");
for (X509Certificate c : certificates) {
System.out.println(" Certificate subject dn:"+c.getSubjectDN()+" issuer dn:"+c.getIssuerDN());
logger.info(" Certificate subject dn:"+c.getSubjectDN()+" issuer dn:"+c.getIssuerDN());
}
}
} catch (Exception e) {
}
return certificates;
}
}