例: カスタム SSL トラスト決定用のカスタム・トラスト・マネージャーの作成
以下の例は、サンプルのカスタム・トラスト・マネージャーです。 カスタム・トラスト・マネージャーは、トラスト決定を行う代わりに、決定するに当たって参照する X.509 証明書の情報を使用します。
カスタム・トラスト・マネージャーをビルドしてパッケージした後、ピュア・クライアント用の ssl.client.props ファイルか、管理コンソールの SSLConfiguration TrustManager リンクを使用してこのマネージャーを構成します。
トラスト・マネージャーについての詳細は、トラスト・マネージャーによる X.509 証明書の信頼についての決定の制御を参照してください。
注: この例はサンプルとしてのみ使用します。サポートはされていません。
import java.security.cert.X509Certificate;
import javax.net.ssl.*;
import com.ibm.wsspi.ssl.TrustManagerExtendedInfo;
public final class CustomTrustManager implements X509TrustManager,
TrustManagerExtendedInfo
{
private static ThreadLocal threadLocStorage = new ThreadLocal();
private java.util.Properties sslConfig = null;
private java.util.Properties props = null;
public CustomTrustManager()
{
}
/**
* Method called by WebSphere Application Server run time to set the target
* host information and potentially other connection info in the future.
* This needs to be set on ThreadLocal since the same trust manager can be
* used by multiple connections.
*
* @param java.util.Map - Contains information about the connection.
*/
public void setExtendedInfo(java.util.Map info)
{
threadLocStorage.set(info);
}
/**
* Method called internally to retrieve information about the connection.
*
* @return java.util.Map - Contains information about the connection.
*/
private java.util.Map getExtendedInfo()
{
return (java.util.Map) threadLocStorage.get();
}
/**
* Method called by WebSphere Application Server run time to set the custom
* properties.
*
* @param java.util.Properties - custom props
*/
public void setCustomProperties(java.util.Properties customProps)
{
props = customProps;
}
/**
* Method called internally to the custom properties set in the Trust Manager
* configuration.
*
* @return java.util.Properties - information set in the configuration.
*/
private java.util.Properties getCustomProperties()
{
return props;
}
/**
* Method called by WebSphere Application Server runtime to set the SSL
* configuration properties being used for this connection.
*
* @param java.util.Properties - contains a property for the SSL configuration.
*/
public void setSSLConfig(java.util.Properties config)
{
sslConfig = config;
}
/**
* Method called by TrustManager to get access to the SSL configuration for
* this connection.
*
* @return java.util.Properties
*/
public java.util.Properties getSSLConfig ()
{
return sslConfig;
}
/**
* Method called on the server-side for establishing trust with a client.
* See API documentation for javax.net.ssl.X509TrustManager.
*/
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws java.security.cert.CertificateException
{
for (int j=0; j<chain.length; j++)
{
System.out.println("Client certificate information:");
System.out.println(" Subject DN: " + chain[j].getSubjectDN());
System.out.println(" Issuer DN: " + chain[j].getIssuerDN());
System.out.println(" Serial number: " + chain[j].getSerialNumber());
System.out.println("");
}
}
/**
* Method called on the client-side for establishing trust with a server.
* See API documentation for javax.net.ssl.X509TrustManager.
*/
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws java.security.cert.CertificateException
{
for (int j=0; j<chain.length; j++)
{
System.out.println("Server certificate information:");
System.out.println(" Subject DN: " + chain[j].getSubjectDN());
System.out.println(" Issuer DN: " + chain[j].getIssuerDN());
System.out.println(" Serial number: " + chain[j].getSerialNumber());
System.out.println("");
}
}
/**
* Return an array of certificate authority certificates which are trusted
* for authenticating peers. You can return null here since the IbmX509
* or IbmPKIX will provide a default set of issuers.
*
* See API documentation for javax.net.ssl.X509TrustManager.
*/
public X509Certificate[] getAcceptedIssuers()
{
return null;
}
}