|
| 1 | +// Copyright (c) 2007-Present Pivotal Software, Inc. All rights reserved. |
| 2 | +// |
| 3 | +// This software, the RabbitMQ Java client library, is triple-licensed under the |
| 4 | +// Mozilla Public License 1.1 ("MPL"), the GNU General Public License version 2 |
| 5 | +// ("GPL") and the Apache License version 2 ("ASL"). For the MPL, please see |
| 6 | +// LICENSE-MPL-RabbitMQ. For the GPL, please see LICENSE-GPL2. For the ASL, |
| 7 | +// please see LICENSE-APACHE2. |
| 8 | +// |
| 9 | +// This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, |
| 10 | +// either express or implied. See the LICENSE file for specific language governing |
| 11 | +// rights and limitations of this software. |
| 12 | +// |
| 13 | +// If you have any questions regarding licensing, please contact us at |
| 14 | +// info@rabbitmq.com. |
| 15 | + |
| 16 | + |
| 17 | +package com.rabbitmq.client; |
| 18 | + |
| 19 | +import org.slf4j.LoggerFactory; |
| 20 | + |
| 21 | +import javax.net.ssl.X509TrustManager; |
| 22 | +import java.security.cert.X509Certificate; |
| 23 | + |
| 24 | +/** |
| 25 | + * Convenience class providing a default implementation of javax.net.ssl.X509TrustManager. |
| 26 | + * Trusts every single certificate presented to it. |
| 27 | + */ |
| 28 | +public class TrustEverythingTrustManager implements X509TrustManager { |
| 29 | + |
| 30 | + public TrustEverythingTrustManager() { |
| 31 | + LoggerFactory.getLogger(TrustEverythingTrustManager.class).warn( |
| 32 | + "This trust manager trusts every certificate, effectively disabling peer verification. " + |
| 33 | + "This is convenient for local development but prone to man-in-the-middle attacks. " + |
| 34 | + "Please see http://www.rabbitmq.com/ssl.html#validating-cerficates to learn more about peer certificate validation." |
| 35 | + ); |
| 36 | + } |
| 37 | + |
| 38 | + /** |
| 39 | + * Doesn't even bother looking at its arguments, simply returns, |
| 40 | + * which makes the check succeed. |
| 41 | + */ |
| 42 | + @Override |
| 43 | + public void checkClientTrusted(X509Certificate[] chain, String authType) { |
| 44 | + // Do nothing. |
| 45 | + } |
| 46 | + |
| 47 | + /** |
| 48 | + * Doesn't even bother looking at its arguments, simply returns, |
| 49 | + * which makes the check succeed. |
| 50 | + */ |
| 51 | + @Override |
| 52 | + public void checkServerTrusted(X509Certificate[] chain, String authType) { |
| 53 | + // Do nothing. |
| 54 | + } |
| 55 | + |
| 56 | + /** |
| 57 | + * Always returns an empty array of X509Certificates. |
| 58 | + */ |
| 59 | + @Override |
| 60 | + public X509Certificate[] getAcceptedIssuers() { |
| 61 | + return new X509Certificate[0]; |
| 62 | + } |
| 63 | +} |
0 commit comments