/* * DavMail POP/IMAP/SMTP/CalDav/LDAP Exchange Gateway * Copyright (C) 2011 Mickael Guessant * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ package davmail.http; import davmail.ui.SelectCertificateDialog; import org.apache.log4j.Logger; import javax.net.ssl.X509KeyManager; import java.net.Socket; import java.security.Principal; import java.security.PrivateKey; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Arrays; /** * Special X509 Key Manager that handles cases where more than one private key * is sufficient to establish the HTTPs connection by asking the user to * select one. */ public class DavMailX509KeyManager implements X509KeyManager { protected static final Logger LOGGER = Logger.getLogger(DavMailX509KeyManager.class); // Wrap an existing key manager to handle most of the interface as a pass through private final X509KeyManager keyManager; // Remember selected alias so we don't continually bug the user private String cachedAlias; /** * Build the specialized key manager wrapping the default one * * @param keyManager original key manager */ public DavMailX509KeyManager(X509KeyManager keyManager) { this.keyManager = keyManager; } /** * Get the client aliases, simply pass this through to wrapped key manager */ public String[] getClientAliases(String string, Principal[] principals) { return keyManager.getClientAliases(string, principals); } /** * Select a client alias. Some servers are misconfigured and claim to accept * any client certificate during the SSL handshake, however OWA only authenticates * using a single certificate. *
* This method allows the user to select the right client certificate */ public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) { // Build a list of all aliases ArrayList