/**
    * This Source Code Form is subject to the terms of the Mozilla Public
    * License, v. 2.0. If a copy of the MPL was not distributed with this
    * file, You can obtain one at http://mozilla.org/MPL/2.0/.
    *
    * If it is not possible or desirable to put the notice in a particular
    * file, then You may include the notice in a location (such as a LICENSE
    * file in a relevant directory) where a recipient would be likely to look
    * for such a notice.
  
   * 
   */
   
  /*  ---------------------------------------------------------------------------
   *  U.S. Government, Department of the Army
   *  Army Materiel Command
   *  Research Development Engineering Command
   *  Communications Electronics Research Development and Engineering Center
   *  ---------------------------------------------------------------------------
   */
  
  package org.miloss.fgsms.bueller;
  
  import javax.net.ssl.TrustManager;
  import javax.net.ssl.X509TrustManager;
  import java.security.cert.X509Certificate;
  
  import javax.net.ssl.X509TrustManager;
  import java.security.cert.CertificateException;
  import org.apache.commons.logging.Log; 
  import org.apache.commons.logging.LogFactory;
  /**
   *
   * @author AO
   */
  class AuthSSLX509TrustManager implements TrustManager {
  
  private X509TrustManager defaultTrustManager = null;
  
      /** Log object for this class. */
      private static final Log LOG = LogFactory.getLog(AuthSSLX509TrustManager.class);
  
      /**
       * Constructor for AuthSSLX509TrustManager.
       */
      public AuthSSLX509TrustManager(final X509TrustManager defaultTrustManager) {
          super();
          if (defaultTrustManager == null) {
              throw new IllegalArgumentException("Trust manager may not be null");
          }
          this.defaultTrustManager = defaultTrustManager;
      }
  
      /**
       * @see javax.net.ssl.X509TrustManager#checkClientTrusted(X509Certificate[],String authType)
       */
      public void checkClientTrusted(X509Certificate[] certificates,String authType) throws CertificateException {
          if (LOG.isInfoEnabled() && certificates != null) {
              for (int c = 0; c < certificates.length; c++) {
                  X509Certificate cert = certificates[c];
                  LOG.info(" Client certificate " + (c + 1) + ":");
                  LOG.info("  Subject DN: " + cert.getSubjectDN());
                  LOG.info("  Signature Algorithm: " + cert.getSigAlgName());
                  LOG.info("  Valid from: " + cert.getNotBefore() );
                  LOG.info("  Valid until: " + cert.getNotAfter());
                  LOG.info("  Issuer: " + cert.getIssuerDN());
              }
          }
          defaultTrustManager.checkClientTrusted(certificates,authType);
      }
  
      /**
       * @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[],String authType)
       */
      public void checkServerTrusted(X509Certificate[] certificates,String authType) throws CertificateException {
          if (LOG.isInfoEnabled() && certificates != null) {
              for (int c = 0; c < certificates.length; c++) {
                  X509Certificate cert = certificates[c];
                  LOG.info(" Server certificate " + (c + 1) + ":");
                  LOG.info("  Subject DN: " + cert.getSubjectDN());
                  LOG.info("  Signature Algorithm: " + cert.getSigAlgName());
                  LOG.info("  Valid from: " + cert.getNotBefore() );
                  LOG.info("  Valid until: " + cert.getNotAfter());
                  LOG.info("  Issuer: " + cert.getIssuerDN());
              }
          }
          defaultTrustManager.checkServerTrusted(certificates,authType);
      }
  
      /**
       * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers()
       */
      public X509Certificate[] getAcceptedIssuers() {
          return this.defaultTrustManager.getAcceptedIssuers();
      }
      
  }