in taverna-credential-manager-impl/src/main/java/org/apache/taverna/security/credentialmanager/impl/CredentialManagerImpl.java [2287:2344]
private boolean shouldTrust(final X509Certificate[] chain)
throws IllegalArgumentException {
if (chain == null || chain.length == 0)
throw new IllegalArgumentException(
"At least one certificate needed in chain");
/*
* If the certificate already exists in the truststore, it is implicitly
* trusted. This will try to avoid prompting user twice as
* checkServerTrusted() method gets called twice.
*
* Well, this is not working - checkServerTrusted() is still called
* twice.
*/
String alias = createTrustedCertificateAlias(chain[0]);
try {
if (truststore.containsAlias(alias))
return true;
} catch (KeyStoreException e) {
// Ignore
}
String name = chain[0].getSubjectX500Principal().getName();
for (TrustConfirmationProvider trustConfirmationProvider : trustConfirmationProviders) {
Boolean trustConfirmation = trustConfirmationProvider
.shouldTrustCertificate(chain);
if (trustConfirmation == null)
// SPI can't say yes or no, try next one
continue;
try {
if (trustConfirmation) {
// initialize(); // init the Credential Manager if needed
addTrustedCertificate((X509Certificate) chain[0]);
// this will initialize Cred. Manager
logger.info("Stored trusted certificate " + name);
}
} catch (CMException ex) {
logger.error("Credential Manager failed to "
+ "save trusted certificate " + name, ex);
}
if (logger.isDebugEnabled()) {
if (trustConfirmation) {
logger.debug("Trusting " + name + " according to "
+ trustConfirmationProvider);
} else {
logger.debug("Not trusting " + name + " according to "
+ trustConfirmationProvider);
}
}
return trustConfirmation.booleanValue();
}
logger.warn("No TrustConfirmationProvider instances could confirm or deny the trust in "
+ name);
// None of the trust confirmation providers (if there were any at all)
// could confirm
return false;
}