-
SSLContextFactoryBean
-
JSSE_KEY_STORE_PROPERTY: String
-
JSSE_TRUST_STORE_PROPERTY: String
-
keyStore: KeyStoreFactoryBean
-
trustStore: KeyStoreFactoryBean
-
secureRandom: SecureRandomFactoryBean
-
keyManagerFactory: KeyManagerFactoryFactoryBean
-
trustManagerFactory: TrustManagerFactoryFactoryBean
-
protocol: String
-
provider: String
-
createContext(ContextAware): SSLContext
-
createKeyManagers(ContextAware): KeyManager[]
-
createTrustManagers(ContextAware): TrustManager[]
-
createSecureRandom(ContextAware): SecureRandom
-
getKeyStore(): KeyStoreFactoryBean
-
setKeyStore(KeyStoreFactoryBean): void
-
getTrustStore(): KeyStoreFactoryBean
-
setTrustStore(KeyStoreFactoryBean): void
-
keyStoreFromSystemProperties(String): KeyStoreFactoryBean
-
locationFromSystemProperty(String): String
-
getSecureRandom(): SecureRandomFactoryBean
-
setSecureRandom(SecureRandomFactoryBean): void
-
getKeyManagerFactory(): KeyManagerFactoryFactoryBean
-
setKeyManagerFactory(KeyManagerFactoryFactoryBean): void
-
getTrustManagerFactory(): TrustManagerFactoryFactoryBean
-
setTrustManagerFactory(TrustManagerFactoryFactoryBean): void
-
getProtocol(): String
-
setProtocol(String): void
-
getProvider(): String
-
setProvider(String): void
-
Logback: the reliable, generic, fast and flexible logging framework.
Copyright (C) 1999-2015, QOS.ch. All rights reserved.
This program and the accompanying materials are dual-licensed under
either the terms of the Eclipse Public License v1.0 as published by
the Eclipse Foundation
or (per the licensee's choosing)
under the terms of the GNU Lesser General Public License version 2.1
as published by the Free Software Foundation.
/**
* Logback: the reliable, generic, fast and flexible logging framework.
* Copyright (C) 1999-2015, QOS.ch. All rights reserved.
*
* This program and the accompanying materials are dual-licensed under
* either the terms of the Eclipse Public License v1.0 as published by
* the Eclipse Foundation
*
* or (per the licensee's choosing)
*
* under the terms of the GNU Lesser General Public License version 2.1
* as published by the Free Software Foundation.
*/
package ch.qos.logback.core.net.ssl;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import ch.qos.logback.core.spi.ContextAware;
A factory bean for a JSSE SSLContext. This object holds the configurable properties for an SSL context and uses them to create an SSLContext instance.
Author: Carl Harris
/**
* A factory bean for a JSSE {@link SSLContext}.
* <p>
* This object holds the configurable properties for an SSL context and uses
* them to create an {@link SSLContext} instance.
*
* @author Carl Harris
*/
public class SSLContextFactoryBean {
private static final String JSSE_KEY_STORE_PROPERTY = "javax.net.ssl.keyStore";
private static final String JSSE_TRUST_STORE_PROPERTY = "javax.net.ssl.trustStore";
private KeyStoreFactoryBean keyStore;
private KeyStoreFactoryBean trustStore;
private SecureRandomFactoryBean secureRandom;
private KeyManagerFactoryFactoryBean keyManagerFactory;
private TrustManagerFactoryFactoryBean trustManagerFactory;
private String protocol;
private String provider;
Creates a new SSLContext using the receiver's configuration. Params: - context – context for status messages
Throws: - NoSuchProviderException – if a provider specified for one of the
JCA or JSSE components utilized in creating the context is not
known to the platform
- NoSuchAlgorithmException – if a JCA or JSSE algorithm, protocol,
or type name specified for one of the context's components is not
known to a given provider (or platform default provider for the
component)
- KeyManagementException – if an error occurs in creating a
KeyManager for the context - UnrecoverableKeyException – if a private key needed by a
KeyManager cannot be obtained from a key store - KeyStoreException – if an error occurs in reading the
contents of a key store
- CertificateException – if an error occurs in reading the
contents of a certificate
Returns: SSLContext object
/**
* Creates a new {@link SSLContext} using the receiver's configuration.
* @param context context for status messages
* @return {@link SSLContext} object
* @throws NoSuchProviderException if a provider specified for one of the
* JCA or JSSE components utilized in creating the context is not
* known to the platform
* @throws NoSuchAlgorithmException if a JCA or JSSE algorithm, protocol,
* or type name specified for one of the context's components is not
* known to a given provider (or platform default provider for the
* component)
* @throws KeyManagementException if an error occurs in creating a
* {@link KeyManager} for the context
* @throws UnrecoverableKeyException if a private key needed by a
* {@link KeyManager} cannot be obtained from a key store
* @throws KeyStoreException if an error occurs in reading the
* contents of a key store
* @throws CertificateException if an error occurs in reading the
* contents of a certificate
*/
public SSLContext createContext(ContextAware context) throws NoSuchProviderException, NoSuchAlgorithmException, KeyManagementException,
UnrecoverableKeyException, KeyStoreException, CertificateException {
SSLContext sslContext = getProvider() != null ? SSLContext.getInstance(getProtocol(), getProvider()) : SSLContext.getInstance(getProtocol());
context.addInfo("SSL protocol '" + sslContext.getProtocol() + "' provider '" + sslContext.getProvider() + "'");
KeyManager[] keyManagers = createKeyManagers(context);
TrustManager[] trustManagers = createTrustManagers(context);
SecureRandom secureRandom = createSecureRandom(context);
sslContext.init(keyManagers, trustManagers, secureRandom);
return sslContext;
}
Creates key managers using the receiver's key store configuration.
Params: - context – context for status messages
Throws: - NoSuchProviderException – if a provider specified for one
of the key manager components is not known to the platform
- NoSuchAlgorithmException – if an algorithm specified for
one of the key manager components is not known to the relevant
provider
- KeyStoreException – if an error occurs in reading a key store
Returns: an array of key managers or null if no key store configuration was provided
/**
* Creates key managers using the receiver's key store configuration.
* @param context context for status messages
* @return an array of key managers or {@code null} if no key store
* configuration was provided
* @throws NoSuchProviderException if a provider specified for one
* of the key manager components is not known to the platform
* @throws NoSuchAlgorithmException if an algorithm specified for
* one of the key manager components is not known to the relevant
* provider
* @throws KeyStoreException if an error occurs in reading a key store
*/
private KeyManager[] createKeyManagers(ContextAware context) throws NoSuchProviderException, NoSuchAlgorithmException, UnrecoverableKeyException,
KeyStoreException {
if (getKeyStore() == null)
return null;
KeyStore keyStore = getKeyStore().createKeyStore();
context.addInfo("key store of type '" + keyStore.getType() + "' provider '" + keyStore.getProvider() + "': " + getKeyStore().getLocation());
KeyManagerFactory kmf = getKeyManagerFactory().createKeyManagerFactory();
context.addInfo("key manager algorithm '" + kmf.getAlgorithm() + "' provider '" + kmf.getProvider() + "'");
char[] passphrase = getKeyStore().getPassword().toCharArray();
kmf.init(keyStore, passphrase);
return kmf.getKeyManagers();
}
Creates trust managers using the receiver's trust store configuration.
Params: - context – context for status messages
Throws: - NoSuchProviderException – if a provider specified for one
of the trust manager components is not known to the platform
- NoSuchAlgorithmException – if an algorithm specified for
one of the trust manager components is not known to the relevant
provider
- KeyStoreException – if an error occurs in reading a key
store containing trust anchors
Returns: an array of trust managers or null if no trust store configuration was provided
/**
* Creates trust managers using the receiver's trust store configuration.
* @param context context for status messages
* @return an array of trust managers or {@code null} if no trust store
* configuration was provided
* @throws NoSuchProviderException if a provider specified for one
* of the trust manager components is not known to the platform
* @throws NoSuchAlgorithmException if an algorithm specified for
* one of the trust manager components is not known to the relevant
* provider
* @throws KeyStoreException if an error occurs in reading a key
* store containing trust anchors
*/
private TrustManager[] createTrustManagers(ContextAware context) throws NoSuchProviderException, NoSuchAlgorithmException, KeyStoreException {
if (getTrustStore() == null)
return null;
KeyStore trustStore = getTrustStore().createKeyStore();
context.addInfo("trust store of type '" + trustStore.getType() + "' provider '" + trustStore.getProvider() + "': " + getTrustStore().getLocation());
TrustManagerFactory tmf = getTrustManagerFactory().createTrustManagerFactory();
context.addInfo("trust manager algorithm '" + tmf.getAlgorithm() + "' provider '" + tmf.getProvider() + "'");
tmf.init(trustStore);
return tmf.getTrustManagers();
}
private SecureRandom createSecureRandom(ContextAware context) throws NoSuchProviderException, NoSuchAlgorithmException {
SecureRandom secureRandom = getSecureRandom().createSecureRandom();
context.addInfo("secure random algorithm '" + secureRandom.getAlgorithm() + "' provider '" + secureRandom.getProvider() + "'");
return secureRandom;
}
Gets the key store configuration.
Returns: key store factory bean or null if no key store configuration was provided
/**
* Gets the key store configuration.
* @return key store factory bean or {@code null} if no key store
* configuration was provided
*/
public KeyStoreFactoryBean getKeyStore() {
if (keyStore == null) {
keyStore = keyStoreFromSystemProperties(JSSE_KEY_STORE_PROPERTY);
}
return keyStore;
}
Sets the key store configuration.
Params: - keyStore – the key store factory bean to set
/**
* Sets the key store configuration.
* @param keyStore the key store factory bean to set
*/
public void setKeyStore(KeyStoreFactoryBean keyStore) {
this.keyStore = keyStore;
}
Gets the trust store configuration.
Returns: trust store factory bean or null if no trust store configuration was provided
/**
* Gets the trust store configuration.
* @return trust store factory bean or {@code null} if no trust store
* configuration was provided
*/
public KeyStoreFactoryBean getTrustStore() {
if (trustStore == null) {
trustStore = keyStoreFromSystemProperties(JSSE_TRUST_STORE_PROPERTY);
}
return trustStore;
}
Sets the trust store configuration.
Params: - trustStore – the trust store factory bean to set
/**
* Sets the trust store configuration.
* @param trustStore the trust store factory bean to set
*/
public void setTrustStore(KeyStoreFactoryBean trustStore) {
this.trustStore = trustStore;
}
Constructs a key store factory bean using JSSE system properties.
Params: - property – base property name (e.g.
javax.net.ssl.keyStore)
Returns: key store or null if no value is defined for the base system property name
/**
* Constructs a key store factory bean using JSSE system properties.
* @param property base property name (e.g. {@code javax.net.ssl.keyStore})
* @return key store or {@code null} if no value is defined for the
* base system property name
*/
private KeyStoreFactoryBean keyStoreFromSystemProperties(String property) {
if (System.getProperty(property) == null)
return null;
KeyStoreFactoryBean keyStore = new KeyStoreFactoryBean();
keyStore.setLocation(locationFromSystemProperty(property));
keyStore.setProvider(System.getProperty(property + "Provider"));
keyStore.setPassword(System.getProperty(property + "Password"));
keyStore.setType(System.getProperty(property + "Type"));
return keyStore;
}
Constructs a resource location from a JSSE system property.
Params: - name – property name (e.g.
javax.net.ssl.keyStore)
Returns: URL for the location specified in the property or null if no value is defined for the property
/**
* Constructs a resource location from a JSSE system property.
* @param name property name (e.g. {@code javax.net.ssl.keyStore})
* @return URL for the location specified in the property or {@code null}
* if no value is defined for the property
*/
private String locationFromSystemProperty(String name) {
String location = System.getProperty(name);
if (location != null && !location.startsWith("file:")) {
location = "file:" + location;
}
return location;
}
Gets the secure random generator configuration.
Returns: secure random factory bean; if no secure random generator
configuration has been set, a default factory bean is returned
/**
* Gets the secure random generator configuration.
* @return secure random factory bean; if no secure random generator
* configuration has been set, a default factory bean is returned
*/
public SecureRandomFactoryBean getSecureRandom() {
if (secureRandom == null) {
return new SecureRandomFactoryBean();
}
return secureRandom;
}
Sets the secure random generator configuration.
Params: - secureRandom – the secure random factory bean to set
/**
* Sets the secure random generator configuration.
* @param secureRandom the secure random factory bean to set
*/
public void setSecureRandom(SecureRandomFactoryBean secureRandom) {
this.secureRandom = secureRandom;
}
Gets the key manager factory configuration.
Returns: factory bean; if no key manager factory
configuration has been set, a default factory bean is returned
/**
* Gets the key manager factory configuration.
* @return factory bean; if no key manager factory
* configuration has been set, a default factory bean is returned
*/
public KeyManagerFactoryFactoryBean getKeyManagerFactory() {
if (keyManagerFactory == null) {
return new KeyManagerFactoryFactoryBean();
}
return keyManagerFactory;
}
Sets the key manager factory configuration.
Params: - keyManagerFactory – the key manager factory factory bean to set
/**
* Sets the key manager factory configuration.
* @param keyManagerFactory the key manager factory factory bean to set
*/
public void setKeyManagerFactory(KeyManagerFactoryFactoryBean keyManagerFactory) {
this.keyManagerFactory = keyManagerFactory;
}
Gets the trust manager factory configuration.
Returns: factory bean; if no trust manager factory
configuration has been set, a default factory bean is returned
/**
* Gets the trust manager factory configuration.
* @return factory bean; if no trust manager factory
* configuration has been set, a default factory bean is returned
*/
public TrustManagerFactoryFactoryBean getTrustManagerFactory() {
if (trustManagerFactory == null) {
return new TrustManagerFactoryFactoryBean();
}
return trustManagerFactory;
}
Sets the trust manager factory configuration.
Params: - trustManagerFactory – the factory bean to set
/**
* Sets the trust manager factory configuration.
* @param trustManagerFactory the factory bean to set
*/
public void setTrustManagerFactory(TrustManagerFactoryFactoryBean trustManagerFactory) {
this.trustManagerFactory = trustManagerFactory;
}
Gets the secure transport protocol name.
Returns: protocol name (e.g. SSL, TLS); the SSL.DEFAULT_PROTOCOL is returned if no protocol has been configured
/**
* Gets the secure transport protocol name.
* @return protocol name (e.g. {@code SSL}, {@code TLS}); the
* {@link SSL#DEFAULT_PROTOCOL} is returned if no protocol has been
* configured
*/
public String getProtocol() {
if (protocol == null) {
return SSL.DEFAULT_PROTOCOL;
}
return protocol;
}
Sets the secure transport protocol name.
Params: - protocol – a protocol name, which must be recognized by the provider specified by
setProvider(String) or by the platform's default provider if no platform was specified.
/**
* Sets the secure transport protocol name.
* @param protocol a protocol name, which must be recognized by the provider
* specified by {@link #setProvider(String)} or by the platform's
* default provider if no platform was specified.
*/
public void setProtocol(String protocol) {
this.protocol = protocol;
}
Gets the JSSE provider name for the SSL context.
Returns: JSSE provider name
/**
* Gets the JSSE provider name for the SSL context.
* @return JSSE provider name
*/
public String getProvider() {
return provider;
}
Sets the JSSE provider name for the SSL context.
Params: - provider – name of the JSSE provider to use in creating the
SSL context
/**
* Sets the JSSE provider name for the SSL context.
* @param provider name of the JSSE provider to use in creating the
* SSL context
*/
public void setProvider(String provider) {
this.provider = provider;
}
}