/*
* Copyright (c) 2007, 2019 Oracle and/or its affiliates. All rights reserved.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0, which is available at
* http://www.eclipse.org/legal/epl-2.0.
*
* This Source Code may also be made available under the following Secondary
* Licenses when the conditions for such availability set forth in the
* Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
* version 2 with the GNU Classpath Exception, which is available at
* https://www.gnu.org/software/classpath/license.html.
*
* SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
*/
package org.glassfish.jersey;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.AccessController;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.Properties;
import java.util.logging.Logger;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.glassfish.jersey.internal.LocalizationMessages;
import org.glassfish.jersey.internal.util.PropertiesHelper;
Utility class, which helps to configure SSLContext
instances. For example: SslConfigurator sslConfig = SslConfigurator.newInstance()
.trustStoreFile("truststore.jks")
.trustStorePassword("asdfgh")
.trustStoreType("JKS")
.trustManagerFactoryAlgorithm("PKIX")
.keyStoreFile("keystore.jks")
.keyPassword("asdfgh")
.keyStoreType("JKS")
.keyManagerFactoryAlgorithm("SunX509")
.keyStoreProvider("SunJSSE")
.securityProtocol("SSL");
SSLContext sslContext = sslConfig.createSSLContext();
Author: Alexey Stashok, Hubert Iwaniuk, Bruno Harbulot, Marek Potociar
/**
* Utility class, which helps to configure {@link SSLContext} instances.
*
* For example:
* <pre>
* SslConfigurator sslConfig = SslConfigurator.newInstance()
* .trustStoreFile("truststore.jks")
* .trustStorePassword("asdfgh")
* .trustStoreType("JKS")
* .trustManagerFactoryAlgorithm("PKIX")
*
* .keyStoreFile("keystore.jks")
* .keyPassword("asdfgh")
* .keyStoreType("JKS")
* .keyManagerFactoryAlgorithm("SunX509")
* .keyStoreProvider("SunJSSE")
*
* .securityProtocol("SSL");
*
* SSLContext sslContext = sslConfig.createSSLContext();
* </pre>
*
* @author Alexey Stashok
* @author Hubert Iwaniuk
* @author Bruno Harbulot
* @author Marek Potociar
*/
@SuppressWarnings("UnusedDeclaration")
public final class SslConfigurator {
Trust store provider name. The value MUST be a String
representing the name of a trust store provider.
No default value is set.
The name of the configuration property is "javax.net.ssl.trustStoreProvider".
/**
* <em>Trust</em> store provider name.
*
* The value MUST be a {@code String} representing the name of a <em>trust</em> store provider.
* <p>
* No default value is set.
* </p>
* <p>
* The name of the configuration property is <tt>{@value}</tt>.
* </p>
*/
public static final String TRUST_STORE_PROVIDER = "javax.net.ssl.trustStoreProvider";
Key store provider name. The value MUST be a String
representing the name of a trust store provider.
No default value is set.
The name of the configuration property is "javax.net.ssl.keyStoreProvider".
/**
* <em>Key</em> store provider name.
*
* The value MUST be a {@code String} representing the name of a <em>trust</em> store provider.
* <p>
* No default value is set.
* </p>
* <p>
* The name of the configuration property is <tt>{@value}</tt>.
* </p>
*/
public static final String KEY_STORE_PROVIDER = "javax.net.ssl.keyStoreProvider";
Trust store file name. The value MUST be a String
representing the name of a trust store file.
No default value is set.
The name of the configuration property is "javax.net.ssl.trustStore".
/**
* <em>Trust</em> store file name.
*
* The value MUST be a {@code String} representing the name of a <em>trust</em> store file.
* <p>
* No default value is set.
* </p>
* <p>
* The name of the configuration property is <tt>{@value}</tt>.
* </p>
*/
public static final String TRUST_STORE_FILE = "javax.net.ssl.trustStore";
Key store file name. The value MUST be a String
representing the name of a key store file.
No default value is set.
The name of the configuration property is "javax.net.ssl.keyStore".
/**
* <em>Key</em> store file name.
*
* The value MUST be a {@code String} representing the name of a <em>key</em> store file.
* <p>
* No default value is set.
* </p>
* <p>
* The name of the configuration property is <tt>{@value}</tt>.
* </p>
*/
public static final String KEY_STORE_FILE = "javax.net.ssl.keyStore";
Trust store file password - the password used to unlock the trust store file. The value MUST be a String
representing the trust store file password.
No default value is set.
The name of the configuration property is "javax.net.ssl.trustStorePassword".
/**
* <em>Trust</em> store file password - the password used to unlock the <em>trust</em> store file.
*
* The value MUST be a {@code String} representing the <em>trust</em> store file password.
* <p>
* No default value is set.
* </p>
* <p>
* The name of the configuration property is <tt>{@value}</tt>.
* </p>
*/
public static final String TRUST_STORE_PASSWORD = "javax.net.ssl.trustStorePassword";
Key store file password - the password used to unlock the trust store file. The value MUST be a String
representing the key store file password.
No default value is set.
The name of the configuration property is "javax.net.ssl.keyStorePassword".
/**
* <em>Key</em> store file password - the password used to unlock the <em>trust</em> store file.
*
* The value MUST be a {@code String} representing the <em>key</em> store file password.
* <p>
* No default value is set.
* </p>
* <p>
* The name of the configuration property is <tt>{@value}</tt>.
* </p>
*/
public static final String KEY_STORE_PASSWORD = "javax.net.ssl.keyStorePassword";
Trust store type (see KeyStore.getType()
for more info). The value MUST be a String
representing the trust store type name.
No default value is set.
The name of the configuration property is "javax.net.ssl.trustStoreType".
/**
* <em>Trust</em> store type (see {@link java.security.KeyStore#getType()} for more info).
*
* The value MUST be a {@code String} representing the <em>trust</em> store type name.
* <p>
* No default value is set.
* </p>
* <p>
* The name of the configuration property is <tt>{@value}</tt>.
* </p>
*/
public static final String TRUST_STORE_TYPE = "javax.net.ssl.trustStoreType";
Key store type (see KeyStore.getType()
for more info). The value MUST be a String
representing the key store type name.
No default value is set.
The name of the configuration property is "javax.net.ssl.keyStoreType".
/**
* <em>Key</em> store type (see {@link java.security.KeyStore#getType()} for more info).
*
* The value MUST be a {@code String} representing the <em>key</em> store type name.
* <p>
* No default value is set.
* </p>
* <p>
* The name of the configuration property is <tt>{@value}</tt>.
* </p>
*/
public static final String KEY_STORE_TYPE = "javax.net.ssl.keyStoreType";
Key manager factory algorithm name. The value MUST be a String
representing the key manager factory algorithm name.
No default value is set.
The name of the configuration property is "ssl.keyManagerFactory.algorithm".
/**
* <em>Key</em> manager factory algorithm name.
*
* The value MUST be a {@code String} representing the <em>key</em> manager factory algorithm name.
* <p>
* No default value is set.
* </p>
* <p>
* The name of the configuration property is <tt>{@value}</tt>.
* </p>
*/
public static final String KEY_MANAGER_FACTORY_ALGORITHM = "ssl.keyManagerFactory.algorithm";
Key manager factory provider name. The value MUST be a String
representing the key manager factory provider name.
No default value is set.
The name of the configuration property is "ssl.keyManagerFactory.provider".
/**
* <em>Key</em> manager factory provider name.
*
* The value MUST be a {@code String} representing the <em>key</em> manager factory provider name.
* <p>
* No default value is set.
* </p>
* <p>
* The name of the configuration property is <tt>{@value}</tt>.
* </p>
*/
public static final String KEY_MANAGER_FACTORY_PROVIDER = "ssl.keyManagerFactory.provider";
Trust manager factory algorithm name. The value MUST be a String
representing the trust manager factory algorithm name.
No default value is set.
The name of the configuration property is "ssl.trustManagerFactory.algorithm".
/**
* <em>Trust</em> manager factory algorithm name.
*
* The value MUST be a {@code String} representing the <em>trust</em> manager factory algorithm name.
* <p>
* No default value is set.
* </p>
* <p>
* The name of the configuration property is <tt>{@value}</tt>.
* </p>
*/
public static final String TRUST_MANAGER_FACTORY_ALGORITHM = "ssl.trustManagerFactory.algorithm";
Trust manager factory provider name. The value MUST be a String
representing the trust manager factory provider name.
No default value is set.
The name of the configuration property is "ssl.trustManagerFactory.provider".
/**
* <em>Trust</em> manager factory provider name.
*
* The value MUST be a {@code String} representing the <em>trust</em> manager factory provider name.
* <p>
* No default value is set.
* </p>
* <p>
* The name of the configuration property is <tt>{@value}</tt>.
* </p>
*/
public static final String TRUST_MANAGER_FACTORY_PROVIDER = "ssl.trustManagerFactory.provider";
Default SSL configuration that is used to create default SSL context instances that do not take into
account system properties.
/**
* Default SSL configuration that is used to create default SSL context instances that do not take into
* account system properties.
*/
private static final SslConfigurator DEFAULT_CONFIG_NO_PROPS = new SslConfigurator(false);
Logger.
/**
* Logger.
*/
private static final Logger LOGGER = Logger.getLogger(SslConfigurator.class.getName());
private KeyStore keyStore;
private KeyStore trustStore;
private String trustStoreProvider;
private String keyStoreProvider;
private String trustStoreType;
private String keyStoreType;
private char[] trustStorePass;
private char[] keyStorePass;
private char[] keyPass;
private String trustStoreFile;
private String keyStoreFile;
private byte[] trustStoreBytes;
private byte[] keyStoreBytes;
private String trustManagerFactoryAlgorithm;
private String keyManagerFactoryAlgorithm;
private String trustManagerFactoryProvider;
private String keyManagerFactoryProvider;
private String securityProtocol = "TLS";
Get a new instance of a SSLContext
configured using default configuration settings. The default SSL configuration is initialized from system properties. This method is a shortcut for getDefaultContext(true)
. Returns: new instance of a default SSL context initialized from system properties.
/**
* Get a new instance of a {@link SSLContext} configured using default configuration settings.
*
* The default SSL configuration is initialized from system properties. This method is a shortcut
* for {@link #getDefaultContext(boolean) getDefaultContext(true)}.
*
* @return new instance of a default SSL context initialized from system properties.
*/
public static SSLContext getDefaultContext() {
return getDefaultContext(true);
}
Get a new instance of a SSLContext
configured using default configuration settings. If readSystemProperties
parameter is set to true
, the default SSL configuration is initialized from system properties. Params: - readSystemProperties – if
true
, the default SSL context will be initialized using system properties.
Returns: new instance of a default SSL context initialized from system properties.
/**
* Get a new instance of a {@link SSLContext} configured using default configuration settings.
*
* If {@code readSystemProperties} parameter is set to {@code true}, the default SSL configuration
* is initialized from system properties.
*
* @param readSystemProperties if {@code true}, the default SSL context will be initialized using
* system properties.
* @return new instance of a default SSL context initialized from system properties.
*/
public static SSLContext getDefaultContext(boolean readSystemProperties) {
if (readSystemProperties) {
return new SslConfigurator(true).createSSLContext();
} else {
return DEFAULT_CONFIG_NO_PROPS.createSSLContext();
}
}
Get a new & initialized SSL configurator instance. The the instantiated configurator will be empty.
Returns: new & initialized SSL configurator instance.
/**
* Get a new & initialized SSL configurator instance. The the instantiated configurator will be empty.
*
* @return new & initialized SSL configurator instance.
*/
public static SslConfigurator newInstance() {
return new SslConfigurator(false);
}
Get a new SSL configurator instance.
Params: - readSystemProperties – if
true
, Retrieves
the initial configuration from System.getProperty(String)
}, otherwise the instantiated configurator will be empty.
Returns: new SSL configurator instance.
/**
* Get a new SSL configurator instance.
*
* @param readSystemProperties if {@code true}, {@link #retrieve() Retrieves} the initial configuration from
* {@link System#getProperty(String)}}, otherwise the instantiated configurator will
* be empty.
* @return new SSL configurator instance.
*/
public static SslConfigurator newInstance(boolean readSystemProperties) {
return new SslConfigurator(readSystemProperties);
}
private SslConfigurator(boolean readSystemProperties) {
if (readSystemProperties) {
retrieve();
}
}
private SslConfigurator(SslConfigurator that) {
this.keyStore = that.keyStore;
this.trustStore = that.trustStore;
this.trustStoreProvider = that.trustStoreProvider;
this.keyStoreProvider = that.keyStoreProvider;
this.trustStoreType = that.trustStoreType;
this.keyStoreType = that.keyStoreType;
this.trustStorePass = that.trustStorePass;
this.keyStorePass = that.keyStorePass;
this.keyPass = that.keyPass;
this.trustStoreFile = that.trustStoreFile;
this.keyStoreFile = that.keyStoreFile;
this.trustStoreBytes = that.trustStoreBytes;
this.keyStoreBytes = that.keyStoreBytes;
this.trustManagerFactoryAlgorithm = that.trustManagerFactoryAlgorithm;
this.keyManagerFactoryAlgorithm = that.keyManagerFactoryAlgorithm;
this.trustManagerFactoryProvider = that.trustManagerFactoryProvider;
this.keyManagerFactoryProvider = that.keyManagerFactoryProvider;
this.securityProtocol = that.securityProtocol;
}
Create a copy of the current SSL configurator instance.
Returns: copy of the current SSL configurator instance
/**
* Create a copy of the current SSL configurator instance.
*
* @return copy of the current SSL configurator instance
*/
public SslConfigurator copy() {
return new SslConfigurator(this);
}
Set the trust store provider name.
Params: - trustStoreProvider – trust store provider to set.
Returns: updated SSL configurator instance.
/**
* Set the <em>trust</em> store provider name.
*
* @param trustStoreProvider <em>trust</em> store provider to set.
* @return updated SSL configurator instance.
*/
public SslConfigurator trustStoreProvider(String trustStoreProvider) {
this.trustStoreProvider = trustStoreProvider;
return this;
}
Set the key store provider name.
Params: - keyStoreProvider – key store provider to set.
Returns: updated SSL configurator instance.
/**
* Set the <em>key</em> store provider name.
*
* @param keyStoreProvider <em>key</em> store provider to set.
* @return updated SSL configurator instance.
*/
public SslConfigurator keyStoreProvider(String keyStoreProvider) {
this.keyStoreProvider = keyStoreProvider;
return this;
}
Set the type of trust store.
Params: - trustStoreType – type of trust store to set.
Returns: updated SSL configurator instance.
/**
* Set the type of <em>trust</em> store.
*
* @param trustStoreType type of <em>trust</em> store to set.
* @return updated SSL configurator instance.
*/
public SslConfigurator trustStoreType(String trustStoreType) {
this.trustStoreType = trustStoreType;
return this;
}
Set the type of key store.
Params: - keyStoreType – type of key store to set.
Returns: updated SSL configurator instance.
/**
* Set the type of <em>key</em> store.
*
* @param keyStoreType type of <em>key</em> store to set.
* @return updated SSL configurator instance.
*/
public SslConfigurator keyStoreType(String keyStoreType) {
this.keyStoreType = keyStoreType;
return this;
}
Set the password of trust store.
Params: - password – password of trust store to set.
Returns: updated SSL configurator instance.
/**
* Set the password of <em>trust</em> store.
*
* @param password password of <em>trust</em> store to set.
* @return updated SSL configurator instance.
*/
public SslConfigurator trustStorePassword(String password) {
this.trustStorePass = password.toCharArray();
return this;
}
Set the password of key store.
Params: - password – password of key store to set.
Returns: updated SSL configurator instance.
/**
* Set the password of <em>key</em> store.
*
* @param password password of <em>key</em> store to set.
* @return updated SSL configurator instance.
*/
public SslConfigurator keyStorePassword(String password) {
this.keyStorePass = password.toCharArray();
return this;
}
Set the password of key store.
Params: - password – password of key store to set.
Returns: updated SSL configurator instance.
/**
* Set the password of <em>key</em> store.
*
* @param password password of <em>key</em> store to set.
* @return updated SSL configurator instance.
*/
public SslConfigurator keyStorePassword(char[] password) {
this.keyStorePass = password.clone();
return this;
}
Set the password of the key in the key store.
Params: - password – password of key to set.
Returns: updated SSL configurator instance.
/**
* Set the password of the key in the <em>key</em> store.
*
* @param password password of <em>key</em> to set.
* @return updated SSL configurator instance.
*/
public SslConfigurator keyPassword(String password) {
this.keyPass = password.toCharArray();
return this;
}
Set the password of the key in the key store.
Params: - password – password of key to set.
Returns: updated SSL configurator instance.
/**
* Set the password of the key in the <em>key</em> store.
*
* @param password password of <em>key</em> to set.
* @return updated SSL configurator instance.
*/
public SslConfigurator keyPassword(char[] password) {
this.keyPass = password.clone();
return this;
}
Set the trust store file name.
Setting a trust store instance resets any trust store instance
or trust store payload
value previously set.
Params: - fileName –
file
name of the trust store.
Returns: updated SSL configurator instance.
/**
* Set the <em>trust</em> store file name.
* <p>
* Setting a trust store instance resets any {@link #trustStore(java.security.KeyStore) trust store instance}
* or {@link #trustStoreBytes(byte[]) trust store payload} value previously set.
* </p>
*
* @param fileName {@link java.io.File file} name of the <em>trust</em> store.
* @return updated SSL configurator instance.
*/
public SslConfigurator trustStoreFile(String fileName) {
this.trustStoreFile = fileName;
this.trustStoreBytes = null;
this.trustStore = null;
return this;
}
Set the trust store payload as byte array.
Setting a trust store instance resets any trust store file
or trust store instance
value previously set.
Params: - payload – trust store payload.
Returns: updated SSL configurator instance.
/**
* Set the <em>trust</em> store payload as byte array.
* <p>
* Setting a trust store instance resets any {@link #trustStoreFile(String) trust store file}
* or {@link #trustStore(java.security.KeyStore) trust store instance} value previously set.
* </p>
*
* @param payload <em>trust</em> store payload.
* @return updated SSL configurator instance.
*/
public SslConfigurator trustStoreBytes(byte[] payload) {
this.trustStoreBytes = payload.clone();
this.trustStoreFile = null;
this.trustStore = null;
return this;
}
Set the key store file name.
Setting a key store instance resets any key store instance
or key store payload
value previously set.
Params: - fileName –
file
name of the key store.
Returns: updated SSL configurator instance.
/**
* Set the <em>key</em> store file name.
* <p>
* Setting a key store instance resets any {@link #keyStore(java.security.KeyStore) key store instance}
* or {@link #keyStoreBytes(byte[]) key store payload} value previously set.
* </p>
*
* @param fileName {@link java.io.File file} name of the <em>key</em> store.
* @return updated SSL configurator instance.
*/
public SslConfigurator keyStoreFile(String fileName) {
this.keyStoreFile = fileName;
this.keyStoreBytes = null;
this.keyStore = null;
return this;
}
Set the key store payload as byte array.
Setting a key store instance resets any key store file
or key store instance
value previously set.
Params: - payload – key store payload.
Returns: updated SSL configurator instance.
/**
* Set the <em>key</em> store payload as byte array.
* <p>
* Setting a key store instance resets any {@link #keyStoreFile(String) key store file}
* or {@link #keyStore(java.security.KeyStore) key store instance} value previously set.
* </p>
*
* @param payload <em>key</em> store payload.
* @return updated SSL configurator instance.
*/
public SslConfigurator keyStoreBytes(byte[] payload) {
this.keyStoreBytes = payload.clone();
this.keyStoreFile = null;
this.keyStore = null;
return this;
}
Set the trust manager factory algorithm.
Params: - algorithm – the trust manager factory algorithm.
Returns: updated SSL configurator instance.
/**
* Set the <em>trust</em> manager factory algorithm.
*
* @param algorithm the <em>trust</em> manager factory algorithm.
* @return updated SSL configurator instance.
*/
public SslConfigurator trustManagerFactoryAlgorithm(String algorithm) {
this.trustManagerFactoryAlgorithm = algorithm;
return this;
}
Set the key manager factory algorithm.
Params: - algorithm – the key manager factory algorithm.
Returns: updated SSL configurator instance.
/**
* Set the <em>key</em> manager factory algorithm.
*
* @param algorithm the <em>key</em> manager factory algorithm.
* @return updated SSL configurator instance.
*/
public SslConfigurator keyManagerFactoryAlgorithm(String algorithm) {
this.keyManagerFactoryAlgorithm = algorithm;
return this;
}
Set the trust manager factory provider.
Params: - provider – the trust manager factory provider.
Returns: updated SSL configurator instance.
/**
* Set the <em>trust</em> manager factory provider.
*
* @param provider the <em>trust</em> manager factory provider.
* @return updated SSL configurator instance.
*/
public SslConfigurator trustManagerFactoryProvider(String provider) {
this.trustManagerFactoryProvider = provider;
return this;
}
Set the key manager factory provider.
Params: - provider – the key manager factory provider.
Returns: updated SSL configurator instance.
/**
* Set the <em>key</em> manager factory provider.
*
* @param provider the <em>key</em> manager factory provider.
* @return updated SSL configurator instance.
*/
public SslConfigurator keyManagerFactoryProvider(String provider) {
this.keyManagerFactoryProvider = provider;
return this;
}
Set the SSLContext protocol. The default value is TLS
if this is null
. Params: - protocol – protocol for
SSLContext.getProtocol()
.
Returns: updated SSL configurator instance.
/**
* Set the SSLContext protocol. The default value is {@code TLS} if this is {@code null}.
*
* @param protocol protocol for {@link javax.net.ssl.SSLContext#getProtocol()}.
* @return updated SSL configurator instance.
*/
public SslConfigurator securityProtocol(String protocol) {
this.securityProtocol = protocol;
return this;
}
Get the key store instance.
Returns: key store instance or null
if not explicitly set.
/**
* Get the <em>key</em> store instance.
*
* @return <em>key</em> store instance or {@code null} if not explicitly set.
*/
KeyStore getKeyStore() {
return keyStore;
}
Set the key store instance.
Setting a key store instance resets any key store file
or key store payload
value previously set.
Params: - keyStore – key store instance.
Returns: updated SSL configurator instance.
/**
* Set the <em>key</em> store instance.
* <p>
* Setting a key store instance resets any {@link #keyStoreFile(String) key store file}
* or {@link #keyStoreBytes(byte[]) key store payload} value previously set.
* </p>
*
* @param keyStore <em>key</em> store instance.
* @return updated SSL configurator instance.
*/
public SslConfigurator keyStore(KeyStore keyStore) {
this.keyStore = keyStore;
this.keyStoreFile = null;
this.keyStoreBytes = null;
return this;
}
Get the trust store instance.
Setting a trust store instance resets any trust store file
or trust store payload
value previously set.
Returns: trust store instance or null
if not explicitly set.
/**
* Get the <em>trust</em> store instance.
* <p>
* Setting a trust store instance resets any {@link #trustStoreFile(String) trust store file}
* or {@link #trustStoreBytes(byte[]) trust store payload} value previously set.
* </p>
*
* @return <em>trust</em> store instance or {@code null} if not explicitly set.
*/
KeyStore getTrustStore() {
return trustStore;
}
Set the trust store instance.
Params: - trustStore – trust store instance.
Returns: updated SSL configurator instance.
/**
* Set the <em>trust</em> store instance.
*
* @param trustStore <em>trust</em> store instance.
* @return updated SSL configurator instance.
*/
public SslConfigurator trustStore(KeyStore trustStore) {
this.trustStore = trustStore;
this.trustStoreFile = null;
this.trustStoreBytes = null;
return this;
}
Create new SSL context instance using the current SSL context configuration.
Returns: newly configured SSL context instance.
/**
* Create new SSL context instance using the current SSL context configuration.
*
* @return newly configured SSL context instance.
*/
public SSLContext createSSLContext() {
TrustManagerFactory trustManagerFactory = null;
KeyManagerFactory keyManagerFactory = null;
KeyStore _keyStore = keyStore;
if (_keyStore == null && (keyStoreBytes != null || keyStoreFile != null)) {
try {
if (keyStoreProvider != null) {
_keyStore = KeyStore.getInstance(
keyStoreType != null ? keyStoreType : KeyStore.getDefaultType(), keyStoreProvider);
} else {
_keyStore = KeyStore.getInstance(keyStoreType != null ? keyStoreType : KeyStore.getDefaultType());
}
InputStream keyStoreInputStream = null;
try {
if (keyStoreBytes != null) {
keyStoreInputStream = new ByteArrayInputStream(keyStoreBytes);
} else if (!keyStoreFile.equals("NONE")) {
keyStoreInputStream = new FileInputStream(keyStoreFile);
}
_keyStore.load(keyStoreInputStream, keyStorePass);
} finally {
try {
if (keyStoreInputStream != null) {
keyStoreInputStream.close();
}
} catch (IOException ignored) {
}
}
} catch (KeyStoreException e) {
throw new IllegalStateException(LocalizationMessages.SSL_KS_IMPL_NOT_FOUND(), e);
} catch (CertificateException e) {
throw new IllegalStateException(LocalizationMessages.SSL_KS_CERT_LOAD_ERROR(), e);
} catch (FileNotFoundException e) {
throw new IllegalStateException(LocalizationMessages.SSL_KS_FILE_NOT_FOUND(keyStoreFile), e);
} catch (IOException e) {
throw new IllegalStateException(LocalizationMessages.SSL_KS_LOAD_ERROR(keyStoreFile), e);
} catch (NoSuchProviderException e) {
throw new IllegalStateException(LocalizationMessages.SSL_KS_PROVIDERS_NOT_REGISTERED(), e);
} catch (NoSuchAlgorithmException e) {
throw new IllegalStateException(LocalizationMessages.SSL_KS_INTEGRITY_ALGORITHM_NOT_FOUND(), e);
}
}
if (_keyStore != null) {
String kmfAlgorithm = keyManagerFactoryAlgorithm;
if (kmfAlgorithm == null) {
kmfAlgorithm = AccessController.doPrivileged(PropertiesHelper.getSystemProperty(
KEY_MANAGER_FACTORY_ALGORITHM, KeyManagerFactory.getDefaultAlgorithm()));
}
try {
if (keyManagerFactoryProvider != null) {
keyManagerFactory = KeyManagerFactory.getInstance(kmfAlgorithm, keyManagerFactoryProvider);
} else {
keyManagerFactory = KeyManagerFactory.getInstance(kmfAlgorithm);
}
final char[] password = keyPass != null ? keyPass : keyStorePass;
if (password != null) {
keyManagerFactory.init(_keyStore, password);
} else {
String ksName =
keyStoreProvider != null ? LocalizationMessages.SSL_KMF_NO_PASSWORD_FOR_PROVIDER_BASED_KS()
: keyStoreBytes != null ? LocalizationMessages.SSL_KMF_NO_PASSWORD_FOR_BYTE_BASED_KS()
: keyStoreFile;
LOGGER.config(LocalizationMessages.SSL_KMF_NO_PASSWORD_SET(ksName));
keyManagerFactory = null;
}
} catch (KeyStoreException e) {
throw new IllegalStateException(LocalizationMessages.SSL_KMF_INIT_FAILED(), e);
} catch (UnrecoverableKeyException e) {
throw new IllegalStateException(LocalizationMessages.SSL_KMF_UNRECOVERABLE_KEY(), e);
} catch (NoSuchAlgorithmException e) {
throw new IllegalStateException(LocalizationMessages.SSL_KMF_ALGORITHM_NOT_SUPPORTED(), e);
} catch (NoSuchProviderException e) {
throw new IllegalStateException(LocalizationMessages.SSL_KMF_PROVIDER_NOT_REGISTERED(), e);
}
}
KeyStore _trustStore = trustStore;
if (_trustStore == null && (trustStoreBytes != null || trustStoreFile != null)) {
try {
if (trustStoreProvider != null) {
_trustStore = KeyStore.getInstance(
trustStoreType != null ? trustStoreType : KeyStore.getDefaultType(), trustStoreProvider);
} else {
_trustStore =
KeyStore.getInstance(trustStoreType != null ? trustStoreType : KeyStore.getDefaultType());
}
InputStream trustStoreInputStream = null;
try {
if (trustStoreBytes != null) {
trustStoreInputStream = new ByteArrayInputStream(trustStoreBytes);
} else if (!trustStoreFile.equals("NONE")) {
trustStoreInputStream = new FileInputStream(trustStoreFile);
}
_trustStore.load(trustStoreInputStream, trustStorePass);
} finally {
try {
if (trustStoreInputStream != null) {
trustStoreInputStream.close();
}
} catch (IOException ignored) {
}
}
} catch (KeyStoreException e) {
throw new IllegalStateException(LocalizationMessages.SSL_TS_IMPL_NOT_FOUND(), e);
} catch (CertificateException e) {
throw new IllegalStateException(LocalizationMessages.SSL_TS_CERT_LOAD_ERROR(), e);
} catch (FileNotFoundException e) {
throw new IllegalStateException(LocalizationMessages.SSL_TS_FILE_NOT_FOUND(trustStoreFile), e);
} catch (IOException e) {
throw new IllegalStateException(LocalizationMessages.SSL_TS_LOAD_ERROR(trustStoreFile), e);
} catch (NoSuchProviderException e) {
throw new IllegalStateException(LocalizationMessages.SSL_TS_PROVIDERS_NOT_REGISTERED(), e);
} catch (NoSuchAlgorithmException e) {
throw new IllegalStateException(LocalizationMessages.SSL_TS_INTEGRITY_ALGORITHM_NOT_FOUND(), e);
}
}
if (_trustStore != null) {
String tmfAlgorithm = trustManagerFactoryAlgorithm;
if (tmfAlgorithm == null) {
tmfAlgorithm = AccessController.doPrivileged(PropertiesHelper.getSystemProperty(
TRUST_MANAGER_FACTORY_ALGORITHM, TrustManagerFactory.getDefaultAlgorithm()));
}
try {
if (trustManagerFactoryProvider != null) {
trustManagerFactory = TrustManagerFactory.getInstance(tmfAlgorithm, trustManagerFactoryProvider);
} else {
trustManagerFactory = TrustManagerFactory.getInstance(tmfAlgorithm);
}
trustManagerFactory.init(_trustStore);
} catch (KeyStoreException e) {
throw new IllegalStateException(LocalizationMessages.SSL_TMF_INIT_FAILED(), e);
} catch (NoSuchAlgorithmException e) {
throw new IllegalStateException(LocalizationMessages.SSL_TMF_ALGORITHM_NOT_SUPPORTED(), e);
} catch (NoSuchProviderException e) {
throw new IllegalStateException(LocalizationMessages.SSL_TMF_PROVIDER_NOT_REGISTERED(), e);
}
}
try {
String secProtocol = "TLS";
if (securityProtocol != null) {
secProtocol = securityProtocol;
}
final SSLContext sslContext = SSLContext.getInstance(secProtocol);
sslContext.init(
keyManagerFactory != null ? keyManagerFactory.getKeyManagers() : null,
trustManagerFactory != null ? trustManagerFactory.getTrustManagers() : null,
null);
return sslContext;
} catch (KeyManagementException e) {
throw new IllegalStateException(LocalizationMessages.SSL_CTX_INIT_FAILED(), e);
} catch (NoSuchAlgorithmException e) {
throw new IllegalStateException(LocalizationMessages.SSL_CTX_ALGORITHM_NOT_SUPPORTED(), e);
}
}
Retrieve the SSL context configuration from the supplied properties.
Params: - props – properties containing the SSL context configuration.
Returns: updated SSL configurator instance.
/**
* Retrieve the SSL context configuration from the supplied properties.
*
* @param props properties containing the SSL context configuration.
* @return updated SSL configurator instance.
*/
public SslConfigurator retrieve(Properties props) {
trustStoreProvider = props.getProperty(TRUST_STORE_PROVIDER);
keyStoreProvider = props.getProperty(KEY_STORE_PROVIDER);
trustManagerFactoryProvider = props.getProperty(TRUST_MANAGER_FACTORY_PROVIDER);
keyManagerFactoryProvider = props.getProperty(KEY_MANAGER_FACTORY_PROVIDER);
trustStoreType = props.getProperty(TRUST_STORE_TYPE);
keyStoreType = props.getProperty(KEY_STORE_TYPE);
if (props.getProperty(TRUST_STORE_PASSWORD) != null) {
trustStorePass = props.getProperty(TRUST_STORE_PASSWORD).toCharArray();
} else {
trustStorePass = null;
}
if (props.getProperty(KEY_STORE_PASSWORD) != null) {
keyStorePass = props.getProperty(KEY_STORE_PASSWORD).toCharArray();
} else {
keyStorePass = null;
}
trustStoreFile = props.getProperty(TRUST_STORE_FILE);
keyStoreFile = props.getProperty(KEY_STORE_FILE);
trustStoreBytes = null;
keyStoreBytes = null;
trustStore = null;
keyStore = null;
securityProtocol = "TLS";
return this;
}
Retrieve the SSL context configuration from the system properties.
Returns: updated SSL configurator instance.
/**
* Retrieve the SSL context configuration from the system properties.
*
* @return updated SSL configurator instance.
*/
public SslConfigurator retrieve() {
trustStoreProvider = AccessController.doPrivileged(
PropertiesHelper.getSystemProperty(TRUST_STORE_PROVIDER));
keyStoreProvider = AccessController.doPrivileged(
PropertiesHelper.getSystemProperty(KEY_STORE_PROVIDER));
trustManagerFactoryProvider = AccessController.doPrivileged(
PropertiesHelper.getSystemProperty(TRUST_MANAGER_FACTORY_PROVIDER));
keyManagerFactoryProvider = AccessController.doPrivileged(
PropertiesHelper.getSystemProperty(KEY_MANAGER_FACTORY_PROVIDER));
trustStoreType = AccessController.doPrivileged(PropertiesHelper.getSystemProperty(TRUST_STORE_TYPE));
keyStoreType = AccessController.doPrivileged(PropertiesHelper.getSystemProperty(KEY_STORE_TYPE));
final String trustStorePassword = AccessController.doPrivileged(
PropertiesHelper.getSystemProperty(TRUST_STORE_PASSWORD));
if (trustStorePassword != null) {
trustStorePass = trustStorePassword.toCharArray();
} else {
trustStorePass = null;
}
final String keyStorePassword = AccessController.doPrivileged(
PropertiesHelper.getSystemProperty(KEY_STORE_PASSWORD));
if (keyStorePassword != null) {
keyStorePass = keyStorePassword.toCharArray();
} else {
keyStorePass = null;
}
trustStoreFile = AccessController.doPrivileged(PropertiesHelper.getSystemProperty(TRUST_STORE_FILE));
keyStoreFile = AccessController.doPrivileged(PropertiesHelper.getSystemProperty(KEY_STORE_FILE));
trustStoreBytes = null;
keyStoreBytes = null;
trustStore = null;
keyStore = null;
securityProtocol = "TLS";
return this;
}
@Override
public boolean equals(Object o) {
if (this == o) {
return true;
}
if (o == null || getClass() != o.getClass()) {
return false;
}
SslConfigurator that = (SslConfigurator) o;
if (keyManagerFactoryAlgorithm != null
? !keyManagerFactoryAlgorithm.equals(that.keyManagerFactoryAlgorithm) : that.keyManagerFactoryAlgorithm != null) {
return false;
}
if (keyManagerFactoryProvider != null
? !keyManagerFactoryProvider.equals(that.keyManagerFactoryProvider) : that.keyManagerFactoryProvider != null) {
return false;
}
if (!Arrays.equals(keyPass, that.keyPass)) {
return false;
}
if (keyStore != null ? !keyStore.equals(that.keyStore) : that.keyStore != null) {
return false;
}
if (!Arrays.equals(keyStoreBytes, that.keyStoreBytes)) {
return false;
}
if (keyStoreFile != null ? !keyStoreFile.equals(that.keyStoreFile) : that.keyStoreFile != null) {
return false;
}
if (!Arrays.equals(keyStorePass, that.keyStorePass)) {
return false;
}
if (keyStoreProvider != null ? !keyStoreProvider.equals(that.keyStoreProvider) : that.keyStoreProvider != null) {
return false;
}
if (keyStoreType != null ? !keyStoreType.equals(that.keyStoreType) : that.keyStoreType != null) {
return false;
}
if (securityProtocol != null ? !securityProtocol.equals(that.securityProtocol) : that.securityProtocol != null) {
return false;
}
if (trustManagerFactoryAlgorithm != null ? !trustManagerFactoryAlgorithm.equals(that.trustManagerFactoryAlgorithm)
: that.trustManagerFactoryAlgorithm != null) {
return false;
}
if (trustManagerFactoryProvider != null ? !trustManagerFactoryProvider.equals(that.trustManagerFactoryProvider)
: that.trustManagerFactoryProvider != null) {
return false;
}
if (trustStore != null ? !trustStore.equals(that.trustStore) : that.trustStore != null) {
return false;
}
if (!Arrays.equals(trustStoreBytes, that.trustStoreBytes)) {
return false;
}
if (trustStoreFile != null ? !trustStoreFile.equals(that.trustStoreFile) : that.trustStoreFile != null) {
return false;
}
if (!Arrays.equals(trustStorePass, that.trustStorePass)) {
return false;
}
if (trustStoreProvider != null ? !trustStoreProvider.equals(that.trustStoreProvider) : that.trustStoreProvider != null) {
return false;
}
if (trustStoreType != null ? !trustStoreType.equals(that.trustStoreType) : that.trustStoreType != null) {
return false;
}
return true;
}
@Override
public int hashCode() {
int result = keyStore != null ? keyStore.hashCode() : 0;
result = 31 * result + (trustStore != null ? trustStore.hashCode() : 0);
result = 31 * result + (trustStoreProvider != null ? trustStoreProvider.hashCode() : 0);
result = 31 * result + (keyStoreProvider != null ? keyStoreProvider.hashCode() : 0);
result = 31 * result + (trustStoreType != null ? trustStoreType.hashCode() : 0);
result = 31 * result + (keyStoreType != null ? keyStoreType.hashCode() : 0);
result = 31 * result + (trustStorePass != null ? Arrays.hashCode(trustStorePass) : 0);
result = 31 * result + (keyStorePass != null ? Arrays.hashCode(keyStorePass) : 0);
result = 31 * result + (keyPass != null ? Arrays.hashCode(keyPass) : 0);
result = 31 * result + (trustStoreFile != null ? trustStoreFile.hashCode() : 0);
result = 31 * result + (keyStoreFile != null ? keyStoreFile.hashCode() : 0);
result = 31 * result + (trustStoreBytes != null ? Arrays.hashCode(trustStoreBytes) : 0);
result = 31 * result + (keyStoreBytes != null ? Arrays.hashCode(keyStoreBytes) : 0);
result = 31 * result + (trustManagerFactoryAlgorithm != null ? trustManagerFactoryAlgorithm.hashCode() : 0);
result = 31 * result + (keyManagerFactoryAlgorithm != null ? keyManagerFactoryAlgorithm.hashCode() : 0);
result = 31 * result + (trustManagerFactoryProvider != null ? trustManagerFactoryProvider.hashCode() : 0);
result = 31 * result + (keyManagerFactoryProvider != null ? keyManagerFactoryProvider.hashCode() : 0);
result = 31 * result + (securityProtocol != null ? securityProtocol.hashCode() : 0);
return result;
}
}