• Home
• com.taskadapter
• redmine-java-api
• 4.0.0.preview.3
• source code
• BetterSSLFactory.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.taskadapter.redmineapi.internal.comm.betterssl.BetterSSLFactory Maven / Gradle / Ivy

package com.taskadapter.redmineapi.internal.comm.betterssl;

import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Collection;

import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

import org.apache.http.conn.ssl.SSLSocketFactory;

/**
 * SSL Socket factory. Provides more authentication than the naive one and
 * allows stored (custom) certificates to be added into the trust chain.
 * 

 * This work is based on
 * http://codyaray.com/2013/04/java-ssl-with-multiple-keystores and common
 * sense.
 */
public class BetterSSLFactory {
	/**
	 * Creates a new SSL socket factory which supports both system-installed
	 * keys and all additional keys in the provided keystores.
	 * 
	 * @param extraStores
	 *            extra keystores containing root certificate authorities.
	 * @return Socket factory supporting authorization for both system (default)
	 *         keystores and all the extraStores.
	 * @throws KeyStoreException if key store have problems.
	 * @throws KeyManagementException if new SSL context could not be initialized.
	 */
	public static SSLSocketFactory createSocketFactory(Collection extraStores) throws KeyStoreException, KeyManagementException {
		final Collection managers = new ArrayList<>();
		for (KeyStore ks : extraStores) {
			addX509Managers(managers, ks); 
		}
		/* Add default manager. */
		addX509Managers(managers, null);
		final TrustManager tm = new CompositeTrustManager(managers);
		
		try {
			final SSLContext ctx = SSLContext.getInstance("SSL");
			ctx.init(null, new TrustManager[] {tm}, null);
			return new SSLSocketFactory(ctx);
		} catch (NoSuchAlgorithmException e) {
			throw new Error("No SSL protocols supported :(", e);
		}
	}

	/**
	 * Adds X509 keystore-backed trust manager into the list of managers. 
	 * @param managers list of the managers to add to.
	 * @param ks key store with target keys.
	 * @throws KeyStoreException if key store could not be accessed.
	 */
	private static void addX509Managers(final Collection managers, KeyStore ks)
			throws KeyStoreException, Error {
		try {
			final TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
			tmf.init(ks);
			for (TrustManager tm : tmf.getTrustManagers()) {
				if (tm instanceof X509TrustManager) {
					managers.add((X509TrustManager) tm);
				}
			}
		} catch (NoSuchAlgorithmException e) {
			throw new Error("Default trust manager algorithm is not supported!", e);
		}
	}
}