All Downloads are FREE. Search and download functionalities are using the official Maven repository.

io.fabric8.mq.protocol.ssl.SslConfig Maven / Gradle / Ivy

There is a newer version: 2.2.23.1
Show newest version
/*
 *
 *  * Copyright 2005-2015 Red Hat, Inc.
 *  * Red Hat licenses this file to you under the Apache License, version
 *  * 2.0 (the "License"); you may not use this file except in compliance
 *  * with the License.  You may obtain a copy of the License at
 *  *    http://www.apache.org/licenses/LICENSE-2.0
 *  * Unless required by applicable law or agreed to in writing, software
 *  * distributed under the License is distributed on an "AS IS" BASIS,
 *  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
 *  * implied.  See the License for the specific language governing
 *  * permissions and limitations under the License.
 *
 */
package io.fabric8.mq.protocol.ssl;

import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.Socket;
import java.net.URL;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

/**
 */
public class SslConfig {

    String storeType;
    String algorithm;
    TrustManager[] trustManagers;
    KeyManager[] keyManagers;
    String disabledCypherSuites;
    String enabledCipherSuites;
    private URL keyStoreURL;
    private String keyStorePassword;
    private KeyStore keyStore;
    private URL trustStoreURL;
    private String trustStorePassword;
    private KeyStore trustStore;
    private String keyAlias;
    private String keyPassword;
    private String protocol = "TLS";

    public SslConfig() {
    }

    public SslConfig(File keyStoreFile, String keyStorePassword) {
        this(url(keyStoreFile), keyStorePassword);
    }

    public SslConfig(File keyStoreFile, String keyStorePassword, File trustStoreFile, String trustStorePassword) {
        this(url(keyStoreFile), keyStorePassword, url(trustStoreFile), trustStorePassword);
    }

    public SslConfig(URL keyStoreURL, String keyStorePassword) {
        this(keyStoreURL, keyStorePassword, null, null);
    }

    public SslConfig(URL keyStoreURL, String keyStorePassword, URL trustStoreURL, String trustStorePassword) {
        this.keyStoreURL = keyStoreURL;
        this.keyStorePassword = keyStorePassword;
        this.trustStoreURL = trustStoreURL;
        this.trustStorePassword = trustStorePassword;
    }

    private static URL url(File fil) {
        if (fil == null) {
            return null;
        }
        try {
            return fil.toURI().toURL();
        } catch (MalformedURLException e) {
            throw new RuntimeException(e);
        }
    }

    public KeyStore getKeyStore() throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException {
        if (keyStore == null) {
            if (storeType == null) {
                storeType = "JKS";
            }
            if (keyStorePassword == null) {
                keyStorePassword = "";
            }
            KeyStore store = KeyStore.getInstance(storeType);
            try (InputStream stream = keyStoreURL.openStream()) {
                store.load(stream, keyStorePassword.toCharArray());
            }
            keyStore = store;
        }
        return keyStore;

    }

    public KeyStore getTrustStore() throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException {
        if (trustStoreURL == null) {
            return getKeyStore();
        }
        if (trustStore == null) {
            if (storeType == null) {
                storeType = "JKS";
            }
            if (trustStorePassword == null) {
                trustStorePassword = "";
            }
            KeyStore store = KeyStore.getInstance(storeType);
            try (InputStream stream = trustStoreURL.openStream()) {
                store.load(stream, trustStorePassword.toCharArray());
            }
            trustStore = store;
        }
        return trustStore;
    }

    public TrustManager[] getTrustManagers() throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException {
        if (trustManagers == null) {
            if (algorithm == null) {
                algorithm = "SunX509";
            }
            TrustManagerFactory factory = TrustManagerFactory.getInstance(algorithm);
            factory.init(getTrustStore());
            trustManagers = factory.getTrustManagers();
        }
        return trustManagers;
    }

    public KeyManager[] getKeyManagers() throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException, UnrecoverableKeyException {
        if (keyManagers == null) {
            if (algorithm == null) {
                algorithm = "SunX509";
            }
            if (keyPassword == null) {
                keyPassword = "";
            }

            KeyManagerFactory factory = KeyManagerFactory.getInstance(algorithm);
            factory.init(getKeyStore(), keyPassword.toCharArray());
            keyManagers = factory.getKeyManagers();

            if (keyAlias != null) {
                for (int i = 0; i < keyManagers.length; i++) {
                    KeyManager keyManager = keyManagers[i];
                    if (keyManager instanceof X509ExtendedKeyManager) {
                        keyManagers[i] = new AliasFilteringKeyManager(keyAlias, (X509ExtendedKeyManager) keyManager);
                    }
                }
            }
        }
        return keyManagers;
    }

    public String getProtocol() {
        return protocol;
    }

    public void setProtocol(String protocol) {
        this.protocol = protocol;
    }

    public String getKeyAlias() {
        return keyAlias;
    }

    public void setKeyAlias(String keyAlias) {
        this.keyAlias = keyAlias;
    }

    public String getAlgorithm() {
        return algorithm;
    }

    public void setAlgorithm(String algorithm) {
        this.algorithm = algorithm;
    }

    public String getStoreType() {
        return storeType;
    }

    public void setStoreType(String storeType) {
        this.storeType = storeType;
    }

    public String getKeyPassword() {
        return keyPassword;
    }

    public void setKeyPassword(String keyPassword) {
        this.keyPassword = keyPassword;
    }

    public URL getKeyStoreURL() {
        return keyStoreURL;
    }

    public void setKeyStoreURL(URL keyStoreURL) {
        this.keyStoreURL = keyStoreURL;
    }

    public String getKeyStorePassword() {
        return keyStorePassword;
    }

    public void setKeyStorePassword(String keyStorePassword) {
        this.keyStorePassword = keyStorePassword;
    }

    public URL getTrustStoreURL() {
        return trustStoreURL;
    }

    public void setTrustStoreURL(URL trustStoreURL) {
        this.trustStoreURL = trustStoreURL;
    }

    public String getTrustStorePassword() {
        return trustStorePassword;
    }

    public void setTrustStorePassword(String trustStorePassword) {
        this.trustStorePassword = trustStorePassword;
    }

    public String getDisabledCypherSuites() {
        return disabledCypherSuites;
    }

    public void setDisabledCypherSuites(String disabledCypherSuites) {
        this.disabledCypherSuites = disabledCypherSuites;
    }

    public String getEnabledCipherSuites() {
        return enabledCipherSuites;
    }

    public void setEnabledCipherSuites(String enabledCipherSuites) {
        this.enabledCipherSuites = enabledCipherSuites;
    }

    static class AliasFilteringKeyManager extends X509ExtendedKeyManager {
        private final String alias;
        private final X509ExtendedKeyManager next;

        AliasFilteringKeyManager(String alias, X509ExtendedKeyManager next) {
            this.alias = alias;
            this.next = next;
        }

        @Override
        public String chooseClientAlias(String[] strings, Principal[] principals, Socket socket) {
            return alias;
        }

        @Override
        public String chooseServerAlias(String s, Principal[] principals, Socket socket) {
            return alias;
        }

        @Override
        public String chooseEngineClientAlias(String[] strings, Principal[] principals, SSLEngine sslEngine) {
            return alias;
        }

        @Override
        public String chooseEngineServerAlias(String s, Principal[] principals, SSLEngine sslEngine) {
            return alias;
        }

        @Override
        public X509Certificate[] getCertificateChain(String s) {
            return next.getCertificateChain(s);
        }

        @Override
        public String[] getClientAliases(String s, Principal[] principals) {
            return next.getClientAliases(s, principals);
        }

        @Override
        public PrivateKey getPrivateKey(String s) {
            return next.getPrivateKey(s);
        }

        @Override
        public String[] getServerAliases(String s, Principal[] principals) {
            return next.getServerAliases(s, principals);
        }
    }

}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy