org.conscrypt.DefaultSSLContextImpl Maven / Gradle / Ivy
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.conscrypt;
import java.io.BufferedInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.SecureRandom;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
/**
* Support class for this package.
*/
@Internal
public final class DefaultSSLContextImpl extends OpenSSLContextImpl {
/**
* Accessed by SSLContextImpl(DefaultSSLContextImpl) holding the
* DefaultSSLContextImpl.class monitor
*/
private static KeyManager[] KEY_MANAGERS;
/**
* Accessed by SSLContextImpl(DefaultSSLContextImpl) holding the
* DefaultSSLContextImpl.class monitor
*/
private static TrustManager[] TRUST_MANAGERS;
/**
* DefaultSSLContextImpl delegates the work to the super class since there
* is no way to put a synchronized around both the call to super and the
* rest of this constructor to guarantee that we don't have races in
* creating the state shared between all default SSLContexts.
*/
public DefaultSSLContextImpl() throws GeneralSecurityException, IOException {
super();
}
// TODO javax.net.ssl.keyStoreProvider system property
KeyManager[] getKeyManagers () throws GeneralSecurityException, IOException {
if (KEY_MANAGERS != null) {
return KEY_MANAGERS;
}
// find KeyStore, KeyManagers
String keystore = System.getProperty("javax.net.ssl.keyStore");
if (keystore == null) {
return null;
}
String keystorepwd = System.getProperty("javax.net.ssl.keyStorePassword");
char[] pwd = (keystorepwd == null) ? null : keystorepwd.toCharArray();
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
InputStream is = null;
try {
is = new BufferedInputStream(new FileInputStream(keystore));
ks.load(is, pwd);
} finally {
if (is != null) {
is.close();
}
}
String kmfAlg = KeyManagerFactory.getDefaultAlgorithm();
KeyManagerFactory kmf = KeyManagerFactory.getInstance(kmfAlg);
kmf.init(ks, pwd);
KEY_MANAGERS = kmf.getKeyManagers();
return KEY_MANAGERS;
}
// TODO javax.net.ssl.trustStoreProvider system property
TrustManager[] getTrustManagers() throws GeneralSecurityException, IOException {
if (TRUST_MANAGERS != null) {
return TRUST_MANAGERS;
}
// find TrustStore, TrustManagers
String keystore = System.getProperty("javax.net.ssl.trustStore");
if (keystore == null) {
return null;
}
String keystorepwd = System.getProperty("javax.net.ssl.trustStorePassword");
char[] pwd = (keystorepwd == null) ? null : keystorepwd.toCharArray();
// TODO Defaults: jssecacerts; cacerts
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
InputStream is = null;
try {
is = new BufferedInputStream(new FileInputStream(keystore));
ks.load(is, pwd);
} finally {
if (is != null) {
is.close();
}
}
String tmfAlg = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlg);
tmf.init(ks);
TRUST_MANAGERS = tmf.getTrustManagers();
return TRUST_MANAGERS;
}
@Override
public void engineInit(KeyManager[] kms, TrustManager[] tms,
SecureRandom sr) throws KeyManagementException {
throw new KeyManagementException("Do not init() the default SSLContext ");
}
}