org.glassfish.jersey.SslConfigurator Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of jaxrs-ri Show documentation
Show all versions of jaxrs-ri Show documentation
A bundle project producing JAX-RS RI bundles. The primary artifact is an "all-in-one" OSGi-fied JAX-RS RI bundle
(jaxrs-ri.jar).
Attached to that are two compressed JAX-RS RI archives. The first archive (jaxrs-ri.zip) consists of binary RI bits and
contains the API jar (under "api" directory), RI libraries (under "lib" directory) as well as all external
RI dependencies (under "ext" directory). The secondary archive (jaxrs-ri-src.zip) contains buildable JAX-RS RI source
bundle and contains the API jar (under "api" directory), RI sources (under "src" directory) as well as all external
RI dependencies (under "ext" directory). The second archive also contains "build.xml" ANT script that builds the RI
sources. To build the JAX-RS RI simply unzip the archive, cd to the created jaxrs-ri directory and invoke "ant" from
the command line.
/*
* Copyright (c) 2007, 2024 Oracle and/or its affiliates. All rights reserved.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0, which is available at
* http://www.eclipse.org/legal/epl-2.0.
*
* This Source Code may also be made available under the following Secondary
* Licenses when the conditions for such availability set forth in the
* Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
* version 2 with the GNU Classpath Exception, which is available at
* https://www.gnu.org/software/classpath/license.html.
*
* SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
*/
package org.glassfish.jersey;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.nio.file.Files;
import java.security.AccessController;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.Objects;
import java.util.Properties;
import java.util.logging.Logger;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.glassfish.jersey.internal.LocalizationMessages;
import org.glassfish.jersey.internal.util.PropertiesHelper;
/**
* Utility class, which helps to configure {@link SSLContext} instances.
*
* For example:
*
* SslConfigurator sslConfig = SslConfigurator.newInstance()
* .trustStoreFile("truststore.jks")
* .trustStorePassword("asdfgh")
* .trustStoreType("JKS")
* .trustManagerFactoryAlgorithm("PKIX")
*
* .keyStoreFile("keystore.jks")
* .keyPassword("asdfgh")
* .keyStoreType("JKS")
* .keyManagerFactoryAlgorithm("SunX509")
* .keyStoreProvider("SunJSSE")
*
* .securityProtocol("SSL");
*
* SSLContext sslContext = sslConfig.createSSLContext();
*
*
* @author Alexey Stashok
* @author Hubert Iwaniuk
* @author Bruno Harbulot
* @author Marek Potociar
*/
@SuppressWarnings("UnusedDeclaration")
public final class SslConfigurator {
/**
* Trust store provider name.
*
* The value MUST be a {@code String} representing the name of a trust store provider.
*
* No default value is set.
*
*
* The name of the configuration property is {@value}.
*
*/
public static final String TRUST_STORE_PROVIDER = "javax.net.ssl.trustStoreProvider";
/**
* Key store provider name.
*
* The value MUST be a {@code String} representing the name of a trust store provider.
*
* No default value is set.
*
*
* The name of the configuration property is {@value}.
*
*/
public static final String KEY_STORE_PROVIDER = "javax.net.ssl.keyStoreProvider";
/**
* Trust store file name.
*
* The value MUST be a {@code String} representing the name of a trust store file.
*
* No default value is set.
*
*
* The name of the configuration property is {@value}.
*
*/
public static final String TRUST_STORE_FILE = "javax.net.ssl.trustStore";
/**
* Key store file name.
*
* The value MUST be a {@code String} representing the name of a key store file.
*
* No default value is set.
*
*
* The name of the configuration property is {@value}.
*
*/
public static final String KEY_STORE_FILE = "javax.net.ssl.keyStore";
/**
* Trust store file password - the password used to unlock the trust store file.
*
* The value MUST be a {@code String} representing the trust store file password.
*
* No default value is set.
*
*
* The name of the configuration property is {@value}.
*
*/
public static final String TRUST_STORE_PASSWORD = "javax.net.ssl.trustStorePassword";
/**
* Key store file password - the password used to unlock the trust store file.
*
* The value MUST be a {@code String} representing the key store file password.
*
* No default value is set.
*
*
* The name of the configuration property is {@value}.
*
*/
public static final String KEY_STORE_PASSWORD = "javax.net.ssl.keyStorePassword";
/**
* Trust store type (see {@link java.security.KeyStore#getType()} for more info).
*
* The value MUST be a {@code String} representing the trust store type name.
*
* No default value is set.
*
*
* The name of the configuration property is {@value}.
*
*/
public static final String TRUST_STORE_TYPE = "javax.net.ssl.trustStoreType";
/**
* Key store type (see {@link java.security.KeyStore#getType()} for more info).
*
* The value MUST be a {@code String} representing the key store type name.
*
* No default value is set.
*
*
* The name of the configuration property is {@value}.
*
*/
public static final String KEY_STORE_TYPE = "javax.net.ssl.keyStoreType";
/**
* Key manager factory algorithm name.
*
* The value MUST be a {@code String} representing the key manager factory algorithm name.
*
* No default value is set.
*
*
* The name of the configuration property is {@value}.
*
*/
public static final String KEY_MANAGER_FACTORY_ALGORITHM = "ssl.keyManagerFactory.algorithm";
/**
* Key manager factory provider name.
*
* The value MUST be a {@code String} representing the key manager factory provider name.
*
* No default value is set.
*
*
* The name of the configuration property is {@value}.
*
*/
public static final String KEY_MANAGER_FACTORY_PROVIDER = "ssl.keyManagerFactory.provider";
/**
* Trust manager factory algorithm name.
*
* The value MUST be a {@code String} representing the trust manager factory algorithm name.
*
* No default value is set.
*
*
* The name of the configuration property is {@value}.
*
*/
public static final String TRUST_MANAGER_FACTORY_ALGORITHM = "ssl.trustManagerFactory.algorithm";
/**
* Trust manager factory provider name.
*
* The value MUST be a {@code String} representing the trust manager factory provider name.
*
* No default value is set.
*
*
* The name of the configuration property is {@value}.
*
*/
public static final String TRUST_MANAGER_FACTORY_PROVIDER = "ssl.trustManagerFactory.provider";
/**
* Default SSL configuration that is used to create default SSL context instances that do not take into
* account system properties.
*/
private static final SslConfigurator DEFAULT_CONFIG_NO_PROPS = new SslConfigurator(false);
/**
* Logger.
*/
private static final Logger LOGGER = Logger.getLogger(SslConfigurator.class.getName());
private KeyStore keyStore;
private KeyStore trustStore;
private String trustStoreProvider;
private String keyStoreProvider;
private String trustStoreType;
private String keyStoreType;
private char[] trustStorePass;
private char[] keyStorePass;
private char[] keyPass;
private String trustStoreFile;
private String keyStoreFile;
private URL trustStoreUrl;
private URL keyStoreUrl;
private byte[] trustStoreBytes;
private byte[] keyStoreBytes;
private String trustManagerFactoryAlgorithm;
private String keyManagerFactoryAlgorithm;
private String trustManagerFactoryProvider;
private String keyManagerFactoryProvider;
private String securityProtocol = "TLS";
/**
* Get a new instance of a {@link SSLContext} configured using default configuration settings.
*
* The default SSL configuration is initialized from system properties. This method is a shortcut
* for {@link #getDefaultContext(boolean) getDefaultContext(true)}.
*
* @return new instance of a default SSL context initialized from system properties.
*/
public static SSLContext getDefaultContext() {
return getDefaultContext(true);
}
/**
* Get a new instance of a {@link SSLContext} configured using default configuration settings.
*
* If {@code readSystemProperties} parameter is set to {@code true}, the default SSL configuration
* is initialized from system properties.
*
* @param readSystemProperties if {@code true}, the default SSL context will be initialized using
* system properties.
* @return new instance of a default SSL context initialized from system properties.
*/
public static SSLContext getDefaultContext(boolean readSystemProperties) {
if (readSystemProperties) {
return new SslConfigurator(true).createSSLContext();
} else {
return DEFAULT_CONFIG_NO_PROPS.createSSLContext();
}
}
/**
* Get a new & initialized SSL configurator instance. The the instantiated configurator will be empty.
*
* @return new & initialized SSL configurator instance.
*/
public static SslConfigurator newInstance() {
return new SslConfigurator(false);
}
/**
* Get a new SSL configurator instance.
*
* @param readSystemProperties if {@code true}, {@link #retrieve() Retrieves} the initial configuration from
* {@link System#getProperty(String)}}, otherwise the instantiated configurator will
* be empty.
* @return new SSL configurator instance.
*/
public static SslConfigurator newInstance(boolean readSystemProperties) {
return new SslConfigurator(readSystemProperties);
}
private SslConfigurator(boolean readSystemProperties) {
if (readSystemProperties) {
retrieve();
}
}
private SslConfigurator(SslConfigurator that) {
this.keyStore = that.keyStore;
this.trustStore = that.trustStore;
this.trustStoreProvider = that.trustStoreProvider;
this.keyStoreProvider = that.keyStoreProvider;
this.trustStoreType = that.trustStoreType;
this.keyStoreType = that.keyStoreType;
this.trustStorePass = that.trustStorePass;
this.keyStorePass = that.keyStorePass;
this.keyPass = that.keyPass;
this.trustStoreFile = that.trustStoreFile;
this.keyStoreFile = that.keyStoreFile;
this.keyStoreUrl = that.keyStoreUrl;
this.trustStoreUrl = that.trustStoreUrl;
this.trustStoreBytes = that.trustStoreBytes;
this.keyStoreBytes = that.keyStoreBytes;
this.trustManagerFactoryAlgorithm = that.trustManagerFactoryAlgorithm;
this.keyManagerFactoryAlgorithm = that.keyManagerFactoryAlgorithm;
this.trustManagerFactoryProvider = that.trustManagerFactoryProvider;
this.keyManagerFactoryProvider = that.keyManagerFactoryProvider;
this.securityProtocol = that.securityProtocol;
}
/**
* Create a copy of the current SSL configurator instance.
*
* @return copy of the current SSL configurator instance
*/
public SslConfigurator copy() {
return new SslConfigurator(this);
}
/**
* Set the trust store provider name.
*
* @param trustStoreProvider trust store provider to set.
* @return updated SSL configurator instance.
*/
public SslConfigurator trustStoreProvider(String trustStoreProvider) {
this.trustStoreProvider = trustStoreProvider;
return this;
}
/**
* Set the key store provider name.
*
* @param keyStoreProvider key store provider to set.
* @return updated SSL configurator instance.
*/
public SslConfigurator keyStoreProvider(String keyStoreProvider) {
this.keyStoreProvider = keyStoreProvider;
return this;
}
/**
* Set the type of trust store.
*
* @param trustStoreType type of trust store to set.
* @return updated SSL configurator instance.
*/
public SslConfigurator trustStoreType(String trustStoreType) {
this.trustStoreType = trustStoreType;
return this;
}
/**
* Set the type of key store.
*
* @param keyStoreType type of key store to set.
* @return updated SSL configurator instance.
*/
public SslConfigurator keyStoreType(String keyStoreType) {
this.keyStoreType = keyStoreType;
return this;
}
/**
* Set the password of trust store.
*
* @param password password of trust store to set.
* @return updated SSL configurator instance.
*/
public SslConfigurator trustStorePassword(String password) {
this.trustStorePass = password.toCharArray();
return this;
}
/**
* Set the password of key store.
*
* @param password password of key store to set.
* @return updated SSL configurator instance.
*/
public SslConfigurator keyStorePassword(String password) {
this.keyStorePass = password.toCharArray();
return this;
}
/**
* Set the password of key store.
*
* @param password password of key store to set.
* @return updated SSL configurator instance.
*/
public SslConfigurator keyStorePassword(char[] password) {
this.keyStorePass = password.clone();
return this;
}
/**
* Set the password of the key in the key store.
*
* @param password password of key to set.
* @return updated SSL configurator instance.
*/
public SslConfigurator keyPassword(String password) {
this.keyPass = password.toCharArray();
return this;
}
/**
* Set the password of the key in the key store.
*
* @param password password of key to set.
* @return updated SSL configurator instance.
*/
public SslConfigurator keyPassword(char[] password) {
this.keyPass = password.clone();
return this;
}
/**
* Set the trust store file name.
*
* Setting a trust store instance resets any {@link #trustStore(java.security.KeyStore) trust store instance},
* {@link #trustStoreBytes(byte[]) trust store payload} or {@link #trustStoreUrl(URL) trust store url}
* value previously set.
*
*
* @param fileName {@link java.io.File file} name of the trust store.
* @return updated SSL configurator instance.
*/
public SslConfigurator trustStoreFile(String fileName) {
this.trustStoreFile = fileName;
this.trustStoreBytes = null;
this.trustStoreUrl = null;
this.trustStore = null;
return this;
}
/**
* Set the trust store file url.
*
* Setting a trust store instance resets any {@link #trustStore(java.security.KeyStore) trust store instance},
* {@link #trustStoreBytes(byte[]) trust store payload} or {@link #trustStoreUrl(URL) trust store url}
* value previously set.
*
*
* @param url {@link java.net.URL url} link of the trust store.
* @return updated SSL configurator instance.
*/
public SslConfigurator trustStoreUrl(URL url) {
this.trustStoreFile = null;
this.trustStoreBytes = null;
this.trustStoreUrl = url;
this.trustStore = null;
return this;
}
/**
* Set the trust store payload as byte array.
*
* Setting a trust store instance resets any {@link #trustStoreFile(String) trust store file},
* {@link #trustStore(java.security.KeyStore) trust store instance} or {@link #trustStoreUrl(URL) trust store url}
* value previously set.
*
*
* @param payload trust store payload.
* @return updated SSL configurator instance.
*/
public SslConfigurator trustStoreBytes(byte[] payload) {
this.trustStoreBytes = payload.clone();
this.trustStoreFile = null;
this.trustStoreUrl = null;
this.trustStore = null;
return this;
}
/**
* Set the key store file name.
*
* Setting a key store instance resets any {@link #keyStore(java.security.KeyStore) key store instance},
* {@link #keyStoreBytes(byte[]) key store payload} or {@link #keyStoreUrl(URL) key store url} value previously set.
*
*
* @param fileName {@link java.io.File file} name of the key store.
* @return updated SSL configurator instance.
*/
public SslConfigurator keyStoreFile(String fileName) {
this.keyStoreFile = fileName;
this.keyStoreUrl = null;
this.keyStoreBytes = null;
this.keyStore = null;
return this;
}
/**
* Set the key store url.
*
* Setting a key store instance resets any {@link #keyStore(java.security.KeyStore) key store instance},
* {@link #keyStoreBytes(byte[]) key store payload} or {@link #keyStoreFile(String) key store file}
* value previously set.
*
*
* @param url {@link java.net.URL url} of the key store.
* @return updated SSL configurator instance.
*/
public SslConfigurator keyStoreUrl(URL url) {
this.keyStoreFile = null;
this.keyStoreUrl = url;
this.keyStoreBytes = null;
this.keyStore = null;
return this;
}
/**
* Set the key store payload as byte array.
*
* Setting a key store instance resets any {@link #keyStoreFile(String) key store file},
* {@link #keyStore(java.security.KeyStore) key store instance} or {@link #keyStoreUrl(URL) key store url}
* value previously set.
*
*
* @param payload key store payload.
* @return updated SSL configurator instance.
*/
public SslConfigurator keyStoreBytes(byte[] payload) {
this.keyStoreBytes = payload.clone();
this.keyStoreUrl = null;
this.keyStoreFile = null;
this.keyStore = null;
return this;
}
/**
* Set the trust manager factory algorithm.
*
* @param algorithm the trust manager factory algorithm.
* @return updated SSL configurator instance.
*/
public SslConfigurator trustManagerFactoryAlgorithm(String algorithm) {
this.trustManagerFactoryAlgorithm = algorithm;
return this;
}
/**
* Set the key manager factory algorithm.
*
* @param algorithm the key manager factory algorithm.
* @return updated SSL configurator instance.
*/
public SslConfigurator keyManagerFactoryAlgorithm(String algorithm) {
this.keyManagerFactoryAlgorithm = algorithm;
return this;
}
/**
* Set the trust manager factory provider.
*
* @param provider the trust manager factory provider.
* @return updated SSL configurator instance.
*/
public SslConfigurator trustManagerFactoryProvider(String provider) {
this.trustManagerFactoryProvider = provider;
return this;
}
/**
* Set the key manager factory provider.
*
* @param provider the key manager factory provider.
* @return updated SSL configurator instance.
*/
public SslConfigurator keyManagerFactoryProvider(String provider) {
this.keyManagerFactoryProvider = provider;
return this;
}
/**
* Set the SSLContext protocol. The default value is {@code TLS} if this is {@code null}.
*
* @param protocol protocol for {@link javax.net.ssl.SSLContext#getProtocol()}.
* @return updated SSL configurator instance.
*/
public SslConfigurator securityProtocol(String protocol) {
this.securityProtocol = protocol;
return this;
}
/**
* Get the key store instance.
*
* @return key store instance or {@code null} if not explicitly set.
*/
KeyStore getKeyStore() {
return keyStore;
}
/**
* Set the key store instance.
*
* Setting a key store instance resets any {@link #keyStoreFile(String) key store file},
* {@link #keyStoreBytes(byte[]) key store payload} or {@link #keyStoreUrl(URL) key store url} value previously set.
*
*
* @param keyStore key store instance.
* @return updated SSL configurator instance.
*/
public SslConfigurator keyStore(KeyStore keyStore) {
this.keyStore = keyStore;
this.keyStoreFile = null;
this.keyStoreBytes = null;
this.keyStoreUrl = null;
return this;
}
/**
* Get the trust store instance.
*
* @return trust store instance or {@code null} if not explicitly set.
*/
KeyStore getTrustStore() {
return trustStore;
}
/**
* Set the trust store instance.
*
* Setting a trust store instance resets any {@link #trustStoreFile(String) trust store file},
* {@link #trustStoreBytes(byte[]) trust store payload} or {@link #trustStoreUrl(URL) trust store url} value previously set.
*
* @param trustStore trust store instance.
* @return updated SSL configurator instance.
*/
public SslConfigurator trustStore(KeyStore trustStore) {
this.trustStore = trustStore;
this.trustStoreUrl = null;
this.trustStoreFile = null;
this.trustStoreBytes = null;
return this;
}
/**
* Create new SSL context instance using the current SSL context configuration.
*
* @return newly configured SSL context instance.
*/
public SSLContext createSSLContext() {
TrustManagerFactory trustManagerFactory = null;
KeyManagerFactory keyManagerFactory = null;
KeyStore _keyStore = keyStore;
if (_keyStore == null && (keyStoreBytes != null || keyStoreFile != null || keyStoreUrl != null)) {
try {
if (keyStoreProvider != null) {
_keyStore = KeyStore.getInstance(
keyStoreType != null ? keyStoreType : KeyStore.getDefaultType(), keyStoreProvider);
} else {
_keyStore = KeyStore.getInstance(keyStoreType != null ? keyStoreType : KeyStore.getDefaultType());
}
InputStream keyStoreInputStream = null;
try {
if (keyStoreBytes != null) {
keyStoreInputStream = new ByteArrayInputStream(keyStoreBytes);
} else if (keyStoreUrl != null) {
keyStoreInputStream = keyStoreUrl.openStream();
} else if (!keyStoreFile.equals("NONE")) {
keyStoreInputStream = Files.newInputStream(new File(keyStoreFile).toPath());
}
_keyStore.load(keyStoreInputStream, keyStorePass);
} finally {
try {
if (keyStoreInputStream != null) {
keyStoreInputStream.close();
}
} catch (IOException ignored) {
}
}
} catch (KeyStoreException e) {
throw new IllegalStateException(LocalizationMessages.SSL_KS_IMPL_NOT_FOUND(), e);
} catch (CertificateException e) {
throw new IllegalStateException(LocalizationMessages.SSL_KS_CERT_LOAD_ERROR(), e);
} catch (FileNotFoundException e) {
throw new IllegalStateException(LocalizationMessages.SSL_KS_FILE_NOT_FOUND(keyStoreFile), e);
} catch (IOException e) {
throw new IllegalStateException(LocalizationMessages.SSL_KS_LOAD_ERROR(keyStoreFile), e);
} catch (NoSuchProviderException e) {
throw new IllegalStateException(LocalizationMessages.SSL_KS_PROVIDERS_NOT_REGISTERED(), e);
} catch (NoSuchAlgorithmException e) {
throw new IllegalStateException(LocalizationMessages.SSL_KS_INTEGRITY_ALGORITHM_NOT_FOUND(), e);
}
}
if (_keyStore != null) {
String kmfAlgorithm = keyManagerFactoryAlgorithm;
if (kmfAlgorithm == null) {
kmfAlgorithm = AccessController.doPrivileged(PropertiesHelper.getSystemProperty(
KEY_MANAGER_FACTORY_ALGORITHM, KeyManagerFactory.getDefaultAlgorithm()));
}
try {
if (keyManagerFactoryProvider != null) {
keyManagerFactory = KeyManagerFactory.getInstance(kmfAlgorithm, keyManagerFactoryProvider);
} else {
keyManagerFactory = KeyManagerFactory.getInstance(kmfAlgorithm);
}
final char[] password = keyPass != null ? keyPass : keyStorePass;
if (password != null) {
keyManagerFactory.init(_keyStore, password);
} else {
String ksName =
keyStoreProvider != null ? LocalizationMessages.SSL_KMF_NO_PASSWORD_FOR_PROVIDER_BASED_KS()
: keyStoreBytes != null ? LocalizationMessages.SSL_KMF_NO_PASSWORD_FOR_BYTE_BASED_KS()
: keyStoreFile;
LOGGER.config(LocalizationMessages.SSL_KMF_NO_PASSWORD_SET(ksName));
keyManagerFactory = null;
}
} catch (KeyStoreException e) {
throw new IllegalStateException(LocalizationMessages.SSL_KMF_INIT_FAILED(), e);
} catch (UnrecoverableKeyException e) {
throw new IllegalStateException(LocalizationMessages.SSL_KMF_UNRECOVERABLE_KEY(), e);
} catch (NoSuchAlgorithmException e) {
throw new IllegalStateException(LocalizationMessages.SSL_KMF_ALGORITHM_NOT_SUPPORTED(), e);
} catch (NoSuchProviderException e) {
throw new IllegalStateException(LocalizationMessages.SSL_KMF_PROVIDER_NOT_REGISTERED(), e);
}
}
KeyStore _trustStore = trustStore;
if (_trustStore == null && (trustStoreBytes != null || trustStoreFile != null || trustStoreUrl != null)) {
try {
if (trustStoreProvider != null) {
_trustStore = KeyStore.getInstance(
trustStoreType != null ? trustStoreType : KeyStore.getDefaultType(), trustStoreProvider);
} else {
_trustStore =
KeyStore.getInstance(trustStoreType != null ? trustStoreType : KeyStore.getDefaultType());
}
InputStream trustStoreInputStream = null;
try {
if (trustStoreBytes != null) {
trustStoreInputStream = new ByteArrayInputStream(trustStoreBytes);
} else if (trustStoreUrl != null) {
trustStoreInputStream = trustStoreUrl.openStream();
} else if (!trustStoreFile.equals("NONE")) {
trustStoreInputStream = Files.newInputStream(new File(trustStoreFile).toPath());
}
_trustStore.load(trustStoreInputStream, trustStorePass);
} finally {
try {
if (trustStoreInputStream != null) {
trustStoreInputStream.close();
}
} catch (IOException ignored) {
}
}
} catch (KeyStoreException e) {
throw new IllegalStateException(LocalizationMessages.SSL_TS_IMPL_NOT_FOUND(), e);
} catch (CertificateException e) {
throw new IllegalStateException(LocalizationMessages.SSL_TS_CERT_LOAD_ERROR(), e);
} catch (FileNotFoundException e) {
throw new IllegalStateException(LocalizationMessages.SSL_TS_FILE_NOT_FOUND(trustStoreFile), e);
} catch (IOException e) {
throw new IllegalStateException(LocalizationMessages.SSL_TS_LOAD_ERROR(trustStoreFile), e);
} catch (NoSuchProviderException e) {
throw new IllegalStateException(LocalizationMessages.SSL_TS_PROVIDERS_NOT_REGISTERED(), e);
} catch (NoSuchAlgorithmException e) {
throw new IllegalStateException(LocalizationMessages.SSL_TS_INTEGRITY_ALGORITHM_NOT_FOUND(), e);
}
}
if (_trustStore != null) {
String tmfAlgorithm = trustManagerFactoryAlgorithm;
if (tmfAlgorithm == null) {
tmfAlgorithm = AccessController.doPrivileged(PropertiesHelper.getSystemProperty(
TRUST_MANAGER_FACTORY_ALGORITHM, TrustManagerFactory.getDefaultAlgorithm()));
}
try {
if (trustManagerFactoryProvider != null) {
trustManagerFactory = TrustManagerFactory.getInstance(tmfAlgorithm, trustManagerFactoryProvider);
} else {
trustManagerFactory = TrustManagerFactory.getInstance(tmfAlgorithm);
}
trustManagerFactory.init(_trustStore);
} catch (KeyStoreException e) {
throw new IllegalStateException(LocalizationMessages.SSL_TMF_INIT_FAILED(), e);
} catch (NoSuchAlgorithmException e) {
throw new IllegalStateException(LocalizationMessages.SSL_TMF_ALGORITHM_NOT_SUPPORTED(), e);
} catch (NoSuchProviderException e) {
throw new IllegalStateException(LocalizationMessages.SSL_TMF_PROVIDER_NOT_REGISTERED(), e);
}
}
try {
String secProtocol = "TLS";
if (securityProtocol != null) {
secProtocol = securityProtocol;
}
final SSLContext sslContext = SSLContext.getInstance(secProtocol);
sslContext.init(
keyManagerFactory != null ? keyManagerFactory.getKeyManagers() : null,
trustManagerFactory != null ? trustManagerFactory.getTrustManagers() : null,
null);
return sslContext;
} catch (KeyManagementException e) {
throw new IllegalStateException(LocalizationMessages.SSL_CTX_INIT_FAILED(), e);
} catch (NoSuchAlgorithmException e) {
throw new IllegalStateException(LocalizationMessages.SSL_CTX_ALGORITHM_NOT_SUPPORTED(), e);
}
}
/**
* Retrieve the SSL context configuration from the supplied properties.
*
* @param props properties containing the SSL context configuration.
* @return updated SSL configurator instance.
*/
public SslConfigurator retrieve(Properties props) {
trustStoreProvider = props.getProperty(TRUST_STORE_PROVIDER);
keyStoreProvider = props.getProperty(KEY_STORE_PROVIDER);
trustManagerFactoryProvider = props.getProperty(TRUST_MANAGER_FACTORY_PROVIDER);
keyManagerFactoryProvider = props.getProperty(KEY_MANAGER_FACTORY_PROVIDER);
trustStoreType = props.getProperty(TRUST_STORE_TYPE);
keyStoreType = props.getProperty(KEY_STORE_TYPE);
if (props.getProperty(TRUST_STORE_PASSWORD) != null) {
trustStorePass = props.getProperty(TRUST_STORE_PASSWORD).toCharArray();
} else {
trustStorePass = null;
}
if (props.getProperty(KEY_STORE_PASSWORD) != null) {
keyStorePass = props.getProperty(KEY_STORE_PASSWORD).toCharArray();
} else {
keyStorePass = null;
}
trustStoreFile = props.getProperty(TRUST_STORE_FILE);
keyStoreFile = props.getProperty(KEY_STORE_FILE);
keyStoreUrl = null;
trustStoreUrl = null;
trustStoreBytes = null;
keyStoreBytes = null;
trustStore = null;
keyStore = null;
securityProtocol = "TLS";
return this;
}
/**
* Retrieve the SSL context configuration from the system properties.
*
* @return updated SSL configurator instance.
*/
public SslConfigurator retrieve() {
trustStoreProvider = AccessController.doPrivileged(
PropertiesHelper.getSystemProperty(TRUST_STORE_PROVIDER));
keyStoreProvider = AccessController.doPrivileged(
PropertiesHelper.getSystemProperty(KEY_STORE_PROVIDER));
trustManagerFactoryProvider = AccessController.doPrivileged(
PropertiesHelper.getSystemProperty(TRUST_MANAGER_FACTORY_PROVIDER));
keyManagerFactoryProvider = AccessController.doPrivileged(
PropertiesHelper.getSystemProperty(KEY_MANAGER_FACTORY_PROVIDER));
trustStoreType = AccessController.doPrivileged(PropertiesHelper.getSystemProperty(TRUST_STORE_TYPE));
keyStoreType = AccessController.doPrivileged(PropertiesHelper.getSystemProperty(KEY_STORE_TYPE));
final String trustStorePassword = AccessController.doPrivileged(
PropertiesHelper.getSystemProperty(TRUST_STORE_PASSWORD));
if (trustStorePassword != null) {
trustStorePass = trustStorePassword.toCharArray();
} else {
trustStorePass = null;
}
final String keyStorePassword = AccessController.doPrivileged(
PropertiesHelper.getSystemProperty(KEY_STORE_PASSWORD));
if (keyStorePassword != null) {
keyStorePass = keyStorePassword.toCharArray();
} else {
keyStorePass = null;
}
trustStoreFile = AccessController.doPrivileged(PropertiesHelper.getSystemProperty(TRUST_STORE_FILE));
keyStoreFile = AccessController.doPrivileged(PropertiesHelper.getSystemProperty(KEY_STORE_FILE));
trustStoreUrl = null;
keyStoreUrl = null;
trustStoreBytes = null;
keyStoreBytes = null;
trustStore = null;
keyStore = null;
securityProtocol = "TLS";
return this;
}
@Override
public boolean equals(Object o) {
if (this == o) {
return true;
}
if (o == null || getClass() != o.getClass()) {
return false;
}
SslConfigurator that = (SslConfigurator) o;
return Objects.equals(keyStore, that.keyStore)
&& Objects.equals(trustStore, that.trustStore)
&& Objects.equals(trustStoreProvider, that.trustStoreProvider)
&& Objects.equals(keyStoreProvider, that.keyStoreProvider)
&& Objects.equals(trustStoreType, that.trustStoreType)
&& Objects.equals(keyStoreType, that.keyStoreType)
&& Arrays.equals(trustStorePass, that.trustStorePass)
&& Arrays.equals(keyStorePass, that.keyStorePass)
&& Arrays.equals(keyPass, that.keyPass)
&& Objects.equals(trustStoreFile, that.trustStoreFile)
&& Objects.equals(keyStoreFile, that.keyStoreFile)
&& Objects.equals(trustStoreUrl, that.trustStoreUrl)
&& Objects.equals(keyStoreUrl, that.keyStoreUrl)
&& Arrays.equals(trustStoreBytes, that.trustStoreBytes)
&& Arrays.equals(keyStoreBytes, that.keyStoreBytes)
&& Objects.equals(trustManagerFactoryAlgorithm, that.trustManagerFactoryAlgorithm)
&& Objects.equals(keyManagerFactoryAlgorithm, that.keyManagerFactoryAlgorithm)
&& Objects.equals(trustManagerFactoryProvider, that.trustManagerFactoryProvider)
&& Objects.equals(keyManagerFactoryProvider, that.keyManagerFactoryProvider)
&& Objects.equals(securityProtocol, that.securityProtocol);
}
@Override
public int hashCode() {
int result = Objects.hash(keyStore, trustStore, trustStoreProvider, keyStoreProvider, trustStoreType, keyStoreType,
trustStoreFile, keyStoreFile, trustStoreUrl, keyStoreUrl, trustManagerFactoryAlgorithm,
keyManagerFactoryAlgorithm, trustManagerFactoryProvider, keyManagerFactoryProvider, securityProtocol,
trustStorePass, keyStorePass, keyPass, trustStoreBytes, keyStoreBytes);
return result;
}
}