1 | |
|
2 | |
|
3 | |
|
4 | |
|
5 | |
|
6 | |
|
7 | |
|
8 | |
|
9 | |
|
10 | |
|
11 | |
|
12 | |
|
13 | |
|
14 | |
|
15 | |
|
16 | |
|
17 | |
|
18 | |
|
19 | |
|
20 | |
|
21 | |
|
22 | |
|
23 | |
|
24 | |
|
25 | |
|
26 | |
|
27 | |
|
28 | |
|
29 | |
|
30 | |
|
31 | |
|
32 | |
|
33 | |
|
34 | |
|
35 | |
|
36 | |
|
37 | |
|
38 | |
|
39 | |
package com.sun.grizzly; |
40 | |
|
41 | |
import java.io.FileInputStream; |
42 | |
import java.io.FileNotFoundException; |
43 | |
import java.io.IOException; |
44 | |
import java.security.KeyManagementException; |
45 | |
import java.security.KeyStore; |
46 | |
import java.security.KeyStoreException; |
47 | |
import java.security.NoSuchAlgorithmException; |
48 | |
import java.security.UnrecoverableKeyException; |
49 | |
import java.security.cert.CertificateException; |
50 | |
import java.util.Properties; |
51 | |
import java.util.logging.Level; |
52 | |
import java.util.logging.Logger; |
53 | |
import javax.net.ssl.KeyManagerFactory; |
54 | |
import javax.net.ssl.SSLContext; |
55 | |
import javax.net.ssl.TrustManagerFactory; |
56 | |
|
57 | |
|
58 | |
|
59 | |
|
60 | |
|
61 | |
|
62 | |
public class SSLConfig { |
63 | |
public static final String TRUST_STORE_FILE = "javax.net.ssl.trustStore"; |
64 | |
|
65 | |
public static final String KEY_STORE_FILE = "javax.net.ssl.keyStore"; |
66 | |
|
67 | |
public static final String TRUST_STORE_PASSWORD = "javax.net.ssl.trustStorePassword"; |
68 | |
|
69 | |
public static final String KEY_STORE_PASSWORD = "javax.net.ssl.keyStorePassword"; |
70 | |
|
71 | |
public static final String TRUST_STORE_TYPE = "javax.net.ssl.trustStoreType"; |
72 | |
|
73 | |
public static final String KEY_STORE_TYPE = "javax.net.ssl.keyStoreType"; |
74 | |
|
75 | |
|
76 | |
|
77 | |
|
78 | 1 | private static Logger logger = Logger.getLogger("grizzly"); |
79 | |
|
80 | |
|
81 | |
|
82 | |
|
83 | 1 | public static SSLConfig DEFAULT_CONFIG = new SSLConfig(); |
84 | |
|
85 | |
private String trustStoreType; |
86 | |
private String keyStoreType; |
87 | |
|
88 | |
private char[] trustStorePass; |
89 | |
|
90 | |
private char[] keyStorePass; |
91 | |
|
92 | |
private String trustStoreFile; |
93 | |
private String keyStoreFile; |
94 | |
|
95 | |
private String trustStoreAlgorithm; |
96 | |
private String keyStoreAlgorithm; |
97 | |
|
98 | |
private String securityProtocol; |
99 | |
|
100 | 6 | private boolean clientMode = false; |
101 | |
|
102 | 6 | private boolean needClientAuth = false; |
103 | |
|
104 | 6 | private boolean wantClientAuth = false; |
105 | |
|
106 | |
public SSLConfig() { |
107 | 6 | this(true); |
108 | 6 | } |
109 | |
|
110 | 6 | public SSLConfig(boolean readSystemProperties) { |
111 | 6 | if (readSystemProperties) { |
112 | 6 | retrieve(System.getProperties()); |
113 | |
} |
114 | 6 | } |
115 | |
|
116 | |
public String getTrustStoreType() { |
117 | 0 | return trustStoreType; |
118 | |
} |
119 | |
|
120 | |
public void setTrustStoreType(String trustStoreType) { |
121 | 0 | this.trustStoreType = trustStoreType; |
122 | 0 | } |
123 | |
|
124 | |
public String getKeyStoreType() { |
125 | 0 | return keyStoreType; |
126 | |
} |
127 | |
|
128 | |
public void setKeyStoreType(String keyStoreType) { |
129 | 0 | this.keyStoreType = keyStoreType; |
130 | 0 | } |
131 | |
|
132 | |
public String getTrustStorePass() { |
133 | 0 | return new String(trustStorePass); |
134 | |
} |
135 | |
|
136 | |
public void setTrustStorePass(String trustStorePass) { |
137 | 0 | this.trustStorePass = trustStorePass.toCharArray(); |
138 | 0 | } |
139 | |
|
140 | |
public String getKeyStorePass() { |
141 | 0 | return new String(keyStorePass); |
142 | |
} |
143 | |
|
144 | |
public void setKeyStorePass(String keyStorePass) { |
145 | 0 | this.keyStorePass = keyStorePass.toCharArray(); |
146 | 0 | } |
147 | |
|
148 | |
public String getTrustStoreFile() { |
149 | 5 | return trustStoreFile; |
150 | |
} |
151 | |
|
152 | |
public void setTrustStoreFile(String trustStoreFile) { |
153 | 5 | this.trustStoreFile = trustStoreFile; |
154 | 5 | } |
155 | |
|
156 | |
public String getKeyStoreFile() { |
157 | 5 | return keyStoreFile; |
158 | |
} |
159 | |
|
160 | |
public void setKeyStoreFile(String keyStoreFile) { |
161 | 5 | this.keyStoreFile = keyStoreFile; |
162 | 5 | } |
163 | |
|
164 | |
public String getTrustStoreAlgorithm() { |
165 | 0 | return trustStoreAlgorithm; |
166 | |
} |
167 | |
|
168 | |
public void setTrustStoreAlgorithm(String trustStoreAlgorithm) { |
169 | 0 | this.trustStoreAlgorithm = trustStoreAlgorithm; |
170 | 0 | } |
171 | |
|
172 | |
public String getKeyStoreAlgorithm() { |
173 | 0 | return keyStoreAlgorithm; |
174 | |
} |
175 | |
|
176 | |
public void setKeyStoreAlgorithm(String keyStoreAlgorithm) { |
177 | 0 | this.keyStoreAlgorithm = keyStoreAlgorithm; |
178 | 0 | } |
179 | |
|
180 | |
public String getSecurityProtocol() { |
181 | 0 | return securityProtocol; |
182 | |
} |
183 | |
|
184 | |
public void setSecurityProtocol(String securityProtocol) { |
185 | 0 | this.securityProtocol = securityProtocol; |
186 | 0 | } |
187 | |
|
188 | |
public boolean isNeedClientAuth() { |
189 | 0 | return needClientAuth; |
190 | |
} |
191 | |
|
192 | |
public void setNeedClientAuth(boolean needClientAuth) { |
193 | 0 | this.needClientAuth = needClientAuth; |
194 | 0 | } |
195 | |
|
196 | |
public boolean isWantClientAuth() { |
197 | 0 | return wantClientAuth; |
198 | |
} |
199 | |
|
200 | |
public void setWantClientAuth(boolean wantClientAuth) { |
201 | 0 | this.wantClientAuth = wantClientAuth; |
202 | 0 | } |
203 | |
|
204 | |
public boolean isClientMode() { |
205 | 0 | return clientMode; |
206 | |
} |
207 | |
|
208 | |
public void setClientMode(boolean clientMode) { |
209 | 0 | this.clientMode = clientMode; |
210 | 0 | } |
211 | |
|
212 | |
public SSLContext createSSLContext() { |
213 | 6 | SSLContext sslContext = null; |
214 | |
|
215 | |
try { |
216 | 6 | TrustManagerFactory trustManagerFactory = null; |
217 | 6 | KeyManagerFactory keyManagerFactory = null; |
218 | |
|
219 | 6 | if (trustStoreFile != null) { |
220 | |
try { |
221 | 6 | KeyStore trustStore = KeyStore.getInstance(trustStoreType); |
222 | 6 | trustStore.load(new FileInputStream(trustStoreFile), |
223 | |
trustStorePass); |
224 | |
|
225 | 6 | trustManagerFactory = |
226 | |
TrustManagerFactory.getInstance(trustStoreAlgorithm); |
227 | 6 | trustManagerFactory.init(trustStore); |
228 | 0 | } catch (KeyStoreException e) { |
229 | 0 | logger.log(Level.FINE, "Error initializing trust store", e); |
230 | 0 | } catch (CertificateException e) { |
231 | 0 | logger.log(Level.FINE, "Trust store certificate exception.", e); |
232 | 0 | } catch (FileNotFoundException e) { |
233 | 0 | logger.log(Level.FINE, "Can't find trust store file: " + trustStoreFile, e); |
234 | 0 | } catch (IOException e) { |
235 | 0 | logger.log(Level.FINE, "Error loading trust store from file: " + trustStoreFile, e); |
236 | 6 | } |
237 | |
} |
238 | |
|
239 | 6 | if (keyStoreFile != null) { |
240 | |
try { |
241 | 6 | KeyStore keyStore = KeyStore.getInstance(keyStoreType); |
242 | 6 | keyStore.load(new FileInputStream(keyStoreFile), |
243 | |
keyStorePass); |
244 | |
|
245 | 6 | keyManagerFactory = |
246 | |
KeyManagerFactory.getInstance(keyStoreAlgorithm); |
247 | 6 | keyManagerFactory.init(keyStore, keyStorePass); |
248 | 0 | } catch (KeyStoreException e) { |
249 | 0 | logger.log(Level.FINE, "Error initializing key store", e); |
250 | 0 | } catch (CertificateException e) { |
251 | 0 | logger.log(Level.FINE, "Key store certificate exception.", e); |
252 | 0 | } catch (UnrecoverableKeyException e) { |
253 | 0 | logger.log(Level.FINE, "Key store unrecoverable exception.", e); |
254 | 0 | } catch (FileNotFoundException e) { |
255 | 0 | logger.log(Level.FINE, "Can't find key store file: " + keyStoreFile, e); |
256 | 0 | } catch (IOException e) { |
257 | 0 | logger.log(Level.FINE, "Error loading key store from file: " + keyStoreFile, e); |
258 | 6 | } |
259 | |
} |
260 | |
|
261 | 6 | sslContext = SSLContext.getInstance(securityProtocol); |
262 | 6 | sslContext.init(keyManagerFactory != null ? keyManagerFactory.getKeyManagers() : null, |
263 | |
trustManagerFactory != null ? trustManagerFactory.getTrustManagers() : null, |
264 | |
null); |
265 | 0 | } catch (KeyManagementException e) { |
266 | 0 | logger.log(Level.FINE, "Key management error.", e); |
267 | 0 | } catch (NoSuchAlgorithmException e) { |
268 | 0 | logger.log(Level.FINE, "Error initializing algorithm.", e); |
269 | 6 | } |
270 | |
|
271 | 6 | return sslContext; |
272 | |
} |
273 | |
|
274 | |
public void retrieve(Properties props) { |
275 | 6 | trustStoreType = System.getProperty(TRUST_STORE_TYPE, "JKS"); |
276 | 6 | keyStoreType = System.getProperty(KEY_STORE_TYPE, "JKS"); |
277 | |
|
278 | 6 | trustStorePass = |
279 | |
System.getProperty(TRUST_STORE_PASSWORD, "changeit").toCharArray(); |
280 | |
|
281 | 6 | keyStorePass = |
282 | |
System.getProperty(KEY_STORE_PASSWORD, "changeit").toCharArray(); |
283 | |
|
284 | 6 | trustStoreFile = System.getProperty(TRUST_STORE_FILE); |
285 | 6 | keyStoreFile = System.getProperty(KEY_STORE_FILE); |
286 | |
|
287 | 6 | trustStoreAlgorithm = "SunX509"; |
288 | 6 | keyStoreAlgorithm = "SunX509"; |
289 | |
|
290 | 6 | securityProtocol = "TLS"; |
291 | 6 | } |
292 | |
|
293 | |
public void publish(Properties props) { |
294 | 0 | props.setProperty(TRUST_STORE_FILE, trustStoreFile); |
295 | 0 | props.setProperty(KEY_STORE_FILE, keyStoreFile); |
296 | |
|
297 | 0 | props.setProperty(TRUST_STORE_PASSWORD, new String(trustStorePass)); |
298 | 0 | props.setProperty(KEY_STORE_PASSWORD, new String(keyStorePass)); |
299 | |
|
300 | 0 | props.setProperty(TRUST_STORE_TYPE, trustStoreType); |
301 | 0 | props.setProperty(KEY_STORE_TYPE, keyStoreType); |
302 | 0 | } |
303 | |
} |