aboutsummaryrefslogtreecommitdiff
path: root/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2019-02-04 08:58:10 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2019-02-04 08:58:10 +0100
commita917335ea69ab857f00bd17679e259fcc215cad9 (patch)
tree2aff94e138b0a88d68e10a057071a7cd289978f1 /id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
parent9ddeacf32976d14c3f2f70ec446262998eb8a68e (diff)
downloadmoa-id-spss-a917335ea69ab857f00bd17679e259fcc215cad9.tar.gz
moa-id-spss-a917335ea69ab857f00bd17679e259fcc215cad9.tar.bz2
moa-id-spss-a917335ea69ab857f00bd17679e259fcc215cad9.zip
update SSLUtils to use default JVM trustStore for SSL connections as optional
Diffstat (limited to 'id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java')
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java44
1 files changed, 35 insertions, 9 deletions
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
index e6efca4ea..a96daead3 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
@@ -108,8 +108,29 @@ public class SSLUtils {
}
}
+ /**
+ * Get SSLSocketFactory with TrustStore and KeyStore implementations
+ *
+ * @param url URL of the Service that should be connected
+ * @param useStandardJavaTrustStore Flag to use standard JVM truststore
+ * @param certStoreRootDirParam Path to certStore, if own truststore is used
+ * @param trustStoreURL Path to truststore, if own truststore is used
+ * @param acceptedServerCertURL Path to whitelist with EE-Server certificats, if own truststore is used
+ * @param chainingMode PKIX-Mode or Onion-Model for certificate validation, if own truststore is used
+ * @param checkRevocation Flag to activate or deactivate revocation checks, if own truststore is used
+ * @param revocationMethodOrder Revocation check order (CLR, OCSP), if own truststore is used
+ * @param clientKeyStoreURL Path to KeyStore for SSL Client-Authentication, or null
+ * @param clientKeyStorePassword KeyStore password
+ * @param clientKeyStoreType KeyStore type
+ * @return
+ * @throws IOException
+ * @throws GeneralSecurityException
+ * @throws SSLConfigurationException
+ * @throws PKIException
+ */
public static SSLSocketFactory getSSLSocketFactory(
- String url,
+ String url,
+ boolean useStandardJavaTrustStore,
String certStoreRootDirParam,
String trustStoreURL,
String acceptedServerCertURL,
@@ -130,14 +151,19 @@ public class SSLUtils {
return ssf;
}
-
- TrustManager[] tms = getTrustManagers(
- certStoreRootDirParam,
- chainingMode,
- trustStoreURL,
- acceptedServerCertURL,
- checkRevocation,
- revocationMethodOrder);
+
+ //initialize own trust-store implementation
+ TrustManager[] tms = null;
+ if (useStandardJavaTrustStore) {
+ tms = getTrustManagers(
+ certStoreRootDirParam,
+ chainingMode,
+ trustStoreURL,
+ acceptedServerCertURL,
+ checkRevocation,
+ revocationMethodOrder);
+
+ }
KeyManager[] kms = getKeyManagers(
clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-18 17:42:14 +0000