diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2019-02-27 10:08:31 +0100 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2019-02-27 10:08:31 +0100 |
commit | d23e3745dd4a40196b03f937b9ba8c4ed840a108 (patch) | |
tree | 2195fbe110c392728b3009aa545363540a94294e /id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java | |
parent | 86aa898406f539fd06129360c58c654afc62e904 (diff) | |
parent | f923a89436377f581c6e2ab6637024aa068bf9fb (diff) | |
download | moa-id-spss-d23e3745dd4a40196b03f937b9ba8c4ed840a108.tar.gz moa-id-spss-d23e3745dd4a40196b03f937b9ba8c4ed840a108.tar.bz2 moa-id-spss-d23e3745dd4a40196b03f937b9ba8c4ed840a108.zip |
Merge tag 'MOA-ID-3.4.2'
Diffstat (limited to 'id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java')
-rw-r--r-- | id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java | 44 |
1 files changed, 35 insertions, 9 deletions
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java index e6efca4ea..8aaf94fad 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java @@ -108,8 +108,29 @@ public class SSLUtils { } } + /** + * Get SSLSocketFactory with TrustStore and KeyStore implementations + * + * @param url URL of the Service that should be connected + * @param useStandardJavaTrustStore Flag to use standard JVM truststore + * @param certStoreRootDirParam Path to certStore, if own truststore is used + * @param trustStoreURL Path to truststore, if own truststore is used + * @param acceptedServerCertURL Path to whitelist with EE-Server certificats, if own truststore is used + * @param chainingMode PKIX-Mode or Onion-Model for certificate validation, if own truststore is used + * @param checkRevocation Flag to activate or deactivate revocation checks, if own truststore is used + * @param revocationMethodOrder Revocation check order (CLR, OCSP), if own truststore is used + * @param clientKeyStoreURL Path to KeyStore for SSL Client-Authentication, or null + * @param clientKeyStorePassword KeyStore password + * @param clientKeyStoreType KeyStore type + * @return + * @throws IOException + * @throws GeneralSecurityException + * @throws SSLConfigurationException + * @throws PKIException + */ public static SSLSocketFactory getSSLSocketFactory( - String url, + String url, + boolean useStandardJavaTrustStore, String certStoreRootDirParam, String trustStoreURL, String acceptedServerCertURL, @@ -130,14 +151,19 @@ public class SSLUtils { return ssf; } - - TrustManager[] tms = getTrustManagers( - certStoreRootDirParam, - chainingMode, - trustStoreURL, - acceptedServerCertURL, - checkRevocation, - revocationMethodOrder); + + //initialize own trust-store implementation + TrustManager[] tms = null; + if (!useStandardJavaTrustStore) { + tms = getTrustManagers( + certStoreRootDirParam, + chainingMode, + trustStoreURL, + acceptedServerCertURL, + checkRevocation, + revocationMethodOrder); + + } KeyManager[] kms = getKeyManagers( clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword); |