From 43e57a42832ea8b4ceb0317f3c9028a4174ffa7b Mon Sep 17 00:00:00 2001 From: mcentner Date: Wed, 8 Aug 2007 07:25:32 +0000 Subject: Adapted project directory structure to suit the new maven based build process. git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@909 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../java/at/gv/egovernment/moa/util/SSLUtils.java | 221 +++++++++++++++++++++ 1 file changed, 221 insertions(+) create mode 100644 common/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java (limited to 'common/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java') diff --git a/common/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java b/common/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java new file mode 100644 index 000000000..ada21b412 --- /dev/null +++ b/common/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java @@ -0,0 +1,221 @@ +package at.gv.egovernment.moa.util; + +import java.io.IOException; +import java.io.InputStream; +import java.security.GeneralSecurityException; +import java.security.KeyStore; + +import javax.net.ssl.KeyManager; +import javax.net.ssl.KeyManagerFactory; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.TrustManager; +import javax.net.ssl.TrustManagerFactory; + +/** + * Utility for connecting to server applications via SSL. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class SSLUtils { + + /** + * Creates an SSLSocketFactory which utilizes the given trust store. + * + * @param trustStoreType key store type of trust store + * @param trustStoreInputStream input stream for reading JKS trust store containing + * trusted server certificates; if null, the default + * trust store will be utilized + * @param trustStorePassword if provided, it will be used to check + * the integrity of the trust store; if omitted, it will not be checked + * @return SSLSocketFactory to be used by an HttpsURLConnection + * @throws IOException thrown while reading from the input stream + * @throws GeneralSecurityException thrown while creating the socket factory + */ + public static SSLSocketFactory getSSLSocketFactory( + String trustStoreType, + InputStream trustStoreInputStream, + String trustStorePassword) + throws IOException, GeneralSecurityException { + + TrustManager[] tms = getTrustManagers(trustStoreType, trustStoreInputStream, trustStorePassword); + SSLContext ctx = SSLContext.getInstance("TLS"); + ctx.init(null, tms, null); + + SSLSocketFactory sf = ctx.getSocketFactory(); + return sf; + } + /** + * Creates an SSLSocketFactory which utilizes the + * given trust store and keystore. + * + * @param trustStore trust store containing trusted server certificates; + * if null, the default trust store will be utilized + * @param clientKeyStoreType key store type of clientKeyStore + * @param clientKeyStoreURL URL of key store containing keys to be used for + * client authentication; if null, the default key store will be utilized + * @param clientKeyStorePassword if provided, it will be used to check + * the integrity of the client key store; if omitted, it will not be checked + * @return SSLSocketFactory to be used by an HttpsURLConnection + * @throws IOException thrown while reading key store file + * @throws GeneralSecurityException thrown while creating the socket factory + */ + public static SSLSocketFactory getSSLSocketFactory( + KeyStore trustStore, + String clientKeyStoreType, + String clientKeyStoreURL, + String clientKeyStorePassword) + throws IOException, GeneralSecurityException { + + SSLContext ctx = getSSLContext( + trustStore, clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword); + SSLSocketFactory sf = ctx.getSocketFactory(); + return sf; + } + /** + * Creates an SSLContext initialized for the + * given trust store and keystore. + * + * @param trustStore trust store containing trusted server certificates; + * if null, the default trust store will be utilized + * @param clientKeyStoreType key store type of clientKeyStore + * @param clientKeyStoreURL URL of key store containing keys to be used for + * client authentication; if null, the default key store will be utilized + * @param clientKeyStorePassword if provided, it will be used to check + * the integrity of the client key store; if omitted, it will not be checked + * @return SSLContext to be used for creating an SSLSocketFactory + * @throws IOException thrown while reading key store file + * @throws GeneralSecurityException thrown while creating the SSL context + */ + public static SSLContext getSSLContext( + KeyStore trustStore, + String clientKeyStoreType, + String clientKeyStoreURL, + String clientKeyStorePassword) + throws IOException, GeneralSecurityException { + + //System.setProperty("javax.net.debug", "all"); + TrustManager[] tms = getTrustManagers(trustStore); + KeyManager[] kms = getKeyManagers(clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword); + SSLContext ctx = SSLContext.getInstance("TLS"); + ctx.init(kms, tms, null); + return ctx; + } + /** + * Loads the trust store from an input stream and gets the + * TrustManagers from a default TrustManagerFactory, + * initialized from the given trust store. + * @param trustStoreType key store type of trust store + * @param trustStoreInputStream input stream for reading JKS trust store containing + * trusted server certificates; if null, the default + * trust store will be utilized + * @param trustStorePassword if provided, it will be used to check + * the integrity of the trust store; if omitted, it will not be checked + * @return TrustManagers to be used for creating an + * SSLSocketFactory utilizing the given trust store + * @throws IOException thrown while reading from the input stream + * @throws GeneralSecurityException thrown while initializing the + * default TrustManagerFactory + */ + protected static TrustManager[] getTrustManagers( + String trustStoreType, + InputStream trustStoreInputStream, + String trustStorePassword) + throws IOException, GeneralSecurityException { + + if (trustStoreInputStream == null) + return null; + + // Set up the TrustStore to use. We need to load the file into + // a KeyStore instance. + KeyStore trustStore = KeyStoreUtils.loadKeyStore(trustStoreType, trustStoreInputStream, trustStorePassword); + return getTrustManagers(trustStore); + } + /** + * Gets the TrustManagers from a default TrustManagerFactory, + * initialized from the given trust store. + * + * @param trustStore the trust store to use + * @return TrustManagers to be used for creating an + * SSLSocketFactory utilizing the given trust store + * @throws GeneralSecurityException thrown while initializing the + * default TrustManagerFactory + */ + protected static TrustManager[] getTrustManagers(KeyStore trustStore) + throws GeneralSecurityException { + + if (trustStore == null) + return null; + + // Initialize the default TrustManagerFactory with this KeyStore + String alg=TrustManagerFactory.getDefaultAlgorithm(); + TrustManagerFactory tmFact=TrustManagerFactory.getInstance(alg); + tmFact.init(trustStore); + + // And now get the TrustManagers + TrustManager[] tms=tmFact.getTrustManagers(); + return tms; + } + /** + * Loads the client key store from file and gets the + * KeyManagers from a default KeyManagerFactory, + * initialized from the given client key store. + * @param clientKeyStoreType key store type of clientKeyStore + * @param clientKeyStoreURL URL of key store containing keys to be used for + * client authentication; if null, the default key store will be utilized + * @param clientKeyStorePassword password used to check the integrity of the client key store; + * if null, it will not be checked + * @return KeyManagers to be used for creating an + * SSLSocketFactory utilizing the given client key store + * @throws IOException thrown while reading from the key store file + * @throws GeneralSecurityException thrown while initializing the + * default KeyManagerFactory + */ + public static KeyManager[] getKeyManagers ( + String clientKeyStoreType, + String clientKeyStoreURL, + String clientKeyStorePassword) + throws IOException, GeneralSecurityException { + + if (clientKeyStoreURL == null) + return null; + + // Set up the KeyStore to use. We need to load the file into + // a KeyStore instance. + KeyStore clientKeyStore = KeyStoreUtils.loadKeyStore( + clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword); + return getKeyManagers(clientKeyStore, clientKeyStorePassword); + } + /** + * Gets the KeyManagers from a default KeyManagerFactory, + * initialized from the given client key store. + * @param clientKeyStore client key store + * @param clientKeyStorePassword if provided, it will be used to check + * the integrity of the client key store; if omitted, it will not be checked + * @return KeyManagers to be used for creating an + * SSLSocketFactory utilizing the given client key store + * @throws GeneralSecurityException thrown while initializing the + * default KeyManagerFactory + */ + public static KeyManager[] getKeyManagers ( + KeyStore clientKeyStore, + String clientKeyStorePassword) + throws GeneralSecurityException { + + if (clientKeyStore == null) + return null; + + // Now we initialize the default KeyManagerFactory with this KeyStore + String alg=KeyManagerFactory.getDefaultAlgorithm(); + KeyManagerFactory kmFact=KeyManagerFactory.getInstance(alg); + char[] password = null; + if (clientKeyStorePassword != null) + password = clientKeyStorePassword.toCharArray(); + kmFact.init(clientKeyStore, password); + + // And now get the KeyManagers + KeyManager[] kms=kmFact.getKeyManagers(); + return kms; + } +} -- cgit v1.2.3 From afcd856e186b9fd5d8dfcb0f3e6f3599ca920b51 Mon Sep 17 00:00:00 2001 From: mcentner Date: Thu, 28 Aug 2008 07:55:59 +0000 Subject: Added copyright and license header to all java source files. git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1087 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../main/java/at/gv/egovernment/moa/util/SSLUtils.java | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'common/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java') diff --git a/common/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java b/common/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java index ada21b412..6d6aedb22 100644 --- a/common/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java +++ b/common/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.util; import java.io.IOException; -- cgit v1.2.3 From fa30b5b2a26a6df4e56a81283761c35ef81770e3 Mon Sep 17 00:00:00 2001 From: kstranacher Date: Tue, 13 Jul 2010 06:25:09 +0000 Subject: git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1166 d688527b-c9ab-4aba-bd8d-4036d912da1d --- common/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'common/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java') diff --git a/common/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java b/common/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java index 6d6aedb22..a7937b1bd 100644 --- a/common/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java +++ b/common/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java @@ -110,8 +110,7 @@ public class SSLUtils { String clientKeyStorePassword) throws IOException, GeneralSecurityException { - //System.setProperty("javax.net.debug", "all"); - TrustManager[] tms = getTrustManagers(trustStore); + TrustManager[] tms = getTrustManagers(trustStore); KeyManager[] kms = getKeyManagers(clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword); SSLContext ctx = SSLContext.getInstance("TLS"); ctx.init(kms, tms, null); -- cgit v1.2.3