/*
* Copyright 2003 Federal Chancellery Austria
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package at.gv.egovernment.moa.util;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
/**
* Utility for connecting to server applications via SSL.
*
* @author Paul Ivancsics
* @version $Id$
*/
public class SSLUtils {
/**
* Creates an SSLSocketFactory
which utilizes the given trust store.
*
* @param trustStoreType key store type of trust store
* @param trustStoreInputStream input stream for reading JKS trust store containing
* trusted server certificates; if null
, the default
* trust store will be utilized
* @param trustStorePassword if provided, it will be used to check
* the integrity of the trust store; if omitted, it will not be checked
* @return SSLSocketFactory
to be used by an HttpsURLConnection
* @throws IOException thrown while reading from the input stream
* @throws GeneralSecurityException thrown while creating the socket factory
*/
public static SSLSocketFactory getSSLSocketFactory(
String trustStoreType,
InputStream trustStoreInputStream,
String trustStorePassword)
throws IOException, GeneralSecurityException {
TrustManager[] tms = getTrustManagers(trustStoreType, trustStoreInputStream, trustStorePassword);
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(null, tms, null);
SSLSocketFactory sf = ctx.getSocketFactory();
return sf;
}
/**
* Creates an SSLSocketFactory
which utilizes the
* given trust store and keystore.
*
* @param trustStore trust store containing trusted server certificates;
* if null
, the default trust store will be utilized
* @param clientKeyStoreType key store type of clientKeyStore
* @param clientKeyStoreURL URL of key store containing keys to be used for
* client authentication; if null
, the default key store will be utilized
* @param clientKeyStorePassword if provided, it will be used to check
* the integrity of the client key store; if omitted, it will not be checked
* @return SSLSocketFactory
to be used by an HttpsURLConnection
* @throws IOException thrown while reading key store file
* @throws GeneralSecurityException thrown while creating the socket factory
*/
public static SSLSocketFactory getSSLSocketFactory(
KeyStore trustStore,
String clientKeyStoreType,
String clientKeyStoreURL,
String clientKeyStorePassword)
throws IOException, GeneralSecurityException {
SSLContext ctx = getSSLContext(
trustStore, clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
SSLSocketFactory sf = ctx.getSocketFactory();
return sf;
}
/**
* Creates an SSLContext
initialized for the
* given trust store and keystore.
*
* @param trustStore trust store containing trusted server certificates;
* if null
, the default trust store will be utilized
* @param clientKeyStoreType key store type of clientKeyStore
* @param clientKeyStoreURL URL of key store containing keys to be used for
* client authentication; if null
, the default key store will be utilized
* @param clientKeyStorePassword if provided, it will be used to check
* the integrity of the client key store; if omitted, it will not be checked
* @return SSLContext
to be used for creating an SSLSocketFactory
* @throws IOException thrown while reading key store file
* @throws GeneralSecurityException thrown while creating the SSL context
*/
public static SSLContext getSSLContext(
KeyStore trustStore,
String clientKeyStoreType,
String clientKeyStoreURL,
String clientKeyStorePassword)
throws IOException, GeneralSecurityException {
//System.setProperty("javax.net.debug", "all");
TrustManager[] tms = getTrustManagers(trustStore);
KeyManager[] kms = getKeyManagers(clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(kms, tms, null);
return ctx;
}
/**
* Loads the trust store from an input stream and gets the
* TrustManager
s from a default TrustManagerFactory
,
* initialized from the given trust store.
* @param trustStoreType key store type of trust store
* @param trustStoreInputStream input stream for reading JKS trust store containing
* trusted server certificates; if null
, the default
* trust store will be utilized
* @param trustStorePassword if provided, it will be used to check
* the integrity of the trust store; if omitted, it will not be checked
* @return TrustManager
s to be used for creating an
* SSLSocketFactory
utilizing the given trust store
* @throws IOException thrown while reading from the input stream
* @throws GeneralSecurityException thrown while initializing the
* default TrustManagerFactory
*/
protected static TrustManager[] getTrustManagers(
String trustStoreType,
InputStream trustStoreInputStream,
String trustStorePassword)
throws IOException, GeneralSecurityException {
if (trustStoreInputStream == null)
return null;
// Set up the TrustStore to use. We need to load the file into
// a KeyStore instance.
KeyStore trustStore = KeyStoreUtils.loadKeyStore(trustStoreType, trustStoreInputStream, trustStorePassword);
return getTrustManagers(trustStore);
}
/**
* Gets the TrustManager
s from a default TrustManagerFactory
,
* initialized from the given trust store.
*
* @param trustStore the trust store to use
* @return TrustManager
s to be used for creating an
* SSLSocketFactory
utilizing the given trust store
* @throws GeneralSecurityException thrown while initializing the
* default TrustManagerFactory
*/
protected static TrustManager[] getTrustManagers(KeyStore trustStore)
throws GeneralSecurityException {
if (trustStore == null)
return null;
// Initialize the default TrustManagerFactory with this KeyStore
String alg=TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmFact=TrustManagerFactory.getInstance(alg);
tmFact.init(trustStore);
// And now get the TrustManagers
TrustManager[] tms=tmFact.getTrustManagers();
return tms;
}
/**
* Loads the client key store from file and gets the
* KeyManager
s from a default KeyManagerFactory
,
* initialized from the given client key store.
* @param clientKeyStoreType key store type of clientKeyStore
* @param clientKeyStoreURL URL of key store containing keys to be used for
* client authentication; if null
, the default key store will be utilized
* @param clientKeyStorePassword password used to check the integrity of the client key store;
* if null
, it will not be checked
* @return KeyManager
s to be used for creating an
* SSLSocketFactory
utilizing the given client key store
* @throws IOException thrown while reading from the key store file
* @throws GeneralSecurityException thrown while initializing the
* default KeyManagerFactory
*/
public static KeyManager[] getKeyManagers (
String clientKeyStoreType,
String clientKeyStoreURL,
String clientKeyStorePassword)
throws IOException, GeneralSecurityException {
if (clientKeyStoreURL == null)
return null;
// Set up the KeyStore to use. We need to load the file into
// a KeyStore instance.
KeyStore clientKeyStore = KeyStoreUtils.loadKeyStore(
clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
return getKeyManagers(clientKeyStore, clientKeyStorePassword);
}
/**
* Gets the KeyManager
s from a default KeyManagerFactory
,
* initialized from the given client key store.
* @param clientKeyStore client key store
* @param clientKeyStorePassword if provided, it will be used to check
* the integrity of the client key store; if omitted, it will not be checked
* @return KeyManager
s to be used for creating an
* SSLSocketFactory
utilizing the given client key store
* @throws GeneralSecurityException thrown while initializing the
* default KeyManagerFactory
*/
public static KeyManager[] getKeyManagers (
KeyStore clientKeyStore,
String clientKeyStorePassword)
throws GeneralSecurityException {
if (clientKeyStore == null)
return null;
// Now we initialize the default KeyManagerFactory with this KeyStore
String alg=KeyManagerFactory.getDefaultAlgorithm();
KeyManagerFactory kmFact=KeyManagerFactory.getInstance(alg);
char[] password = null;
if (clientKeyStorePassword != null)
password = clientKeyStorePassword.toCharArray();
kmFact.init(clientKeyStore, password);
// And now get the KeyManagers
KeyManager[] kms=kmFact.getKeyManagers();
return kms;
}
}