public void testProvider() throws Exception {
SSLContextParameters scp = new SSLContextParameters();
scp.createSSLContext();
SSLContext context = scp.createSSLContext();
SSLContext defaultContext = SSLContext.getDefault();
assertEquals(defaultContext.getProvider().getName(), context.getProvider().getName());
}
public TLSServer(KeyStore keyStore, String password, String protocol, int port)
throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException,
UnrecoverableKeyException, KeyManagementException {
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
keyManagerFactory.init(keyStore, password.toCharArray());
KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
trustManagerFactory.init(keyStore);
TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
sslContext = SSLContext.getInstance(protocol);
sslContext.init(keyManagers, trustManagers, null);
cipherSuites = sslContext.getServerSocketFactory().getSupportedCipherSuites();
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Provider: " + sslContext.getProvider());
LOGGER.debug(
"Supported cipher suites ("
+ sslContext.getServerSocketFactory().getSupportedCipherSuites().length
+ ")");
for (String c : sslContext.getServerSocketFactory().getSupportedCipherSuites()) {
LOGGER.debug(" " + c);
}
}
this.port = port;
LOGGER.info("SSL Server successfully initialized!");
}
protected CamelContext createPropertiesPlaceholderAwareContext() throws Exception {
Properties supplementalProperties = new Properties();
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
TrustManagerFactory tmf =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
SecureRandom sr = null;
try {
sr = SecureRandom.getInstance("SHA1PRNG");
} catch (NoSuchAlgorithmException e) {
// Ignore
}
SSLContext sslc = SSLContext.getInstance("TLS");
sslc.init(null, null, null);
SSLSocket socket = (SSLSocket) sslc.getSocketFactory().createSocket();
supplementalProperties.setProperty("keyStoreParameters.type", KeyStore.getDefaultType());
supplementalProperties.setProperty("keyStoreParameters.provider", ks.getProvider().getName());
supplementalProperties.setProperty(
"keyManagersParameters.algorithm", KeyManagerFactory.getDefaultAlgorithm());
supplementalProperties.setProperty(
"keyManagersParameters.provider", kmf.getProvider().getName());
supplementalProperties.setProperty(
"trustManagersParameters.algorithm", TrustManagerFactory.getDefaultAlgorithm());
supplementalProperties.setProperty(
"trustManagersParameters.provider", tmf.getProvider().getName());
if (sr != null) {
supplementalProperties.setProperty("secureRandomParameters.algorithm", "SHA1PRNG");
supplementalProperties.setProperty(
"secureRandomParameters.provider", sr.getProvider().getName());
}
supplementalProperties.setProperty(
"sslContextParameters.provider", sslc.getProvider().getName());
supplementalProperties.setProperty("cipherSuite.0", socket.getSupportedCipherSuites()[0]);
// Have to skip this guy because he doesn't work with TLS as the SSLContext protocol
String ssp = "";
for (String protocol : socket.getSupportedProtocols()) {
if (!"SSLv2Hello".equals(protocol)) {
ssp = protocol;
break;
}
}
supplementalProperties.setProperty("secureSocketProtocol.0", ssp);
return this.createPropertiesPlaceholderAwareContext(supplementalProperties);
}
/**
* Creates a new {@link SSLContext} using the receiver's configuration.
*
* @param context context for status messages
* @return {@link SSLContext} object
* @throws NoSuchProviderException if a provider specified for one of the JCA or JSSE components
* utilized in creating the context is not known to the platform
* @throws NoSuchAlgorithmException if a JCA or JSSE algorithm, protocol, or type name specified
* for one of the context's components is not known to a given provider (or platform default
* provider for the component)
* @throws KeyManagementException if an error occurs in creating a {@link KeyManager} for the
* context
* @throws UnrecoverableKeyException if a private key needed by a {@link KeyManager} cannot be
* obtained from a key store
* @throws KeyStoreException if an error occurs in reading the contents of a key store
* @throws CertificateException if an error occurs in reading the contents of a certificate
*/
public SSLContext createContext(ContextAware context)
throws NoSuchProviderException, NoSuchAlgorithmException, KeyManagementException,
UnrecoverableKeyException, KeyStoreException, CertificateException {
SSLContext sslContext =
getProvider() != null
? SSLContext.getInstance(getProtocol(), getProvider())
: SSLContext.getInstance(getProtocol());
context.addInfo(
"SSL protocol '"
+ sslContext.getProtocol()
+ "' provider '"
+ sslContext.getProvider()
+ "'");
KeyManager[] keyManagers = createKeyManagers(context);
TrustManager[] trustManagers = createTrustManagers(context);
SecureRandom secureRandom = createSecureRandom(context);
sslContext.init(keyManagers, trustManagers, secureRandom);
return sslContext;
}
