Exemple #1
0
  private void updateKeyStoreFromPEM(KeyStore keystore, JolokiaServerConfig pConfig)
      throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException,
          InvalidKeySpecException, InvalidKeyException, NoSuchProviderException,
          SignatureException {

    if (pConfig.getCaCert() != null) {
      File caCert = getAndValidateFile(pConfig.getCaCert(), "CA cert");
      KeyStoreUtil.updateWithCaPem(keystore, caCert);
    } else if (pConfig.useSslClientAuthentication()) {
      throw new IllegalArgumentException(
          "Cannot use client cert authentication if no CA is given with 'caCert'");
    }

    if (pConfig.getServerCert() != null) {
      // Use the provided server key
      File serverCert = getAndValidateFile(pConfig.getServerCert(), "server cert");
      if (pConfig.getServerKey() == null) {
        throw new IllegalArgumentException(
            "Cannot use server cert from "
                + pConfig.getServerCert()
                + " without a provided a key given with 'serverKey'");
      }
      File serverKey = getAndValidateFile(pConfig.getServerKey(), "server key");
      KeyStoreUtil.updateWithServerPems(
          keystore,
          serverCert,
          serverKey,
          pConfig.getServerKeyAlgorithm(),
          pConfig.getKeystorePassword());
    }
  }
Exemple #2
0
    /** {@inheritDoc} */
    public void configure(HttpsParameters params) {
      // initialise the SSL context
      SSLEngine engine = context.createSSLEngine();
      // get the default parameters
      SSLParameters defaultSSLParameters = context.getDefaultSSLParameters();

      // Cert authentication is delayed later to the ClientCertAuthenticator
      params.setWantClientAuth(serverConfig.useSslClientAuthentication());
      defaultSSLParameters.setWantClientAuth(serverConfig.useSslClientAuthentication());

      // Cipher Suites
      params.setCipherSuites(serverConfig.getSSLCipherSuites());
      defaultSSLParameters.setCipherSuites(serverConfig.getSSLCipherSuites());

      // Protocols
      params.setProtocols(serverConfig.getSSLProtocols());
      defaultSSLParameters.setProtocols(serverConfig.getSSLProtocols());

      params.setSSLParameters(defaultSSLParameters);
    }