public static SSLContext getSSLContextWithTrustore(File file, String password)
throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException,
KeyManagementException {
if (!file.isFile()) {
throw new RuntimeException("Truststore file not found: " + file.getAbsolutePath());
}
SSLContext theContext =
SSLContexts.custom()
.useProtocol("TLS")
.loadTrustMaterial(file, password == null ? null : password.toCharArray())
.build();
return theContext;
}
private SSLContext getSSLContext() {
TrustStrategy acceptingTrustStrategy =
new TrustStrategy() {
public boolean isTrusted(X509Certificate[] certificate, String authType) {
return true;
}
};
SSLContext sslContext = null;
try {
sslContext = SSLContexts.custom().loadTrustMaterial(null, acceptingTrustStrategy).build();
} catch (Exception e) {
// Handle error
}
return sslContext;
}
public static synchronized void setGlobalSSLAuth(
String keypath, String keypassword, String trustpath, String trustpassword) {
// load the stores if defined
try {
if (trustpath != null && trustpassword != null) {
truststore = KeyStore.getInstance(KeyStore.getDefaultType());
try (FileInputStream instream = new FileInputStream(new File(trustpath))) {
truststore.load(instream, trustpassword.toCharArray());
}
} else truststore = null;
if (keypath != null && keypassword != null) {
keystore = KeyStore.getInstance(KeyStore.getDefaultType());
try (FileInputStream instream = new FileInputStream(new File(keypath))) {
keystore.load(instream, keypassword.toCharArray());
}
} else keystore = null;
} catch (IOException | NoSuchAlgorithmException | CertificateException | KeyStoreException ex) {
log.error("Illegal -D keystore parameters: " + ex.getMessage());
truststore = null;
keystore = null;
}
try {
// set up the context
SSLContext scxt = null;
if (IGNORECERTS) {
scxt = SSLContext.getInstance("TLS");
TrustManager[] trust_mgr =
new TrustManager[] {
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] certs, String t) {}
public void checkServerTrusted(X509Certificate[] certs, String t) {}
}
};
scxt.init(
null, // key manager
trust_mgr, // trust manager
new SecureRandom()); // random number generator
} else {
SSLContextBuilder sslbuilder = SSLContexts.custom();
TrustStrategy strat = new LooseTrustStrategy();
if (truststore != null) sslbuilder.loadTrustMaterial(truststore, strat);
else sslbuilder.loadTrustMaterial(strat);
sslbuilder.loadTrustMaterial(truststore, new LooseTrustStrategy());
if (keystore != null) sslbuilder.loadKeyMaterial(keystore, keypassword.toCharArray());
scxt = sslbuilder.build();
}
globalsslfactory = new SSLConnectionSocketFactory(scxt, new NoopHostnameVerifier());
RegistryBuilder rb = RegistryBuilder.<ConnectionSocketFactory>create();
rb.register("https", globalsslfactory);
sslregistry = rb.build();
} catch (KeyStoreException
| NoSuchAlgorithmException
| KeyManagementException
| UnrecoverableEntryException e) {
log.error("Failed to set key/trust store(s): " + e.getMessage());
sslregistry = null;
globalsslfactory = null;
}
}
