private void updateKeyStoreFromPEM(KeyStore keystore, JolokiaServerConfig pConfig)
throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException,
InvalidKeySpecException, InvalidKeyException, NoSuchProviderException,
SignatureException {
if (pConfig.getCaCert() != null) {
File caCert = getAndValidateFile(pConfig.getCaCert(), "CA cert");
KeyStoreUtil.updateWithCaPem(keystore, caCert);
} else if (pConfig.useSslClientAuthentication()) {
throw new IllegalArgumentException(
"Cannot use client cert authentication if no CA is given with 'caCert'");
}
if (pConfig.getServerCert() != null) {
// Use the provided server key
File serverCert = getAndValidateFile(pConfig.getServerCert(), "server cert");
if (pConfig.getServerKey() == null) {
throw new IllegalArgumentException(
"Cannot use server cert from "
+ pConfig.getServerCert()
+ " without a provided a key given with 'serverKey'");
}
File serverKey = getAndValidateFile(pConfig.getServerKey(), "server key");
KeyStoreUtil.updateWithServerPems(
keystore,
serverCert,
serverKey,
pConfig.getServerKeyAlgorithm(),
pConfig.getKeystorePassword());
}
}
/** {@inheritDoc} */
public void configure(HttpsParameters params) {
// initialise the SSL context
SSLEngine engine = context.createSSLEngine();
// get the default parameters
SSLParameters defaultSSLParameters = context.getDefaultSSLParameters();
// Cert authentication is delayed later to the ClientCertAuthenticator
params.setWantClientAuth(serverConfig.useSslClientAuthentication());
defaultSSLParameters.setWantClientAuth(serverConfig.useSslClientAuthentication());
// Cipher Suites
params.setCipherSuites(serverConfig.getSSLCipherSuites());
defaultSSLParameters.setCipherSuites(serverConfig.getSSLCipherSuites());
// Protocols
params.setProtocols(serverConfig.getSSLProtocols());
defaultSSLParameters.setProtocols(serverConfig.getSSLProtocols());
params.setSSLParameters(defaultSSLParameters);
}