/** * Create new SSL context instance using the current SSL context configuration. * * @return newly configured SSL context instance. */ public SSLContext createSSLContext() { TrustManagerFactory trustManagerFactory = null; KeyManagerFactory keyManagerFactory = null; KeyStore _keyStore = keyStore; if (_keyStore == null && (keyStoreBytes != null || keyStoreFile != null)) { try { if (keyStoreProvider != null) { _keyStore = KeyStore.getInstance( keyStoreType != null ? keyStoreType : KeyStore.getDefaultType(), keyStoreProvider); } else { _keyStore = KeyStore.getInstance(keyStoreType != null ? keyStoreType : KeyStore.getDefaultType()); } InputStream keyStoreInputStream = null; try { if (keyStoreBytes != null) { keyStoreInputStream = new ByteArrayInputStream(keyStoreBytes); } else if (!keyStoreFile.equals("NONE")) { keyStoreInputStream = new FileInputStream(keyStoreFile); } _keyStore.load(keyStoreInputStream, keyStorePass); } finally { try { if (keyStoreInputStream != null) { keyStoreInputStream.close(); } } catch (IOException ignored) { } } } catch (KeyStoreException e) { throw new IllegalStateException(LocalizationMessages.SSL_KS_IMPL_NOT_FOUND(), e); } catch (CertificateException e) { throw new IllegalStateException(LocalizationMessages.SSL_KS_CERT_LOAD_ERROR(), e); } catch (FileNotFoundException e) { throw new IllegalStateException( LocalizationMessages.SSL_KS_FILE_NOT_FOUND(keyStoreFile), e); } catch (IOException e) { throw new IllegalStateException(LocalizationMessages.SSL_KS_LOAD_ERROR(keyStoreFile), e); } catch (NoSuchProviderException e) { throw new IllegalStateException(LocalizationMessages.SSL_KS_PROVIDERS_NOT_REGISTERED(), e); } catch (NoSuchAlgorithmException e) { throw new IllegalStateException( LocalizationMessages.SSL_KS_INTEGRITY_ALGORITHM_NOT_FOUND(), e); } } if (_keyStore != null) { String kmfAlgorithm = keyManagerFactoryAlgorithm; if (kmfAlgorithm == null) { kmfAlgorithm = AccessController.doPrivileged( PropertiesHelper.getSystemProperty( KEY_MANAGER_FACTORY_ALGORITHM, KeyManagerFactory.getDefaultAlgorithm())); } try { if (keyManagerFactoryProvider != null) { keyManagerFactory = KeyManagerFactory.getInstance(kmfAlgorithm, keyManagerFactoryProvider); } else { keyManagerFactory = KeyManagerFactory.getInstance(kmfAlgorithm); } final char[] password = keyPass != null ? keyPass : keyStorePass; if (password != null) { keyManagerFactory.init(_keyStore, password); } else { String ksName = keyStoreProvider != null ? LocalizationMessages.SSL_KMF_NO_PASSWORD_FOR_PROVIDER_BASED_KS() : keyStoreBytes != null ? LocalizationMessages.SSL_KMF_NO_PASSWORD_FOR_BYTE_BASED_KS() : keyStoreFile; LOGGER.config(LocalizationMessages.SSL_KMF_NO_PASSWORD_SET(ksName)); keyManagerFactory = null; } } catch (KeyStoreException e) { throw new IllegalStateException(LocalizationMessages.SSL_KMF_INIT_FAILED(), e); } catch (UnrecoverableKeyException e) { throw new IllegalStateException(LocalizationMessages.SSL_KMF_UNRECOVERABLE_KEY(), e); } catch (NoSuchAlgorithmException e) { throw new IllegalStateException(LocalizationMessages.SSL_KMF_ALGORITHM_NOT_SUPPORTED(), e); } catch (NoSuchProviderException e) { throw new IllegalStateException(LocalizationMessages.SSL_KMF_PROVIDER_NOT_REGISTERED(), e); } } KeyStore _trustStore = trustStore; if (_trustStore == null && (trustStoreBytes != null || trustStoreFile != null)) { try { if (trustStoreProvider != null) { _trustStore = KeyStore.getInstance( trustStoreType != null ? trustStoreType : KeyStore.getDefaultType(), trustStoreProvider); } else { _trustStore = KeyStore.getInstance( trustStoreType != null ? trustStoreType : KeyStore.getDefaultType()); } InputStream trustStoreInputStream = null; try { if (trustStoreBytes != null) { trustStoreInputStream = new ByteArrayInputStream(trustStoreBytes); } else if (!trustStoreFile.equals("NONE")) { trustStoreInputStream = new FileInputStream(trustStoreFile); } _trustStore.load(trustStoreInputStream, trustStorePass); } finally { try { if (trustStoreInputStream != null) { trustStoreInputStream.close(); } } catch (IOException ignored) { } } } catch (KeyStoreException e) { throw new IllegalStateException(LocalizationMessages.SSL_TS_IMPL_NOT_FOUND(), e); } catch (CertificateException e) { throw new IllegalStateException(LocalizationMessages.SSL_TS_CERT_LOAD_ERROR(), e); } catch (FileNotFoundException e) { throw new IllegalStateException( LocalizationMessages.SSL_TS_FILE_NOT_FOUND(trustStoreFile), e); } catch (IOException e) { throw new IllegalStateException(LocalizationMessages.SSL_TS_LOAD_ERROR(trustStoreFile), e); } catch (NoSuchProviderException e) { throw new IllegalStateException(LocalizationMessages.SSL_TS_PROVIDERS_NOT_REGISTERED(), e); } catch (NoSuchAlgorithmException e) { throw new IllegalStateException( LocalizationMessages.SSL_TS_INTEGRITY_ALGORITHM_NOT_FOUND(), e); } } if (_trustStore != null) { String tmfAlgorithm = trustManagerFactoryAlgorithm; if (tmfAlgorithm == null) { tmfAlgorithm = AccessController.doPrivileged( PropertiesHelper.getSystemProperty( TRUST_MANAGER_FACTORY_ALGORITHM, TrustManagerFactory.getDefaultAlgorithm())); } try { if (trustManagerFactoryProvider != null) { trustManagerFactory = TrustManagerFactory.getInstance(tmfAlgorithm, trustManagerFactoryProvider); } else { trustManagerFactory = TrustManagerFactory.getInstance(tmfAlgorithm); } trustManagerFactory.init(_trustStore); } catch (KeyStoreException e) { throw new IllegalStateException(LocalizationMessages.SSL_TMF_INIT_FAILED(), e); } catch (NoSuchAlgorithmException e) { throw new IllegalStateException(LocalizationMessages.SSL_TMF_ALGORITHM_NOT_SUPPORTED(), e); } catch (NoSuchProviderException e) { throw new IllegalStateException(LocalizationMessages.SSL_TMF_PROVIDER_NOT_REGISTERED(), e); } } try { String secProtocol = "TLS"; if (securityProtocol != null) { secProtocol = securityProtocol; } final SSLContext sslContext = SSLContext.getInstance(secProtocol); sslContext.init( keyManagerFactory != null ? keyManagerFactory.getKeyManagers() : null, trustManagerFactory != null ? trustManagerFactory.getTrustManagers() : null, null); return sslContext; } catch (KeyManagementException e) { throw new IllegalStateException(LocalizationMessages.SSL_CTX_INIT_FAILED(), e); } catch (NoSuchAlgorithmException e) { throw new IllegalStateException(LocalizationMessages.SSL_CTX_ALGORITHM_NOT_SUPPORTED(), e); } }