protected void init(KeystoreConfig keystoreConfig, boolean acceptUnverifiedCertificates)
throws KeyStoreException, IOException, NoSuchAlgorithmException, KeyManagementException {
KeystoreManager keystoreMgr = KeystoreManager.getKeystoreManager();
KeyStore trustStore = keystoreMgr.getKeyStore(keystoreConfig);
KeyManagerFactory keyManagerFactory =
getKeyManagerFactory(trustStore, keystoreConfig.getFilePassword());
TrustManagerFactory trustManagerFactory = getTrustManagerFactory(trustStore);
X509TrustManager defaultTrustManager =
(X509TrustManager) trustManagerFactory.getTrustManagers()[0];
X509TrustManager customTrustManager =
keystoreMgr.getCustomTrustManager(
defaultTrustManager, keystoreConfig,
acceptUnverifiedCertificates, trustStore);
sslContext = SSLContext.getInstance(getSecurityProtocol());
sslContext.init(
keyManagerFactory.getKeyManagers(),
new TrustManager[] {customTrustManager},
new SecureRandom());
// XXX Should we use ALLOW_ALL_HOSTNAME_VERIFIER (least restrictive) or
// BROWSER_COMPATIBLE_HOSTNAME_VERIFIER (moderate restrictive) or
// STRICT_HOSTNAME_VERIFIER (most restrictive)???
sslSocketFactory = new SSLSocketFactory(sslContext, getHostnameVerifier());
}
/**
* Constructs a AppleServerBasicImpl object.
*
* @param keystore The keystore to use (can be a File, an InputStream, a String for a file path,
* or a byte[] array)
* @param password The keystore's password
* @param type The keystore type (typically PKCS12)
* @throws KeystoreException thrown if an error occurs when loading the keystore
*/
public AppleServerBasicImpl(Object keystore, String password, String type)
throws KeystoreException {
KeystoreManager.validateKeystoreParameter(keystore);
this.keystore = keystore;
this.password = password;
this.type = type;
/* Make sure that the keystore reference is reusable. */
this.keystore = KeystoreManager.ensureReusableKeystore(this, this.keystore);
}
public InputStream getKeystoreStream() throws InvalidKeystoreReferenceException {
return KeystoreManager.streamKeystore(keystore);
}
