protected void init(KeystoreConfig keystoreConfig, boolean acceptUnverifiedCertificates) throws KeyStoreException, IOException, NoSuchAlgorithmException, KeyManagementException { KeystoreManager keystoreMgr = KeystoreManager.getKeystoreManager(); KeyStore trustStore = keystoreMgr.getKeyStore(keystoreConfig); KeyManagerFactory keyManagerFactory = getKeyManagerFactory(trustStore, keystoreConfig.getFilePassword()); TrustManagerFactory trustManagerFactory = getTrustManagerFactory(trustStore); X509TrustManager defaultTrustManager = (X509TrustManager) trustManagerFactory.getTrustManagers()[0]; X509TrustManager customTrustManager = keystoreMgr.getCustomTrustManager( defaultTrustManager, keystoreConfig, acceptUnverifiedCertificates, trustStore); sslContext = SSLContext.getInstance(getSecurityProtocol()); sslContext.init( keyManagerFactory.getKeyManagers(), new TrustManager[] {customTrustManager}, new SecureRandom()); // XXX Should we use ALLOW_ALL_HOSTNAME_VERIFIER (least restrictive) or // BROWSER_COMPATIBLE_HOSTNAME_VERIFIER (moderate restrictive) or // STRICT_HOSTNAME_VERIFIER (most restrictive)??? sslSocketFactory = new SSLSocketFactory(sslContext, getHostnameVerifier()); }
/** * Constructs a AppleServerBasicImpl object. * * @param keystore The keystore to use (can be a File, an InputStream, a String for a file path, * or a byte[] array) * @param password The keystore's password * @param type The keystore type (typically PKCS12) * @throws KeystoreException thrown if an error occurs when loading the keystore */ public AppleServerBasicImpl(Object keystore, String password, String type) throws KeystoreException { KeystoreManager.validateKeystoreParameter(keystore); this.keystore = keystore; this.password = password; this.type = type; /* Make sure that the keystore reference is reusable. */ this.keystore = KeystoreManager.ensureReusableKeystore(this, this.keystore); }
public InputStream getKeystoreStream() throws InvalidKeystoreReferenceException { return KeystoreManager.streamKeystore(keystore); }