Exemplo n.º 1
0
  /**
   * Create new SSL context instance using the current SSL context configuration.
   *
   * @return newly configured SSL context instance.
   */
  public SSLContext createSSLContext() {
    TrustManagerFactory trustManagerFactory = null;
    KeyManagerFactory keyManagerFactory = null;

    KeyStore _keyStore = keyStore;
    if (_keyStore == null && (keyStoreBytes != null || keyStoreFile != null)) {
      try {
        if (keyStoreProvider != null) {
          _keyStore =
              KeyStore.getInstance(
                  keyStoreType != null ? keyStoreType : KeyStore.getDefaultType(),
                  keyStoreProvider);
        } else {
          _keyStore =
              KeyStore.getInstance(keyStoreType != null ? keyStoreType : KeyStore.getDefaultType());
        }
        InputStream keyStoreInputStream = null;
        try {
          if (keyStoreBytes != null) {
            keyStoreInputStream = new ByteArrayInputStream(keyStoreBytes);
          } else if (!keyStoreFile.equals("NONE")) {
            keyStoreInputStream = new FileInputStream(keyStoreFile);
          }
          _keyStore.load(keyStoreInputStream, keyStorePass);
        } finally {
          try {
            if (keyStoreInputStream != null) {
              keyStoreInputStream.close();
            }
          } catch (IOException ignored) {
          }
        }
      } catch (KeyStoreException e) {
        throw new IllegalStateException(LocalizationMessages.SSL_KS_IMPL_NOT_FOUND(), e);
      } catch (CertificateException e) {
        throw new IllegalStateException(LocalizationMessages.SSL_KS_CERT_LOAD_ERROR(), e);
      } catch (FileNotFoundException e) {
        throw new IllegalStateException(
            LocalizationMessages.SSL_KS_FILE_NOT_FOUND(keyStoreFile), e);
      } catch (IOException e) {
        throw new IllegalStateException(LocalizationMessages.SSL_KS_LOAD_ERROR(keyStoreFile), e);
      } catch (NoSuchProviderException e) {
        throw new IllegalStateException(LocalizationMessages.SSL_KS_PROVIDERS_NOT_REGISTERED(), e);
      } catch (NoSuchAlgorithmException e) {
        throw new IllegalStateException(
            LocalizationMessages.SSL_KS_INTEGRITY_ALGORITHM_NOT_FOUND(), e);
      }
    }
    if (_keyStore != null) {
      String kmfAlgorithm = keyManagerFactoryAlgorithm;
      if (kmfAlgorithm == null) {
        kmfAlgorithm =
            AccessController.doPrivileged(
                PropertiesHelper.getSystemProperty(
                    KEY_MANAGER_FACTORY_ALGORITHM, KeyManagerFactory.getDefaultAlgorithm()));
      }
      try {
        if (keyManagerFactoryProvider != null) {
          keyManagerFactory =
              KeyManagerFactory.getInstance(kmfAlgorithm, keyManagerFactoryProvider);
        } else {
          keyManagerFactory = KeyManagerFactory.getInstance(kmfAlgorithm);
        }
        final char[] password = keyPass != null ? keyPass : keyStorePass;
        if (password != null) {
          keyManagerFactory.init(_keyStore, password);
        } else {
          String ksName =
              keyStoreProvider != null
                  ? LocalizationMessages.SSL_KMF_NO_PASSWORD_FOR_PROVIDER_BASED_KS()
                  : keyStoreBytes != null
                      ? LocalizationMessages.SSL_KMF_NO_PASSWORD_FOR_BYTE_BASED_KS()
                      : keyStoreFile;

          LOGGER.config(LocalizationMessages.SSL_KMF_NO_PASSWORD_SET(ksName));
          keyManagerFactory = null;
        }
      } catch (KeyStoreException e) {
        throw new IllegalStateException(LocalizationMessages.SSL_KMF_INIT_FAILED(), e);
      } catch (UnrecoverableKeyException e) {
        throw new IllegalStateException(LocalizationMessages.SSL_KMF_UNRECOVERABLE_KEY(), e);
      } catch (NoSuchAlgorithmException e) {
        throw new IllegalStateException(LocalizationMessages.SSL_KMF_ALGORITHM_NOT_SUPPORTED(), e);
      } catch (NoSuchProviderException e) {
        throw new IllegalStateException(LocalizationMessages.SSL_KMF_PROVIDER_NOT_REGISTERED(), e);
      }
    }

    KeyStore _trustStore = trustStore;
    if (_trustStore == null && (trustStoreBytes != null || trustStoreFile != null)) {
      try {
        if (trustStoreProvider != null) {
          _trustStore =
              KeyStore.getInstance(
                  trustStoreType != null ? trustStoreType : KeyStore.getDefaultType(),
                  trustStoreProvider);
        } else {
          _trustStore =
              KeyStore.getInstance(
                  trustStoreType != null ? trustStoreType : KeyStore.getDefaultType());
        }
        InputStream trustStoreInputStream = null;
        try {
          if (trustStoreBytes != null) {
            trustStoreInputStream = new ByteArrayInputStream(trustStoreBytes);
          } else if (!trustStoreFile.equals("NONE")) {
            trustStoreInputStream = new FileInputStream(trustStoreFile);
          }
          _trustStore.load(trustStoreInputStream, trustStorePass);
        } finally {
          try {
            if (trustStoreInputStream != null) {
              trustStoreInputStream.close();
            }
          } catch (IOException ignored) {
          }
        }
      } catch (KeyStoreException e) {
        throw new IllegalStateException(LocalizationMessages.SSL_TS_IMPL_NOT_FOUND(), e);
      } catch (CertificateException e) {
        throw new IllegalStateException(LocalizationMessages.SSL_TS_CERT_LOAD_ERROR(), e);
      } catch (FileNotFoundException e) {
        throw new IllegalStateException(
            LocalizationMessages.SSL_TS_FILE_NOT_FOUND(trustStoreFile), e);
      } catch (IOException e) {
        throw new IllegalStateException(LocalizationMessages.SSL_TS_LOAD_ERROR(trustStoreFile), e);
      } catch (NoSuchProviderException e) {
        throw new IllegalStateException(LocalizationMessages.SSL_TS_PROVIDERS_NOT_REGISTERED(), e);
      } catch (NoSuchAlgorithmException e) {
        throw new IllegalStateException(
            LocalizationMessages.SSL_TS_INTEGRITY_ALGORITHM_NOT_FOUND(), e);
      }
    }
    if (_trustStore != null) {
      String tmfAlgorithm = trustManagerFactoryAlgorithm;
      if (tmfAlgorithm == null) {
        tmfAlgorithm =
            AccessController.doPrivileged(
                PropertiesHelper.getSystemProperty(
                    TRUST_MANAGER_FACTORY_ALGORITHM, TrustManagerFactory.getDefaultAlgorithm()));
      }

      try {
        if (trustManagerFactoryProvider != null) {
          trustManagerFactory =
              TrustManagerFactory.getInstance(tmfAlgorithm, trustManagerFactoryProvider);
        } else {
          trustManagerFactory = TrustManagerFactory.getInstance(tmfAlgorithm);
        }
        trustManagerFactory.init(_trustStore);
      } catch (KeyStoreException e) {
        throw new IllegalStateException(LocalizationMessages.SSL_TMF_INIT_FAILED(), e);
      } catch (NoSuchAlgorithmException e) {
        throw new IllegalStateException(LocalizationMessages.SSL_TMF_ALGORITHM_NOT_SUPPORTED(), e);
      } catch (NoSuchProviderException e) {
        throw new IllegalStateException(LocalizationMessages.SSL_TMF_PROVIDER_NOT_REGISTERED(), e);
      }
    }

    try {
      String secProtocol = "TLS";
      if (securityProtocol != null) {
        secProtocol = securityProtocol;
      }
      final SSLContext sslContext = SSLContext.getInstance(secProtocol);
      sslContext.init(
          keyManagerFactory != null ? keyManagerFactory.getKeyManagers() : null,
          trustManagerFactory != null ? trustManagerFactory.getTrustManagers() : null,
          null);
      return sslContext;
    } catch (KeyManagementException e) {
      throw new IllegalStateException(LocalizationMessages.SSL_CTX_INIT_FAILED(), e);
    } catch (NoSuchAlgorithmException e) {
      throw new IllegalStateException(LocalizationMessages.SSL_CTX_ALGORITHM_NOT_SUPPORTED(), e);
    }
  }