Пример #1
0
  private void updateKeyStoreFromPEM(KeyStore keystore, JolokiaServerConfig pConfig)
      throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException,
          InvalidKeySpecException, InvalidKeyException, NoSuchProviderException,
          SignatureException {

    if (pConfig.getCaCert() != null) {
      File caCert = getAndValidateFile(pConfig.getCaCert(), "CA cert");
      KeyStoreUtil.updateWithCaPem(keystore, caCert);
    } else if (pConfig.useSslClientAuthentication()) {
      throw new IllegalArgumentException(
          "Cannot use client cert authentication if no CA is given with 'caCert'");
    }

    if (pConfig.getServerCert() != null) {
      // Use the provided server key
      File serverCert = getAndValidateFile(pConfig.getServerCert(), "server cert");
      if (pConfig.getServerKey() == null) {
        throw new IllegalArgumentException(
            "Cannot use server cert from "
                + pConfig.getServerCert()
                + " without a provided a key given with 'serverKey'");
      }
      File serverKey = getAndValidateFile(pConfig.getServerKey(), "server key");
      KeyStoreUtil.updateWithServerPems(
          keystore,
          serverCert,
          serverKey,
          pConfig.getServerKeyAlgorithm(),
          pConfig.getKeystorePassword());
    }
  }
Пример #2
0
  private KeyStore getKeyStore(JolokiaServerConfig pConfig)
      throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException,
          InvalidKeySpecException, InvalidKeyException, NoSuchProviderException,
          SignatureException {
    char[] password = pConfig.getKeystorePassword();
    String keystoreFile = pConfig.getKeystore();
    KeyStore keystore = KeyStore.getInstance(pConfig.getKeyStoreType());
    if (keystoreFile != null) {
      // Load everything from a keystore which must include CA (if useClientSslAuthenticatin is
      // used) and
      // server cert/key
      loadKeyStoreFromFile(keystore, keystoreFile, password);
    } else {
      // Load keys from PEM files
      keystore.load(null);
      updateKeyStoreFromPEM(keystore, pConfig);

      // If no server cert is configured, then use a self-signed server certificate
      if (pConfig.getServerCert() == null) {
        KeyStoreUtil.updateWithSelfSignedServerCertificate(keystore);
      }
    }
    return keystore;
  }