private void updateKeyStoreFromPEM(KeyStore keystore, JolokiaServerConfig pConfig)
throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException,
InvalidKeySpecException, InvalidKeyException, NoSuchProviderException,
SignatureException {
if (pConfig.getCaCert() != null) {
File caCert = getAndValidateFile(pConfig.getCaCert(), "CA cert");
KeyStoreUtil.updateWithCaPem(keystore, caCert);
} else if (pConfig.useSslClientAuthentication()) {
throw new IllegalArgumentException(
"Cannot use client cert authentication if no CA is given with 'caCert'");
}
if (pConfig.getServerCert() != null) {
// Use the provided server key
File serverCert = getAndValidateFile(pConfig.getServerCert(), "server cert");
if (pConfig.getServerKey() == null) {
throw new IllegalArgumentException(
"Cannot use server cert from "
+ pConfig.getServerCert()
+ " without a provided a key given with 'serverKey'");
}
File serverKey = getAndValidateFile(pConfig.getServerKey(), "server key");
KeyStoreUtil.updateWithServerPems(
keystore,
serverCert,
serverKey,
pConfig.getServerKeyAlgorithm(),
pConfig.getKeystorePassword());
}
}
private KeyStore getKeyStore(JolokiaServerConfig pConfig)
throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException,
InvalidKeySpecException, InvalidKeyException, NoSuchProviderException,
SignatureException {
char[] password = pConfig.getKeystorePassword();
String keystoreFile = pConfig.getKeystore();
KeyStore keystore = KeyStore.getInstance(pConfig.getKeyStoreType());
if (keystoreFile != null) {
// Load everything from a keystore which must include CA (if useClientSslAuthenticatin is
// used) and
// server cert/key
loadKeyStoreFromFile(keystore, keystoreFile, password);
} else {
// Load keys from PEM files
keystore.load(null);
updateKeyStoreFromPEM(keystore, pConfig);
// If no server cert is configured, then use a self-signed server certificate
if (pConfig.getServerCert() == null) {
KeyStoreUtil.updateWithSelfSignedServerCertificate(keystore);
}
}
return keystore;
}