public SSLContext getSSLContext() throws ClientSslSocketFactoryException{ return createSSLContext(); }
public KeyStoreAwareSocketFactory(final AbstractSslContextFactory abstractFactory, X509HostnameVerifier hostnameVerifier) throws ClientSslSocketFactoryException, NoSuchAlgorithmException{ super(abstractFactory == null ? SSLContext.getDefault() : abstractFactory.getSSLContext(), hostnameVerifier); if(abstractFactory == null){ this.keyStore = null; this.trustStore = null; }else{ this.keyStore = abstractFactory.getKeyStore(); this.trustStore = abstractFactory.getTrustStore(); } }
/** * Creates a {@code ClientSSLSocketFactory} instance. This instance loads only the given trust * store file and key store file. Both trust store and key store must be protected by passwords, * even though it is not mandated by JSSE. * * @param trustStoreUrl A {@link URL} that points to a trust store file. If non-null, this URL * must refer to a JKS key store file that contains trusted certificates. * @param trustStorePassword The password of the given trust store file. If a trust store is * specified, then the password may not be empty. * @param keyStoreUrl A {@code URL} that points to a key store file that contains both client * certificate and the client's private key. If non-null, this URL must be of JKS format. * @param keyStorePassword the password of the given key store file. If a key store is * specified, then the password may not be empty. * @throws ClientSslSocketFactoryException thrown if creating this instance fails. */ public URLSslContextFactory(final URL trustStoreUrl, final String trustStorePassword, final URL keyStoreUrl, final String keyStorePassword) throws ClientSslSocketFactoryException { super(createKeyStore(trustStoreUrl, trustStorePassword), trustStorePassword, createKeyStore(keyStoreUrl, keyStorePassword), keyStorePassword); this.keyStoreUrl = keyStoreUrl; this.trustStoreUrl = trustStoreUrl; LOGGER.info("Loaded keyStore from: {}", keyStoreUrl); LOGGER.info("loaded trustStore from: {}", trustStoreUrl); }
/** * Creates the SSL context needed to create the socket factory used by this factory. The key and * trust store parameters are optional. If they are null then the JRE defaults will be used. * * @return the newly created SSL context * @throws ClientSslSocketFactoryException if an error is detected loading the specified key or * trust stores */ private SSLContext createSSLContext() throws ClientSslSocketFactoryException { final KeyManager[] keyManagers = this.keyStore != null ? createKeyManagers() : null; final TrustManager[] trustManagers = this.trustStore != null ? createTrustManagers() : null; try { final SSLContext sslcontext = SSLContext.getInstance(SOCKET_ALGORITHM); sslcontext.init(keyManagers, trustManagers, null); return sslcontext; } catch (NoSuchAlgorithmException e) { throw new ClientSslSocketFactoryException(String.format("Failed to create an SSL context that supports algorithm %s: %s", SOCKET_ALGORITHM, e.getMessage()), e); } catch (KeyManagementException e) { throw new ClientSslSocketFactoryException(String.format("Failed to initialize an SSL context: %s", e.getMessage()), e); } }
sslContextFactory = new URLSslContextFactory(trustStoreUrl, clientConfig.get(CommonClientConfigKey.TrustStorePassword), keyStoreUrl,
@Override public String toString() { final StringBuilder builder = new StringBuilder(); builder.append("ClientSslSocketFactory [trustStoreUrl=").append(trustStoreUrl); if (trustStoreUrl != null) { builder.append(", trustStorePassword="); builder.append(Strings.repeat("*", this.getTrustStorePasswordLength())); } builder.append(", keyStoreUrl=").append(keyStoreUrl); if (keyStoreUrl != null) { builder.append(", keystorePassword = "); builder.append(Strings.repeat("*", this.getKeyStorePasswordLength())); } builder.append(']'); return builder.toString(); }
SSLEngineFactory myFactory = new DefaultFactories.SSLContextBasedFactory(sslContextFactory.getSSLContext()) { @Override public SSLEngine createSSLEngine(ByteBufAllocator allocator) {
/** * Creates the key managers to be used by the factory from the associated key store and password. * * @return the newly created array of key managers * @throws ClientSslSocketFactoryException if an exception is detected in loading the key store */ private KeyManager[] createKeyManagers() throws ClientSslSocketFactoryException { final KeyManagerFactory factory; try { factory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); factory.init(this.keyStore, this.keyStorePassword.toCharArray()); } catch (NoSuchAlgorithmException e) { throw new ClientSslSocketFactoryException( String.format("Failed to create the key store because the algorithm %s is not supported. ", KeyManagerFactory.getDefaultAlgorithm()), e); } catch (UnrecoverableKeyException e) { throw new ClientSslSocketFactoryException("Unrecoverable Key Exception initializing key manager factory; this is probably fatal", e); } catch (KeyStoreException e) { throw new ClientSslSocketFactoryException("KeyStore exception initializing key manager factory; this is probably fatal", e); } KeyManager[] managers = factory.getKeyManagers(); LOGGER.debug("Key managers are initialized. Total {} managers. ", managers.length); return managers; }
public KeyStoreAwareSocketFactory(final AbstractSslContextFactory abstractFactory) throws ClientSslSocketFactoryException, NoSuchAlgorithmException{ super(abstractFactory == null ? SSLContext.getDefault() : abstractFactory.getSSLContext()); if(abstractFactory == null){ this.keyStore = null; this.trustStore = null; }else{ this.keyStore = abstractFactory.getKeyStore(); this.trustStore = abstractFactory.getTrustStore(); } }
abstractFactory = new URLSslContextFactory(trustStoreUrl, (String) ncc.getProperty(CommonClientConfigKey.TrustStorePassword), keyStoreUrl,
/** * Creates the trust managers to be used by the factory from the specified trust store file and * password. * * @return the newly created array of trust managers * @throws ClientSslSocketFactoryException if an error is detected in loading the trust store */ private TrustManager[] createTrustManagers() throws ClientSslSocketFactoryException { final TrustManagerFactory factory; try { factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); factory.init(this.trustStore); } catch (NoSuchAlgorithmException e) { throw new ClientSslSocketFactoryException(String.format("Failed to create the trust store because the algorithm %s is not supported. ", KeyManagerFactory.getDefaultAlgorithm()), e); } catch (KeyStoreException e) { throw new ClientSslSocketFactoryException("KeyStore exception initializing trust manager factory; this is probably fatal", e); } final TrustManager[] managers = factory.getTrustManagers(); LOGGER.debug("TrustManagers are initialized. Total {} managers: ", managers.length); return managers; }
keyStore.load(is, password.toCharArray()); } catch (NoSuchAlgorithmException e) { throw new ClientSslSocketFactoryException(String.format("Failed to create a keystore that supports algorithm %s: %s", SOCKET_ALGORITHM, e.getMessage()), e); } catch (CertificateException e) { throw new ClientSslSocketFactoryException(String.format("Failed to create keystore with algorithm %s due to certificate exception: %s", SOCKET_ALGORITHM, e.getMessage()), e); } finally { try { throw new ClientSslSocketFactoryException(String.format("KeyStore exception creating keystore: %s", e.getMessage()), e); } catch (IOException e) { throw new ClientSslSocketFactoryException(String.format("IO exception creating keystore: %s", e.getMessage()), e);