2.17.2: 2011-06-17

net.sf.basedb.util.ssl
Class SSLUtil

java.lang.Object
  extended by net.sf.basedb.util.ssl.SSLUtil

public class SSLUtil
extends Object

Utility class for working with SSL connections.

Since:
2.16
Author:
Nicklas
Last modified
$Date: 2010-06-16 14:28:36 +0200 (Wed, 16 Jun 2010) $

Field Summary
private static KeyManager[] defaultKeyManagers
           
private static org.apache.http.conn.ssl.SSLSocketFactory defaultSocketFactory
           
private static TrustManager[] defaultTrustManagers
           
 
Constructor Summary
SSLUtil()
           
 
Method Summary
private static KeyManager[] createKeyManagers(KeyStore keyStore, String password, String provider, String algorithm)
           
static KeyStore createKeyStore(InputStream store, String password, String type, String provider)
          Create a key-store from the given input stream
private static TrustManager[] createTrustManagers(KeyStore keyStore, String provider, String algorithm)
           
static Certificate getCertificate(InputStream cert, String type, String provider)
          Get the certificate that is found in the given input stream.
private static KeyManager[] getDefaultKeyManagers()
          Get the default keys manages as configured in the base.config file by ssl.keystore.* settings.
private static TrustManager[] getDefaultTrustManagers()
          Get the default trust manages as configured in the base.config file by ssl.truststore.* settings.
static org.apache.http.conn.ssl.SSLSocketFactory getSSLSocketFactory()
          Get a SSL Socket Factory object that is used to create SSL sockets.
static org.apache.http.conn.ssl.SSLSocketFactory getSSLSocketFactory(byte[] serverCertificate, byte[] clientCertificate, String clientCertificatePassword)
          Create a SSL socket factory that optionally uses the given trusted server certificate and client certificate.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

defaultKeyManagers

private static KeyManager[] defaultKeyManagers

defaultTrustManagers

private static TrustManager[] defaultTrustManagers

defaultSocketFactory

private static org.apache.http.conn.ssl.SSLSocketFactory defaultSocketFactory
Constructor Detail

SSLUtil

public SSLUtil()
Method Detail

getSSLSocketFactory

public static org.apache.http.conn.ssl.SSLSocketFactory getSSLSocketFactory()
Get a SSL Socket Factory object that is used to create SSL sockets. Typical usage is:
URL u = ... // A https url
URLConnection conn = u.openConnection();
if (conn instanceof HttpsURLConnection)
{
  ((HttpsURLConnection)conn).setSSLSocketFactory(SSLUtil.getSSLSocketFactory());
}
Unless a key-store and/or trust-store has been configured this method returns a default socket factory provided by HttpsURLConnection.getDefaultSSLSocketFactory().

A key-store is used to store personal certificates that are used for authentication with the server. A key-store can be setup with the following configuration options in base.config.

A trust-store is used to store public certificates of of servers that are trusted. The default trust-store uses the certificates that are shipped with the java runtime in $JAVA_HOME/jre/lib/security/cacerts. A trust-store can be setup with the following configuration options in base.config.

For more information about algorithms, keystore types, etc. see Java Secure Socket Extension Reference Guide

Returns:
A SSL socket factory

getSSLSocketFactory

public static org.apache.http.conn.ssl.SSLSocketFactory getSSLSocketFactory(byte[] serverCertificate,
                                                                            byte[] clientCertificate,
                                                                            String clientCertificatePassword)
Create a SSL socket factory that optionally uses the given trusted server certificate and client certificate. If both parameters are null then the socket factory from getSSLSocketFactory() is returned.

Parameters:
serverCertificate - The trusted server certificate data or null to use the default trusted certificates (see getSSLSocketFactory(). The data must represent a X.509 certificate in binary or base64-encoded DER format
clientCertificate - The client certificate to use for authorization with the server or null to use the default certificates. The data must represent a PKCS #12 cretificate in binary form
clientCertificatePassword - A password used to unlock the client certificate
Returns:
A socket factory

getDefaultTrustManagers

private static TrustManager[] getDefaultTrustManagers()
                                               throws KeyStoreException,
                                                      NoSuchAlgorithmException,
                                                      CertificateException,
                                                      NoSuchProviderException,
                                                      IOException
Get the default trust manages as configured in the base.config file by ssl.truststore.* settings.

Returns:
An array with trust managers or null if no trust-store file has been configured
Throws:
KeyStoreException
NoSuchAlgorithmException
CertificateException
NoSuchProviderException
IOException

getDefaultKeyManagers

private static KeyManager[] getDefaultKeyManagers()
                                           throws UnrecoverableKeyException,
                                                  KeyStoreException,
                                                  NoSuchAlgorithmException,
                                                  CertificateException,
                                                  NoSuchProviderException,
                                                  IOException
Get the default keys manages as configured in the base.config file by ssl.keystore.* settings.

Returns:
An array with key managers or null if no key-store file has been configured
Throws:
UnrecoverableKeyException
KeyStoreException
NoSuchAlgorithmException
CertificateException
NoSuchProviderException
IOException

createKeyStore

public static KeyStore createKeyStore(InputStream store,
                                      String password,
                                      String type,
                                      String provider)
                               throws KeyStoreException,
                                      NoSuchProviderException,
                                      NoSuchAlgorithmException,
                                      CertificateException,
                                      IOException
Create a key-store from the given input stream

Parameters:
store - The stream with key-store data
password - The password to unlock the keystore
Returns:
A KeyStore object
Throws:
KeyStoreException
NoSuchProviderException
NoSuchAlgorithmException
CertificateException
IOException

getCertificate

public static Certificate getCertificate(InputStream cert,
                                         String type,
                                         String provider)
                                  throws CertificateException,
                                         NoSuchProviderException
Get the certificate that is found in the given input stream.

Parameters:
cert - The stream with the certificate information
type - The type of the certificate, usually "X.509"
Returns:
A Certificate object (can usually be subclassed to X509Certificate
Throws:
CertificateException
NoSuchProviderException

createKeyManagers

private static KeyManager[] createKeyManagers(KeyStore keyStore,
                                              String password,
                                              String provider,
                                              String algorithm)
                                       throws KeyStoreException,
                                              NoSuchAlgorithmException,
                                              CertificateException,
                                              IOException,
                                              UnrecoverableKeyException,
                                              NoSuchProviderException
Throws:
KeyStoreException
NoSuchAlgorithmException
CertificateException
IOException
UnrecoverableKeyException
NoSuchProviderException

createTrustManagers

private static TrustManager[] createTrustManagers(KeyStore keyStore,
                                                  String provider,
                                                  String algorithm)
                                           throws KeyStoreException,
                                                  NoSuchAlgorithmException,
                                                  CertificateException,
                                                  IOException,
                                                  NoSuchProviderException
Throws:
KeyStoreException
NoSuchAlgorithmException
CertificateException
IOException
NoSuchProviderException

2.17.2: 2011-06-17