Package net.sf.basedb.util.ssl
Class SSLUtil2
java.lang.Object
net.sf.basedb.util.ssl.SSLUtil2
Utility class for working with SSL connections.
- Since:
- 3.4
- Author:
- Nicklas
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate static KeyManager[]private static org.apache.http.conn.ssl.SSLConnectionSocketFactoryprivate static TrustManager[] -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprivate static KeyManager[]createKeyManagers(KeyStore keyStore, String password, String provider, String algorithm) static KeyStorecreateKeyStore(InputStream store, String password, String type, String provider) Create a key-store from the given input streamprivate static TrustManager[]createTrustManagers(KeyStore keyStore, String provider, String algorithm) static CertificategetCertificate(InputStream cert, String type, String provider) Get the certificate that is found in the given input stream.private static KeyManager[]Get the default keys manages as configured in the base.config file by ssl.keystore.* settings.private static TrustManager[]Get the default trust manages as configured in the base.config file by ssl.truststore.* settings.static SSLContextgetSSLContext(byte[] serverCertificate, byte[] clientCertificate, String clientCertificatePassword) Create a SSL context that optionally uses the given trusted server certificate and client certificate.static org.apache.http.conn.ssl.SSLConnectionSocketFactoryGet a SSL Socket Factory object that is used to create SSL sockets.static org.apache.http.conn.ssl.SSLConnectionSocketFactorygetSSLSocketFactory(byte[] serverCertificate, byte[] clientCertificate, String clientCertificatePassword) Create a SSL socket factory that optionally uses the given trusted server certificate and client certificate.
-
Field Details
-
defaultKeyManagers
-
defaultTrustManagers
-
defaultSocketFactory
private static org.apache.http.conn.ssl.SSLConnectionSocketFactory defaultSocketFactory
-
-
Constructor Details
-
SSLUtil2
public SSLUtil2()
-
-
Method Details
-
getSSLSocketFactory
public static org.apache.http.conn.ssl.SSLConnectionSocketFactory getSSLSocketFactory()Get a SSL Socket Factory object that is used to create SSL sockets. Unless a key-store and/or trust-store has been configured this method returns a default socket factory provided bySSLConnectionSocketFactory.A key-store is used to store personal certificates that are used for authentication with the server. A key-store can be setup with the following configuration options in base.config.
- ssl.keystore.file: The full path to a file containing certificate keys.
- ssl.keystore.password: The password that is required to unlock the certificates. All certificates must use the same password.
- ssl.keystore.type (optional): The type of the keystore. The default value is 'JKS'.
- ssl.keystore.provider (optional): The cryptographic provider implementation to use. If not specified the list of registered providers is searched.
- ssl.keystore.algorithm (optional): The encryption algorithm used in the keystore. If not specified, 'SunX509' is used.
A trust-store is used to store public certificates of of servers that are trusted. The default trust-store uses the certificates that are shipped with the java runtime in $JAVA_HOME/jre/lib/security/cacerts. A trust-store can be setup with the following configuration options in base.config.
- ssl.truststore.file: The full path to a file containing the certificates.
- ssl.truststore.password: The password that is required to unlock the certificates. All certificates must use the same password.
- ssl.truststore.type (optional): The type of the keystore. The default value is 'JKS'.
- ssl.truststore.provider (optional): The cryptographic provider implementation to use. If not specified the list of registered providers is searched.
- ssl.truststore.algorithm (optional): The encryption algorithm used in the keystore. If not specified, 'PKIX' is used.
- Returns:
- A SSL socket factory
-
getSSLContext
public static SSLContext getSSLContext(byte[] serverCertificate, byte[] clientCertificate, String clientCertificatePassword) Create a SSL context that optionally uses the given trusted server certificate and client certificate.- Parameters:
serverCertificate- The trusted server certificate data or null to use the default trusted certificates (seegetSSLSocketFactory(). The data must represent a X.509 certificate in binary or base64-encoded DER formatclientCertificate- The client certificate to use for authorization with the server or null to use the default certificates. The data must represent a PKCS #12 cretificate in binary formclientCertificatePassword- A password used to unlock the client certificate- Returns:
- A SSL context
-
getSSLSocketFactory
public static org.apache.http.conn.ssl.SSLConnectionSocketFactory getSSLSocketFactory(byte[] serverCertificate, byte[] clientCertificate, String clientCertificatePassword) Create a SSL socket factory that optionally uses the given trusted server certificate and client certificate. If both parameters are null then the socket factory fromgetSSLSocketFactory()is returned.- Parameters:
serverCertificate- The trusted server certificate data or null to use the default trusted certificates (seegetSSLSocketFactory(). The data must represent a X.509 certificate in binary or base64-encoded DER formatclientCertificate- The client certificate to use for authorization with the server or null to use the default certificates. The data must represent a PKCS #12 cretificate in binary formclientCertificatePassword- A password used to unlock the client certificate- Returns:
- A socket factory
-
getDefaultTrustManagers
private static TrustManager[] getDefaultTrustManagers() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, NoSuchProviderException, IOExceptionGet the default trust manages as configured in the base.config file by ssl.truststore.* settings.- Returns:
- An array with trust managers or null if no trust-store file has been configured
- Throws:
KeyStoreExceptionNoSuchAlgorithmExceptionCertificateExceptionNoSuchProviderExceptionIOException
-
getDefaultKeyManagers
private static KeyManager[] getDefaultKeyManagers() throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, CertificateException, NoSuchProviderException, IOExceptionGet the default keys manages as configured in the base.config file by ssl.keystore.* settings.- Returns:
- An array with key managers or null if no key-store file has been configured
- Throws:
UnrecoverableKeyExceptionKeyStoreExceptionNoSuchAlgorithmExceptionCertificateExceptionNoSuchProviderExceptionIOException
-
createKeyStore
public static KeyStore createKeyStore(InputStream store, String password, String type, String provider) throws KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, CertificateException, IOException Create a key-store from the given input stream- Parameters:
store- The stream with key-store datapassword- The password to unlock the keystore- Returns:
- A KeyStore object
- Throws:
KeyStoreExceptionNoSuchProviderExceptionNoSuchAlgorithmExceptionCertificateExceptionIOException
-
getCertificate
public static Certificate getCertificate(InputStream cert, String type, String provider) throws CertificateException, NoSuchProviderException Get the certificate that is found in the given input stream.- Parameters:
cert- The stream with the certificate informationtype- The type of the certificate, usually "X.509"- Returns:
- A Certificate object (can usually be subclassed to
X509Certificate - Throws:
CertificateExceptionNoSuchProviderException
-
createKeyManagers
private static KeyManager[] createKeyManagers(KeyStore keyStore, String password, String provider, String algorithm) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableKeyException, NoSuchProviderException -
createTrustManagers
private static TrustManager[] createTrustManagers(KeyStore keyStore, String provider, String algorithm) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, NoSuchProviderException
-