Package net.sf.basedb.util.ssl
Class SSLUtil2
java.lang.Object
net.sf.basedb.util.ssl.SSLUtil2
Utility class for working with SSL connections.
- Since:
- 3.4
- Author:
- Nicklas
-
Field Summary
Modifier and TypeFieldDescriptionprivate static KeyManager[]
private static org.apache.http.conn.ssl.SSLConnectionSocketFactory
private static TrustManager[]
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprivate static KeyManager[]
createKeyManagers
(KeyStore keyStore, String password, String provider, String algorithm) static KeyStore
createKeyStore
(InputStream store, String password, String type, String provider) Create a key-store from the given input streamprivate static TrustManager[]
createTrustManagers
(KeyStore keyStore, String provider, String algorithm) static Certificate
getCertificate
(InputStream cert, String type, String provider) Get the certificate that is found in the given input stream.private static KeyManager[]
Get the default keys manages as configured in the base.config file by ssl.keystore.* settings.private static TrustManager[]
Get the default trust manages as configured in the base.config file by ssl.truststore.* settings.static SSLContext
getSSLContext
(byte[] serverCertificate, byte[] clientCertificate, String clientCertificatePassword) Create a SSL context that optionally uses the given trusted server certificate and client certificate.static org.apache.http.conn.ssl.SSLConnectionSocketFactory
Get a SSL Socket Factory object that is used to create SSL sockets.static org.apache.http.conn.ssl.SSLConnectionSocketFactory
getSSLSocketFactory
(byte[] serverCertificate, byte[] clientCertificate, String clientCertificatePassword) Create a SSL socket factory that optionally uses the given trusted server certificate and client certificate.
-
Field Details
-
defaultKeyManagers
-
defaultTrustManagers
-
defaultSocketFactory
private static org.apache.http.conn.ssl.SSLConnectionSocketFactory defaultSocketFactory
-
-
Constructor Details
-
SSLUtil2
public SSLUtil2()
-
-
Method Details
-
getSSLSocketFactory
public static org.apache.http.conn.ssl.SSLConnectionSocketFactory getSSLSocketFactory()Get a SSL Socket Factory object that is used to create SSL sockets. Unless a key-store and/or trust-store has been configured this method returns a default socket factory provided bySSLConnectionSocketFactory
.A key-store is used to store personal certificates that are used for authentication with the server. A key-store can be setup with the following configuration options in base.config.
- ssl.keystore.file: The full path to a file containing certificate keys.
- ssl.keystore.password: The password that is required to unlock the certificates. All certificates must use the same password.
- ssl.keystore.type (optional): The type of the keystore. The default value is 'JKS'.
- ssl.keystore.provider (optional): The cryptographic provider implementation to use. If not specified the list of registered providers is searched.
- ssl.keystore.algorithm (optional): The encryption algorithm used in the keystore. If not specified, 'SunX509' is used.
A trust-store is used to store public certificates of of servers that are trusted. The default trust-store uses the certificates that are shipped with the java runtime in $JAVA_HOME/jre/lib/security/cacerts. A trust-store can be setup with the following configuration options in base.config.
- ssl.truststore.file: The full path to a file containing the certificates.
- ssl.truststore.password: The password that is required to unlock the certificates. All certificates must use the same password.
- ssl.truststore.type (optional): The type of the keystore. The default value is 'JKS'.
- ssl.truststore.provider (optional): The cryptographic provider implementation to use. If not specified the list of registered providers is searched.
- ssl.truststore.algorithm (optional): The encryption algorithm used in the keystore. If not specified, 'PKIX' is used.
- Returns:
- A SSL socket factory
-
getSSLContext
public static SSLContext getSSLContext(byte[] serverCertificate, byte[] clientCertificate, String clientCertificatePassword) Create a SSL context that optionally uses the given trusted server certificate and client certificate.- Parameters:
serverCertificate
- The trusted server certificate data or null to use the default trusted certificates (seegetSSLSocketFactory()
. The data must represent a X.509 certificate in binary or base64-encoded DER formatclientCertificate
- The client certificate to use for authorization with the server or null to use the default certificates. The data must represent a PKCS #12 cretificate in binary formclientCertificatePassword
- A password used to unlock the client certificate- Returns:
- A SSL context
-
getSSLSocketFactory
public static org.apache.http.conn.ssl.SSLConnectionSocketFactory getSSLSocketFactory(byte[] serverCertificate, byte[] clientCertificate, String clientCertificatePassword) Create a SSL socket factory that optionally uses the given trusted server certificate and client certificate. If both parameters are null then the socket factory fromgetSSLSocketFactory()
is returned.- Parameters:
serverCertificate
- The trusted server certificate data or null to use the default trusted certificates (seegetSSLSocketFactory()
. The data must represent a X.509 certificate in binary or base64-encoded DER formatclientCertificate
- The client certificate to use for authorization with the server or null to use the default certificates. The data must represent a PKCS #12 cretificate in binary formclientCertificatePassword
- A password used to unlock the client certificate- Returns:
- A socket factory
-
getDefaultTrustManagers
private static TrustManager[] getDefaultTrustManagers() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, NoSuchProviderException, IOExceptionGet the default trust manages as configured in the base.config file by ssl.truststore.* settings.- Returns:
- An array with trust managers or null if no trust-store file has been configured
- Throws:
KeyStoreException
NoSuchAlgorithmException
CertificateException
NoSuchProviderException
IOException
-
getDefaultKeyManagers
private static KeyManager[] getDefaultKeyManagers() throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, CertificateException, NoSuchProviderException, IOExceptionGet the default keys manages as configured in the base.config file by ssl.keystore.* settings.- Returns:
- An array with key managers or null if no key-store file has been configured
- Throws:
UnrecoverableKeyException
KeyStoreException
NoSuchAlgorithmException
CertificateException
NoSuchProviderException
IOException
-
createKeyStore
public static KeyStore createKeyStore(InputStream store, String password, String type, String provider) throws KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, CertificateException, IOException Create a key-store from the given input stream- Parameters:
store
- The stream with key-store datapassword
- The password to unlock the keystore- Returns:
- A KeyStore object
- Throws:
KeyStoreException
NoSuchProviderException
NoSuchAlgorithmException
CertificateException
IOException
-
getCertificate
public static Certificate getCertificate(InputStream cert, String type, String provider) throws CertificateException, NoSuchProviderException Get the certificate that is found in the given input stream.- Parameters:
cert
- The stream with the certificate informationtype
- The type of the certificate, usually "X.509"- Returns:
- A Certificate object (can usually be subclassed to
X509Certificate
- Throws:
CertificateException
NoSuchProviderException
-
createKeyManagers
private static KeyManager[] createKeyManagers(KeyStore keyStore, String password, String provider, String algorithm) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableKeyException, NoSuchProviderException -
createTrustManagers
private static TrustManager[] createTrustManagers(KeyStore keyStore, String provider, String algorithm) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, NoSuchProviderException
-