[jsslutils commit] r77 - Started 0.6-SNAPSHOT: refactorings and simplification in the configuration.
codesite...@google.com
Date: Thu Apr 2 16:21:45 2009
New Revision: 77
Added:
trunk/jsslutils/src/main/java/org/jsslutils/sslcontext/DefaultSSLContextFactory.java
- copied, changed from r76,
/trunk/jsslutils/src/main/java/org/jsslutils/sslcontext/SSLContextFactory.java
trunk/jsslutils/src/main/java/org/jsslutils/sslcontext/X509WrappingTrustManager.java
- copied, changed from r76,
/trunk/jsslutils/src/main/java/org/jsslutils/sslcontext/X509TrustManagerWrapper.java
Removed:
trunk/jsslutils/src/main/java/org/jsslutils/sslcontext/X509KeyManagerWrapper.java
trunk/jsslutils/src/main/java/org/jsslutils/sslcontext/X509TrustManagerWrapper.java
trunk/jsslutils/src/main/java/org/jsslutils/sslcontext/keymanagers/FixedServerAliasKeyManager.java
Modified:
trunk/extra/apachetomcat6/pom.xml
trunk/extra/apachetomcat6/src/main/java/org/jsslutils/extra/apachetomcat6/JSSLutilsJSSESocketFactory.java
trunk/jsslutils/pom.xml
trunk/jsslutils/src/main/java/org/jsslutils/keystores/KeyStoreLoader.java
trunk/jsslutils/src/main/java/org/jsslutils/sslcontext/PKIXSSLContextFactory.java
trunk/jsslutils/src/main/java/org/jsslutils/sslcontext/SSLContextFactory.java
trunk/jsslutils/src/main/java/org/jsslutils/sslcontext/X509SSLContextFactory.java
trunk/jsslutils/src/main/java/org/jsslutils/sslcontext/trustmanagers/GsiWrappingTrustManager.java
trunk/jsslutils/src/main/java/org/jsslutils/sslcontext/trustmanagers/TrustAllClientsWrappingTrustManager.java
trunk/jsslutils/src/test/java/org/jsslutils/sslcontext/test/SimpleX509Test.java
trunk/jsslutils/src/test/java/org/jsslutils/sslcontext/test/TrustAllClientsServerTest.java
trunk/pom.xml
Log:
Started 0.6-SNAPSHOT: refactorings and simplification in the configuration.
Modified: trunk/extra/apachetomcat6/pom.xml
==============================================================================
--- trunk/extra/apachetomcat6/pom.xml (original)
+++ trunk/extra/apachetomcat6/pom.xml Thu Apr 2 16:21:45 2009
@@ -5,7 +5,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.jsslutils</groupId>
<artifactId>jsslutils-extra-apachetomcat6</artifactId>
- <version>0.5.2</version>
+ <version>0.6-SNAPSHOT</version>
<packaging>jar</packaging>
<name>jSSLutils :: Extra :: SSLImplementation for Apache Tomcat 6</name>
<url>http://www.jsslutils.org/</url>
@@ -43,7 +43,7 @@
<dependency>
<groupId>org.jsslutils</groupId>
<artifactId>jsslutils</artifactId>
- <version>0.5.1</version>
+ <version>0.6-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>junit</groupId>
Modified:
trunk/extra/apachetomcat6/src/main/java/org/jsslutils/extra/apachetomcat6/JSSLutilsJSSESocketFactory.java
==============================================================================
---
trunk/extra/apachetomcat6/src/main/java/org/jsslutils/extra/apachetomcat6/JSSLutilsJSSESocketFactory.java
(original)
+++
trunk/extra/apachetomcat6/src/main/java/org/jsslutils/extra/apachetomcat6/JSSLutilsJSSESocketFactory.java
Thu Apr 2 16:21:45 2009
@@ -44,8 +44,8 @@
* example for using jSSLutils with Tomcat 6. It takes the same parameters
as
* the default factory in Tomcat 6, with the addition of:
* <ul>
- * <li><i>crlURLs</i>: a space-separated list of URLs of certificate
- * revocation lists.
+ * <li><i>crlURLs</i>: a space-separated list of URLs of certificate
revocation
+ * lists.
* <li><i>acceptProxyCerts</i>: set to 'true' if you wish to use the
* GsiWrappingTrustManager of jSSLutils (to accept grid proxy
certificates).
* </ul>
@@ -221,7 +221,7 @@
if (protocol == null) {
protocol = defaultProtocol;
}
-
+
String keyPassAttr = (String) attributes.get("keypass");
KeyStoreLoader ksl = KeyStoreLoader.getKeyStoreDefaultLoader();
@@ -270,7 +270,7 @@
.setKeyStoreProvider(truststoreProviderAttr.length() == 0 ? null
: truststoreProviderAttr);
}
-
+
KeyStore keyStore = ksl.loadKeyStore();
KeyStore trustStore = tsl.loadKeyStore();
@@ -290,14 +290,14 @@
if ("true".equalsIgnoreCase(acceptAnyCert)
|| "yes".equalsIgnoreCase(acceptAnyCert)) {
sslContextFactory
- .setTrustManagerWrapper(new
TrustAllClientsWrappingTrustManager.Wrapper());
+ .setTrustManagerWrapper(TrustAllClientsWrappingTrustManager.class);
} else {
String acceptProxyCertsAttr = (String) attributes
.get("acceptProxyCerts");
if ("true".equalsIgnoreCase(acceptProxyCertsAttr)
|| "yes".equalsIgnoreCase(acceptProxyCertsAttr)) {
sslContextFactory
- .setTrustManagerWrapper(new GsiWrappingTrustManager.Wrapper());
+ .setTrustManagerWrapper(GsiWrappingTrustManager.class);
}
}
Modified: trunk/jsslutils/pom.xml
==============================================================================
--- trunk/jsslutils/pom.xml (original)
+++ trunk/jsslutils/pom.xml Thu Apr 2 16:21:45 2009
@@ -4,7 +4,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.jsslutils</groupId>
<artifactId>jsslutils</artifactId>
- <version>0.5.1</version>
+ <version>0.6-SNAPSHOT</version>
<packaging>jar</packaging>
<name>jSSLutils</name>
<url>http://www.jsslutils.org/</url>
Modified:
trunk/jsslutils/src/main/java/org/jsslutils/keystores/KeyStoreLoader.java
==============================================================================
---
trunk/jsslutils/src/main/java/org/jsslutils/keystores/KeyStoreLoader.java
(original)
+++
trunk/jsslutils/src/main/java/org/jsslutils/keystores/KeyStoreLoader.java
Thu Apr 2 16:21:45 2009
@@ -2,7 +2,7 @@
This file is part of the jSSLutils library.
-Copyright (c) 2008, The University of Manchester, United Kingdom.
+Copyright (c) 2008-2009, The University of Manchester, United Kingdom.
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -36,12 +36,18 @@
import java.io.FileInputStream;
import java.io.IOException;
+import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.CertificateException;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
/**
* This class is a factory that provides methods for loading a KeyStore.
*
@@ -50,9 +56,11 @@
*/
public final class KeyStoreLoader {
private volatile String keyStorePath;
+ private volatile InputStream keyStoreInputStream;
private volatile String keyStoreType;
private volatile String keyStoreProvider;
private volatile char[] keyStorePassword;
+ private volatile CallbackHandler keyStorePasswordCallbackHandler;
/**
* Sets the KeyStore path.
@@ -65,6 +73,18 @@
}
/**
+ * Sets the KeyStore InputStream. If null, falls back to KeyStore path.
This
+ * InputStream will be closed by {@link
KeyStoreLoader#loadKeyStore(char[])}
+ * .
+ *
+ * @param keyStoreInputStream
+ * the KeyStore InputStream
+ */
+ public void setKeyStoreInputStream(InputStream keyStoreInputStream) {
+ this.keyStoreInputStream = keyStoreInputStream;
+ }
+
+ /**
* Sets the KeyStore type.
*
* @param keyStoreType
@@ -106,6 +126,18 @@
}
/**
+ * Sets the KeyStore password CallbackHander (used to get the password if
no
+ * password is provided).
+ *
+ * @param keyStorePasswordCallbackHandler
+ * the KeyStore password CallbackHandler.
+ */
+ public void setKeyStorePasswordCallbackHandler(
+ CallbackHandler keyStorePasswordCallbackHandler) {
+ this.keyStorePasswordCallbackHandler = keyStorePasswordCallbackHandler;
+ }
+
+ /**
* Loads a KeyStore according to the parameters initialised using the
* setters.
*
@@ -118,30 +150,47 @@
* @throws IOException
* @throws NoSuchAlgorithmException
* @throws CertificateException
+ * @throws UnsupportedCallbackException
*/
public KeyStore loadKeyStore(char[] password) throws KeyStoreException,
NoSuchProviderException, IOException, NoSuchAlgorithmException,
- CertificateException {
- KeyStore keyStore;
- if (this.keyStoreProvider != null) {
- keyStore = KeyStore.getInstance(
- this.keyStoreType != null ? this.keyStoreType : KeyStore
- .getDefaultType(), this.keyStoreProvider);
- } else {
- keyStore = KeyStore
- .getInstance(this.keyStoreType != null ? this.keyStoreType
- : KeyStore.getDefaultType());
- }
- FileInputStream keyStoreInputStream = null;
- try {
- keyStoreInputStream = ((this.keyStorePath != null) && (!"NONE"
- .equals(this.keyStorePath))) ? new FileInputStream(
- this.keyStorePath) : null;
- keyStore.load(keyStoreInputStream, (password != null) ? password
- : this.keyStorePassword);
- } finally {
- if (keyStoreInputStream != null) {
- keyStoreInputStream.close();
+ CertificateException, UnsupportedCallbackException {
+ KeyStore keyStore = null;
+ if ((password != null) || (this.keyStorePassword != null)
+ || (this.keyStoreProvider != null)
+ || (this.keyStorePath != null) || (this.keyStoreType != null)) {
+
+ if (this.keyStoreProvider != null) {
+ keyStore = KeyStore.getInstance(
+ this.keyStoreType != null ? this.keyStoreType
+ : KeyStore.getDefaultType(),
+ this.keyStoreProvider);
+ } else {
+ keyStore = KeyStore
+ .getInstance(this.keyStoreType != null ? this.keyStoreType
+ : KeyStore.getDefaultType());
+ }
+ InputStream keyStoreInputStream = this.keyStoreInputStream;
+ try {
+ keyStoreInputStream = ((this.keyStorePath != null) && (!"NONE"
+ .equals(this.keyStorePath))) ? new FileInputStream(
+ this.keyStorePath) : null;
+ if (password == null) {
+ password = this.keyStorePassword;
+ }
+ CallbackHandler pwCallbackHandler =
this.keyStorePasswordCallbackHandler;
+ if ((password == null) && (pwCallbackHandler != null)) {
+ PasswordCallback passwordCallback = new PasswordCallback(
+ "KeyStore password? ", false);
+ pwCallbackHandler
+ .handle(new Callback[] { passwordCallback });
+ password = passwordCallback.getPassword();
+ }
+ keyStore.load(keyStoreInputStream, password);
+ } finally {
+ if (keyStoreInputStream != null) {
+ keyStoreInputStream.close();
+ }
}
}
return keyStore;
@@ -157,11 +206,12 @@
* @throws IOException
* @throws NoSuchAlgorithmException
* @throws CertificateException
+ * @throws UnsupportedCallbackException
*/
public KeyStore loadKeyStore() throws KeyStoreException,
NoSuchProviderException, IOException, NoSuchAlgorithmException,
- CertificateException {
- return loadKeyStore(null);
+ CertificateException, UnsupportedCallbackException {
+ return loadKeyStore(this.keyStorePassword);
}
/**
Copied:
trunk/jsslutils/src/main/java/org/jsslutils/sslcontext/DefaultSSLContextFactory.java
(from r76,
/trunk/jsslutils/src/main/java/org/jsslutils/sslcontext/SSLContextFactory.java)
==============================================================================
---
/trunk/jsslutils/src/main/java/org/jsslutils/sslcontext/SSLContextFactory.java
(original)
+++
trunk/jsslutils/src/main/java/org/jsslutils/sslcontext/DefaultSSLContextFactory.java
Thu Apr 2 16:21:45 2009
@@ -41,6 +41,7 @@
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
+import java.util.Properties;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
@@ -56,40 +57,52 @@
* @author Bruno Harbulot
*
*/
-public class SSLContextFactory {
+public class DefaultSSLContextFactory implements SSLContextFactory {
+ public final static String CONTEXT_PROVIDER_NAME_PROP
= "org.jsslutils.prop.contextProvider";
+ public final static String CONTEXT_PROTOCOL_NAME_PROP
= "org.jsslutils.prop.contextProtocol";
+ public final static String SECURERANDOM_PROVIDER_NAME_PROP
= "org.jsslutils.prop.secureRandomProvider";
+ public final static String SECURERANDOM_ALGORITHM_PROP
= "org.jsslutils.prop.secureRandomAlgorithm";
+
private String contextProtocol = "SSLv3";
private Provider contextProvider = null;
- private Provider defaultSecureRandomProvider = null;
+ private Provider secureRandomProvider = null;
private String defaultSecureRandomAlgorithm = null;
private SecureRandom secureRandom = null;
/**
- * Sets the Provider used for creating the SSLContext (defaults to null).
*
- * @param contextProvider
- * Provider used to create the SSLContext.
*/
- public void setContextProvider(Provider contextProvider) {
- this.contextProvider = contextProvider;
- }
-
- /**
- * Sets the Provider used for creating the SSLContext (defaults to null),
- * using Security.getProvider(contextProviderName).
- *
- * @param contextProviderName
- * name of the Provider to use.
- */
- public void setContextProvider(String contextProviderName)
+ public void configure(Properties properties)
throws SSLContextFactoryException {
+ String contextProviderName = properties
+ .getProperty(CONTEXT_PROVIDER_NAME_PROP);
+ String secureRandomProviderName = properties
+ .getProperty(SECURERANDOM_PROVIDER_NAME_PROP);
+ String secureRandomAlgorithm = properties
+ .getProperty(SECURERANDOM_ALGORITHM_PROP);
+ String contextProtocol = properties
+ .getProperty(CONTEXT_PROTOCOL_NAME_PROP);
+
if (contextProviderName != null) {
this.contextProvider = Security.getProvider(contextProviderName);
if (this.contextProvider == null) {
throw new SSLContextFactoryException(
new NoSuchProviderException(contextProviderName));
}
+ }
+ if (secureRandomProviderName != null) {
+ this.secureRandomProvider = Security
+ .getProvider(secureRandomProviderName);
+ if (this.secureRandomProvider == null) {
+ throw new SSLContextFactoryException(
+ new NoSuchProviderException(secureRandomProviderName));
+ }
+ }
+ this.defaultSecureRandomAlgorithm = secureRandomAlgorithm;
+ if (contextProtocol != null) {
+ this.contextProtocol = contextProtocol;
} else {
- this.contextProvider = null;
+ this.contextProtocol = "SSLv3";
}
}
@@ -103,48 +116,6 @@
}
/**
- * Sets the name of the Provider used for creating the SSLContext
(defaults
- * to null). It is only used if there is no Provider set using
- * setContextProvider(Provider).
- *
- * @param contextProviderName
- * name of the Provider to use.
- */
- @Deprecated
- public void setContextProviderName(String contextProviderName) {
- try {
- setContextProvider(contextProviderName);
- } catch (SSLContextFactoryException e) {
- throw new RuntimeException(e);
- }
- }
-
- /**
- * Returns the name of the provider that is used for creating the
- * SSLContext, if one is set. If there is an actual provider set,
- * Provider.getName() is used, otherwise, it returns the context provider
- * name, set as a String.
- *
- * @return Name of the context Provider.
- */
- @Deprecated
- public String getContextProviderName() {
- return (this.contextProvider != null) ? this.contextProvider.getName()
- : null;
- }
-
- /**
- * Sets the protocol to be used for creating a new SSLContext. If no value
- * is set, this defaults to "SSLv3".
- *
- * @param contextProtocol
- * protocol to be used to create the SSLContext.
- */
- public void setContextProtocol(String contextProtocol) {
- this.contextProtocol = contextProtocol;
- }
-
- /**
* Returns the protocol to be used for creating a new SSLContext.
*
* @return Protocol to be used to create the SSLContext.
@@ -158,29 +129,8 @@
*
* @return The default SecureRandom Provider.
*/
- public Provider getDefaultSecureRandomProvider() {
- return this.defaultSecureRandomProvider;
- }
-
- /**
- * Sets the default SecureRandom Provider.
- *
- * @param secureRandomProvider
- * the default SecureRandom Provider to set
- */
- public void setDefaultSecureRandomProvider(Provider secureRandomProvider)
{
- this.defaultSecureRandomProvider = secureRandomProvider;
- }
-
- /**
- * Sets the default SecureRandom Provider, by name.
- *
- * @param secureRandomProviderName
- * the default SecureRandom Provider to set
- */
- public void setDefaultSecureRandomProvider(String
secureRandomProviderName) {
- this.defaultSecureRandomProvider = Security
- .getProvider(secureRandomProviderName);
+ public Provider getSecureRandomProvider() {
+ return this.secureRandomProvider;
}
/**
@@ -193,34 +143,6 @@
}
/**
- * Sets the default SecureRandom algorithm.
- *
- * @param secureRandomAlgorithm
- * the default SecureRandom algorithm to set
- */
- public void setDefaultSecureRandomAlgorithm(String secureRandomAlgorithm)
{
- this.defaultSecureRandomAlgorithm = secureRandomAlgorithm;
- }
-
- /**
- * @see SSLContextFactory#buildSSLContext()
- */
- @Deprecated
- public SSLContext newInitializedSSLContext()
- throws SSLContextFactoryException {
- return buildSSLContext(contextProtocol);
- }
-
- /**
- * @see SSLContextFactory#buildSSLContext(String)
- */
- @Deprecated
- public SSLContext newInitializedSSLContext(String contextProtocol)
- throws SSLContextFactoryException {
- return buildSSLContext(contextProtocol);
- }
-
- /**
* Creates a new SSLContext with the context protocol set with
* setContextProtocol(String). The default value is "SSLv3".
*
@@ -228,8 +150,8 @@
* and getSecureRandom().
* @throws SSLContextFactoryException
*/
- public SSLContext buildSSLContext() throws SSLContextFactoryException {
- return buildSSLContext(contextProtocol);
+ public final SSLContext buildSSLContext() throws
SSLContextFactoryException {
+ return buildSSLContext(getContextProtocol());
}
/**
@@ -247,9 +169,10 @@
throws SSLContextFactoryException {
try {
SSLContext sslContext;
- if (this.contextProvider != null) {
+ Provider contextProvider = getContextProvider();
+ if (contextProvider != null) {
sslContext = SSLContext.getInstance(contextProtocol,
- this.contextProvider);
+ contextProvider);
} else {
sslContext = SSLContext.getInstance(contextProtocol);
}
@@ -310,10 +233,10 @@
if ((this.secureRandom == null)
&& (this.defaultSecureRandomAlgorithm != null)) {
try {
- if (this.defaultSecureRandomProvider != null) {
+ if (this.secureRandomProvider != null) {
this.secureRandom = SecureRandom.getInstance(
this.defaultSecureRandomAlgorithm,
- this.defaultSecureRandomProvider);
+ this.secureRandomProvider);
} else {
this.secureRandom = SecureRandom
.getInstance(this.defaultSecureRandomAlgorithm);
@@ -330,31 +253,8 @@
* SSLContextFactories are likely to contain sensitive information;
cloning
* is therefore not allowed.
*/
- protected final SSLContextFactory clone() throws
CloneNotSupportedException {
+ protected final DefaultSSLContextFactory clone()
+ throws CloneNotSupportedException {
throw new CloneNotSupportedException();
- }
-
- /**
- * This class is a wrapper exception for most exceptions that can occur
when
- * using an SSLContextFactory.
- *
- * @author Bruno Harbulot <Bruno.H...@manchester.ac.uk>
- *
- */
- public class SSLContextFactoryException extends Exception {
- private static final long serialVersionUID = 1L;
- public static final String message = "Exception in SSLContextFactory";
-
- public SSLContextFactoryException(Exception e) {
- super(SSLContextFactoryException.message, e);
- }
-
- public SSLContextFactoryException(String message) {
- super(SSLContextFactoryException.message + " " + message);
- }
-
- public SSLContextFactoryException(String message, Exception e) {
- super(SSLContextFactoryException.message + " " + message, e);
- }
}
}
Modified:
trunk/jsslutils/src/main/java/org/jsslutils/sslcontext/PKIXSSLContextFactory.java
==============================================================================
---
trunk/jsslutils/src/main/java/org/jsslutils/sslcontext/PKIXSSLContextFactory.java
(original)
+++
trunk/jsslutils/src/main/java/org/jsslutils/sslcontext/PKIXSSLContextFactory.java
Thu Apr 2 16:21:45 2009
@@ -78,6 +78,10 @@
protected Set<CRL> crlCollection = new HashSet<CRL>();
private CertificateFactory certificateFactory = null;
+ public PKIXSSLContextFactory() {
+ this(null, (char[]) null, null, true);
+ }
+
/**
* Builds an SSLContextFactory using the PKIX algorithm in the
* TrustManagerFactory.
@@ -164,7 +168,7 @@
if (trustParams != null) {
tmf.init(trustParams);
} else {
- tmf.init((KeyStore)null);
+ tmf.init((KeyStore) null);
}
return tmf.getTrustManagers();
} catch (NoSuchAlgorithmException e) {
@@ -374,37 +378,5 @@
is.close();
}
}
- }
-
- /**
- * Adds a CRL from a URL to the collection used by getCrlCollection() (and
- * thus the trust manager by default).
- *
- * @param crlUrl
- * URL of the CRL to fetch.
- * @throws SSLContextFactoryException
- * @throws IOException
- * @throws MalformedURLException
- */
- @Deprecated
- public void addRemoteCrl(String crlUrl) throws SSLContextFactoryException,
- IOException, MalformedURLException {
- addCrl(crlUrl);
- }
-
- /**
- * Builds a CRL object from a URL.
- *
- * @param crlUrl
- * URL of the CRL to fetch.
- * @return X509CRL built from the representation obtained from this URL.
- * @throws SSLContextFactoryException
- * @throws IOException
- * @throws MalformedURLException
- */
- @Deprecated
- public CRL fetchRemoteCrl(String crlUrl) throws
SSLContextFactoryException,
- IOException, MalformedURLException {
- return loadCrl(crlUrl);
}
}
Modified:
trunk/jsslutils/src/main/java/org/jsslutils/sslcontext/SSLContextFactory.java
==============================================================================
---
trunk/jsslutils/src/main/java/org/jsslutils/sslcontext/SSLContextFactory.java
(original)
+++
trunk/jsslutils/src/main/java/org/jsslutils/sslcontext/SSLContextFactory.java
Thu Apr 2 16:21:45 2009
@@ -32,313 +32,27 @@
Author........: Bruno Harbulot
-----------------------------------------------------------------------*/
-
package org.jsslutils.sslcontext;
-import java.security.KeyManagementException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.Provider;
-import java.security.SecureRandom;
-import java.security.Security;
+import java.util.Properties;
-import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
-import javax.net.ssl.TrustManager;
/**
- * This class is a factory that provides methods for creating an SSLContext
- * configured with the settings set in this factory. It creates and
initialises
- * the SSLContext with init(getKeyManagers(), getTrustManagers(),
- * getSecureRandom()), which all default to null. These three methods can
be
- * overridden.
- *
- * @author Bruno Harbulot
+ * @author Bruno Harbulot (Bruno.H...@manchester.ac.uk)
*
*/
-public class SSLContextFactory {
- private String contextProtocol = "SSLv3";
- private Provider contextProvider = null;
- private Provider defaultSecureRandomProvider = null;
- private String defaultSecureRandomAlgorithm = null;
- private SecureRandom secureRandom = null;
-
- /**
- * Sets the Provider used for creating the SSLContext (defaults to null).
- *
- * @param contextProvider
- * Provider used to create the SSLContext.
- */
- public void setContextProvider(Provider contextProvider) {
- this.contextProvider = contextProvider;
- }
-
- /**
- * Sets the Provider used for creating the SSLContext (defaults to null),
- * using Security.getProvider(contextProviderName).
- *
- * @param contextProviderName
- * name of the Provider to use.
- */
- public void setContextProvider(String contextProviderName)
- throws SSLContextFactoryException {
- if (contextProviderName != null) {
- this.contextProvider = Security.getProvider(contextProviderName);
- if (this.contextProvider == null) {
- throw new SSLContextFactoryException(
- new NoSuchProviderException(contextProviderName));
- }
- } else {
- this.contextProvider = null;
- }
- }
+public interface SSLContextFactory {
+ public void configure(Properties properties)
+ throws SSLContextFactoryException;
- /**
- * Returns the Provider that is used for creating the SSLContext.
- *
- * @return Provider that is used for creating the SSLContext.
- */
- public Provider getContextProvider() {
- return this.contextProvider;
- }
-
- /**
- * Sets the name of the Provider used for creating the SSLContext
(defaults
- * to null). It is only used if there is no Provider set using
- * setContextProvider(Provider).
- *
- * @param contextProviderName
- * name of the Provider to use.
- */
- @Deprecated
- public void setContextProviderName(String contextProviderName) {
- try {
- setContextProvider(contextProviderName);
- } catch (SSLContextFactoryException e) {
- throw new RuntimeException(e);
- }
- }
-
- /**
- * Returns the name of the provider that is used for creating the
- * SSLContext, if one is set. If there is an actual provider set,
- * Provider.getName() is used, otherwise, it returns the context provider
- * name, set as a String.
- *
- * @return Name of the context Provider.
- */
- @Deprecated
- public String getContextProviderName() {
- return (this.contextProvider != null) ? this.contextProvider.getName()
- : null;
- }
-
- /**
- * Sets the protocol to be used for creating a new SSLContext. If no value
- * is set, this defaults to "SSLv3".
- *
- * @param contextProtocol
- * protocol to be used to create the SSLContext.
- */
- public void setContextProtocol(String contextProtocol) {
- this.contextProtocol = contextProtocol;
- }
-
- /**
- * Returns the protocol to be used for creating a new SSLContext.
- *
- * @return Protocol to be used to create the SSLContext.
- */
- public String getContextProtocol() {
- return this.contextProtocol;
- }
-
- /**
- * Returns the default SecureRandom Provider.
- *
- * @return The default SecureRandom Provider.
- */
- public Provider getDefaultSecureRandomProvider() {
- return this.defaultSecureRandomProvider;
- }
-
- /**
- * Sets the default SecureRandom Provider.
- *
- * @param secureRandomProvider
- * the default SecureRandom Provider to set
- */
- public void setDefaultSecureRandomProvider(Provider secureRandomProvider)
{
- this.defaultSecureRandomProvider = secureRandomProvider;
- }
-
- /**
- * Sets the default SecureRandom Provider, by name.
- *
- * @param secureRandomProviderName
- * the default SecureRandom Provider to set
- */
- public void setDefaultSecureRandomProvider(String
secureRandomProviderName) {
- this.defaultSecureRandomProvider = Security
- .getProvider(secureRandomProviderName);
- }
-
- /**
- * Returns the default SecureRandom algorithm.
- *
- * @return The default SecureRandom algorithm.
- */
- public String getDefaultSecureRandomAlgorithm() {
- return this.defaultSecureRandomAlgorithm;
- }
-
- /**
- * Sets the default SecureRandom algorithm.
- *
- * @param secureRandomAlgorithm
- * the default SecureRandom algorithm to set
- */
- public void setDefaultSecureRandomAlgorithm(String secureRandomAlgorithm)
{
- this.defaultSecureRandomAlgorithm = secureRandomAlgorithm;
- }
-
- /**
- * @see SSLContextFactory#buildSSLContext()
- */
- @Deprecated
- public SSLContext newInitializedSSLContext()
- throws SSLContextFactoryException {
- return buildSSLContext(contextProtocol);
- }
-
- /**
- * @see SSLContextFactory#buildSSLContext(String)
- */
- @Deprecated
- public SSLContext newInitializedSSLContext(String contextProtocol)
- throws SSLContextFactoryException {
- return buildSSLContext(contextProtocol);
- }
-
- /**
- * Creates a new SSLContext with the context protocol set with
- * setContextProtocol(String). The default value is "SSLv3".
- *
- * @return SSLContext initialised with getKeyManagers(),
getTrustManagers()
- * and getSecureRandom().
- * @throws SSLContextFactoryException
- */
- public SSLContext buildSSLContext() throws SSLContextFactoryException {
- return buildSSLContext(contextProtocol);
- }
-
- /**
- * Creates a new SSLContext initialised with getKeyManagers(),
- * getTrustManagers() and getSecureRandom(). The provider is that set up
- * with setContextProvider() or setContextProviderName().
- *
- * @param contextProtocol
- * SSLContext protocol.
- * @return SSLContext initialised with getKeyManagers(),
getTrustManagers()
- * and getSecureRandom().
- * @throws SSLContextFactoryException
- */
- public SSLContext buildSSLContext(String contextProtocol)
- throws SSLContextFactoryException {
- try {
- SSLContext sslContext;
- if (this.contextProvider != null) {
- sslContext = SSLContext.getInstance(contextProtocol,
- this.contextProvider);
- } else {
- sslContext = SSLContext.getInstance(contextProtocol);
- }
- sslContext.init(getKeyManagers(), getTrustManagers(),
- getSecureRandom());
- return sslContext;
- } catch (KeyManagementException e) {
- throw new SSLContextFactoryException(e);
- } catch (NoSuchAlgorithmException e) {
- throw new SSLContextFactoryException(e);
- }
- }
-
- /**
- * Returns the KeyManagers to be used for initialising the SSLContext.
- * Defaults to null.
- *
- * @return The KeyManagers to be used for initialising the SSLContext.
- * @throws SSLContextFactoryException
- */
- public KeyManager[] getKeyManagers() throws SSLContextFactoryException {
- return null;
- }
-
- /**
- * Returns the TrustManagers to be used for initialising the SSLContext.
- * Defaults to null.
- *
- * @return The TrustManagers to be used for initialising the SSLContext.
- * @throws SSLContextFactoryException
- */
- public TrustManager[] getTrustManagers() throws
SSLContextFactoryException {
- return null;
- }
-
- /**
- * Sets the SecureRandom to be used for initialising the SSLContext.
- *
- * @param secureRandom
- * the secureRandom to set
- */
- public void setSecureRandom(SecureRandom secureRandom) {
- this.secureRandom = secureRandom;
- }
-
- /**
- * Returns the SecureRandom to be used for initialising the SSLContext.
- * Defaults to SecureRandom.getInstance(...) if
defaultSecureRandomAlgorithm
- * has been set (with optional provider) or null otherwise. It will only
try
- * to create a new SecureRandom from the default value if the current
value
- * is null. Reset it to null if you want to re-create a new SecureRandom
- * from the default values.
- *
- * @return The SecureRandom to be used for initialising the SSLContext.
- * @throws SSLContextFactoryException
- */
- public SecureRandom getSecureRandom() throws SSLContextFactoryException {
- if ((this.secureRandom == null)
- && (this.defaultSecureRandomAlgorithm != null)) {
- try {
- if (this.defaultSecureRandomProvider != null) {
- this.secureRandom = SecureRandom.getInstance(
- this.defaultSecureRandomAlgorithm,
- this.defaultSecureRandomProvider);
- } else {
- this.secureRandom = SecureRandom
- .getInstance(this.defaultSecureRandomAlgorithm);
- }
- } catch (NoSuchAlgorithmException e) {
- throw new SSLContextFactoryException(
- "Error initialising SecureRandom.", e);
- }
- }
- return this.secureRandom;
- }
-
- /**
- * SSLContextFactories are likely to contain sensitive information;
cloning
- * is therefore not allowed.
- */
- protected final SSLContextFactory clone() throws
CloneNotSupportedException {
- throw new CloneNotSupportedException();
- }
+ public SSLContext buildSSLContext() throws SSLContextFactoryException;
/**
* This class is a wrapper exception for most exceptions that can occur
when
* using an SSLContextFactory.
*
- * @author Bruno Harbulot <Bruno.H...@manchester.ac.uk>
+ * @author Bruno Harbulot (Bruno.H...@manchester.ac.uk)
*
*/
public class SSLContextFactoryException extends Exception {
Modified:
trunk/jsslutils/src/main/java/org/jsslutils/sslcontext/X509SSLContextFactory.java
==============================================================================
---
trunk/jsslutils/src/main/java/org/jsslutils/sslcontext/X509SSLContextFactory.java
(original)
+++
trunk/jsslutils/src/main/java/org/jsslutils/sslcontext/X509SSLContextFactory.java
Thu Apr 2 16:21:45 2009
@@ -36,22 +36,30 @@
package org.jsslutils.sslcontext;
import java.io.IOException;
+import java.lang.reflect.Constructor;
+import java.lang.reflect.InvocationTargetException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+import java.util.Properties;
+import java.util.logging.Level;
+import java.util.logging.Logger;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
-import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
+import org.jsslutils.keystores.KeyStoreLoader;
+
/**
* This class is a factory that provides methods for creating an SSLContext
* configured with the settings set in this factory: using the SunX509
algorithm
@@ -62,18 +70,39 @@
* @author Bruno Harbulot
*
*/
-public class X509SSLContextFactory extends SSLContextFactory {
- private final KeyStore keyStore;
- private final char[] keyPassword;
- private final KeyStore trustStore;
+public class X509SSLContextFactory extends DefaultSSLContextFactory {
+ private final static Logger LOGGER = Logger
+ .getLogger(X509SSLContextFactory.class.getName());
+
+ public final static String KEYSTORE_FILE_PROP
= "org.jsslutils.prop.keyStore";
+ public final static String KEYSTORE_TYPE_PROP
= "org.jsslutils.prop.keyStoreType";
+ public final static String KEYSTORE_PROVIDER_PROP
= "org.jsslutils.prop.keyStoreProvider";
+ public final static String KEYSTORE_PASSWORD_PROP
= "org.jsslutils.prop.keyStorePassword";
+
+ public final static String KEY_PASSWORD_PROP
= "org.jsslutils.prop.keyPassword";
+
+ public final static String TRUSTSTORE_FILE_PROP
= "org.jsslutils.prop.trustStore";
+ public final static String TRUSTSTORE_TYPE_PROP
= "org.jsslutils.prop.trustStoreType";
+ public final static String TRUSTSTORE_PROVIDER_PROP
= "org.jsslutils.prop.trustStoreProvider";
+ public final static String TRUSTSTORE_PASSWORD_PROP
= "org.jsslutils.prop.trustStorePassword";
+
+ private KeyStore keyStore;
+ private char[] keyPassword;
+ private KeyStore trustStore;
- private boolean keyManagerWrapperLocked = false;
- private X509KeyManagerWrapper x509KeyManagerWrapper;
+ private CallbackHandler keyPasswordCallbackHandler;
+ private CallbackHandler keyStorePasswordCallbackHandler;
+ private CallbackHandler trustStorePasswordCallbackHandler;
- private boolean trustManagerWrapperLocked = false;
- private X509TrustManagerWrapper x509TrustManagerWrapper;
+ private Class<? extends X509WrappingTrustManager> trustManagerWrapper;
- private CallbackHandler keyPasswordCallbackHandler;
+ /**
+ * Builds an SSLContextFactory using the SunX509 algorithm in the
+ * TrustManagerFactory.
+ */
+ public X509SSLContextFactory() {
+ this(null, (char[]) null, null);
+ }
/**
* Builds an SSLContextFactory using the SunX509 algorithm in the
@@ -111,139 +140,153 @@
this.trustStore = trustStore;
}
- /**
- * Returns the key store.
- *
- * @return the key store.
- */
- protected KeyStore getKeyStore() {
- return this.keyStore;
- }
-
- /**
- * Returns the trust store.
- *
- * @return the trust store.
- */
- protected KeyStore getTrustStore() {
- return this.trustStore;
- }
+ @Override
+ public void configure(Properties properties)
+ throws SSLContextFactoryException {
+ super.configure(properties);
+ try {
+ if (getKeyStore() == null) {
+ String keyStorePath = properties
+ .getProperty(KEYSTORE_FILE_PROP);
+ String keyStoreType = properties
+ .getProperty(KEYSTORE_TYPE_PROP);
+ String keyStoreProvider = properties
+ .getProperty(KEYSTORE_PROVIDER_PROP);
+ String keyStorePassword = properties
+ .getProperty(KEYSTORE_PASSWORD_PROP);
+ if ((keyStorePath != null) || (keyStoreType != null)
+ || (keyStoreProvider != null)
+ || (keyStorePassword != null)) {
+ KeyStoreLoader ksl = new KeyStoreLoader();
+ ksl.setKeyStorePath(keyStorePath);
+ ksl.setKeyStoreType(keyStoreType);
+ ksl.setKeyStoreProvider(keyStoreProvider);
+ ksl.setKeyStorePassword(keyStorePassword);
+ ksl
+
.setKeyStorePasswordCallbackHandler(this.keyStorePasswordCallbackHandler);
+ this.keyStore = ksl.loadKeyStore();
+ }
+ }
- /**
- * Sets the X509KeyManagerWrapper that will be used to wrap the trust
- * managers returned by getRawKeyManagers() before being returned by
- * getKeyManagers().
- *
- * @param keyManagerWrapper
- * wrapper (may be null).
- */
- public final void setKeyManagerWrapper(
- X509KeyManagerWrapper keyManagerWrapper)
- throws LockedSettingsException {
- synchronized (this) {
- if (!this.keyManagerWrapperLocked) {
- this.x509KeyManagerWrapper = keyManagerWrapper;
- } else {
- throw new LockedSettingsException(
- "KeyManagerWrapper already set and locked.");
+ if (getTrustStore() == null) {
+ String trustStorePath = properties
+ .getProperty(TRUSTSTORE_FILE_PROP);
+ String trustStoreType = properties
+ .getProperty(TRUSTSTORE_TYPE_PROP);
+ String trustStoreProvider = properties
+ .getProperty(TRUSTSTORE_PROVIDER_PROP);
+ String trustStorePassword = properties
+ .getProperty(TRUSTSTORE_PASSWORD_PROP);
+
+ if ((trustStorePath != null) || (trustStoreType != null)
+ || (trustStoreProvider != null)
+ || (trustStorePassword != null)) {
+ KeyStoreLoader ksl = new KeyStoreLoader();
+ ksl.setKeyStorePath(trustStorePath);
+ ksl.setKeyStoreType(trustStoreType);
+ ksl.setKeyStoreProvider(trustStoreProvider);
+ ksl.setKeyStorePassword(trustStorePassword);
+ ksl
+
.setKeyStorePasswordCallbackHandler(this.trustStorePasswordCallbackHandler);
+ this.trustStore = ksl.loadKeyStore();
+ }
}
+ } catch (KeyStoreException e) {
+ throw new SSLContextFactoryException(e);
+ } catch (NoSuchProviderException e) {
+ throw new SSLContextFactoryException(e);
+ } catch (NoSuchAlgorithmException e) {
+ throw new SSLContextFactoryException(e);
+ } catch (CertificateException e) {
+ throw new SSLContextFactoryException(e);
+ } catch (IOException e) {
+ throw new SSLContextFactoryException(e);
+ } catch (UnsupportedCallbackException e) {
+ throw new SSLContextFactoryException(e);
}
}
/**
- * Gets the X509KeyManagerWrapper that will be used to wrap the trust
- * managers returned by getRawKeyManagers() before being returned by
- * getKeyManagers().
+ * Sets the key store.
*
- * @return wrapper.
+ * @param keyStore
+ * the key store.
*/
- public final X509KeyManagerWrapper getKeyManagerWrapper() {
- return this.x509KeyManagerWrapper;
+ public void setKeyStore(KeyStore keyStore) {
+ this.keyStore = keyStore;
}
/**
- * Locks the key manager wrapper so that it can no longer be set
afterwards.
+ * Sets the trust store.
+ *
+ * @param trustStore
+ * the trust store.
*/
- public final void lockKeyManagerWrapper() {
- synchronized (this) {
- this.keyManagerWrapperLocked = true;
- }
+ public void setTrustStore(KeyStore trustStore) {
+ this.trustStore = trustStore;
}
/**
- * Checks whether-or-not the key manager wrapper can still be changed.
+ * Returns the key store.
*
- * @return true if it's locked, false if it can be changed.
+ * @return the key store.
*/
- public final boolean isKeyManagerWrapperLocked() {
- synchronized (this) {
- return this.keyManagerWrapperLocked;
- }
+ protected KeyStore getKeyStore() {
+ return this.keyStore;
}
/**
- * Sets the X509TrustManagerWrapper that will be used to wrap the trust
- * managers returned by getRawTrustManagers() before being returned by
- * getTrustManagers().
+ * Returns the trust store.
*
- * @param trustManagerWrapper
- * wrapper (may be null).
+ * @return the trust store.
*/
- public final void setTrustManagerWrapper(
- X509TrustManagerWrapper trustManagerWrapper)
- throws LockedSettingsException {
- synchronized (this) {
- if (!this.trustManagerWrapperLocked) {
- this.x509TrustManagerWrapper = trustManagerWrapper;
- } else {
- throw new LockedSettingsException(
- "TrustManagerWrapper already set and locked.");
- }
- }
+ protected KeyStore getTrustStore() {
+ return this.trustStore;
}
/**
- * Gets the X509TrustManagerWrapper that will be used to wrap the trust
- * managers returned by getRawTrustManagers() before being returned by
- * getTrustManagers().
+ * Sets the key password
*
- * @return wrapper.
+ * @param keyPassword
*/
- public final X509TrustManagerWrapper getTrustManagerWrapper() {
- return this.x509TrustManagerWrapper;
+ public void setKeyPassword(char[] keyPassword) {
+ this.keyPassword = keyPassword;
}
/**
- * Locks the trust manager wrapper so that it can no longer be set
- * afterwards.
+ * Sets the CallbackHandler that will be used to obtain the key password
if
+ * this password is still null. (Optional.)
+ *
+ * @param keyPasswordCallbackHandler
+ * CallbackHandler that will be used to get the password.
*/
- public final void lockTrustManagerWrapper() {
- synchronized (this) {
- this.trustManagerWrapperLocked = true;
- }
+ public void setKeyPasswordCallbackHandler(
+ CallbackHandler keyPasswordCallbackHandler) {
+ this.keyPasswordCallbackHandler = keyPasswordCallbackHandler;
}
/**
- * Checks whether-or-not the trust manager wrapper can still be changed.
+ * Sets the CallbackHandler that will be used to obtain the key password
if
+ * this password is still null. (Optional.)
*
- * @return true if it's locked, false if it can be changed.
+ * @param keyStorePasswordCallbackHandler
+ * CallbackHandler that will be used to get the password.
*/
- public final boolean isTrustManagerWrapperLocked() {
- synchronized (this) {
- return this.trustManagerWrapperLocked;
- }
+ public void setKeyStorePasswordCallbackHandler(
+ CallbackHandler keyStorePasswordCallbackHandler) {
+ this.keyStorePasswordCallbackHandler = keyStorePasswordCallbackHandler;
}
/**
* Sets the CallbackHandler that will be used to obtain the key password
if
* this password is still null. (Optional.)
*
- * @param keyPasswordCallbackHandler
+ * @param trustStorePasswordCallbackHandler
* CallbackHandler that will be used to get the password.
*/
- public void setKeyPasswordCallbackHandler(
- CallbackHandler keyPasswordCallbackHandler) {
- this.keyPasswordCallbackHandler = keyPasswordCallbackHandler;
+ public void setTrustStorePasswordCallbackHandler(
+ CallbackHandler trustStorePasswordCallbackHandler) {
+ this.trustStorePasswordCallbackHandler =
trustStorePasswordCallbackHandler;
}
/**
@@ -252,8 +295,8 @@
*
* @return Key managers corresponding to the key store.
*/
- protected KeyManager[] getRawKeyManagers()
- throws SSLContextFactoryException {
+ @Override
+ public KeyManager[] getKeyManagers() throws SSLContextFactoryException {
if (this.keyStore != null) {
try {
KeyManagerFactory kmf = KeyManagerFactory
@@ -263,7 +306,7 @@
kmf.init(this.keyStore, this.keyPassword);
} else {
PasswordCallback passwordCallback = new PasswordCallback(
- "KeyStore password? ", false);
+ "Key password? ", false);
this.keyPasswordCallbackHandler
.handle(new Callback[] { passwordCallback });
char[] password = passwordCallback.getPassword();
@@ -292,26 +335,6 @@
}
/**
- * Builds KeyManagers by wrapping getRawKeyManagers(), if a wrapper has
been
- * set up (return the original key manager otherwise).
- *
- * @return Wrapped key managers from getRawKeyManagers().
- */
- @Override
- public KeyManager[] getKeyManagers() throws SSLContextFactoryException {
- KeyManager[] keyManagers = getRawKeyManagers();
- X509KeyManagerWrapper wrapper = x509KeyManagerWrapper;
- if ((wrapper != null) && (keyManagers != null)) {
- for (int i = 0; i < keyManagers.length; i++) {
- if (keyManagers[i] instanceof X509KeyManager)
- keyManagers[i] = wrapper
- .wrapKeyManager((X509KeyManager) keyManagers[i]);
- }
- }
- return keyManagers;
- }
-
- /**
* Builds TrustManagers from the trust store provided in the constructor,
* using a SunX509 TrustManagerFactory.
*
@@ -336,48 +359,70 @@
}
/**
- * Builds TrustManagers by wrapping getRawTrustManagers(), if a wrapper
has
- * been set up (return the original trust manager otherwise).
+ * Sets the trust manager wrapper.
*
- * @return Wrapped trust managers from getRawTrustManagers().
+ * @param trustManagerWrapper
*/
- @Override
- public TrustManager[] getTrustManagers() throws
SSLContextFactoryException {
- TrustManager[] trustManagers = getRawTrustManagers();
- X509TrustManagerWrapper wrapper = x509TrustManagerWrapper;
- if ((wrapper != null) && (trustManagers != null)) {
- for (int i = 0; i < trustManagers.length; i++) {
- if (trustManagers[i] instanceof X509TrustManager)
- trustManagers[i] = wrapper
- .wrapTrustManager((X509TrustManager) trustManagers[i]);
- }
- }
- return trustManagers;
+ public void setTrustManagerWrapper(
+ Class<? extends X509WrappingTrustManager> trustManagerWrapper) {
+ this.trustManagerWrapper = trustManagerWrapper;
}
/**
- * This is an exception that should occur when trying to set properties
that
- * should no longer be set.
+ * Gets the trust managers. If a trust manager wrapper has been set, the
+ * "raw" trust managers will be wrapped.
*
- * @author Bruno Harbulot.
+ * @return trust managers.
*/
- public static class LockedSettingsException extends Exception {
- private static final long serialVersionUID = 3649279179955493548L;
-
- public LockedSettingsException() {
- super();
- }
-
- public LockedSettingsException(Throwable ex) {
- super(ex);
- }
-
- public LockedSettingsException(String message) {
- super(message);
- }
-
- public LockedSettingsException(String message, Throwable ex) {
- super(message, ex);
+ @Override
+ public TrustManager[] getTrustManagers() throws
SSLContextFactoryException {
+ TrustManager[] trustManagers = getRawTrustManagers();
+ if (this.trustManagerWrapper != null) {
+ try {
+ Constructor<? extends X509WrappingTrustManager> constructor =
this.trustManagerWrapper
+ .getConstructor(X509TrustManager.class);
+ for (int i = 0; i < trustManagers.length; i++) {
+ trustManagers[i] = constructor
+ .newInstance(trustManagers[i]);
+ }
+ } catch (SecurityException e) {
+ LOGGER
+ .log(
+ Level.WARNING,
+ "Error when instantiating the wrapping trust manager. Falling back
to unwrapped manager.",
+ e);
+ } catch (IllegalArgumentException e) {
+ LOGGER
+ .log(
+ Level.WARNING,
+ "Error when instantiating the wrapping trust manager. Falling back
to unwrapped manager.",
+ e);
+ } catch (NoSuchMethodException e) {
+ LOGGER
+ .log(
+ Level.WARNING,
+ "Error when instantiating the wrapping trust manager. Falling back
to unwrapped manager.",
+ e);
+ } catch (InstantiationException e) {
+ LOGGER
+ .log(
+ Level.WARNING,
+ "Error when instantiating the wrapping trust manager. Falling back
to unwrapped manager.",
+ e);
+ } catch (IllegalAccessException e) {
+ LOGGER
+ .log(
+ Level.WARNING,
+ "Error when instantiating the wrapping trust manager. Falling back
to unwrapped manager.",
+ e);
+ } catch (InvocationTargetException e) {
+ LOGGER
+ .log(
+ Level.WARNING,
+ "Error when instantiating the wrapping trust manager. Falling back
to unwrapped manager.",
+ e);
+ }
}
+ return trustManagers;
}
}
Copied:
trunk/jsslutils/src/main/java/org/jsslutils/sslcontext/X509WrappingTrustManager.java
(from r76,
/trunk/jsslutils/src/main/java/org/jsslutils/sslcontext/X509TrustManagerWrapper.java)
==============================================================================
---
/trunk/jsslutils/src/main/java/org/jsslutils/sslcontext/X509TrustManagerWrapper.java
(original)
+++
trunk/jsslutils/src/main/java/org/jsslutils/sslcontext/X509WrappingTrustManager.java
Thu Apr 2 16:21:45 2009
@@ -35,22 +35,49 @@
package org.jsslutils.sslcontext;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
import javax.net.ssl.X509TrustManager;
/**
- * This interface represents a wrapper for an X509TrustManager. This is
intended
- * to provide a way to customize TrustManagers in the
X509SSLContextFactory (or
- * subclasses).
+ * Abstract Trust Manager that wraps another one.
*
* @author Bruno Harbulot.
*/
-public interface X509TrustManagerWrapper {
+public abstract class X509WrappingTrustManager implements X509TrustManager
{
+ protected final X509TrustManager trustManager;
+
/**
- * Builds an X509TrustManager from another X509TrustManager.
+ * Creates a new instance from an existing X509TrustManager.
*
* @param trustManager
- * original X509TrustManager.
- * @return wrapped X509TrustManager.
+ * X509TrustManager to wrap.
+ */
+ public X509WrappingTrustManager(X509TrustManager trustManager) {
+ this.trustManager = trustManager;
+ }
+
+ /**
+ * Delegates call to wrapped X509TrustManager.
+ */
+ public void checkClientTrusted(X509Certificate[] chain, String authType)
+ throws CertificateException {
+ this.trustManager.checkClientTrusted(chain, authType);
+ }
+
+ /**
+ * Delegates call to wrapped X509TrustManager.
+ */
+ public void checkServerTrusted(X509Certificate[] chain, String authType)
+ throws CertificateException {
+ this.trustManager.checkServerTrusted(chain, authType);
+ }
+
+ /**
+ * Delegates call to wrapped X509TrustManager.
*/
- public X509TrustManager wrapTrustManager(X509TrustManager trustManager);
-}
+ public X509Certificate[] getAcceptedIssuers() {
+ return this.trustManager.getAcceptedIssuers();
+ }
+}
\ No newline at end of file
Modified:
trunk/jsslutils/src/main/java/org/jsslutils/sslcontext/trustmanagers/GsiWrappingTrustManager.java
==============================================================================
---
trunk/jsslutils/src/main/java/org/jsslutils/sslcontext/trustmanagers/GsiWrappingTrustManager.java
(original)
+++
trunk/jsslutils/src/main/java/org/jsslutils/sslcontext/trustmanagers/GsiWrappingTrustManager.java
Thu Apr 2 16:21:45 2009
@@ -45,8 +45,7 @@
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;
-import org.jsslutils.sslcontext.X509TrustManagerWrapper;
-
+import org.jsslutils.sslcontext.X509WrappingTrustManager;
/**
* TrustManager that accepts GSI proxy certificates (clients). The aim is
to
@@ -54,9 +53,7 @@
*
* @author Bruno Harbulot.
*/
-public class GsiWrappingTrustManager implements X509TrustManager {
- private final X509TrustManager trustManager;
-
+public class GsiWrappingTrustManager extends X509WrappingTrustManager {
/**
* Creates a new instance from an existing X509TrustManager.
*
@@ -64,7 +61,7 @@
* X509TrustManager to wrap.
*/
public GsiWrappingTrustManager(X509TrustManager trustManager) {
- this.trustManager = trustManager;
+ super(trustManager);
}
/**
@@ -91,7 +88,7 @@
for (int i = nonCACertIndex; i < chain.length; i++) {
normalChain[i - nonCACertIndex] = chain[i];
}
- trustManager.checkClientTrusted(normalChain, authType);
+ this.trustManager.checkClientTrusted(normalChain, authType);
/*
* Walk through the rest of the chain to check that the subsequent
@@ -180,42 +177,6 @@
if (subjectDN.startsWith("CN=limited proxy")) {
prevIsLimited = true;
}
- }
- }
-
- /**
- * Checks that the server is trusted; in this case, it delegates this
check
- * to the trust manager it wraps.
- */
- public void checkServerTrusted(X509Certificate[] chain, String authType)
- throws CertificateException {
- this.trustManager.checkServerTrusted(chain, authType);
- }
-
- /**
- * Returns the accepted issuers; in this case, it delegates this to the
- * trust manager it wraps.
- */
- public X509Certificate[] getAcceptedIssuers() {
- return this.trustManager.getAcceptedIssuers();
- }
-
- /**
- * Wrapper factory class that wraps existing X509TrustManagers into
- * GsiWrappingTrustManagers.
- *
- * @author Bruno Harbulot.
- */
- public static class Wrapper implements X509TrustManagerWrapper {
- /**
- * Builds an X509TrustManager from another X509TrustManager.
- *
- * @param trustManager
- * original X509TrustManager.
- * @return wrapped X509TrustManager.
- */
- public X509TrustManager wrapTrustManager(X509TrustManager trustManager) {
- return new GsiWrappingTrustManager((X509TrustManager) trustManager);
}
}
}
Modified:
trunk/jsslutils/src/main/java/org/jsslutils/sslcontext/trustmanagers/TrustAllClientsWrappingTrustManager.java
==============================================================================
---
trunk/jsslutils/src/main/java/org/jsslutils/sslcontext/trustmanagers/TrustAllClientsWrappingTrustManager.java
(original)
+++
trunk/jsslutils/src/main/java/org/jsslutils/sslcontext/trustmanagers/TrustAllClientsWrappingTrustManager.java
Thu Apr 2 16:21:45 2009
@@ -40,17 +40,15 @@
import javax.net.ssl.X509TrustManager;
-import org.jsslutils.sslcontext.X509TrustManagerWrapper;
-
+import org.jsslutils.sslcontext.X509WrappingTrustManager;
/**
* TrustManager that accepts all client certificates as trusted.
*
* @author Bruno Harbulot.
*/
-public class TrustAllClientsWrappingTrustManager implements
X509TrustManager {
- private final X509TrustManager trustManager;
-
+public class TrustAllClientsWrappingTrustManager extends
+ X509WrappingTrustManager {
/**
* Creates a new instance from an existing X509TrustManager.
*
@@ -58,7 +56,7 @@
* X509TrustManager to wrap.
*/
public TrustAllClientsWrappingTrustManager(X509TrustManager trustManager)
{
- this.trustManager = trustManager;
+ super(trustManager);
}
/**
@@ -69,38 +67,9 @@
}
/**
- * Checks that the server is trusted; in this case, it delegates this
check
- * to the trust manager it wraps.
- */
- public void checkServerTrusted(X509Certificate[] chain, String authType)
- throws CertificateException {
- this.trustManager.checkServerTrusted(chain, authType);
- }
-
- /**
* Returns the accepted issuers; in this case, it's an empty array.
*/
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
- }
-
- /**
- * Wrapper factory class that wraps existing X509TrustManagers into
- * X509TrustManagers that trust any clients.
- *
- * @author Bruno Harbulot.
- */
- public static class Wrapper implements X509TrustManagerWrapper {
- /**
- * Builds an X509TrustManager from another X509TrustManager.
- *
- * @param trustManager
- * original X509TrustManager.
- * @return wrapped X509TrustManager.
- */
- public X509TrustManager wrapTrustManager(X509TrustManager trustManager) {
- return new TrustAllClientsWrappingTrustManager(
- (X509TrustManager) trustManager);
- }
}
}
Modified:
trunk/jsslutils/src/test/java/org/jsslutils/sslcontext/test/SimpleX509Test.java
==============================================================================
---
trunk/jsslutils/src/test/java/org/jsslutils/sslcontext/test/SimpleX509Test.java
(original)
+++
trunk/jsslutils/src/test/java/org/jsslutils/sslcontext/test/SimpleX509Test.java
Thu Apr 2 16:21:45 2009
@@ -41,8 +41,6 @@
import javax.net.ssl.SSLServerSocket;
-
-
import org.jsslutils.sslcontext.SSLContextFactory;
import org.jsslutils.sslcontext.X509SSLContextFactory;
import org.jsslutils.sslcontext.test.MiniSslClientServer;
Modified:
trunk/jsslutils/src/test/java/org/jsslutils/sslcontext/test/TrustAllClientsServerTest.java
==============================================================================
---
trunk/jsslutils/src/test/java/org/jsslutils/sslcontext/test/TrustAllClientsServerTest.java
(original)
+++
trunk/jsslutils/src/test/java/org/jsslutils/sslcontext/test/TrustAllClientsServerTest.java
Thu Apr 2 16:21:45 2009
@@ -37,12 +37,10 @@
import javax.net.ssl.SSLServerSocket;
-
import org.jsslutils.sslcontext.X509SSLContextFactory;
import org.jsslutils.sslcontext.test.MiniSslClientServer;
import
org.jsslutils.sslcontext.trustmanagers.TrustAllClientsWrappingTrustManager;
-
/**
* Mini server that should accept any client certificate.
*
@@ -54,8 +52,7 @@
getServerCertKeyStore(), MiniSslClientServer.KEYSTORE_PASSWORD,
getCaKeyStore());
sslContextFactory
- .setTrustManagerWrapper(new
TrustAllClientsWrappingTrustManager.Wrapper());
- sslContextFactory.lockTrustManagerWrapper();
+ .setTrustManagerWrapper(TrustAllClientsWrappingTrustManager.class);
SSLServerSocket socket = prepareServerSocket(sslContextFactory
.buildSSLContext());
System.out
Modified: trunk/pom.xml
==============================================================================
--- trunk/pom.xml (original)
+++ trunk/pom.xml Thu Apr 2 16:21:45 2009
@@ -6,7 +6,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.jsslutils</groupId>
<artifactId>jsslutils-root</artifactId>
- <version>0.5</version>
+ <version>0.6-SNAPSHOT</version>
<packaging>pom</packaging>
<name>jSSLutils (Root project)</name>
<url>http://www.jsslutils.org/</url>