Mercurial Hosting > luan
annotate src/org/eclipse/jetty/util/ssl/SslContextFactory.java @ 1052:4a2489f1d5fe
remove JBuffer.peek()
author | Franklin Schmidt <fschmidt@gmail.com> |
---|---|
date | Tue, 08 Nov 2016 00:27:16 -0700 |
parents | 35d04ac3fd0b |
children |
rev | line source |
---|---|
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1 // |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
2 // ======================================================================== |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
3 // Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd. |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
4 // ------------------------------------------------------------------------ |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
5 // All rights reserved. This program and the accompanying materials |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
6 // are made available under the terms of the Eclipse Public License v1.0 |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
7 // and Apache License v2.0 which accompanies this distribution. |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
8 // |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
9 // The Eclipse Public License is available at |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
10 // http://www.eclipse.org/legal/epl-v10.html |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
11 // |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
12 // The Apache License v2.0 is available at |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
13 // http://www.opensource.org/licenses/apache2.0.php |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
14 // |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
15 // You may elect to redistribute this code under either of these licenses. |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
16 // ======================================================================== |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
17 // |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
18 |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
19 package org.eclipse.jetty.util.ssl; |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
20 |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
21 import java.io.ByteArrayInputStream; |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
22 import java.io.ByteArrayOutputStream; |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
23 import java.io.File; |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
24 import java.io.IOException; |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
25 import java.io.InputStream; |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
26 import java.net.InetAddress; |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
27 import java.security.InvalidParameterException; |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
28 import java.security.KeyStore; |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
29 import java.security.SecureRandom; |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
30 import java.security.Security; |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
31 import java.security.cert.CRL; |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
32 import java.security.cert.CertStore; |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
33 import java.security.cert.Certificate; |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
34 import java.security.cert.CollectionCertStoreParameters; |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
35 import java.security.cert.PKIXBuilderParameters; |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
36 import java.security.cert.X509CertSelector; |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
37 import java.util.Arrays; |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
38 import java.util.Collection; |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
39 import java.util.Collections; |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
40 import java.util.LinkedHashSet; |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
41 import java.util.List; |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
42 import java.util.Set; |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
43 import javax.net.ssl.CertPathTrustManagerParameters; |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
44 import javax.net.ssl.KeyManager; |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
45 import javax.net.ssl.KeyManagerFactory; |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
46 import javax.net.ssl.SSLContext; |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
47 import javax.net.ssl.SSLEngine; |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
48 import javax.net.ssl.SSLServerSocket; |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
49 import javax.net.ssl.SSLServerSocketFactory; |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
50 import javax.net.ssl.SSLSocket; |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
51 import javax.net.ssl.SSLSocketFactory; |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
52 import javax.net.ssl.TrustManager; |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
53 import javax.net.ssl.TrustManagerFactory; |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
54 import javax.net.ssl.X509KeyManager; |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
55 import javax.net.ssl.X509TrustManager; |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
56 |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
57 import org.eclipse.jetty.util.IO; |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
58 import org.eclipse.jetty.util.component.AbstractLifeCycle; |
820
8e9db0bbf4f9
remove org.eclipse.jetty.util.log and upgrade slf4j
Franklin Schmidt <fschmidt@gmail.com>
parents:
802
diff
changeset
|
59 import org.slf4j.Logger; |
8e9db0bbf4f9
remove org.eclipse.jetty.util.log and upgrade slf4j
Franklin Schmidt <fschmidt@gmail.com>
parents:
802
diff
changeset
|
60 import org.slf4j.LoggerFactory; |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
61 import org.eclipse.jetty.util.resource.Resource; |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
62 import org.eclipse.jetty.util.security.CertificateUtils; |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
63 import org.eclipse.jetty.util.security.CertificateValidator; |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
64 import org.eclipse.jetty.util.security.Password; |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
65 |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
66 |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
67 /* ------------------------------------------------------------ */ |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
68 /** |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
69 * SslContextFactory is used to configure SSL connectors |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
70 * as well as HttpClient. It holds all SSL parameters and |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
71 * creates SSL context based on these parameters to be |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
72 * used by the SSL connectors. |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
73 */ |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
74 public class SslContextFactory extends AbstractLifeCycle |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
75 { |
1002 | 76 public final static TrustManager[] TRUST_ALL_CERTS = new X509TrustManager[]{new X509TrustManager() |
77 { | |
78 public java.security.cert.X509Certificate[] getAcceptedIssuers() | |
79 { | |
80 return new java.security.cert.X509Certificate[]{}; | |
81 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
82 |
1002 | 83 public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) |
84 { | |
85 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
86 |
1002 | 87 public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) |
88 { | |
89 } | |
90 }}; | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
91 |
1002 | 92 private static final Logger LOG = LoggerFactory.getLogger(SslContextFactory.class); |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
93 |
1002 | 94 public static final String DEFAULT_KEYMANAGERFACTORY_ALGORITHM = |
95 (Security.getProperty("ssl.KeyManagerFactory.algorithm") == null ? | |
96 "SunX509" : Security.getProperty("ssl.KeyManagerFactory.algorithm")); | |
97 public static final String DEFAULT_TRUSTMANAGERFACTORY_ALGORITHM = | |
98 (Security.getProperty("ssl.TrustManagerFactory.algorithm") == null ? | |
99 "SunX509" : Security.getProperty("ssl.TrustManagerFactory.algorithm")); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
100 |
1002 | 101 /** Default value for the keystore location path. */ |
102 public static final String DEFAULT_KEYSTORE_PATH = | |
103 System.getProperty("user.home") + File.separator + ".keystore"; | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
104 |
1002 | 105 /** String name of key password property. */ |
106 public static final String KEYPASSWORD_PROPERTY = "org.eclipse.jetty.ssl.keypassword"; | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
107 |
1002 | 108 /** String name of keystore password property. */ |
109 public static final String PASSWORD_PROPERTY = "org.eclipse.jetty.ssl.password"; | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
110 |
1002 | 111 /** Excluded protocols. */ |
112 private final Set<String> _excludeProtocols = new LinkedHashSet<String>(); | |
113 /** Included protocols. */ | |
114 private Set<String> _includeProtocols = null; | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
115 |
1002 | 116 /** Excluded cipher suites. */ |
117 private final Set<String> _excludeCipherSuites = new LinkedHashSet<String>(); | |
118 /** Included cipher suites. */ | |
119 private Set<String> _includeCipherSuites = null; | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
120 |
1002 | 121 /** Keystore path. */ |
122 private String _keyStorePath; | |
123 /** Keystore provider name */ | |
124 private String _keyStoreProvider; | |
125 /** Keystore type */ | |
126 private String _keyStoreType = "JKS"; | |
127 /** Keystore input stream */ | |
128 private InputStream _keyStoreInputStream; | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
129 |
1002 | 130 /** SSL certificate alias */ |
131 private String _certAlias; | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
132 |
1002 | 133 /** Truststore path */ |
134 private String _trustStorePath; | |
135 /** Truststore provider name */ | |
136 private String _trustStoreProvider; | |
137 /** Truststore type */ | |
138 private String _trustStoreType = "JKS"; | |
139 /** Truststore input stream */ | |
140 private InputStream _trustStoreInputStream; | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
141 |
1002 | 142 /** Set to true if client certificate authentication is required */ |
143 private boolean _needClientAuth = false; | |
144 /** Set to true if client certificate authentication is desired */ | |
145 private boolean _wantClientAuth = false; | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
146 |
1002 | 147 /** Set to true if renegotiation is allowed */ |
148 private boolean _allowRenegotiate = true; | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
149 |
1002 | 150 /** Keystore password */ |
151 private transient Password _keyStorePassword; | |
152 /** Key manager password */ | |
153 private transient Password _keyManagerPassword; | |
154 /** Truststore password */ | |
155 private transient Password _trustStorePassword; | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
156 |
1002 | 157 /** SSL provider name */ |
158 private String _sslProvider; | |
159 /** SSL protocol name */ | |
160 private String _sslProtocol = "TLS"; | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
161 |
1002 | 162 /** SecureRandom algorithm */ |
163 private String _secureRandomAlgorithm; | |
164 /** KeyManager factory algorithm */ | |
165 private String _keyManagerFactoryAlgorithm = DEFAULT_KEYMANAGERFACTORY_ALGORITHM; | |
166 /** TrustManager factory algorithm */ | |
167 private String _trustManagerFactoryAlgorithm = DEFAULT_TRUSTMANAGERFACTORY_ALGORITHM; | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
168 |
1002 | 169 /** Set to true if SSL certificate validation is required */ |
170 private boolean _validateCerts; | |
171 /** Set to true if SSL certificate of the peer validation is required */ | |
172 private boolean _validatePeerCerts; | |
173 /** Maximum certification path length (n - number of intermediate certs, -1 for unlimited) */ | |
174 private int _maxCertPathLength = -1; | |
175 /** Path to file that contains Certificate Revocation List */ | |
176 private String _crlPath; | |
177 /** Set to true to enable CRL Distribution Points (CRLDP) support */ | |
178 private boolean _enableCRLDP = false; | |
179 /** Set to true to enable On-Line Certificate Status Protocol (OCSP) support */ | |
180 private boolean _enableOCSP = false; | |
181 /** Location of OCSP Responder */ | |
182 private String _ocspResponderURL; | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
183 |
1002 | 184 /** SSL keystore */ |
185 private KeyStore _keyStore; | |
186 /** SSL truststore */ | |
187 private KeyStore _trustStore; | |
188 /** Set to true to enable SSL Session caching */ | |
189 private boolean _sessionCachingEnabled = true; | |
190 /** SSL session cache size */ | |
191 private int _sslSessionCacheSize; | |
192 /** SSL session timeout */ | |
193 private int _sslSessionTimeout; | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
194 |
1002 | 195 /** SSL context */ |
196 private SSLContext _context; | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
197 |
1002 | 198 private boolean _trustAll; |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
199 |
1002 | 200 /* ------------------------------------------------------------ */ |
201 /** | |
202 * Construct an instance of SslContextFactory | |
203 * Default constructor for use in XmlConfiguration files | |
204 */ | |
205 public SslContextFactory() | |
206 { | |
207 _trustAll=true; | |
208 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
209 |
1002 | 210 /* ------------------------------------------------------------ */ |
211 /** | |
212 * Construct an instance of SslContextFactory | |
213 * Default constructor for use in XmlConfiguration files | |
214 * @param trustAll whether to blindly trust all certificates | |
215 * @see #setTrustAll(boolean) | |
216 */ | |
217 public SslContextFactory(boolean trustAll) | |
218 { | |
219 _trustAll=trustAll; | |
220 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
221 |
1002 | 222 /* ------------------------------------------------------------ */ |
223 /** | |
224 * Construct an instance of SslContextFactory | |
225 * @param keyStorePath default keystore location | |
226 */ | |
227 public SslContextFactory(String keyStorePath) | |
228 { | |
229 _keyStorePath = keyStorePath; | |
230 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
231 |
1002 | 232 /* ------------------------------------------------------------ */ |
233 /** | |
234 * Create the SSLContext object and start the lifecycle | |
235 * @see org.eclipse.jetty.util.component.AbstractLifeCycle#doStart() | |
236 */ | |
237 @Override | |
238 protected void doStart() throws Exception | |
239 { | |
240 if (_context == null) | |
241 { | |
242 if (_keyStore==null && _keyStoreInputStream == null && _keyStorePath == null && | |
243 _trustStore==null && _trustStoreInputStream == null && _trustStorePath == null ) | |
244 { | |
245 TrustManager[] trust_managers=null; | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
246 |
1002 | 247 if (_trustAll) |
248 { | |
249 LOG.debug("No keystore or trust store configured. ACCEPTING UNTRUSTED CERTIFICATES!!!!!"); | |
250 // Create a trust manager that does not validate certificate chains | |
251 trust_managers = TRUST_ALL_CERTS; | |
252 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
253 |
1002 | 254 SecureRandom secureRandom = (_secureRandomAlgorithm == null)?null:SecureRandom.getInstance(_secureRandomAlgorithm); |
255 _context = SSLContext.getInstance(_sslProtocol); | |
256 _context.init(null, trust_managers, secureRandom); | |
257 } | |
258 else | |
259 { | |
260 // verify that keystore and truststore | |
261 // parameters are set up correctly | |
262 checkKeyStore(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
263 |
1002 | 264 KeyStore keyStore = loadKeyStore(); |
265 KeyStore trustStore = loadTrustStore(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
266 |
1002 | 267 Collection<? extends CRL> crls = loadCRL(_crlPath); |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
268 |
1002 | 269 if (_validateCerts && keyStore != null) |
270 { | |
271 if (_certAlias == null) | |
272 { | |
273 List<String> aliases = Collections.list(keyStore.aliases()); | |
274 _certAlias = aliases.size() == 1 ? aliases.get(0) : null; | |
275 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
276 |
1002 | 277 Certificate cert = _certAlias == null?null:keyStore.getCertificate(_certAlias); |
278 if (cert == null) | |
279 { | |
280 throw new Exception("No certificate found in the keystore" + (_certAlias==null ? "":" for alias " + _certAlias)); | |
281 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
282 |
1002 | 283 CertificateValidator validator = new CertificateValidator(trustStore, crls); |
284 validator.setMaxCertPathLength(_maxCertPathLength); | |
285 validator.setEnableCRLDP(_enableCRLDP); | |
286 validator.setEnableOCSP(_enableOCSP); | |
287 validator.setOcspResponderURL(_ocspResponderURL); | |
288 validator.validate(keyStore, cert); | |
289 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
290 |
1002 | 291 KeyManager[] keyManagers = getKeyManagers(keyStore); |
292 TrustManager[] trustManagers = getTrustManagers(trustStore,crls); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
293 |
1002 | 294 SecureRandom secureRandom = (_secureRandomAlgorithm == null)?null:SecureRandom.getInstance(_secureRandomAlgorithm); |
295 _context = (_sslProvider == null)?SSLContext.getInstance(_sslProtocol):SSLContext.getInstance(_sslProtocol,_sslProvider); | |
296 _context.init(keyManagers,trustManagers,secureRandom); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
297 |
1002 | 298 SSLEngine engine=newSslEngine(); |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
299 |
1002 | 300 LOG.info("Enabled Protocols {} of {}",Arrays.asList(engine.getEnabledProtocols()),Arrays.asList(engine.getSupportedProtocols())); |
301 if (LOG.isDebugEnabled()) | |
302 LOG.debug("Enabled Ciphers {} of {}",Arrays.asList(engine.getEnabledCipherSuites()),Arrays.asList(engine.getSupportedCipherSuites())); | |
303 } | |
304 } | |
305 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
306 |
1002 | 307 /* ------------------------------------------------------------ */ |
308 /** | |
309 * @return The array of protocol names to exclude from | |
310 * {@link SSLEngine#setEnabledProtocols(String[])} | |
311 */ | |
312 public String[] getExcludeProtocols() | |
313 { | |
314 return _excludeProtocols.toArray(new String[_excludeProtocols.size()]); | |
315 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
316 |
1002 | 317 /* ------------------------------------------------------------ */ |
318 /** | |
319 * @param protocols | |
320 * The array of protocol names to exclude from | |
321 * {@link SSLEngine#setEnabledProtocols(String[])} | |
322 */ | |
323 public void setExcludeProtocols(String... protocols) | |
324 { | |
325 checkNotStarted(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
326 |
1002 | 327 _excludeProtocols.clear(); |
328 _excludeProtocols.addAll(Arrays.asList(protocols)); | |
329 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
330 |
1002 | 331 /* ------------------------------------------------------------ */ |
332 /** | |
333 * @param protocol Protocol names to add to {@link SSLEngine#setEnabledProtocols(String[])} | |
334 */ | |
335 public void addExcludeProtocols(String... protocol) | |
336 { | |
337 checkNotStarted(); | |
338 _excludeProtocols.addAll(Arrays.asList(protocol)); | |
339 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
340 |
1002 | 341 /* ------------------------------------------------------------ */ |
342 /** | |
343 * @return The array of protocol names to include in | |
344 * {@link SSLEngine#setEnabledProtocols(String[])} | |
345 */ | |
346 public String[] getIncludeProtocols() | |
347 { | |
348 return _includeProtocols.toArray(new String[_includeProtocols.size()]); | |
349 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
350 |
1002 | 351 /* ------------------------------------------------------------ */ |
352 /** | |
353 * @param protocols | |
354 * The array of protocol names to include in | |
355 * {@link SSLEngine#setEnabledProtocols(String[])} | |
356 */ | |
357 public void setIncludeProtocols(String... protocols) | |
358 { | |
359 checkNotStarted(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
360 |
1002 | 361 _includeProtocols = new LinkedHashSet<String>(Arrays.asList(protocols)); |
362 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
363 |
1002 | 364 /* ------------------------------------------------------------ */ |
365 /** | |
366 * @return The array of cipher suite names to exclude from | |
367 * {@link SSLEngine#setEnabledCipherSuites(String[])} | |
368 */ | |
369 public String[] getExcludeCipherSuites() | |
370 { | |
371 return _excludeCipherSuites.toArray(new String[_excludeCipherSuites.size()]); | |
372 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
373 |
1002 | 374 /* ------------------------------------------------------------ */ |
375 /** | |
376 * @param cipherSuites | |
377 * The array of cipher suite names to exclude from | |
378 * {@link SSLEngine#setEnabledCipherSuites(String[])} | |
379 */ | |
380 public void setExcludeCipherSuites(String... cipherSuites) | |
381 { | |
382 checkNotStarted(); | |
383 _excludeCipherSuites.clear(); | |
384 _excludeCipherSuites.addAll(Arrays.asList(cipherSuites)); | |
385 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
386 |
1002 | 387 /* ------------------------------------------------------------ */ |
388 /** | |
389 * @param cipher Cipher names to add to {@link SSLEngine#setEnabledCipherSuites(String[])} | |
390 */ | |
391 public void addExcludeCipherSuites(String... cipher) | |
392 { | |
393 checkNotStarted(); | |
394 _excludeCipherSuites.addAll(Arrays.asList(cipher)); | |
395 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
396 |
1002 | 397 /* ------------------------------------------------------------ */ |
398 /** | |
399 * @return The array of cipher suite names to include in | |
400 * {@link SSLEngine#setEnabledCipherSuites(String[])} | |
401 */ | |
402 public String[] getIncludeCipherSuites() | |
403 { | |
404 return _includeCipherSuites.toArray(new String[_includeCipherSuites.size()]); | |
405 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
406 |
1002 | 407 /* ------------------------------------------------------------ */ |
408 /** | |
409 * @param cipherSuites | |
410 * The array of cipher suite names to include in | |
411 * {@link SSLEngine#setEnabledCipherSuites(String[])} | |
412 */ | |
413 public void setIncludeCipherSuites(String... cipherSuites) | |
414 { | |
415 checkNotStarted(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
416 |
1002 | 417 _includeCipherSuites = new LinkedHashSet<String>(Arrays.asList(cipherSuites)); |
418 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
419 |
1002 | 420 /* ------------------------------------------------------------ */ |
421 /** | |
422 * @return The file or URL of the SSL Key store. | |
423 */ | |
424 public String getKeyStorePath() | |
425 { | |
426 return _keyStorePath; | |
427 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
428 |
1002 | 429 /* ------------------------------------------------------------ */ |
430 @Deprecated | |
431 public String getKeyStore() | |
432 { | |
433 return _keyStorePath; | |
434 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
435 |
1002 | 436 /* ------------------------------------------------------------ */ |
437 /** | |
438 * @param keyStorePath | |
439 * The file or URL of the SSL Key store. | |
440 */ | |
441 public void setKeyStorePath(String keyStorePath) | |
442 { | |
443 checkNotStarted(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
444 |
1002 | 445 _keyStorePath = keyStorePath; |
446 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
447 |
1002 | 448 /* ------------------------------------------------------------ */ |
449 /** | |
450 * @param keyStorePath the file system path or URL of the keystore | |
451 * @deprecated Use {@link #setKeyStorePath(String)} | |
452 */ | |
453 @Deprecated | |
454 public void setKeyStore(String keyStorePath) | |
455 { | |
456 checkNotStarted(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
457 |
1002 | 458 _keyStorePath = keyStorePath; |
459 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
460 |
1002 | 461 /* ------------------------------------------------------------ */ |
462 /** | |
463 * @return The provider of the key store | |
464 */ | |
465 public String getKeyStoreProvider() | |
466 { | |
467 return _keyStoreProvider; | |
468 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
469 |
1002 | 470 /* ------------------------------------------------------------ */ |
471 /** | |
472 * @param keyStoreProvider | |
473 * The provider of the key store | |
474 */ | |
475 public void setKeyStoreProvider(String keyStoreProvider) | |
476 { | |
477 checkNotStarted(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
478 |
1002 | 479 _keyStoreProvider = keyStoreProvider; |
480 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
481 |
1002 | 482 /* ------------------------------------------------------------ */ |
483 /** | |
484 * @return The type of the key store (default "JKS") | |
485 */ | |
486 public String getKeyStoreType() | |
487 { | |
488 return (_keyStoreType); | |
489 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
490 |
1002 | 491 /* ------------------------------------------------------------ */ |
492 /** | |
493 * @param keyStoreType | |
494 * The type of the key store (default "JKS") | |
495 */ | |
496 public void setKeyStoreType(String keyStoreType) | |
497 { | |
498 checkNotStarted(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
499 |
1002 | 500 _keyStoreType = keyStoreType; |
501 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
502 |
1002 | 503 /* ------------------------------------------------------------ */ |
504 /** Get the _keyStoreInputStream. | |
505 * @return the _keyStoreInputStream | |
506 * | |
507 * @deprecated | |
508 */ | |
509 @Deprecated | |
510 public InputStream getKeyStoreInputStream() | |
511 { | |
512 checkKeyStore(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
513 |
1002 | 514 return _keyStoreInputStream; |
515 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
516 |
1002 | 517 /* ------------------------------------------------------------ */ |
518 /** Set the keyStoreInputStream. | |
519 * @param keyStoreInputStream the InputStream to the KeyStore | |
520 * | |
521 * @deprecated Use {@link #setKeyStore(KeyStore)} | |
522 */ | |
523 @Deprecated | |
524 public void setKeyStoreInputStream(InputStream keyStoreInputStream) | |
525 { | |
526 checkNotStarted(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
527 |
1002 | 528 _keyStoreInputStream = keyStoreInputStream; |
529 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
530 |
1002 | 531 /* ------------------------------------------------------------ */ |
532 /** | |
533 * @return Alias of SSL certificate for the connector | |
534 */ | |
535 public String getCertAlias() | |
536 { | |
537 return _certAlias; | |
538 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
539 |
1002 | 540 /* ------------------------------------------------------------ */ |
541 /** | |
542 * @param certAlias | |
543 * Alias of SSL certificate for the connector | |
544 */ | |
545 public void setCertAlias(String certAlias) | |
546 { | |
547 checkNotStarted(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
548 |
1002 | 549 _certAlias = certAlias; |
550 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
551 |
1002 | 552 /* ------------------------------------------------------------ */ |
553 /** | |
554 * @return The file name or URL of the trust store location | |
555 */ | |
556 public String getTrustStore() | |
557 { | |
558 return _trustStorePath; | |
559 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
560 |
1002 | 561 /* ------------------------------------------------------------ */ |
562 /** | |
563 * @param trustStorePath | |
564 * The file name or URL of the trust store location | |
565 */ | |
566 public void setTrustStore(String trustStorePath) | |
567 { | |
568 checkNotStarted(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
569 |
1002 | 570 _trustStorePath = trustStorePath; |
571 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
572 |
1002 | 573 /* ------------------------------------------------------------ */ |
574 /** | |
575 * @return The provider of the trust store | |
576 */ | |
577 public String getTrustStoreProvider() | |
578 { | |
579 return _trustStoreProvider; | |
580 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
581 |
1002 | 582 /* ------------------------------------------------------------ */ |
583 /** | |
584 * @param trustStoreProvider | |
585 * The provider of the trust store | |
586 */ | |
587 public void setTrustStoreProvider(String trustStoreProvider) | |
588 { | |
589 checkNotStarted(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
590 |
1002 | 591 _trustStoreProvider = trustStoreProvider; |
592 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
593 |
1002 | 594 /* ------------------------------------------------------------ */ |
595 /** | |
596 * @return The type of the trust store (default "JKS") | |
597 */ | |
598 public String getTrustStoreType() | |
599 { | |
600 return _trustStoreType; | |
601 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
602 |
1002 | 603 /* ------------------------------------------------------------ */ |
604 /** | |
605 * @param trustStoreType | |
606 * The type of the trust store (default "JKS") | |
607 */ | |
608 public void setTrustStoreType(String trustStoreType) | |
609 { | |
610 checkNotStarted(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
611 |
1002 | 612 _trustStoreType = trustStoreType; |
613 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
614 |
1002 | 615 /* ------------------------------------------------------------ */ |
616 /** Get the _trustStoreInputStream. | |
617 * @return the _trustStoreInputStream | |
618 * | |
619 * @deprecated | |
620 */ | |
621 @Deprecated | |
622 public InputStream getTrustStoreInputStream() | |
623 { | |
624 checkKeyStore(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
625 |
1002 | 626 return _trustStoreInputStream; |
627 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
628 |
1002 | 629 /* ------------------------------------------------------------ */ |
630 /** Set the _trustStoreInputStream. | |
631 * @param trustStoreInputStream the InputStream to the TrustStore | |
632 * | |
633 * @deprecated | |
634 */ | |
635 @Deprecated | |
636 public void setTrustStoreInputStream(InputStream trustStoreInputStream) | |
637 { | |
638 checkNotStarted(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
639 |
1002 | 640 _trustStoreInputStream = trustStoreInputStream; |
641 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
642 |
1002 | 643 /* ------------------------------------------------------------ */ |
644 /** | |
645 * @return True if SSL needs client authentication. | |
646 * @see SSLEngine#getNeedClientAuth() | |
647 */ | |
648 public boolean getNeedClientAuth() | |
649 { | |
650 return _needClientAuth; | |
651 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
652 |
1002 | 653 /* ------------------------------------------------------------ */ |
654 /** | |
655 * @param needClientAuth | |
656 * True if SSL needs client authentication. | |
657 * @see SSLEngine#getNeedClientAuth() | |
658 */ | |
659 public void setNeedClientAuth(boolean needClientAuth) | |
660 { | |
661 checkNotStarted(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
662 |
1002 | 663 _needClientAuth = needClientAuth; |
664 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
665 |
1002 | 666 /* ------------------------------------------------------------ */ |
667 /** | |
668 * @return True if SSL wants client authentication. | |
669 * @see SSLEngine#getWantClientAuth() | |
670 */ | |
671 public boolean getWantClientAuth() | |
672 { | |
673 return _wantClientAuth; | |
674 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
675 |
1002 | 676 /* ------------------------------------------------------------ */ |
677 /** | |
678 * @param wantClientAuth | |
679 * True if SSL wants client authentication. | |
680 * @see SSLEngine#getWantClientAuth() | |
681 */ | |
682 public void setWantClientAuth(boolean wantClientAuth) | |
683 { | |
684 checkNotStarted(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
685 |
1002 | 686 _wantClientAuth = wantClientAuth; |
687 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
688 |
1002 | 689 /* ------------------------------------------------------------ */ |
690 /** | |
691 * @return true if SSL certificate has to be validated | |
692 * @deprecated | |
693 */ | |
694 @Deprecated | |
695 public boolean getValidateCerts() | |
696 { | |
697 return _validateCerts; | |
698 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
699 |
1002 | 700 /* ------------------------------------------------------------ */ |
701 /** | |
702 * @return true if SSL certificate has to be validated | |
703 */ | |
704 public boolean isValidateCerts() | |
705 { | |
706 return _validateCerts; | |
707 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
708 |
1002 | 709 /* ------------------------------------------------------------ */ |
710 /** | |
711 * @param validateCerts | |
712 * true if SSL certificates have to be validated | |
713 */ | |
714 public void setValidateCerts(boolean validateCerts) | |
715 { | |
716 checkNotStarted(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
717 |
1002 | 718 _validateCerts = validateCerts; |
719 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
720 |
1002 | 721 /* ------------------------------------------------------------ */ |
722 /** | |
723 * @return true if SSL certificates of the peer have to be validated | |
724 */ | |
725 public boolean isValidatePeerCerts() | |
726 { | |
727 return _validatePeerCerts; | |
728 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
729 |
1002 | 730 /* ------------------------------------------------------------ */ |
731 /** | |
732 * @param validatePeerCerts | |
733 * true if SSL certificates of the peer have to be validated | |
734 */ | |
735 public void setValidatePeerCerts(boolean validatePeerCerts) | |
736 { | |
737 checkNotStarted(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
738 |
1002 | 739 _validatePeerCerts = validatePeerCerts; |
740 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
741 |
1002 | 742 /* ------------------------------------------------------------ */ |
743 /** | |
744 * @return True if SSL re-negotiation is allowed (default false) | |
745 */ | |
746 public boolean isAllowRenegotiate() | |
747 { | |
748 return _allowRenegotiate; | |
749 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
750 |
1002 | 751 /* ------------------------------------------------------------ */ |
752 /** | |
753 * Set if SSL re-negotiation is allowed. CVE-2009-3555 discovered | |
754 * a vulnerability in SSL/TLS with re-negotiation. If your JVM | |
755 * does not have CVE-2009-3555 fixed, then re-negotiation should | |
756 * not be allowed. CVE-2009-3555 was fixed in Sun java 1.6 with a ban | |
757 * of renegotiates in u19 and with RFC5746 in u22. | |
758 * | |
759 * @param allowRenegotiate | |
760 * true if re-negotiation is allowed (default false) | |
761 */ | |
762 public void setAllowRenegotiate(boolean allowRenegotiate) | |
763 { | |
764 checkNotStarted(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
765 |
1002 | 766 _allowRenegotiate = allowRenegotiate; |
767 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
768 |
1002 | 769 /* ------------------------------------------------------------ */ |
770 /** | |
771 * @param password | |
772 * The password for the key store | |
773 */ | |
774 public void setKeyStorePassword(String password) | |
775 { | |
776 checkNotStarted(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
777 |
1002 | 778 _keyStorePassword = Password.getPassword(PASSWORD_PROPERTY,password,null); |
779 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
780 |
1002 | 781 /* ------------------------------------------------------------ */ |
782 /** | |
783 * @param password | |
784 * The password (if any) for the specific key within the key store | |
785 */ | |
786 public void setKeyManagerPassword(String password) | |
787 { | |
788 checkNotStarted(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
789 |
1002 | 790 _keyManagerPassword = Password.getPassword(KEYPASSWORD_PROPERTY,password,null); |
791 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
792 |
1002 | 793 /* ------------------------------------------------------------ */ |
794 /** | |
795 * @param password | |
796 * The password for the trust store | |
797 */ | |
798 public void setTrustStorePassword(String password) | |
799 { | |
800 checkNotStarted(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
801 |
1002 | 802 _trustStorePassword = Password.getPassword(PASSWORD_PROPERTY,password,null); |
803 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
804 |
1002 | 805 /* ------------------------------------------------------------ */ |
806 /** | |
807 * @return The SSL provider name, which if set is passed to | |
808 * {@link SSLContext#getInstance(String, String)} | |
809 */ | |
810 public String getProvider() | |
811 { | |
812 return _sslProvider; | |
813 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
814 |
1002 | 815 /* ------------------------------------------------------------ */ |
816 /** | |
817 * @param provider | |
818 * The SSL provider name, which if set is passed to | |
819 * {@link SSLContext#getInstance(String, String)} | |
820 */ | |
821 public void setProvider(String provider) | |
822 { | |
823 checkNotStarted(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
824 |
1002 | 825 _sslProvider = provider; |
826 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
827 |
1002 | 828 /* ------------------------------------------------------------ */ |
829 /** | |
830 * @return The SSL protocol (default "TLS") passed to | |
831 * {@link SSLContext#getInstance(String, String)} | |
832 */ | |
833 public String getProtocol() | |
834 { | |
835 return _sslProtocol; | |
836 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
837 |
1002 | 838 /* ------------------------------------------------------------ */ |
839 /** | |
840 * @param protocol | |
841 * The SSL protocol (default "TLS") passed to | |
842 * {@link SSLContext#getInstance(String, String)} | |
843 */ | |
844 public void setProtocol(String protocol) | |
845 { | |
846 checkNotStarted(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
847 |
1002 | 848 _sslProtocol = protocol; |
849 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
850 |
1002 | 851 /* ------------------------------------------------------------ */ |
852 /** | |
853 * @return The algorithm name, which if set is passed to | |
854 * {@link SecureRandom#getInstance(String)} to obtain the {@link SecureRandom} instance passed to | |
855 * {@link SSLContext#init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], SecureRandom)} | |
856 */ | |
857 public String getSecureRandomAlgorithm() | |
858 { | |
859 return _secureRandomAlgorithm; | |
860 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
861 |
1002 | 862 /* ------------------------------------------------------------ */ |
863 /** | |
864 * @param algorithm | |
865 * The algorithm name, which if set is passed to | |
866 * {@link SecureRandom#getInstance(String)} to obtain the {@link SecureRandom} instance passed to | |
867 * {@link SSLContext#init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], SecureRandom)} | |
868 */ | |
869 public void setSecureRandomAlgorithm(String algorithm) | |
870 { | |
871 checkNotStarted(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
872 |
1002 | 873 _secureRandomAlgorithm = algorithm; |
874 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
875 |
1002 | 876 /* ------------------------------------------------------------ */ |
877 /** | |
878 * @return The algorithm name (default "SunX509") used by the {@link KeyManagerFactory} | |
879 */ | |
880 public String getSslKeyManagerFactoryAlgorithm() | |
881 { | |
882 return (_keyManagerFactoryAlgorithm); | |
883 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
884 |
1002 | 885 /* ------------------------------------------------------------ */ |
886 /** | |
887 * @param algorithm | |
888 * The algorithm name (default "SunX509") used by the {@link KeyManagerFactory} | |
889 */ | |
890 public void setSslKeyManagerFactoryAlgorithm(String algorithm) | |
891 { | |
892 checkNotStarted(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
893 |
1002 | 894 _keyManagerFactoryAlgorithm = algorithm; |
895 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
896 |
1002 | 897 /* ------------------------------------------------------------ */ |
898 /** | |
899 * @return The algorithm name (default "SunX509") used by the {@link TrustManagerFactory} | |
900 */ | |
901 public String getTrustManagerFactoryAlgorithm() | |
902 { | |
903 return (_trustManagerFactoryAlgorithm); | |
904 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
905 |
1002 | 906 /* ------------------------------------------------------------ */ |
907 /** | |
908 * @return True if all certificates should be trusted if there is no KeyStore or TrustStore | |
909 */ | |
910 public boolean isTrustAll() | |
911 { | |
912 return _trustAll; | |
913 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
914 |
1002 | 915 /* ------------------------------------------------------------ */ |
916 /** | |
917 * @param trustAll True if all certificates should be trusted if there is no KeyStore or TrustStore | |
918 */ | |
919 public void setTrustAll(boolean trustAll) | |
920 { | |
921 _trustAll = trustAll; | |
922 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
923 |
1002 | 924 /* ------------------------------------------------------------ */ |
925 /** | |
926 * @param algorithm | |
927 * The algorithm name (default "SunX509") used by the {@link TrustManagerFactory} | |
928 * Use the string "TrustAll" to install a trust manager that trusts all. | |
929 */ | |
930 public void setTrustManagerFactoryAlgorithm(String algorithm) | |
931 { | |
932 checkNotStarted(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
933 |
1002 | 934 _trustManagerFactoryAlgorithm = algorithm; |
935 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
936 |
1002 | 937 /* ------------------------------------------------------------ */ |
938 /** | |
939 * @return Path to file that contains Certificate Revocation List | |
940 */ | |
941 public String getCrlPath() | |
942 { | |
943 return _crlPath; | |
944 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
945 |
1002 | 946 /* ------------------------------------------------------------ */ |
947 /** | |
948 * @param crlPath | |
949 * Path to file that contains Certificate Revocation List | |
950 */ | |
951 public void setCrlPath(String crlPath) | |
952 { | |
953 checkNotStarted(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
954 |
1002 | 955 _crlPath = crlPath; |
956 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
957 |
1002 | 958 /* ------------------------------------------------------------ */ |
959 /** | |
960 * @return Maximum number of intermediate certificates in | |
961 * the certification path (-1 for unlimited) | |
962 */ | |
963 public int getMaxCertPathLength() | |
964 { | |
965 return _maxCertPathLength; | |
966 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
967 |
1002 | 968 /* ------------------------------------------------------------ */ |
969 /** | |
970 * @param maxCertPathLength | |
971 * maximum number of intermediate certificates in | |
972 * the certification path (-1 for unlimited) | |
973 */ | |
974 public void setMaxCertPathLength(int maxCertPathLength) | |
975 { | |
976 checkNotStarted(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
977 |
1002 | 978 _maxCertPathLength = maxCertPathLength; |
979 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
980 |
1002 | 981 /* ------------------------------------------------------------ */ |
982 /** | |
983 * @return The SSLContext | |
984 */ | |
985 public SSLContext getSslContext() | |
986 { | |
987 if (!isStarted()) | |
988 throw new IllegalStateException(getState()); | |
989 return _context; | |
990 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
991 |
1002 | 992 /* ------------------------------------------------------------ */ |
993 /** | |
994 * @param sslContext | |
995 * Set a preconfigured SSLContext | |
996 */ | |
997 public void setSslContext(SSLContext sslContext) | |
998 { | |
999 checkNotStarted(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1000 |
1002 | 1001 _context = sslContext; |
1002 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1003 |
1002 | 1004 /* ------------------------------------------------------------ */ |
1005 /** | |
1006 * Override this method to provide alternate way to load a keystore. | |
1007 * | |
1008 * @return the key store instance | |
1009 * @throws Exception if the keystore cannot be loaded | |
1010 */ | |
1011 protected KeyStore loadKeyStore() throws Exception | |
1012 { | |
1013 return _keyStore != null ? _keyStore : getKeyStore(_keyStoreInputStream, | |
1014 _keyStorePath, _keyStoreType, _keyStoreProvider, | |
1015 _keyStorePassword==null? null: _keyStorePassword.toString()); | |
1016 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1017 |
1002 | 1018 /* ------------------------------------------------------------ */ |
1019 /** | |
1020 * Override this method to provide alternate way to load a truststore. | |
1021 * | |
1022 * @return the key store instance | |
1023 * @throws Exception if the truststore cannot be loaded | |
1024 */ | |
1025 protected KeyStore loadTrustStore() throws Exception | |
1026 { | |
1027 return _trustStore != null ? _trustStore : getKeyStore(_trustStoreInputStream, | |
1028 _trustStorePath, _trustStoreType, _trustStoreProvider, | |
1029 _trustStorePassword==null? null: _trustStorePassword.toString()); | |
1030 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1031 |
1002 | 1032 /* ------------------------------------------------------------ */ |
1033 /** | |
1034 * Loads keystore using an input stream or a file path in the same | |
1035 * order of precedence. | |
1036 * | |
1037 * Required for integrations to be able to override the mechanism | |
1038 * used to load a keystore in order to provide their own implementation. | |
1039 * | |
1040 * @param storeStream keystore input stream | |
1041 * @param storePath path of keystore file | |
1042 * @param storeType keystore type | |
1043 * @param storeProvider keystore provider | |
1044 * @param storePassword keystore password | |
1045 * @return created keystore | |
1046 * @throws Exception if the keystore cannot be obtained | |
1047 * | |
1048 * @deprecated | |
1049 */ | |
1050 @Deprecated | |
1051 protected KeyStore getKeyStore(InputStream storeStream, String storePath, String storeType, String storeProvider, String storePassword) throws Exception | |
1052 { | |
1053 return CertificateUtils.getKeyStore(storeStream, storePath, storeType, storeProvider, storePassword); | |
1054 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1055 |
1002 | 1056 /* ------------------------------------------------------------ */ |
1057 /** | |
1058 * Loads certificate revocation list (CRL) from a file. | |
1059 * | |
1060 * Required for integrations to be able to override the mechanism used to | |
1061 * load CRL in order to provide their own implementation. | |
1062 * | |
1063 * @param crlPath path of certificate revocation list file | |
1064 * @return Collection of CRL's | |
1065 * @throws Exception if the certificate revocation list cannot be loaded | |
1066 */ | |
1067 protected Collection<? extends CRL> loadCRL(String crlPath) throws Exception | |
1068 { | |
1069 return CertificateUtils.loadCRL(crlPath); | |
1070 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1071 |
1002 | 1072 /* ------------------------------------------------------------ */ |
1073 protected KeyManager[] getKeyManagers(KeyStore keyStore) throws Exception | |
1074 { | |
1075 KeyManager[] managers = null; | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1076 |
1002 | 1077 if (keyStore != null) |
1078 { | |
1079 KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(_keyManagerFactoryAlgorithm); | |
1080 keyManagerFactory.init(keyStore,_keyManagerPassword == null?(_keyStorePassword == null?null:_keyStorePassword.toString().toCharArray()):_keyManagerPassword.toString().toCharArray()); | |
1081 managers = keyManagerFactory.getKeyManagers(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1082 |
1002 | 1083 if (_certAlias != null) |
1084 { | |
1085 for (int idx = 0; idx < managers.length; idx++) | |
1086 { | |
1087 if (managers[idx] instanceof X509KeyManager) | |
1088 { | |
1089 managers[idx] = new AliasedX509ExtendedKeyManager(_certAlias,(X509KeyManager)managers[idx]); | |
1090 } | |
1091 } | |
1092 } | |
1093 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1094 |
1002 | 1095 return managers; |
1096 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1097 |
1002 | 1098 /* ------------------------------------------------------------ */ |
1099 protected TrustManager[] getTrustManagers(KeyStore trustStore, Collection<? extends CRL> crls) throws Exception | |
1100 { | |
1101 TrustManager[] managers = null; | |
1102 if (trustStore != null) | |
1103 { | |
1104 // Revocation checking is only supported for PKIX algorithm | |
1105 if (_validatePeerCerts && _trustManagerFactoryAlgorithm.equalsIgnoreCase("PKIX")) | |
1106 { | |
1107 PKIXBuilderParameters pbParams = new PKIXBuilderParameters(trustStore,new X509CertSelector()); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1108 |
1002 | 1109 // Set maximum certification path length |
1110 pbParams.setMaxPathLength(_maxCertPathLength); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1111 |
1002 | 1112 // Make sure revocation checking is enabled |
1113 pbParams.setRevocationEnabled(true); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1114 |
1002 | 1115 if (crls != null && !crls.isEmpty()) |
1116 { | |
1117 pbParams.addCertStore(CertStore.getInstance("Collection",new CollectionCertStoreParameters(crls))); | |
1118 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1119 |
1002 | 1120 if (_enableCRLDP) |
1121 { | |
1122 // Enable Certificate Revocation List Distribution Points (CRLDP) support | |
1123 System.setProperty("com.sun.security.enableCRLDP","true"); | |
1124 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1125 |
1002 | 1126 if (_enableOCSP) |
1127 { | |
1128 // Enable On-Line Certificate Status Protocol (OCSP) support | |
1129 Security.setProperty("ocsp.enable","true"); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1130 |
1002 | 1131 if (_ocspResponderURL != null) |
1132 { | |
1133 // Override location of OCSP Responder | |
1134 Security.setProperty("ocsp.responderURL", _ocspResponderURL); | |
1135 } | |
1136 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1137 |
1002 | 1138 TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(_trustManagerFactoryAlgorithm); |
1139 trustManagerFactory.init(new CertPathTrustManagerParameters(pbParams)); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1140 |
1002 | 1141 managers = trustManagerFactory.getTrustManagers(); |
1142 } | |
1143 else | |
1144 { | |
1145 TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(_trustManagerFactoryAlgorithm); | |
1146 trustManagerFactory.init(trustStore); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1147 |
1002 | 1148 managers = trustManagerFactory.getTrustManagers(); |
1149 } | |
1150 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1151 |
1002 | 1152 return managers; |
1153 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1154 |
1002 | 1155 /* ------------------------------------------------------------ */ |
1156 /** | |
1157 * Check KeyStore Configuration. Ensures that if keystore has been | |
1158 * configured but there's no truststore, that keystore is | |
1159 * used as truststore. | |
1160 * @throws IllegalStateException if SslContextFactory configuration can't be used. | |
1161 */ | |
1162 public void checkKeyStore() | |
1163 { | |
1164 if (_context != null) | |
1165 return; //nothing to check if using preconfigured context | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1166 |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1167 |
1002 | 1168 if (_keyStore == null && _keyStoreInputStream == null && _keyStorePath == null) |
1169 throw new IllegalStateException("SSL doesn't have a valid keystore"); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1170 |
1002 | 1171 // if the keystore has been configured but there is no |
1172 // truststore configured, use the keystore as the truststore | |
1173 if (_trustStore == null && _trustStoreInputStream == null && _trustStorePath == null) | |
1174 { | |
1175 _trustStore = _keyStore; | |
1176 _trustStorePath = _keyStorePath; | |
1177 _trustStoreInputStream = _keyStoreInputStream; | |
1178 _trustStoreType = _keyStoreType; | |
1179 _trustStoreProvider = _keyStoreProvider; | |
1180 _trustStorePassword = _keyStorePassword; | |
1181 _trustManagerFactoryAlgorithm = _keyManagerFactoryAlgorithm; | |
1182 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1183 |
1002 | 1184 // It's the same stream we cannot read it twice, so read it once in memory |
1185 if (_keyStoreInputStream != null && _keyStoreInputStream == _trustStoreInputStream) | |
1186 { | |
1187 try | |
1188 { | |
1189 ByteArrayOutputStream baos = new ByteArrayOutputStream(); | |
1190 IO.copy(_keyStoreInputStream, baos); | |
1191 _keyStoreInputStream.close(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1192 |
1002 | 1193 _keyStoreInputStream = new ByteArrayInputStream(baos.toByteArray()); |
1194 _trustStoreInputStream = new ByteArrayInputStream(baos.toByteArray()); | |
1195 } | |
1196 catch (Exception ex) | |
1197 { | |
1198 throw new IllegalStateException(ex); | |
1199 } | |
1200 } | |
1201 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1202 |
1002 | 1203 /* ------------------------------------------------------------ */ |
1204 /** | |
1205 * Select protocols to be used by the connector | |
1206 * based on configured inclusion and exclusion lists | |
1207 * as well as enabled and supported protocols. | |
1208 * @param enabledProtocols Array of enabled protocols | |
1209 * @param supportedProtocols Array of supported protocols | |
1210 * @return Array of protocols to enable | |
1211 */ | |
1212 public String[] selectProtocols(String[] enabledProtocols, String[] supportedProtocols) | |
1213 { | |
1214 Set<String> selected_protocols = new LinkedHashSet<String>(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1215 |
1002 | 1216 // Set the starting protocols - either from the included or enabled list |
1217 if (_includeProtocols!=null) | |
1218 { | |
1219 // Use only the supported included protocols | |
1220 for (String protocol : _includeProtocols) | |
1221 if(Arrays.asList(supportedProtocols).contains(protocol)) | |
1222 selected_protocols.add(protocol); | |
1223 } | |
1224 else | |
1225 selected_protocols.addAll(Arrays.asList(enabledProtocols)); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1226 |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1227 |
1002 | 1228 // Remove any excluded protocols |
1229 if (_excludeProtocols != null) | |
1230 selected_protocols.removeAll(_excludeProtocols); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1231 |
1002 | 1232 return selected_protocols.toArray(new String[selected_protocols.size()]); |
1233 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1234 |
1002 | 1235 /* ------------------------------------------------------------ */ |
1236 /** | |
1237 * Select cipher suites to be used by the connector | |
1238 * based on configured inclusion and exclusion lists | |
1239 * as well as enabled and supported cipher suite lists. | |
1240 * @param enabledCipherSuites Array of enabled cipher suites | |
1241 * @param supportedCipherSuites Array of supported cipher suites | |
1242 * @return Array of cipher suites to enable | |
1243 */ | |
1244 public String[] selectCipherSuites(String[] enabledCipherSuites, String[] supportedCipherSuites) | |
1245 { | |
1246 Set<String> selected_ciphers = new LinkedHashSet<String>(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1247 |
1002 | 1248 // Set the starting ciphers - either from the included or enabled list |
1249 if (_includeCipherSuites!=null) | |
1250 { | |
1251 // Use only the supported included ciphers | |
1252 for (String cipherSuite : _includeCipherSuites) | |
1253 if(Arrays.asList(supportedCipherSuites).contains(cipherSuite)) | |
1254 selected_ciphers.add(cipherSuite); | |
1255 } | |
1256 else | |
1257 selected_ciphers.addAll(Arrays.asList(enabledCipherSuites)); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1258 |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1259 |
1002 | 1260 // Remove any excluded ciphers |
1261 if (_excludeCipherSuites != null) | |
1262 selected_ciphers.removeAll(_excludeCipherSuites); | |
1263 return selected_ciphers.toArray(new String[selected_ciphers.size()]); | |
1264 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1265 |
1002 | 1266 /* ------------------------------------------------------------ */ |
1267 /** | |
1268 * Check if the lifecycle has been started and throw runtime exception | |
1269 */ | |
1270 protected void checkNotStarted() | |
1271 { | |
1272 if (isStarted()) | |
1273 throw new IllegalStateException("Cannot modify configuration when "+getState()); | |
1274 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1275 |
1002 | 1276 /* ------------------------------------------------------------ */ |
1277 /** | |
1278 * @return true if CRL Distribution Points support is enabled | |
1279 */ | |
1280 public boolean isEnableCRLDP() | |
1281 { | |
1282 return _enableCRLDP; | |
1283 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1284 |
1002 | 1285 /* ------------------------------------------------------------ */ |
1286 /** Enables CRL Distribution Points Support | |
1287 * @param enableCRLDP true - turn on, false - turns off | |
1288 */ | |
1289 public void setEnableCRLDP(boolean enableCRLDP) | |
1290 { | |
1291 checkNotStarted(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1292 |
1002 | 1293 _enableCRLDP = enableCRLDP; |
1294 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1295 |
1002 | 1296 /* ------------------------------------------------------------ */ |
1297 /** | |
1298 * @return true if On-Line Certificate Status Protocol support is enabled | |
1299 */ | |
1300 public boolean isEnableOCSP() | |
1301 { | |
1302 return _enableOCSP; | |
1303 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1304 |
1002 | 1305 /* ------------------------------------------------------------ */ |
1306 /** Enables On-Line Certificate Status Protocol support | |
1307 * @param enableOCSP true - turn on, false - turn off | |
1308 */ | |
1309 public void setEnableOCSP(boolean enableOCSP) | |
1310 { | |
1311 checkNotStarted(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1312 |
1002 | 1313 _enableOCSP = enableOCSP; |
1314 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1315 |
1002 | 1316 /* ------------------------------------------------------------ */ |
1317 /** | |
1318 * @return Location of the OCSP Responder | |
1319 */ | |
1320 public String getOcspResponderURL() | |
1321 { | |
1322 return _ocspResponderURL; | |
1323 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1324 |
1002 | 1325 /* ------------------------------------------------------------ */ |
1326 /** Set the location of the OCSP Responder. | |
1327 * @param ocspResponderURL location of the OCSP Responder | |
1328 */ | |
1329 public void setOcspResponderURL(String ocspResponderURL) | |
1330 { | |
1331 checkNotStarted(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1332 |
1002 | 1333 _ocspResponderURL = ocspResponderURL; |
1334 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1335 |
1002 | 1336 /* ------------------------------------------------------------ */ |
1337 /** Set the key store. | |
1338 * @param keyStore the key store to set | |
1339 */ | |
1340 public void setKeyStore(KeyStore keyStore) | |
1341 { | |
1342 checkNotStarted(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1343 |
1002 | 1344 _keyStore = keyStore; |
1345 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1346 |
1002 | 1347 /* ------------------------------------------------------------ */ |
1348 /** Set the trust store. | |
1349 * @param trustStore the trust store to set | |
1350 */ | |
1351 public void setTrustStore(KeyStore trustStore) | |
1352 { | |
1353 checkNotStarted(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1354 |
1002 | 1355 _trustStore = trustStore; |
1356 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1357 |
1002 | 1358 /* ------------------------------------------------------------ */ |
1359 /** Set the key store resource. | |
1360 * @param resource the key store resource to set | |
1361 */ | |
1362 public void setKeyStoreResource(Resource resource) | |
1363 { | |
1364 checkNotStarted(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1365 |
1002 | 1366 try |
1367 { | |
1368 _keyStoreInputStream = resource.getInputStream(); | |
1369 } | |
1370 catch (IOException e) | |
1371 { | |
1372 throw new InvalidParameterException("Unable to get resource "+ | |
1373 "input stream for resource "+resource.toString()); | |
1374 } | |
1375 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1376 |
1002 | 1377 /* ------------------------------------------------------------ */ |
1378 /** Set the trust store resource. | |
1379 * @param resource the trust store resource to set | |
1380 */ | |
1381 public void setTrustStoreResource(Resource resource) | |
1382 { | |
1383 checkNotStarted(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1384 |
1002 | 1385 try |
1386 { | |
1387 _trustStoreInputStream = resource.getInputStream(); | |
1388 } | |
1389 catch (IOException e) | |
1390 { | |
1391 throw new InvalidParameterException("Unable to get resource "+ | |
1392 "input stream for resource "+resource.toString()); | |
1393 } | |
1394 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1395 |
1002 | 1396 /* ------------------------------------------------------------ */ |
1397 /** | |
1398 * @return true if SSL Session caching is enabled | |
1399 */ | |
1400 public boolean isSessionCachingEnabled() | |
1401 { | |
1402 return _sessionCachingEnabled; | |
1403 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1404 |
1002 | 1405 /* ------------------------------------------------------------ */ |
1406 /** Set the flag to enable SSL Session caching. | |
1407 * @param enableSessionCaching the value of the flag | |
1408 */ | |
1409 public void setSessionCachingEnabled(boolean enableSessionCaching) | |
1410 { | |
1411 _sessionCachingEnabled = enableSessionCaching; | |
1412 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1413 |
1002 | 1414 /* ------------------------------------------------------------ */ |
1415 /** Get SSL session cache size. | |
1416 * @return SSL session cache size | |
1417 */ | |
1418 public int getSslSessionCacheSize() | |
1419 { | |
1420 return _sslSessionCacheSize; | |
1421 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1422 |
1002 | 1423 /* ------------------------------------------------------------ */ |
1424 /** SEt SSL session cache size. | |
1425 * @param sslSessionCacheSize SSL session cache size to set | |
1426 */ | |
1427 public void setSslSessionCacheSize(int sslSessionCacheSize) | |
1428 { | |
1429 _sslSessionCacheSize = sslSessionCacheSize; | |
1430 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1431 |
1002 | 1432 /* ------------------------------------------------------------ */ |
1433 /** Get SSL session timeout. | |
1434 * @return SSL session timeout | |
1435 */ | |
1436 public int getSslSessionTimeout() | |
1437 { | |
1438 return _sslSessionTimeout; | |
1439 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1440 |
1002 | 1441 /* ------------------------------------------------------------ */ |
1442 /** Set SSL session timeout. | |
1443 * @param sslSessionTimeout SSL session timeout to set | |
1444 */ | |
1445 public void setSslSessionTimeout(int sslSessionTimeout) | |
1446 { | |
1447 _sslSessionTimeout = sslSessionTimeout; | |
1448 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1449 |
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1450 |
1002 | 1451 /* ------------------------------------------------------------ */ |
1452 public SSLServerSocket newSslServerSocket(String host,int port,int backlog) throws IOException | |
1453 { | |
1454 SSLServerSocketFactory factory = _context.getServerSocketFactory(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1455 |
1002 | 1456 SSLServerSocket socket = |
1457 (SSLServerSocket) (host==null ? | |
1458 factory.createServerSocket(port,backlog): | |
1459 factory.createServerSocket(port,backlog,InetAddress.getByName(host))); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1460 |
1002 | 1461 if (getWantClientAuth()) |
1462 socket.setWantClientAuth(getWantClientAuth()); | |
1463 if (getNeedClientAuth()) | |
1464 socket.setNeedClientAuth(getNeedClientAuth()); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1465 |
1002 | 1466 socket.setEnabledCipherSuites(selectCipherSuites( |
1467 socket.getEnabledCipherSuites(), | |
1468 socket.getSupportedCipherSuites())); | |
1469 socket.setEnabledProtocols(selectProtocols(socket.getEnabledProtocols(),socket.getSupportedProtocols())); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1470 |
1002 | 1471 return socket; |
1472 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1473 |
1002 | 1474 /* ------------------------------------------------------------ */ |
1475 public SSLSocket newSslSocket() throws IOException | |
1476 { | |
1477 SSLSocketFactory factory = _context.getSocketFactory(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1478 |
1002 | 1479 SSLSocket socket = (SSLSocket)factory.createSocket(); |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1480 |
1002 | 1481 if (getWantClientAuth()) |
1482 socket.setWantClientAuth(getWantClientAuth()); | |
1483 if (getNeedClientAuth()) | |
1484 socket.setNeedClientAuth(getNeedClientAuth()); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1485 |
1002 | 1486 socket.setEnabledCipherSuites(selectCipherSuites( |
1487 socket.getEnabledCipherSuites(), | |
1488 socket.getSupportedCipherSuites())); | |
1489 socket.setEnabledProtocols(selectProtocols(socket.getEnabledProtocols(),socket.getSupportedProtocols())); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1490 |
1002 | 1491 return socket; |
1492 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1493 |
1002 | 1494 /* ------------------------------------------------------------ */ |
1495 public SSLEngine newSslEngine(String host,int port) | |
1496 { | |
1497 SSLEngine sslEngine=isSessionCachingEnabled() | |
1498 ?_context.createSSLEngine(host, port) | |
1499 :_context.createSSLEngine(); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1500 |
1002 | 1501 customize(sslEngine); |
1502 return sslEngine; | |
1503 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1504 |
1002 | 1505 /* ------------------------------------------------------------ */ |
1506 public SSLEngine newSslEngine() | |
1507 { | |
1508 SSLEngine sslEngine=_context.createSSLEngine(); | |
1509 customize(sslEngine); | |
1510 return sslEngine; | |
1511 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1512 |
1002 | 1513 /* ------------------------------------------------------------ */ |
1514 public void customize(SSLEngine sslEngine) | |
1515 { | |
1516 if (getWantClientAuth()) | |
1517 sslEngine.setWantClientAuth(getWantClientAuth()); | |
1518 if (getNeedClientAuth()) | |
1519 sslEngine.setNeedClientAuth(getNeedClientAuth()); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1520 |
1002 | 1521 sslEngine.setEnabledCipherSuites(selectCipherSuites( |
1522 sslEngine.getEnabledCipherSuites(), | |
1523 sslEngine.getSupportedCipherSuites())); | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1524 |
1002 | 1525 sslEngine.setEnabledProtocols(selectProtocols(sslEngine.getEnabledProtocols(),sslEngine.getSupportedProtocols())); |
1526 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1527 |
1002 | 1528 /* ------------------------------------------------------------ */ |
1529 public String toString() | |
1530 { | |
1531 return String.format("%s@%x(%s,%s)", | |
1532 getClass().getSimpleName(), | |
1533 hashCode(), | |
1534 _keyStorePath, | |
1535 _trustStorePath); | |
1536 } | |
802
3428c60d7cfc
replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff
changeset
|
1537 } |