Example usage for javax.net.ssl TrustManagerFactory getTrustManagers

List of usage examples for javax.net.ssl TrustManagerFactory getTrustManagers

Introduction

In this page you can find the example usage for javax.net.ssl TrustManagerFactory getTrustManagers.

Prototype

public final TrustManager[] getTrustManagers() 

Source Link

Document

Returns one trust manager for each type of trust material.

Usage

From source file:org.beepcore.beep.profile.tls.jsse.TLSProfileJSSE.java

/**
 * init sets the criteria for which an SSL connection is made when
 * a TLS channel is started for a profile.  It should only be
 * called once.  For the properties, the initiator is defined as
 * the peer who starts the channel for the TLS profile, the
 * listener is the peer that receives the the channel start
 * request, irregardless of which actually started the session.<p>
 *
 * @param config <code>ProfileConfiguration</code> object that
 * contains key value pairs to initialize the TLS layer.  None of
 * these are mandatory, but if you wish communication to be
 * anonymous with no authentication, (i.e., the listener to not
 * send back a certificate), you must set "Listener Anonymous" to
 * "true" and "Initiator Authentication Required" to "false".
 * The meaningful properties that can be set are these:<p>
 * <table>//from w  w  w .j  av a2  s  . co  m
 * <tr>
 * <td>Listener Anonymous</td><td>(true|false) must be set to false if the
 *   listener will not authenticate itself</td>
 * </tr><tr>
 * <td>Initiator Authentication Required</td><td>(true|false) set if the
 *       initiator should send a certificate and the listener expects a
 *       certificate.</td>
 * </tr><tr>
 * <td>Cipher Suite</td><td><i>not yet implemented.</i>the algorithms that
 *       can be used for encryption, authentication, and key exchange.</td>
 * </tr><tr>
 * <td>Key Algorithm</td><td>key management algorithm. See
 *       {@link com.sun.net.ssl.KeyManagerFactory#getInstance}</td>
 * </tr><tr>
 * <td>Key Provider</td><td>provider of the key management
 *       algorithm.  Defaults to
 *    <code>com.sun.net.ssl.internal.ssl.Provider</code> See
 *       {@link com.sun.net.ssl.KeyManagerFactory#getInstance}</td>
 * </tr><tr>
 * <td>Trust Algorithm</td><td>algorithm to be used by the trust
 *       manager.  See
 *       {@link com.sun.net.ssl.TrustManagerFactory#getInstance}</td>
 * </tr><tr>
 * <td>Trust Provider</td><td>provider of the trust manager.  Defaults to
 *    <code>com.sun.net.ssl.internal.ssl.Provider</code>.  See
 *    {@link com.sun.net.ssl.TrustManagerFactory#getInstance}</td>
 * </tr><tr>
 * <td>Key Store Passphrase</td><td>pass phrase used to encrypt the key
 *    store.  See {@link java.security.KeyStore#load}</td>
 * </tr><tr>
 * <td>Key Store Data Type</td><td>data type of the key store passed in.
 *     "file" is currently the only value accepted, meaning Key Store
 *     is the name of a file containing keys.  See
 *     {@link java.security.KeyStore#load}</td>
 * </tr><tr>
 * <td>Key Store</td><td>value of the key store, dependent on the type in
 *     Key Store Data Type.  See {@link java.security.KeyStore#load}</td>
 * </tr><tr>
 * <td>Key Store Format</td><td>format of the keys within the key store.
 *  Default is "JKS".  See {@link java.security.KeyStore#getInstance}</td>
 * </tr><tr>
 * <td>Key Store Provider</td><td>provider for the key stores.  See
 *     {@link java.security.KeyStore#getInstance}</td>
 * </tr><tr>
 * <td>Trust Store Passphrase</td><td>pass phrase used to encrypt the trust
 *     store.  See {@link java.security.KeyStore#load}</td>
 * </tr><tr>
 * <td>Trust Store Data Type</td><td>data type of the certificates in the
 * trust store.  "file" is currently th only value accepted,
 * meaning the trust store is a file on the local disk.  See
 *     {@link java.security.KeyStore#load}</td>
 * </tr><tr>
 * <td>Trust Store</td><td>value of the trust store, dependent on the type
 *     in Trust
 *     Store Data Type  See {@link java.security.KeyStore#load}</td>
 * </tr><tr>
 * <td>Trust Store Format</td><td>format of the certificates within the
 *     trust store.
 * Default is "JKS".  See {@link java.security.KeyStore#getInstance}</td>
 * </tr><tr>
 * <td>Trust Store Provider</td><td>provider for the trust stores.  See
 *     {@link java.security.KeyStore#getInstance}</td>
 * </tr><tr>
 * <td>Allowed SSL Protocols</td><td>Comma separated list of algorithms 
 * that may be used for SSL/TLS negotiations. By default, this will be 
 * whatever the {@link SSLSocket} implementation supports.
 * @see SSLSocket#getSupportedProtocols()
 * @see SSLSocket#setEnabledProtocols(String[])
 * </tr><tr>
 * </table>
 * @throws BEEPException For any error in the profile configuration, a
 * negative response in the form of a BEEP error will be sent back to the
 * requesting peer.  The session will continue to be open and usable, at
 * least from the standpoint of this peer.
 *
 * @see com.sun.net.ssl.KeyManagerFactory
 * @see com.sun.net.ssl.TrustManagerFactory
 * @see java.security.KeyStore
 * @see com.sun.net.ssl.SSLContext
 */
public StartChannelListener init(String uri, ProfileConfiguration config) throws BEEPException {
    KeyManagerFactory kmf = null;
    KeyManager[] km = null;
    KeyStore ks = null;
    TrustManagerFactory tmf = null;
    TrustManager[] tm = null;
    KeyStore ts = null;
    SSLContext ctx;
    this.sslProtocols = null;

    // set the URI of this instance of the profile
    this.uri = uri;

    try {

        // create an SSL context object
        ctx = SSLContext.getInstance("TLS");
    } catch (java.security.NoSuchAlgorithmException e) {
        throw new BEEPException("TLS Algorithm Not Found. Probable " + "cause is the JSSE provider has not "
                + "been added to the java.security file.");
    }

    try {
        String protocols = config.getProperty(PROPERTY_SSL_PROTOCOLS);
        if (protocols != null) {
            this.sslProtocols = protocols.split(",");
        }
        // initialize the key managers, trust managers, and
        keyAlgorithm = config.getProperty(PROPERTY_KEY_MANAGER_ALGORITHM);
        keyProvider = config.getProperty(PROPERTY_KEY_MANAGER_PROVIDER);
        trustAlgorithm = config.getProperty(PROPERTY_TRUST_MANAGER_ALGORITHM);
        trustProvider = config.getProperty(PROPERTY_TRUST_MANAGER_PROVIDER);
        keyPassphrase = config.getProperty(PROPERTY_KEYSTORE_PASSPHRASE);
        keyStoreType = config.getProperty(PROPERTY_KEYSTORE_TYPE);
        keyStoreName = config.getProperty(PROPERTY_KEYSTORE_NAME);
        keyStoreFormat = config.getProperty(PROPERTY_KEYSTORE_FORMAT, "JKS");
        keyStoreProvider = config.getProperty(PROPERTY_KEYSTORE_PROVIDER);
        trustPassphrase = config.getProperty(PROPERTY_TRUSTSTORE_PASSPHRASE);
        trustStoreType = config.getProperty(PROPERTY_TRUSTSTORE_TYPE);
        trustStoreName = config.getProperty(PROPERTY_TRUSTSTORE_NAME);
        trustStoreFormat = config.getProperty(PROPERTY_TRUSTSTORE_FORMAT, "JKS");
        trustStoreProvider = config.getProperty(PROPERTY_TRUSTSTORE_PROVIDER);

        // determine if the client must authenticate or if the server can
        // 
        needClientAuth = new Boolean(config.getProperty(PROPERTY_CLIENT_AUTHENTICATION, "false"))
                .booleanValue();
        serverAnonymous = new Boolean(config.getProperty(PROPERTY_SERVER_ANONYMOUS, "true")).booleanValue();

        if (keyAlgorithm != null) {
            if (keyProvider != null) {
                kmf = KeyManagerFactory.getInstance(keyAlgorithm, keyProvider);
            } else {
                kmf = KeyManagerFactory.getInstance(keyAlgorithm);
            }

            // add support for a default type of key manager factory?
            if (keyStoreProvider != null) {
                ks = KeyStore.getInstance(keyStoreFormat, keyStoreProvider);
            } else {
                ks = KeyStore.getInstance(keyStoreFormat);
            }

            if (keyStoreType.equals("file")) {
                ks.load(new FileInputStream(keyStoreName), keyPassphrase.toCharArray());
            } else {
                throw new BEEPException(ERR_ILLEGAL_KEY_STORE);
            }

            // initialize the key factory manager 
            kmf.init(ks, keyPassphrase.toCharArray());

            km = kmf.getKeyManagers();
        } else {
            km = null;
        }

        if (trustAlgorithm != null) {
            if (trustProvider != null) {
                tmf = TrustManagerFactory.getInstance(trustAlgorithm, trustProvider);
            } else {
                tmf = TrustManagerFactory.getInstance(trustAlgorithm);
            }

            // add support for a default type of trust manager factory?
            if (trustStoreProvider != null) {
                ts = KeyStore.getInstance(trustStoreFormat, trustStoreProvider);
            } else {
                ts = KeyStore.getInstance(trustStoreFormat);
            }

            if (trustStoreType.equals("file")) {
                ts.load(new FileInputStream(trustStoreName), trustPassphrase.toCharArray());
            } else {
                throw new BEEPException(ERR_ILLEGAL_TRUST_STORE);
            }

            // initialize the trust factory manager 
            tmf.init(ts);

            tm = tmf.getTrustManagers();
        } else {
            tm = null;
        }

        // create a socket factory from the key factories and
        // trust factories created for the algorithms and stores
        // specfied.  No option is given to change the secure
        // random number generator
        ctx.init(km, tm, null);

        socketFactory = ctx.getSocketFactory();

        return this;
    } catch (Exception e) {
        log.error(e);

        throw new BEEPException(e);
    }
}