Example usage for javax.net.ssl TrustManagerFactory getTrustManagers

Introduction

In this page you can find the example usage for javax.net.ssl TrustManagerFactory getTrustManagers.

Prototype

public final TrustManager[] getTrustManagers() 

Source Link

Document

Returns one trust manager for each type of trust material.

Usage

From source file:org.beepcore.beep.profile.tls.jsse.TLSProfileJSSE.java

/**
 * init sets the criteria for which an SSL connection is made when
 * a TLS channel is started for a profile.  It should only be
 * called once.  For the properties, the initiator is defined as
 * the peer who starts the channel for the TLS profile, the
 * listener is the peer that receives the the channel start
 * request, irregardless of which actually started the session.<p>
 *
 * @param config <code>ProfileConfiguration</code> object that
 * contains key value pairs to initialize the TLS layer.  None of
 * these are mandatory, but if you wish communication to be
 * anonymous with no authentication, (i.e., the listener to not
 * send back a certificate), you must set "Listener Anonymous" to
 * "true" and "Initiator Authentication Required" to "false".
 * The meaningful properties that can be set are these:<p>
 * <table>//from w  w  w .j  av a2  s  . co  m
 * <tr>
 * <td>Listener Anonymous</td><td>(true|false) must be set to false if the
 *   listener will not authenticate itself</td>
 * </tr><tr>
 * <td>Initiator Authentication Required</td><td>(true|false) set if the
 *       initiator should send a certificate and the listener expects a
 *       certificate.</td>
 * </tr><tr>
 * <td>Cipher Suite</td><td><i>not yet implemented.</i>the algorithms that
 *       can be used for encryption, authentication, and key exchange.</td>
 * </tr><tr>
 * <td>Key Algorithm</td><td>key management algorithm. See
 *       {@link com.sun.net.ssl.KeyManagerFactory#getInstance}</td>
 * </tr><tr>
 * <td>Key Provider</td><td>provider of the key management
 *       algorithm.  Defaults to
 *    <code>com.sun.net.ssl.internal.ssl.Provider</code> See
 *       {@link com.sun.net.ssl.KeyManagerFactory#getInstance}</td>
 * </tr><tr>
 * <td>Trust Algorithm</td><td>algorithm to be used by the trust
 *       manager.  See
 *       {@link com.sun.net.ssl.TrustManagerFactory#getInstance}</td>
 * </tr><tr>
 * <td>Trust Provider</td><td>provider of the trust manager.  Defaults to
 *    <code>com.sun.net.ssl.internal.ssl.Provider</code>.  See
 *    {@link com.sun.net.ssl.TrustManagerFactory#getInstance}</td>
 * </tr><tr>
 * <td>Key Store Passphrase</td><td>pass phrase used to encrypt the key
 *    store.  See {@link java.security.KeyStore#load}</td>
 * </tr><tr>
 * <td>Key Store Data Type</td><td>data type of the key store passed in.
 *     "file" is currently the only value accepted, meaning Key Store
 *     is the name of a file containing keys.  See
 *     {@link java.security.KeyStore#load}</td>
 * </tr><tr>
 * <td>Key Store</td><td>value of the key store, dependent on the type in
 *     Key Store Data Type.  See {@link java.security.KeyStore#load}</td>
 * </tr><tr>
 * <td>Key Store Format</td><td>format of the keys within the key store.
 *  Default is "JKS".  See {@link java.security.KeyStore#getInstance}</td>
 * </tr><tr>
 * <td>Key Store Provider</td><td>provider for the key stores.  See
 *     {@link java.security.KeyStore#getInstance}</td>
 * </tr><tr>
 * <td>Trust Store Passphrase</td><td>pass phrase used to encrypt the trust
 *     store.  See {@link java.security.KeyStore#load}</td>
 * </tr><tr>
 * <td>Trust Store Data Type</td><td>data type of the certificates in the
 * trust store.  "file" is currently th only value accepted,
 * meaning the trust store is a file on the local disk.  See
 *     {@link java.security.KeyStore#load}</td>
 * </tr><tr>
 * <td>Trust Store</td><td>value of the trust store, dependent on the type
 *     in Trust
 *     Store Data Type  See {@link java.security.KeyStore#load}</td>
 * </tr><tr>
 * <td>Trust Store Format</td><td>format of the certificates within the
 *     trust store.
 * Default is "JKS".  See {@link java.security.KeyStore#getInstance}</td>
 * </tr><tr>
 * <td>Trust Store Provider</td><td>provider for the trust stores.  See
 *     {@link java.security.KeyStore#getInstance}</td>
 * </tr><tr>
 * <td>Allowed SSL Protocols</td><td>Comma separated list of algorithms 
 * that may be used for SSL/TLS negotiations. By default, this will be 
 * whatever the {@link SSLSocket} implementation supports.
 * @see SSLSocket#getSupportedProtocols()
 * @see SSLSocket#setEnabledProtocols(String[])
 * </tr><tr>
 * </table>
 * @throws BEEPException For any error in the profile configuration, a
 * negative response in the form of a BEEP error will be sent back to the
 * requesting peer.  The session will continue to be open and usable, at
 * least from the standpoint of this peer.
 *
 * @see com.sun.net.ssl.KeyManagerFactory
 * @see com.sun.net.ssl.TrustManagerFactory
 * @see java.security.KeyStore
 * @see com.sun.net.ssl.SSLContext
 */
public StartChannelListener init(String uri, ProfileConfiguration config) throws BEEPException {
    KeyManagerFactory kmf = null;
    KeyManager[] km = null;
    KeyStore ks = null;
    TrustManagerFactory tmf = null;
    TrustManager[] tm = null;
    KeyStore ts = null;
    SSLContext ctx;
    this.sslProtocols = null;

    // set the URI of this instance of the profile
    this.uri = uri;

    try {

        // create an SSL context object
        ctx = SSLContext.getInstance("TLS");
    } catch (java.security.NoSuchAlgorithmException e) {
        throw new BEEPException("TLS Algorithm Not Found. Probable " + "cause is the JSSE provider has not "
                + "been added to the java.security file.");
    }

    try {
        String protocols = config.getProperty(PROPERTY_SSL_PROTOCOLS);
        if (protocols != null) {
            this.sslProtocols = protocols.split(",");
        }
        // initialize the key managers, trust managers, and
        keyAlgorithm = config.getProperty(PROPERTY_KEY_MANAGER_ALGORITHM);
        keyProvider = config.getProperty(PROPERTY_KEY_MANAGER_PROVIDER);
        trustAlgorithm = config.getProperty(PROPERTY_TRUST_MANAGER_ALGORITHM);
        trustProvider = config.getProperty(PROPERTY_TRUST_MANAGER_PROVIDER);
        keyPassphrase = config.getProperty(PROPERTY_KEYSTORE_PASSPHRASE);
        keyStoreType = config.getProperty(PROPERTY_KEYSTORE_TYPE);
        keyStoreName = config.getProperty(PROPERTY_KEYSTORE_NAME);
        keyStoreFormat = config.getProperty(PROPERTY_KEYSTORE_FORMAT, "JKS");
        keyStoreProvider = config.getProperty(PROPERTY_KEYSTORE_PROVIDER);
        trustPassphrase = config.getProperty(PROPERTY_TRUSTSTORE_PASSPHRASE);
        trustStoreType = config.getProperty(PROPERTY_TRUSTSTORE_TYPE);
        trustStoreName = config.getProperty(PROPERTY_TRUSTSTORE_NAME);
        trustStoreFormat = config.getProperty(PROPERTY_TRUSTSTORE_FORMAT, "JKS");
        trustStoreProvider = config.getProperty(PROPERTY_TRUSTSTORE_PROVIDER);

        // determine if the client must authenticate or if the server can
        // 
        needClientAuth = new Boolean(config.getProperty(PROPERTY_CLIENT_AUTHENTICATION, "false"))
                .booleanValue();
        serverAnonymous = new Boolean(config.getProperty(PROPERTY_SERVER_ANONYMOUS, "true")).booleanValue();

        if (keyAlgorithm != null) {
            if (keyProvider != null) {
                kmf = KeyManagerFactory.getInstance(keyAlgorithm, keyProvider);
            } else {
                kmf = KeyManagerFactory.getInstance(keyAlgorithm);
            }

            // add support for a default type of key manager factory?
            if (keyStoreProvider != null) {
                ks = KeyStore.getInstance(keyStoreFormat, keyStoreProvider);
            } else {
                ks = KeyStore.getInstance(keyStoreFormat);
            }

            if (keyStoreType.equals("file")) {
                ks.load(new FileInputStream(keyStoreName), keyPassphrase.toCharArray());
            } else {
                throw new BEEPException(ERR_ILLEGAL_KEY_STORE);
            }

            // initialize the key factory manager 
            kmf.init(ks, keyPassphrase.toCharArray());

            km = kmf.getKeyManagers();
        } else {
            km = null;
        }

        if (trustAlgorithm != null) {
            if (trustProvider != null) {
                tmf = TrustManagerFactory.getInstance(trustAlgorithm, trustProvider);
            } else {
                tmf = TrustManagerFactory.getInstance(trustAlgorithm);
            }

            // add support for a default type of trust manager factory?
            if (trustStoreProvider != null) {
                ts = KeyStore.getInstance(trustStoreFormat, trustStoreProvider);
            } else {
                ts = KeyStore.getInstance(trustStoreFormat);
            }

            if (trustStoreType.equals("file")) {
                ts.load(new FileInputStream(trustStoreName), trustPassphrase.toCharArray());
            } else {
                throw new BEEPException(ERR_ILLEGAL_TRUST_STORE);
            }

            // initialize the trust factory manager 
            tmf.init(ts);

            tm = tmf.getTrustManagers();
        } else {
            tm = null;
        }

        // create a socket factory from the key factories and
        // trust factories created for the algorithms and stores
        // specfied.  No option is given to change the secure
        // random number generator
        ctx.init(km, tm, null);

        socketFactory = ctx.getSocketFactory();

        return this;
    } catch (Exception e) {
        log.error(e);

        throw new BEEPException(e);
    }
}

---

• «
• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11
• 12
• 13
• 14
• 15
• 16
• 17
• 18
• 19
• 20
• 21
• 22
• 23
• 24
• 25
• 26
• 27
• 28
• 29
• 30
• 31
• 32
• 33
• 34
• 35
• »