List of usage examples for javax.security.cert CertificateException CertificateException
public CertificateException()
From source file:orca.shirako.container.RemoteRegistryCache.java
/** * set up client-side SSL parameters//from w ww . j a va2 s.co m */ public static void configureSSL() { if (configuredSSL) { return; } configuredSSL = true; registryUrl = Globals.getContainer().getConfiguration().getProperty(OrcaContainer.PropertyRegistryUrl); if (registryUrl == null) { Globals.Log.info("No external registry is specified."); return; } URL registryURL = null; try { registryURL = new URL(registryUrl); } catch (MalformedURLException e) { Globals.Log.info("Unable to parse registry URL: " + registryUrl); return; } // load registry cert fingerprint Globals.Log.debug("Loading registry certificate fingerprint"); String registryCertFingerprint = Globals.getContainer().getConfiguration() .getProperty(OrcaContainer.PropertyRegistryCertFingerprint); if (registryCertFingerprint == null) { Globals.Log.info( "Registry certificate fingerprint property (" + OrcaContainer.PropertyRegistryCertFingerprint + ") is not specified, skipping registry SSL configuration"); return; } // convert to byte array String[] fingerPrintBytes = registryCertFingerprint.split(":"); for (int i = 0; i < 16; i++) registryCertDigest[i] = (byte) (Integer.parseInt(fingerPrintBytes[i], 16) & 0xFF); // Create a trust manager that does not validate certificate chains TrustManager[] trustRegistryCert = new TrustManager[] { new X509TrustManager() { public X509Certificate[] getAcceptedIssuers() { // return 0 size array, not null, per spec return new X509Certificate[0]; } public void checkClientTrusted(X509Certificate[] certs, String authType) { // Trust always } public void checkServerTrusted(X509Certificate[] certs, String authType) { // Trust always MessageDigest md = null; try { md = MessageDigest.getInstance("MD5"); if (certs.length == 0) throw new CertificateException(); byte[] certDigest = md.digest(certs[0].getEncoded()); if (!Arrays.equals(certDigest, registryCertDigest)) { Globals.Log.error( "Certificate presented by registry does not match local copy, communications with registry is not possible"); sslError = true; if (threadStarted) RemoteRegistryCache.getInstance().stop(); ActorLiveness.allStop(); throw new CertificateException(); } } catch (NoSuchAlgorithmException e) { } catch (Exception e) { Globals.Log .error("Unable to compare server certificate digest to the existing registry digest: " + e.toString()); sslError = true; if (threadStarted) RemoteRegistryCache.getInstance().stop(); ActorLiveness.allStop(); } } } }; Globals.Log.info("Creating a multikey manager for registry communications"); // create multikeymanager mkm = new MultiKeyManager(); // register a new protocol ContextualSSLProtocolSocketFactory regSslFact = new ContextualSSLProtocolSocketFactory(); // add this multikey context factory for the registry host/port regSslFact.addHostContextFactory(new MultiKeySSLContextFactory(mkm, trustRegistryCert), registryURL.getHost(), registryURL.getPort()); // register the protocol (Note: All xmlrpc clients must use XmlRpcCommonsTransportFactory // for this to work). See ContextualSSLProtocolSocketFactory. Protocol reghhttps = new Protocol("https", (ProtocolSocketFactory) regSslFact, 443); Protocol.registerProtocol("https", reghhttps); }