1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28 package org.apache.http.conn.ssl;
29
30 import java.net.Socket;
31 import java.security.KeyManagementException;
32 import java.security.KeyStore;
33 import java.security.KeyStoreException;
34 import java.security.NoSuchAlgorithmException;
35 import java.security.Principal;
36 import java.security.PrivateKey;
37 import java.security.SecureRandom;
38 import java.security.UnrecoverableKeyException;
39 import java.security.cert.CertificateException;
40 import java.security.cert.X509Certificate;
41 import java.util.Collections;
42 import java.util.HashMap;
43 import java.util.LinkedHashSet;
44 import java.util.Map;
45 import java.util.Set;
46
47 import javax.net.ssl.KeyManager;
48 import javax.net.ssl.KeyManagerFactory;
49 import javax.net.ssl.SSLContext;
50 import javax.net.ssl.TrustManager;
51 import javax.net.ssl.TrustManagerFactory;
52 import javax.net.ssl.X509KeyManager;
53 import javax.net.ssl.X509TrustManager;
54
55
56
57
58
59
60
61
62 @Deprecated
63 public class SSLContextBuilder {
64
65 static final String TLS = "TLS";
66 static final String SSL = "SSL";
67
68 private String protocol;
69 private final Set<KeyManager> keymanagers;
70 private final Set<TrustManager> trustmanagers;
71 private SecureRandom secureRandom;
72
73 public SSLContextBuilder() {
74 super();
75 this.keymanagers = new LinkedHashSet<KeyManager>();
76 this.trustmanagers = new LinkedHashSet<TrustManager>();
77 }
78
79 public SSLContextBuilder useTLS() {
80 this.protocol = TLS;
81 return this;
82 }
83
84 public SSLContextBuilder useSSL() {
85 this.protocol = SSL;
86 return this;
87 }
88
89 public SSLContextBuilder useProtocol(final String protocol) {
90 this.protocol = protocol;
91 return this;
92 }
93
94 public SSLContextBuilder setSecureRandom(final SecureRandom secureRandom) {
95 this.secureRandom = secureRandom;
96 return this;
97 }
98
99 public SSLContextBuilder loadTrustMaterial(
100 final KeyStore truststore,
101 final TrustStrategy trustStrategy) throws NoSuchAlgorithmException, KeyStoreException {
102 final TrustManagerFactory tmfactory = TrustManagerFactory.getInstance(
103 TrustManagerFactory.getDefaultAlgorithm());
104 tmfactory.init(truststore);
105 final TrustManager[] tms = tmfactory.getTrustManagers();
106 if (tms != null) {
107 if (trustStrategy != null) {
108 for (int i = 0; i < tms.length; i++) {
109 final TrustManager tm = tms[i];
110 if (tm instanceof X509TrustManager) {
111 tms[i] = new TrustManagerDelegate(
112 (X509TrustManager) tm, trustStrategy);
113 }
114 }
115 }
116 Collections.addAll(this.trustmanagers, tms);
117 }
118 return this;
119 }
120
121 public SSLContextBuilder loadTrustMaterial(
122 final KeyStore truststore) throws NoSuchAlgorithmException, KeyStoreException {
123 return loadTrustMaterial(truststore, null);
124 }
125
126 public SSLContextBuilder loadKeyMaterial(
127 final KeyStore keystore,
128 final char[] keyPassword)
129 throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
130 loadKeyMaterial(keystore, keyPassword, null);
131 return this;
132 }
133
134 public SSLContextBuilder loadKeyMaterial(
135 final KeyStore keystore,
136 final char[] keyPassword,
137 final PrivateKeyStrategy aliasStrategy)
138 throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
139 final KeyManagerFactory kmfactory = KeyManagerFactory.getInstance(
140 KeyManagerFactory.getDefaultAlgorithm());
141 kmfactory.init(keystore, keyPassword);
142 final KeyManager[] kms = kmfactory.getKeyManagers();
143 if (kms != null) {
144 if (aliasStrategy != null) {
145 for (int i = 0; i < kms.length; i++) {
146 final KeyManager km = kms[i];
147 if (km instanceof X509KeyManager) {
148 kms[i] = new KeyManagerDelegate(
149 (X509KeyManager) km, aliasStrategy);
150 }
151 }
152 }
153 Collections.addAll(keymanagers, kms);
154 }
155 return this;
156 }
157
158 public SSLContext build() throws NoSuchAlgorithmException, KeyManagementException {
159 final SSLContext sslcontext = SSLContext.getInstance(
160 this.protocol != null ? this.protocol : TLS);
161 sslcontext.init(
162 !keymanagers.isEmpty() ? keymanagers.toArray(new KeyManager[keymanagers.size()]) : null,
163 !trustmanagers.isEmpty() ? trustmanagers.toArray(new TrustManager[trustmanagers.size()]) : null,
164 secureRandom);
165 return sslcontext;
166 }
167
168 static class TrustManagerDelegate implements X509TrustManager {
169
170 private final X509TrustManager trustManager;
171 private final TrustStrategy trustStrategy;
172
173 TrustManagerDelegate(final X509TrustManager trustManager, final TrustStrategy trustStrategy) {
174 super();
175 this.trustManager = trustManager;
176 this.trustStrategy = trustStrategy;
177 }
178
179 @Override
180 public void checkClientTrusted(
181 final X509Certificate[] chain, final String authType) throws CertificateException {
182 this.trustManager.checkClientTrusted(chain, authType);
183 }
184
185 @Override
186 public void checkServerTrusted(
187 final X509Certificate[] chain, final String authType) throws CertificateException {
188 if (!this.trustStrategy.isTrusted(chain, authType)) {
189 this.trustManager.checkServerTrusted(chain, authType);
190 }
191 }
192
193 @Override
194 public X509Certificate[] getAcceptedIssuers() {
195 return this.trustManager.getAcceptedIssuers();
196 }
197
198 }
199
200 static class KeyManagerDelegate implements X509KeyManager {
201
202 private final X509KeyManager keyManager;
203 private final PrivateKeyStrategy aliasStrategy;
204
205 KeyManagerDelegate(final X509KeyManager keyManager, final PrivateKeyStrategy aliasStrategy) {
206 super();
207 this.keyManager = keyManager;
208 this.aliasStrategy = aliasStrategy;
209 }
210
211 @Override
212 public String[] getClientAliases(
213 final String keyType, final Principal[] issuers) {
214 return this.keyManager.getClientAliases(keyType, issuers);
215 }
216
217 @Override
218 public String chooseClientAlias(
219 final String[] keyTypes, final Principal[] issuers, final Socket socket) {
220 final Map<String, PrivateKeyDetails> validAliases = new HashMap<String, PrivateKeyDetails>();
221 for (final String keyType: keyTypes) {
222 final String[] aliases = this.keyManager.getClientAliases(keyType, issuers);
223 if (aliases != null) {
224 for (final String alias: aliases) {
225 validAliases.put(alias,
226 new PrivateKeyDetails(keyType, this.keyManager.getCertificateChain(alias)));
227 }
228 }
229 }
230 return this.aliasStrategy.chooseAlias(validAliases, socket);
231 }
232
233 @Override
234 public String[] getServerAliases(
235 final String keyType, final Principal[] issuers) {
236 return this.keyManager.getServerAliases(keyType, issuers);
237 }
238
239 @Override
240 public String chooseServerAlias(
241 final String keyType, final Principal[] issuers, final Socket socket) {
242 final Map<String, PrivateKeyDetails> validAliases = new HashMap<String, PrivateKeyDetails>();
243 final String[] aliases = this.keyManager.getServerAliases(keyType, issuers);
244 if (aliases != null) {
245 for (final String alias: aliases) {
246 validAliases.put(alias,
247 new PrivateKeyDetails(keyType, this.keyManager.getCertificateChain(alias)));
248 }
249 }
250 return this.aliasStrategy.chooseAlias(validAliases, socket);
251 }
252
253 @Override
254 public X509Certificate[] getCertificateChain(final String alias) {
255 return this.keyManager.getCertificateChain(alias);
256 }
257
258 @Override
259 public PrivateKey getPrivateKey(final String alias) {
260 return this.keyManager.getPrivateKey(alias);
261 }
262
263 }
264
265 }