-
Notifications
You must be signed in to change notification settings - Fork 188
Expand file tree
/
Copy pathSSLUtils.java
More file actions
125 lines (105 loc) · 5.34 KB
/
SSLUtils.java
File metadata and controls
125 lines (105 loc) · 5.34 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
// Copyright 2015-2018 The NATS Authors
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at:
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package io.nats.client.support;
import io.nats.client.Options;
import javax.net.ssl.*;
import java.io.BufferedInputStream;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import static io.nats.client.support.RandomUtils.SRAND;
public class SSLUtils {
public static final String DEFAULT_TLS_ALGORITHM = "SunX509";
public static final String DEFAULT_KEYSTORE_TYPE = "JKS";
private static TrustManagerDelegate TRUST_MANAGER_DELEGATE;
public static void setDefaultTrustManagerDelegate(TrustManagerDelegate trustManagerDelegate) {
SSLUtils.TRUST_MANAGER_DELEGATE = trustManagerDelegate;
}
public interface TrustManagerDelegate {
java.security.cert.X509Certificate[] getAcceptedIssuers();
void checkClientTrusted(X509Certificate[] certs, String authType);
void checkServerTrusted(X509Certificate[] certs, String authType);
}
private static final TrustManager[] DEFAULT_TRUST_MANAGERS = new TrustManager[] {
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return TRUST_MANAGER_DELEGATE == null ? null : TRUST_MANAGER_DELEGATE.getAcceptedIssuers();
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {
if (TRUST_MANAGER_DELEGATE != null) {
TRUST_MANAGER_DELEGATE.checkClientTrusted(certs, authType);
}
}
public void checkServerTrusted(X509Certificate[] certs, String authType) {
if (TRUST_MANAGER_DELEGATE != null) {
TRUST_MANAGER_DELEGATE.checkServerTrusted(certs, authType);
}
}
}
};
public static SSLContext createOpenTLSContext() {
try {
return createTrustAllTlsContext();
}
catch (Exception e) {
return null;
}
}
public static SSLContext createTrustAllTlsContext() throws GeneralSecurityException {
SSLContext context = SSLContext.getInstance(Options.DEFAULT_SSL_PROTOCOL);
context.init(null, DEFAULT_TRUST_MANAGERS, SRAND);
return context;
}
public static KeyStore loadKeystore(String keystorePath, char[] keystorePwd) throws GeneralSecurityException, IOException {
final KeyStore store = KeyStore.getInstance(DEFAULT_KEYSTORE_TYPE);
try (BufferedInputStream in = new BufferedInputStream(Files.newInputStream(Paths.get(keystorePath)))) {
store.load(in, keystorePwd);
}
return store;
}
public static KeyManager[] createKeyManagers(String keystorePath, char[] keystorePwd) throws GeneralSecurityException, IOException {
return createKeyManagers(keystorePath, keystorePwd, DEFAULT_TLS_ALGORITHM);
}
public static KeyManager[] createKeyManagers(String keystorePath, char[] keystorePwd, String tlsAlgo) throws GeneralSecurityException, IOException {
if (keystorePath == null) {
return null;
}
KeyStore store = loadKeystore(keystorePath, keystorePwd);
KeyManagerFactory factory = KeyManagerFactory.getInstance(tlsAlgo);
factory.init(store, keystorePwd);
return factory.getKeyManagers();
}
public static TrustManager[] createTrustManagers(String truststorePath, char[] truststorePwd) throws GeneralSecurityException, IOException {
return createTrustManagers(truststorePath, truststorePwd, DEFAULT_TLS_ALGORITHM);
}
public static TrustManager[] createTrustManagers(String truststorePath, char[] truststorePwd, String tlsAlgo) throws GeneralSecurityException, IOException {
if (truststorePath == null) {
return null;
}
KeyStore store = loadKeystore(truststorePath, truststorePwd);
TrustManagerFactory factory = TrustManagerFactory.getInstance(tlsAlgo);
factory.init(store);
return factory.getTrustManagers();
}
public static SSLContext createSSLContext(String keystorePath, char[] keystorePwd, String truststorePath, char[] truststorePwd) throws GeneralSecurityException, IOException {
return createSSLContext(keystorePath, keystorePwd, truststorePath, truststorePwd, DEFAULT_TLS_ALGORITHM);
}
public static SSLContext createSSLContext(String keystorePath, char[] keystorePwd, String truststorePath, char[] truststorePwd, String tlsAlgo) throws GeneralSecurityException, IOException {
SSLContext ctx = SSLContext.getInstance(Options.DEFAULT_SSL_PROTOCOL);
ctx.init(createKeyManagers(keystorePath, keystorePwd, tlsAlgo), createTrustManagers(truststorePath, truststorePwd, tlsAlgo), SRAND);
return ctx;
}
}