/* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. * */ package org.apache.vysper.xmpp.cryptography; import java.io.IOException; import java.io.InputStream; import java.security.GeneralSecurityException; import java.security.KeyStore; import java.security.Security; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; /** * derived from MINA's BogusSSLContextFactory. * see http://svn.apache.org/viewvc/mina/branches/1.0/example/src/main/java/org/apache/mina/example/echoserver/ssl/BogusSSLContextFactory.java?view=markup * * @author The Apache MINA Project (dev@mina.apache.org) */ public abstract class AbstractTLSContextFactory implements TLSContextFactory { private static final String PROTOCOL = "TLS"; private static final String DEFAULT_ALGORITHM = "SunX509"; private static final String DEFAULT_KEYSTORE_TYPE = "JKS"; private static final String KEY_MANAGER_FACTORY_ALGORITHM; static { String algorithm = Security.getProperty("ssl.KeyManagerFactory.algorithm"); if (algorithm == null) algorithm = DEFAULT_ALGORITHM; KEY_MANAGER_FACTORY_ALGORITHM = algorithm; } private SSLContext sslContext = null; protected String password = null; private String keystoreType = DEFAULT_KEYSTORE_TYPE; protected TrustManagerFactory trustManagerFactory = new BogusTrustManagerFactory(); // NOTE: The keystore was generated using keytool: // keytool -genkey -alias bogus -keysize 512 -validity 3650 // -keyalg RSA -dname "CN=bogus.com, OU=XXX CA, // O=BogusTrustManagerFactory Inc, L=Stockholm, S=Stockholm, C=SE" // -keypass boguspw -storepass boguspw -keystore bogus.cert abstract protected InputStream getCertificateInputStream() throws IOException; public void setPassword(String password) { this.password = password; } public void setTrustManagerFactory(TrustManagerFactory trustManagerFactory) { this.trustManagerFactory = trustManagerFactory; } public void setKeyStoreType(String keyStoreType) { this.keystoreType = keyStoreType; } public SSLContext getSSLContext() throws GeneralSecurityException, IOException { if (sslContext == null) sslContext = createSSLContext(); return sslContext; } private SSLContext createSSLContext() throws GeneralSecurityException, IOException { // Create keystore KeyStore ks = KeyStore.getInstance(keystoreType); InputStream in = null; try { in = getCertificateInputStream(); ks.load(in, password.toCharArray()); } finally { if (in != null) { try { in.close(); } catch (IOException ignored) { ; } } } // Set up key manager factory to use our key store KeyManagerFactory kmf = KeyManagerFactory.getInstance(KEY_MANAGER_FACTORY_ALGORITHM); kmf.init(ks, password.toCharArray()); // Initialize the SSLContext to work with our key managers. SSLContext sslContext = SSLContext.getInstance(PROTOCOL); sslContext.init(kmf.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); return sslContext; } }