ApnProxySSLContextFactory.java

/*
 * Copyright (c) 2014 The APN-PROXY Project
 *
 * The APN-PROXY Project licenses this file to you under the Apache License,
 * version 2.0 (the "License"); you may not use this file except in compliance
 * with the License. You may obtain a copy of the License at:
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 * License for the specific language governing permissions and limitations
 * under the License.
 */

package com.xx_dev.apn.proxy;

import com.xx_dev.apn.proxy.config.ApnProxyConfig;
import com.xx_dev.apn.proxy.config.ApnProxyListenType;
import org.apache.log4j.Logger;

import javax.net.ssl.*;
import java.io.FileInputStream;
import java.io.InputStream;
import java.security.KeyStore;

/**
 * @author xmx
 * @version $Id: com.xx_dev.apn.proxy.ApnProxySSLContextFactory 14-1-8 16:13 (xmx) Exp $
 */
public class ApnProxySSLContextFactory {

    private static final Logger logger = Logger.getLogger(ApnProxySSLContextFactory.class);

    private static KeyManager[] keyManagers = null;
    private static TrustManager[] trustManagers = null;

    static {
        try {

            if (ApnProxyConfig.getConfig().getListenType() == ApnProxyListenType.SSL) {
                KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
                KeyStore ks = KeyStore.getInstance("JKS");
                String keyStorePath = ApnProxyConfig.getConfig().getKeyStorePath();
                String keyStorePassword = ApnProxyConfig.getConfig().getKeyStroePassword();

                InputStream keyStoreInputStream = new FileInputStream(keyStorePath);
                ks.load(keyStoreInputStream, keyStorePassword.toCharArray());
                keyStoreInputStream.close();

                String keyPassword = ApnProxyConfig.getConfig().getKeyStroePassword();
                kmf.init(ks, keyPassword.toCharArray());
                keyManagers = kmf.getKeyManagers();
            }

            if (ApnProxyConfig.getConfig().isUseTrustStore()) {
                TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
                KeyStore tks = KeyStore.getInstance("JKS");
                String trustStorePath = ApnProxyConfig.getConfig().getTrustStorePath();
                String trustStorePassword = ApnProxyConfig.getConfig().getTrustStorePassword();

                InputStream trustStoreInputStream = new FileInputStream(trustStorePath);
                tks.load(trustStoreInputStream, trustStorePassword.toCharArray());
                trustStoreInputStream.close();

                tmf.init(tks);
                trustManagers = tmf.getTrustManagers();
            }
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
        }
    }

    public static SSLEngine createClientSSLEnginForRemoteAddress(String host, int port) {
        try {
            SSLContext sslcontext = SSLContext.getInstance("TLS");
            sslcontext.init(null, trustManagers, null);

            return sslcontext.createSSLEngine(host, port);

        } catch (Exception e) {
            logger.error(e.getMessage(), e);
        }
        return null;
    }

    public static SSLEngine createServerSSLSSLEngine() {

        try {
            SSLContext sslcontext = SSLContext.getInstance("TLS");

            sslcontext.init(keyManagers, trustManagers, null);

            SSLEngine sslEngine = sslcontext.createSSLEngine();
            sslEngine.setUseClientMode(false);
            sslEngine.setNeedClientAuth(false); //should config?

            return sslEngine;
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
        }

        return null;

    }

}