/* * Copyright (c) 2014 The APN-PROXY Project * * The APN-PROXY Project licenses this file to you under the Apache License, * version 2.0 (the "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at: * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the * License for the specific language governing permissions and limitations * under the License. */ package com.xx_dev.apn.proxy; import com.xx_dev.apn.proxy.config.ApnProxyConfig; import com.xx_dev.apn.proxy.config.ApnProxyListenType; import org.apache.log4j.Logger; import javax.net.ssl.*; import java.io.FileInputStream; import java.io.InputStream; import java.security.KeyStore; /** * @author xmx * @version $Id: com.xx_dev.apn.proxy.ApnProxySSLContextFactory 14-1-8 16:13 (xmx) Exp $ */ public class ApnProxySSLContextFactory { private static final Logger logger = Logger.getLogger(ApnProxySSLContextFactory.class); private static KeyManager[] keyManagers = null; private static TrustManager[] trustManagers = null; static { try { if (ApnProxyConfig.getConfig().getListenType() == ApnProxyListenType.SSL) { KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); KeyStore ks = KeyStore.getInstance("JKS"); String keyStorePath = ApnProxyConfig.getConfig().getKeyStorePath(); String keyStorePassword = ApnProxyConfig.getConfig().getKeyStroePassword(); InputStream keyStoreInputStream = new FileInputStream(keyStorePath); ks.load(keyStoreInputStream, keyStorePassword.toCharArray()); keyStoreInputStream.close(); String keyPassword = ApnProxyConfig.getConfig().getKeyStroePassword(); kmf.init(ks, keyPassword.toCharArray()); keyManagers = kmf.getKeyManagers(); } if (ApnProxyConfig.getConfig().isUseTrustStore()) { TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); KeyStore tks = KeyStore.getInstance("JKS"); String trustStorePath = ApnProxyConfig.getConfig().getTrustStorePath(); String trustStorePassword = ApnProxyConfig.getConfig().getTrustStorePassword(); InputStream trustStoreInputStream = new FileInputStream(trustStorePath); tks.load(trustStoreInputStream, trustStorePassword.toCharArray()); trustStoreInputStream.close(); tmf.init(tks); trustManagers = tmf.getTrustManagers(); } } catch (Exception e) { logger.error(e.getMessage(), e); } } public static SSLEngine createClientSSLEnginForRemoteAddress(String host, int port) { try { SSLContext sslcontext = SSLContext.getInstance("TLS"); sslcontext.init(null, trustManagers, null); return sslcontext.createSSLEngine(host, port); } catch (Exception e) { logger.error(e.getMessage(), e); } return null; } public static SSLEngine createServerSSLSSLEngine() { try { SSLContext sslcontext = SSLContext.getInstance("TLS"); sslcontext.init(keyManagers, trustManagers, null); SSLEngine sslEngine = sslcontext.createSSLEngine(); sslEngine.setUseClientMode(false); sslEngine.setNeedClientAuth(false); //should config? return sslEngine; } catch (Exception e) { logger.error(e.getMessage(), e); } return null; } }