/*
* Copyright (c) 2014 The APN-PROXY Project
*
* The APN-PROXY Project licenses this file to you under the Apache License,
* version 2.0 (the "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations
* under the License.
*/
package com.xx_dev.apn.proxy;
import com.xx_dev.apn.proxy.config.ApnProxyConfig;
import com.xx_dev.apn.proxy.config.ApnProxyListenType;
import org.apache.log4j.Logger;
import javax.net.ssl.*;
import java.io.FileInputStream;
import java.io.InputStream;
import java.security.KeyStore;
/**
* @author xmx
* @version $Id: com.xx_dev.apn.proxy.ApnProxySSLContextFactory 14-1-8 16:13 (xmx) Exp $
*/
public class ApnProxySSLContextFactory {
private static final Logger logger = Logger.getLogger(ApnProxySSLContextFactory.class);
private static KeyManager[] keyManagers = null;
private static TrustManager[] trustManagers = null;
static {
try {
if (ApnProxyConfig.getConfig().getListenType() == ApnProxyListenType.SSL) {
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
KeyStore ks = KeyStore.getInstance("JKS");
String keyStorePath = ApnProxyConfig.getConfig().getKeyStorePath();
String keyStorePassword = ApnProxyConfig.getConfig().getKeyStroePassword();
InputStream keyStoreInputStream = new FileInputStream(keyStorePath);
ks.load(keyStoreInputStream, keyStorePassword.toCharArray());
keyStoreInputStream.close();
String keyPassword = ApnProxyConfig.getConfig().getKeyStroePassword();
kmf.init(ks, keyPassword.toCharArray());
keyManagers = kmf.getKeyManagers();
}
if (ApnProxyConfig.getConfig().isUseTrustStore()) {
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
KeyStore tks = KeyStore.getInstance("JKS");
String trustStorePath = ApnProxyConfig.getConfig().getTrustStorePath();
String trustStorePassword = ApnProxyConfig.getConfig().getTrustStorePassword();
InputStream trustStoreInputStream = new FileInputStream(trustStorePath);
tks.load(trustStoreInputStream, trustStorePassword.toCharArray());
trustStoreInputStream.close();
tmf.init(tks);
trustManagers = tmf.getTrustManagers();
}
} catch (Exception e) {
logger.error(e.getMessage(), e);
}
}
public static SSLEngine createClientSSLEnginForRemoteAddress(String host, int port) {
try {
SSLContext sslcontext = SSLContext.getInstance("TLS");
sslcontext.init(null, trustManagers, null);
return sslcontext.createSSLEngine(host, port);
} catch (Exception e) {
logger.error(e.getMessage(), e);
}
return null;
}
public static SSLEngine createServerSSLSSLEngine() {
try {
SSLContext sslcontext = SSLContext.getInstance("TLS");
sslcontext.init(keyManagers, trustManagers, null);
SSLEngine sslEngine = sslcontext.createSSLEngine();
sslEngine.setUseClientMode(false);
sslEngine.setNeedClientAuth(false); //should config?
return sslEngine;
} catch (Exception e) {
logger.error(e.getMessage(), e);
}
return null;
}
}