/** * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * * WSO2 Inc. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except * in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ package org.wso2.carbon.websocket.transport.utils; import org.apache.log4j.Logger; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManagerFactory; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.security.KeyManagementException; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.UnrecoverableKeyException; import java.security.cert.CertificateException; public class SSLUtil { private static String KEY_STORE_TYPE = "JKS"; private static String TRUST_STORE_TYPE = "JKS"; private static String KEY_MANAGER_TYPE = "SunX509"; private static String TRUST_MANAGER_TYPE = "SunX509"; private static String PROTOCOL = "TLS"; private static SSLContext serverSSLCtx = null; private static SSLContext clientSSLCtx = null; private static final Logger LOGGER = Logger.getLogger(SSLUtil.class); public static SSLContext createServerSSLContext(final String keyStoreLocation, final String keyStorePwd) { try { if (serverSSLCtx == null) { KeyStore keyStore = KeyStore.getInstance(KEY_STORE_TYPE); keyStore.load(new FileInputStream(keyStoreLocation), keyStorePwd.toCharArray()); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KEY_MANAGER_TYPE); keyManagerFactory.init(keyStore, keyStorePwd.toCharArray()); serverSSLCtx = SSLContext.getInstance(PROTOCOL); serverSSLCtx.init(keyManagerFactory.getKeyManagers(), null, null); } } catch (UnrecoverableKeyException e) { LOGGER.error("Exception was thrown while building the server SSL Context", e); } catch (KeyManagementException e) { LOGGER.error("Exception was thrown while building the server SSL Context", e); } catch (KeyStoreException e) { LOGGER.error("Exception was thrown while building the server SSL Context", e); } catch (NoSuchAlgorithmException e) { LOGGER.error("Exception was thrown while building the server SSL Context", e); } catch (CertificateException e) { LOGGER.error("Exception was thrown while building the server SSL Context", e); } catch (FileNotFoundException e) { LOGGER.error("Exception was thrown while building the server SSL Context", e); } catch (IOException e) { LOGGER.error("Exception was thrown while building the server SSL Context", e); } return serverSSLCtx; } public static SSLContext createClientSSLContext(final String trustStoreLocation, final String trustStorePwd) { try { if (clientSSLCtx == null) { KeyStore trustStore = KeyStore.getInstance(TRUST_STORE_TYPE); trustStore.load(new FileInputStream(trustStoreLocation), trustStorePwd.toCharArray()); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TRUST_MANAGER_TYPE); trustManagerFactory.init(trustStore); clientSSLCtx = SSLContext.getInstance(PROTOCOL); clientSSLCtx.init(null, trustManagerFactory.getTrustManagers(), null); } } catch (KeyManagementException e) { LOGGER.error("Exception was thrown while building the client SSL Context", e); } catch (KeyStoreException e) { LOGGER.error("Exception was thrown while building the client SSL Context", e); } catch (NoSuchAlgorithmException e) { LOGGER.error("Exception was thrown while building the client SSL Context", e); } catch (CertificateException e) { LOGGER.error("Exception was thrown while building the client SSL Context", e); } catch (FileNotFoundException e) { LOGGER.error("Exception was thrown while building the client SSL Context", e); } catch (IOException e) { LOGGER.error("Exception was thrown while building the client SSL Context", e); } return clientSSLCtx; } public static TrustManagerFactory createTrustmanager(final String trustStoreLocation, final String trustStorePwd) { TrustManagerFactory trustManagerFactory = null; try { if (clientSSLCtx == null) { KeyStore trustStore = KeyStore.getInstance(TRUST_STORE_TYPE); trustStore.load(new FileInputStream(trustStoreLocation), trustStorePwd.toCharArray()); trustManagerFactory = TrustManagerFactory.getInstance(TRUST_MANAGER_TYPE); trustManagerFactory.init(trustStore); // clientSSLCtx = SSLContext.getInstance(PROTOCOL); // clientSSLCtx.init(null, // trustManagerFactory.getTrustManagers(), null); } } catch (KeyStoreException e) { LOGGER.error("Exception was thrown while building the client SSL Context", e); } catch (NoSuchAlgorithmException e) { LOGGER.error("Exception was thrown while building the client SSL Context", e); } catch (CertificateException e) { LOGGER.error("Exception was thrown while building the client SSL Context", e); } catch (FileNotFoundException e) { LOGGER.error("Exception was thrown while building the client SSL Context", e); } catch (IOException e) { LOGGER.error("Exception was thrown while building the client SSL Context", e); } return trustManagerFactory; } }