/* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ package org.apache.smscserver.ssl.impl; import java.security.GeneralSecurityException; import javax.net.ssl.KeyManager; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.X509KeyManager; import org.apache.smscserver.ssl.ClientAuth; import org.apache.smscserver.ssl.SslConfiguration; import org.apache.smscserver.ssl.SslConfigurationFactory; import org.apache.smscserver.util.ClassUtils; /** * <strong>Internal class, do not use directly.</strong> * * Used to configure the SSL settings for the control channel or the data channel. * * <strong><strong>Internal class, do not use directly.</strong></strong> * * @author hceylan */ public class DefaultSslConfiguration implements SslConfiguration { private final KeyManagerFactory keyManagerFactory; private final TrustManagerFactory trustManagerFactory; private String sslProtocol = "TLS"; private final ClientAuth clientAuth;// = ClientAuth.NONE; private final String keyAlias; private final String[] enabledCipherSuites; private final SSLContext sslContext; private final SSLSocketFactory socketFactory; /** * Internal constructor, do not use directly. Instead, use {@link SslConfigurationFactory} * * @throws GeneralSecurityException */ public DefaultSslConfiguration(KeyManagerFactory keyManagerFactory, TrustManagerFactory trustManagerFactory, ClientAuth clientAuthReqd, String sslProtocol, String[] enabledCipherSuites, String keyAlias) throws GeneralSecurityException { super(); this.clientAuth = clientAuthReqd; this.enabledCipherSuites = enabledCipherSuites; this.keyAlias = keyAlias; this.keyManagerFactory = keyManagerFactory; this.sslProtocol = sslProtocol; this.trustManagerFactory = trustManagerFactory; this.sslContext = this.initContext(); this.socketFactory = this.sslContext.getSocketFactory(); } /** * @see SslConfiguration#getClientAuth() */ public ClientAuth getClientAuth() { return this.clientAuth; } /** * @see SslConfiguration#getEnabledCipherSuites() */ public String[] getEnabledCipherSuites() { if (this.enabledCipherSuites != null) { return this.enabledCipherSuites.clone(); } else { return null; } } public SSLSocketFactory getSocketFactory() throws GeneralSecurityException { return this.socketFactory; } /** * @see SslConfiguration#getSSLContext() */ public SSLContext getSSLContext() throws GeneralSecurityException { return this.getSSLContext(this.sslProtocol); } /** * @see SslConfiguration#getSSLContext(String) */ public SSLContext getSSLContext(String protocol) throws GeneralSecurityException { return this.sslContext; } private SSLContext initContext() throws GeneralSecurityException { KeyManager[] keyManagers = this.keyManagerFactory.getKeyManagers(); // wrap key managers to allow us to control their behavior // (SMSCSERVER-93) for (int i = 0; i < keyManagers.length; i++) { if (ClassUtils.extendsClass(keyManagers[i].getClass(), "javax.net.ssl.X509ExtendedKeyManager")) { keyManagers[i] = new ExtendedAliasKeyManager(keyManagers[i], this.keyAlias); } else if (keyManagers[i] instanceof X509KeyManager) { keyManagers[i] = new AliasKeyManager(keyManagers[i], this.keyAlias); } } // create and initialize the SSLContext SSLContext ctx = SSLContext.getInstance(this.sslProtocol); ctx.init(keyManagers, this.trustManagerFactory.getTrustManagers(), null); // Create the socket factory return ctx; } }