Package com.relayrides.pushy.apns.util

Source Code of com.relayrides.pushy.apns.util.SSLContextUtil

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
package com.relayrides.pushy.apns.util;

import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;

import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import com.relayrides.pushy.apns.PushManager;

/**
* A utility class for creating SSL contexts for use with a {@link PushManager}.
*
* @author <a href="mailto:jon@relayrides.com">Jon Chambers</a>
*/
public class SSLContextUtil {

  private static final String PROTOCOL = "TLS";
  private static final String DEFAULT_ALGORITHM = "SunX509";

  private static final Logger log = LoggerFactory.getLogger(SSLContextUtil.class);

  /**
   * Creates a new SSL context using the JVM default trust managers and the certificates in the given PKCS12 file.
   *
   * @param pathToPKCS12File the path to a PKCS12 file that contains the client certificate
   * @param keystorePassword the password to read the PKCS12 file; may be {@code null}
   *
   * @return an SSL context configured with the given client certificate and the JVM default trust managers
   */
  public static SSLContext createDefaultSSLContext(final String pathToPKCS12File, final String keystorePassword) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException, KeyManagementException, IOException {
    final FileInputStream keystoreInputStream = new FileInputStream(pathToPKCS12File);
    try {
      return createDefaultSSLContext(keystoreInputStream, keystorePassword);
    } finally {
      try {
        keystoreInputStream.close();
      } catch (IOException e) {
        log.error("Failed to close keystore input stream.", e);
      }
    }
  }

  /**
   * Creates a new SSL context using the JVM default trust managers and the certificates in the given PKCS12 InputStream.
   *
   * @param keystoreInputStream a PKCS12 file that contains the client certificate
   * @param keystorePassword the password to read the PKCS12 file; may be {@code null}
   *
   * @return an SSL context configured with the given client certificate and the JVM default trust managers
   */
  public static SSLContext createDefaultSSLContext(final InputStream keystoreInputStream, final String keystorePassword) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException, KeyManagementException, IOException {
    final KeyStore keyStore = KeyStore.getInstance("PKCS12");
    final char[] password = keystorePassword != null ? keystorePassword.toCharArray() : null;

    keyStore.load(keystoreInputStream, password);

    return createDefaultSSLContext(keyStore, keystorePassword != null ? keystorePassword.toCharArray() : null);
  }

  /**
   * Creates a new SSL context using the JVM default trust managers and the certificates in the given keystore.
   *
   * @param keyStore A {@code KeyStore} containing the client certificates to present during a TLS handshake; may be
   * {@code null} if the environment does not require TLS. The {@code KeyStore} should be loaded before being used
   * here.
   * @param keyStorePassword a password to unlock the given {@code KeyStore}; may be {@code null}
   *
   * @return an SSL context configured with the certificates in the given keystore and the JVM default trust managers
   */
  public static SSLContext createDefaultSSLContext(final KeyStore keyStore, final char[] keyStorePassword) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException {
    String algorithm = Security.getProperty("ssl.KeyManagerFactory.algorithm");

    if (algorithm == null) {
      algorithm = DEFAULT_ALGORITHM;
    }

    if (keyStore.size() == 0) {
      throw new KeyStoreException("Keystore is empty; while this is legal for keystores in general, APNs clients must have at least one key.");
    }

    final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(algorithm);
    trustManagerFactory.init((KeyStore) null);

    final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(algorithm);
    keyManagerFactory.init(keyStore, keyStorePassword);

    final SSLContext sslContext = SSLContext.getInstance(PROTOCOL);
    sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);

    return sslContext;
  }
}
TOP

Related Classes of com.relayrides.pushy.apns.util.SSLContextUtil

  • java.security.KeyStoreException
  • java.io.FileInputStream
  • java.security.KeyStore
  • javax.net.ssl.KeyManagerFactory
  • javax.net.ssl.TrustManagerFactory
  • javax.net.ssl.SSLContext
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.