HTTPCLIENT-1128: added factory method to create SSLSocketFactory instances initialized using system properties

git-svn-id: https://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk@1180993 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Oleg Kalnichevski 2011-10-10 14:27:45 +00:00
parent f2aa481280
commit 420fc2604f
2 changed files with 145 additions and 123 deletions

View File

@ -46,6 +46,8 @@ import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager; import javax.net.ssl.X509TrustManager;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException; import java.io.IOException;
import java.net.InetAddress; import java.net.InetAddress;
import java.net.InetSocketAddress; import java.net.InetSocketAddress;
@ -56,8 +58,10 @@ import java.security.KeyManagementException;
import java.security.KeyStore; import java.security.KeyStore;
import java.security.KeyStoreException; import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom; import java.security.SecureRandom;
import java.security.UnrecoverableKeyException; import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
/** /**
* Layered socket factory for TLS/SSL connections. * Layered socket factory for TLS/SSL connections.
@ -157,14 +161,29 @@ public class SSLSocketFactory implements LayeredSchemeSocketFactory, LayeredSock
public static final X509HostnameVerifier STRICT_HOSTNAME_VERIFIER public static final X509HostnameVerifier STRICT_HOSTNAME_VERIFIER
= new StrictHostnameVerifier(); = new StrictHostnameVerifier();
private final static char[] EMPTY_PASSWORD = "".toCharArray();
/** /**
* Gets the default factory, which uses the default JVM settings for secure * Gets the default factory, which uses the default JSSE settings for initializing
* connections. * the SSL context.
* *
* @return the default factory * @return the default SSL socket factory
*/ */
public static SSLSocketFactory getSocketFactory() { public static SSLSocketFactory getSocketFactory() {
return new SSLSocketFactory(); return new SSLSocketFactory(createDefaultSSLContext());
}
/**
* Gets the default factory, which uses system properties for initializing the SSL context
* as described in
* <a href="http://download.oracle.com/javase/1,5.0/docs/guide/security/jsse/JSSERefGuide.html">
* "JavaTM Secure Socket Extension (JSSE) Reference Guide for the JavaTM 2 Platform
* Standard Edition 5</a>
*
* @return the system SSL socket factory
*/
public static SSLSocketFactory getSystemSocketFactory() {
return new SSLSocketFactory(createSystemSSLContext());
} }
private final javax.net.ssl.SSLSocketFactory socketfactory; private final javax.net.ssl.SSLSocketFactory socketfactory;
@ -206,6 +225,119 @@ public class SSLSocketFactory implements LayeredSchemeSocketFactory, LayeredSock
return sslcontext; return sslcontext;
} }
private static SSLContext createSystemSSLContext(
String algorithm,
final SecureRandom random) throws IOException, NoSuchAlgorithmException, NoSuchProviderException,
KeyStoreException, CertificateException, UnrecoverableKeyException, KeyManagementException {
if (algorithm == null) {
algorithm = TLS;
}
TrustManagerFactory tmfactory = null;
String trustAlgorithm = System.getProperty("ssl.TrustManagerFactory.algorithm");
if (trustAlgorithm == null) {
trustAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
}
String trustStoreType = System.getProperty("javax.net.ssl.trustStoreType");
if (trustStoreType == null) {
trustStoreType = KeyStore.getDefaultType();
}
if ("none".equalsIgnoreCase(trustStoreType)) {
tmfactory = TrustManagerFactory.getInstance(trustAlgorithm);
} else {
File trustStoreFile = null;
String s = System.getProperty("javax.net.ssl.trustStore");
if (s != null) {
trustStoreFile = new File(s);
tmfactory = TrustManagerFactory.getInstance(trustAlgorithm);
String trustStoreProvider = System.getProperty("javax.net.ssl.trustStoreProvider");
KeyStore trustStore;
if (trustStoreProvider != null) {
trustStore = KeyStore.getInstance(trustStoreType, trustStoreProvider);
} else {
trustStore = KeyStore.getInstance(trustStoreType);
}
String trustStorePassword = System.getProperty("javax.net.ssl.trustStorePassword");
FileInputStream instream = new FileInputStream(trustStoreFile);
try {
trustStore.load(instream, trustStorePassword != null ?
trustStorePassword.toCharArray() : EMPTY_PASSWORD);
} finally {
instream.close();
}
tmfactory.init(trustStore);
} else {
File javaHome = new File(System.getProperty("java.home"));
File file = new File(javaHome, "lib/security/jssecacerts");
if (!file.exists()) {
file = new File(javaHome, "lib/security/cacerts");
trustStoreFile = file;
} else {
trustStoreFile = file;
}
tmfactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
String trustStorePassword = System.getProperty("javax.net.ssl.trustStorePassword");
if (trustStorePassword == null) {
trustStorePassword = "changeit";
}
FileInputStream instream = new FileInputStream(trustStoreFile);
try {
trustStore.load(instream, trustStorePassword.toCharArray());
} finally {
instream.close();
}
tmfactory.init(trustStore);
}
}
KeyManagerFactory kmfactory = null;
String keyAlgorithm = System.getProperty("ssl.KeyManagerFactory.algorithm");
if (keyAlgorithm == null) {
keyAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
}
String keyStoreType = System.getProperty("javax.net.ssl.keyStoreType");
if (keyStoreType == null) {
keyStoreType = KeyStore.getDefaultType();
}
if ("none".equalsIgnoreCase(keyStoreType)) {
kmfactory = KeyManagerFactory.getInstance(keyAlgorithm);
} else {
File keyStoreFile = null;
String s = System.getProperty("javax.net.ssl.keyStore");
if (s != null) {
keyStoreFile = new File(s);
}
if (keyStoreFile != null) {
kmfactory = KeyManagerFactory.getInstance(keyAlgorithm);
String keyStoreProvider = System.getProperty("javax.net.ssl.keyStoreProvider");
KeyStore keyStore;
if (keyStoreProvider != null) {
keyStore = KeyStore.getInstance(keyStoreType, keyStoreProvider);
} else {
keyStore = KeyStore.getInstance(keyStoreType);
}
String keyStorePassword = System.getProperty("javax.net.ssl.keyStorePassword");
FileInputStream instream = new FileInputStream(keyStoreFile);
try {
keyStore.load(instream, keyStorePassword != null ?
keyStorePassword.toCharArray() : EMPTY_PASSWORD);
} finally {
instream.close();
}
kmfactory.init(keyStore, keyStorePassword != null ?
keyStorePassword.toCharArray() : EMPTY_PASSWORD);
}
}
SSLContext sslcontext = SSLContext.getInstance(algorithm);
sslcontext.init(
kmfactory != null ? kmfactory.getKeyManagers() : null,
tmfactory != null ? tmfactory.getTrustManagers() : null,
random);
return sslcontext;
}
private static SSLContext createDefaultSSLContext() { private static SSLContext createDefaultSSLContext() {
try { try {
return createSSLContext(TLS, null, null, null, null, null); return createSSLContext(TLS, null, null, null, null, null);
@ -214,6 +346,14 @@ public class SSLSocketFactory implements LayeredSchemeSocketFactory, LayeredSock
} }
} }
private static SSLContext createSystemSSLContext() {
try {
return createSystemSSLContext(TLS, null);
} catch (Exception ex) {
throw new IllegalStateException("Failure initializing default system SSL context", ex);
}
}
/** /**
* @deprecated Use {@link #SSLSocketFactory(String, KeyStore, String, KeyStore, SecureRandom, X509HostnameVerifier)} * @deprecated Use {@link #SSLSocketFactory(String, KeyStore, String, KeyStore, SecureRandom, X509HostnameVerifier)}
*/ */
@ -331,10 +471,6 @@ public class SSLSocketFactory implements LayeredSchemeSocketFactory, LayeredSock
this.nameResolver = null; this.nameResolver = null;
} }
private SSLSocketFactory() {
this(createDefaultSSLContext());
}
/** /**
* @param params Optional parameters. Parameters passed to this method will have no effect. * @param params Optional parameters. Parameters passed to this method will have no effect.
* This method will create a unconnected instance of {@link Socket} class. * This method will create a unconnected instance of {@link Socket} class.

View File

@ -26,15 +26,8 @@
*/ */
package org.apache.http.impl.conn; package org.apache.http.impl.conn;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException; import java.io.IOException;
import java.security.GeneralSecurityException; import java.security.GeneralSecurityException;
import java.security.KeyStore;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.apache.http.annotation.ThreadSafe; import org.apache.http.annotation.ThreadSafe;
import org.apache.http.conn.scheme.PlainSocketFactory; import org.apache.http.conn.scheme.PlainSocketFactory;
@ -61,8 +54,6 @@ public final class SchemeRegistryFactory {
return registry; return registry;
} }
private final static char[] EMPTY_PASSWORD = "".toCharArray();
/** /**
* Initializes default scheme registry using system properties as described in * Initializes default scheme registry using system properties as described in
* <a href="http://download.oracle.com/javase/1,5.0/docs/guide/security/jsse/JSSERefGuide.html"> * <a href="http://download.oracle.com/javase/1,5.0/docs/guide/security/jsse/JSSERefGuide.html">
@ -75,113 +66,8 @@ public final class SchemeRegistryFactory {
SchemeRegistry registry = new SchemeRegistry(); SchemeRegistry registry = new SchemeRegistry();
registry.register( registry.register(
new Scheme("http", 80, PlainSocketFactory.getSocketFactory())); new Scheme("http", 80, PlainSocketFactory.getSocketFactory()));
TrustManagerFactory tmfactory = null;
String trustAlgorithm = System.getProperty("ssl.TrustManagerFactory.algorithm");
if (trustAlgorithm == null) {
trustAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
}
String trustStoreType = System.getProperty("javax.net.ssl.trustStoreType");
if (trustStoreType == null) {
trustStoreType = KeyStore.getDefaultType();
}
if ("none".equalsIgnoreCase(trustStoreType)) {
tmfactory = TrustManagerFactory.getInstance(trustAlgorithm);
} else {
File trustStoreFile = null;
String s = System.getProperty("javax.net.ssl.trustStore");
if (s != null) {
trustStoreFile = new File(s);
tmfactory = TrustManagerFactory.getInstance(trustAlgorithm);
String trustStoreProvider = System.getProperty("javax.net.ssl.trustStoreProvider");
KeyStore trustStore;
if (trustStoreProvider != null) {
trustStore = KeyStore.getInstance(trustStoreType, trustStoreProvider);
} else {
trustStore = KeyStore.getInstance(trustStoreType);
}
String trustStorePassword = System.getProperty("javax.net.ssl.trustStorePassword");
FileInputStream instream = new FileInputStream(trustStoreFile);
try {
trustStore.load(instream, trustStorePassword != null ?
trustStorePassword.toCharArray() : EMPTY_PASSWORD);
} finally {
instream.close();
}
tmfactory.init(trustStore);
} else {
File javaHome = new File(System.getProperty("java.home"));
File file = new File(javaHome, "lib/security/jssecacerts");
if (!file.exists()) {
file = new File(javaHome, "lib/security/cacerts");
trustStoreFile = file;
} else {
trustStoreFile = file;
}
tmfactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
String trustStorePassword = System.getProperty("javax.net.ssl.trustStorePassword");
if (trustStorePassword == null) {
trustStorePassword = "changeit";
}
FileInputStream instream = new FileInputStream(trustStoreFile);
try {
trustStore.load(instream, trustStorePassword.toCharArray());
} finally {
instream.close();
}
tmfactory.init(trustStore);
}
}
KeyManagerFactory kmfactory = null;
String keyAlgorithm = System.getProperty("ssl.KeyManagerFactory.algorithm");
if (keyAlgorithm == null) {
keyAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
}
String keyStoreType = System.getProperty("javax.net.ssl.keyStoreType");
if (keyStoreType == null) {
keyStoreType = KeyStore.getDefaultType();
}
if ("none".equalsIgnoreCase(keyStoreType)) {
kmfactory = KeyManagerFactory.getInstance(keyAlgorithm);
} else {
File keyStoreFile = null;
String s = System.getProperty("javax.net.ssl.keyStore");
if (s != null) {
keyStoreFile = new File(s);
}
if (keyStoreFile != null) {
kmfactory = KeyManagerFactory.getInstance(keyAlgorithm);
String keyStoreProvider = System.getProperty("javax.net.ssl.keyStoreProvider");
KeyStore keyStore;
if (keyStoreProvider != null) {
keyStore = KeyStore.getInstance(keyStoreType, keyStoreProvider);
} else {
keyStore = KeyStore.getInstance(keyStoreType);
}
String keyStorePassword = System.getProperty("javax.net.ssl.keyStorePassword");
FileInputStream instream = new FileInputStream(keyStoreFile);
try {
keyStore.load(instream, keyStorePassword != null ?
keyStorePassword.toCharArray() : EMPTY_PASSWORD);
} finally {
instream.close();
}
kmfactory.init(keyStore, keyStorePassword != null ?
keyStorePassword.toCharArray() : EMPTY_PASSWORD);
}
}
SSLContext sslcontext = SSLContext.getInstance("TLS");
sslcontext.init(
kmfactory != null ? kmfactory.getKeyManagers() : null,
tmfactory != null ? tmfactory.getTrustManagers() : null,
null);
registry.register( registry.register(
new Scheme("https", 443, new SSLSocketFactory(sslcontext))); new Scheme("https", 443, SSLSocketFactory.getSystemSocketFactory()));
return registry; return registry;
} }
} }