Added method to SchemeRegistryFactory to initialize default scheme registry using system properties

git-svn-id: https://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk@1180360 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Oleg Kalnichevski 2011-10-08 11:50:01 +00:00
parent 162f3d6d99
commit 6bd3da869d
1 changed files with 137 additions and 0 deletions

View File

@ -26,6 +26,16 @@
*/
package org.apache.http.impl.conn;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.apache.http.annotation.ThreadSafe;
import org.apache.http.conn.scheme.PlainSocketFactory;
import org.apache.http.conn.scheme.Scheme;
@ -38,6 +48,10 @@ import org.apache.http.conn.ssl.SSLSocketFactory;
@ThreadSafe
public final class SchemeRegistryFactory {
/**
* Initializes default scheme registry based on JSSE defaults. System properties will
* not be taken into consideration.
*/
public static SchemeRegistry createDefault() {
SchemeRegistry registry = new SchemeRegistry();
registry.register(
@ -47,5 +61,128 @@ public final class SchemeRegistryFactory {
return registry;
}
private final static char[] EMPTY_PASSWORD = "".toCharArray();
/**
* Initializes default scheme registry using system properties as described in
* <a href="http://download.oracle.com/javase/1,5.0/docs/guide/security/jsse/JSSERefGuide.html">
* "JavaTM Secure Socket Extension (JSSE) Reference Guide for the JavaTM 2 Platform
* Standard Edition 5</a>
*
* @since 4.2
*/
public static SchemeRegistry createSystemDefault() throws IOException, GeneralSecurityException {
SchemeRegistry registry = new SchemeRegistry();
registry.register(
new Scheme("http", 80, PlainSocketFactory.getSocketFactory()));
TrustManagerFactory tmfactory = null;
String trustAlgorithm = System.getProperty("ssl.TrustManagerFactory.algorithm");
if (trustAlgorithm == null) {
trustAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
}
String trustStoreType = System.getProperty("javax.net.ssl.trustStoreType");
if (trustStoreType == null) {
trustStoreType = KeyStore.getDefaultType();
}
if ("none".equalsIgnoreCase(trustStoreType)) {
tmfactory = TrustManagerFactory.getInstance(trustAlgorithm);
} else {
File trustStoreFile = null;
String s = System.getProperty("javax.net.ssl.trustStore");
if (s != null) {
trustStoreFile = new File(s);
tmfactory = TrustManagerFactory.getInstance(trustAlgorithm);
String trustStoreProvider = System.getProperty("javax.net.ssl.trustStoreProvider");
KeyStore trustStore;
if (trustStoreProvider != null) {
trustStore = KeyStore.getInstance(trustStoreType, trustStoreProvider);
} else {
trustStore = KeyStore.getInstance(trustStoreType);
}
String trustStorePassword = System.getProperty("javax.net.ssl.trustStorePassword");
FileInputStream instream = new FileInputStream(trustStoreFile);
try {
trustStore.load(instream, trustStorePassword != null ?
trustStorePassword.toCharArray() : EMPTY_PASSWORD);
} finally {
instream.close();
}
tmfactory.init(trustStore);
} else {
File javaHome = new File(System.getProperty("java.home"));
File file = new File(javaHome, "lib/security/jssecacerts");
if (!file.exists()) {
file = new File(javaHome, "lib/security/cacerts");
trustStoreFile = file;
} else {
trustStoreFile = file;
}
tmfactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
String trustStorePassword = System.getProperty("javax.net.ssl.trustStorePassword");
if (trustStorePassword == null) {
trustStorePassword = "changeit";
}
FileInputStream instream = new FileInputStream(trustStoreFile);
try {
trustStore.load(instream, trustStorePassword.toCharArray());
} finally {
instream.close();
}
tmfactory.init(trustStore);
}
}
KeyManagerFactory kmfactory = null;
String keyAlgorithm = System.getProperty("ssl.KeyManagerFactory.algorithm");
if (keyAlgorithm == null) {
keyAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
}
String keyStoreType = System.getProperty("javax.net.ssl.keyStoreType");
if (keyStoreType == null) {
keyStoreType = KeyStore.getDefaultType();
}
if ("none".equalsIgnoreCase(keyStoreType)) {
kmfactory = KeyManagerFactory.getInstance(keyAlgorithm);
} else {
File keyStoreFile = null;
String s = System.getProperty("javax.net.ssl.keyStore");
if (s != null) {
keyStoreFile = new File(s);
}
if (keyStoreFile != null) {
kmfactory = KeyManagerFactory.getInstance(keyAlgorithm);
String keyStoreProvider = System.getProperty("javax.net.ssl.keyStoreProvider");
KeyStore keyStore;
if (keyStoreProvider != null) {
keyStore = KeyStore.getInstance(keyStoreType, keyStoreProvider);
} else {
keyStore = KeyStore.getInstance(keyStoreType);
}
String keyStorePassword = System.getProperty("javax.net.ssl.keyStorePassword");
FileInputStream instream = new FileInputStream(keyStoreFile);
try {
keyStore.load(instream, keyStorePassword != null ?
keyStorePassword.toCharArray() : EMPTY_PASSWORD);
} finally {
instream.close();
}
kmfactory.init(keyStore, keyStorePassword != null ?
keyStorePassword.toCharArray() : EMPTY_PASSWORD);
}
}
SSLContext sslcontext = SSLContext.getInstance("TLS");
sslcontext.init(
kmfactory != null ? kmfactory.getKeyManagers() : null,
tmfactory != null ? tmfactory.getTrustManagers() : null,
null);
registry.register(
new Scheme("https", 443, new SSLSocketFactory(sslcontext)));
return registry;
}
}