[jboss-cvs] JBossAS SVN: r106609 - in trunk/security/src/main/java/org/jboss/security: ssl and 1 other directory.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon Jul 12 15:54:21 EDT 2010
Author: mmoyses
Date: 2010-07-12 15:54:20 -0400 (Mon, 12 Jul 2010)
New Revision: 106609
Added:
trunk/security/src/main/java/org/jboss/security/ssl/JBossProvider.java
trunk/security/src/main/java/org/jboss/security/ssl/JBossSSLConfiguration.java
trunk/security/src/main/java/org/jboss/security/ssl/KeyManagerFactoryImpl.java
trunk/security/src/main/java/org/jboss/security/ssl/TrustManagerFactoryImpl.java
Modified:
trunk/security/src/main/java/org/jboss/security/plugins/SecurityKeyManager.java
Log:
JBAS-8144: adding feature to override key/trust store configuration
Modified: trunk/security/src/main/java/org/jboss/security/plugins/SecurityKeyManager.java
===================================================================
--- trunk/security/src/main/java/org/jboss/security/plugins/SecurityKeyManager.java 2010-07-12 19:21:25 UTC (rev 106608)
+++ trunk/security/src/main/java/org/jboss/security/plugins/SecurityKeyManager.java 2010-07-12 19:54:20 UTC (rev 106609)
@@ -59,7 +59,7 @@
*/
public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket)
{
- return delegate.chooseServerAlias(keyType, issuers, socket);
+ return keyAlias;
}
/**
Added: trunk/security/src/main/java/org/jboss/security/ssl/JBossProvider.java
===================================================================
--- trunk/security/src/main/java/org/jboss/security/ssl/JBossProvider.java (rev 0)
+++ trunk/security/src/main/java/org/jboss/security/ssl/JBossProvider.java 2010-07-12 19:54:20 UTC (rev 106609)
@@ -0,0 +1,72 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.ssl;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.Provider;
+import java.security.Security;
+
+public class JBossProvider extends Provider
+{
+ private static final long serialVersionUID = -6211291745955454828L;
+
+ private static String INFO = "JBoss (X509 key/trust manager factories)";
+
+ private static String NAME = "JBoss";
+
+ public JBossProvider()
+ {
+ super(NAME, 1.0, INFO);
+
+ // override only the default algorithms
+ AccessController.doPrivileged(new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ // Sun, OpenJDK and JRockit KeyManagerFactory
+ put("KeyManagerFactory.SunX509", "org.jboss.security.ssl.KeyManagerFactoryImpl$SunX509");
+
+ // IBM KeyManagerFactory
+ put("KeyManagerFactory.IbmX509", "org.jboss.security.ssl.KeyManagerFactoryImpl$IbmX509");
+
+ // put the correct TrustManagerFactory
+ Provider[] providers = Security.getProviders("TrustManagerFactory.PKIX");
+ for (int i = 0; i < providers.length; i++)
+ {
+ String name = providers[i].getName();
+ if (name.equals("SunJSSE"))
+ {
+ put("TrustManagerFactory.PKIX", "org.jboss.security.ssl.TrustManagerFactoryImpl$SunPKIX");
+ break;
+ }
+ else if (name.equals("IBMJSSE2"))
+ {
+ put("TrustManagerFactory.PKIX", "org.jboss.security.ssl.TrustManagerFactoryImpl$IbmPKIX");
+ break;
+ }
+ }
+ return null;
+ }
+ });
+ }
+}
Added: trunk/security/src/main/java/org/jboss/security/ssl/JBossSSLConfiguration.java
===================================================================
--- trunk/security/src/main/java/org/jboss/security/ssl/JBossSSLConfiguration.java (rev 0)
+++ trunk/security/src/main/java/org/jboss/security/ssl/JBossSSLConfiguration.java 2010-07-12 19:54:20 UTC (rev 106609)
@@ -0,0 +1,429 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.ssl;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.lang.reflect.Constructor;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.security.AccessController;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivilegedAction;
+import java.security.Provider;
+import java.security.Security;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.PKIXBuilderParameters;
+import java.security.cert.X509CertSelector;
+
+import javax.net.ssl.CertPathTrustManagerParameters;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.ManagerFactoryParameters;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509KeyManager;
+
+import org.jboss.beans.metadata.api.annotations.FactoryMethod;
+import org.jboss.logging.Logger;
+import org.jboss.security.Util;
+import org.jboss.security.plugins.SecurityKeyManager;
+
+public class JBossSSLConfiguration
+{
+ private Provider provider;
+
+ private String keyStoreType;
+
+ private URL keyStoreURL;
+
+ private char[] keyStorePass;
+
+ private String keyStoreAlias;
+
+ private String keyStoreProvider;
+
+ private String keyStoreProviderArgument;
+
+ private KeyStore keyStore;
+
+ private String trustStoreType;
+
+ private URL trustStoreURL;
+
+ private char[] trustStorePass;
+
+ private String trustStoreProvider;
+
+ private String trustStoreProviderArgument;
+
+ private KeyStore trustStore;
+
+ private static JBossSSLConfiguration singleton;
+
+ private static Logger log = Logger.getLogger(JBossSSLConfiguration.class);
+
+ private JBossSSLConfiguration()
+ {
+ }
+
+ @FactoryMethod
+ public static JBossSSLConfiguration getInstance()
+ {
+ if (singleton == null)
+ singleton = new JBossSSLConfiguration();
+ return singleton;
+ }
+
+ public String getKeyStoreType()
+ {
+ return keyStoreType;
+ }
+
+ public void setKeyStoreType(String keyStoreType)
+ {
+ this.keyStoreType = keyStoreType;
+ }
+
+ public String getKeyStoreURL()
+ {
+ String url = null;
+ if (keyStoreURL != null)
+ url = keyStoreURL.toExternalForm();
+ return url;
+ }
+
+ public void setKeyStoreURL(String keyStoreURL) throws IOException
+ {
+ this.keyStoreURL = validateStoreURL(keyStoreURL);
+ }
+
+ public void setKeyStorePassword(String keyStorePassword) throws Exception
+ {
+ keyStorePass = Util.loadPassword(keyStorePassword);
+ }
+
+ public String getKeyStoreAlias()
+ {
+ return keyStoreAlias;
+ }
+
+ public void setKeyStoreAlias(String alias)
+ {
+ keyStoreAlias = alias;
+ }
+
+ public String getKeyStoreProvider()
+ {
+ return keyStoreProvider;
+ }
+
+ public void setKeyStoreProvider(String keyStoreProvider)
+ {
+ this.keyStoreProvider = keyStoreProvider;
+ }
+
+ public String getKeyStoreProviderArgument()
+ {
+ return keyStoreProviderArgument;
+ }
+
+ public void setKeyStoreProviderArgument(String keyStoreProviderArgument)
+ {
+ this.keyStoreProviderArgument = keyStoreProviderArgument;
+ }
+
+ public String getTrustStoreType()
+ {
+ return trustStoreType;
+ }
+
+ public void setTrustStoreType(String trustStoreType)
+ {
+ this.trustStoreType = trustStoreType;
+ }
+
+ public String getTrustStoreURL()
+ {
+ String url = null;
+ if (trustStoreURL != null)
+ url = trustStoreURL.toExternalForm();
+ return url;
+ }
+
+ public void setTrustStoreURL(String trustStoreURL) throws IOException
+ {
+ this.trustStoreURL = validateStoreURL(trustStoreURL);
+ }
+
+ public void setTrustStorePassword(String trustStorePassword) throws Exception
+ {
+ trustStorePass = Util.loadPassword(trustStorePassword);
+ }
+
+ public String getTrustStoreProvider()
+ {
+ return trustStoreProvider;
+ }
+
+ public void setTrustStoreProvider(String trustStoreProvider)
+ {
+ this.trustStoreProvider = trustStoreProvider;
+ }
+
+ public String getTrustStoreProviderArgument()
+ {
+ return trustStoreProviderArgument;
+ }
+
+ public void setTrustStoreProviderArgument(String trustStoreProviderArgument)
+ {
+ this.trustStoreProviderArgument = trustStoreProviderArgument;
+ }
+
+ public void start() throws Exception
+ {
+ // add provider as the first
+ provider = new JBossProvider();
+ addProvider(provider);
+
+ // initialize keystore and truststore
+ if (keyStorePass != null)
+ {
+ if (keyStoreType == null)
+ keyStoreType = KeyStore.getDefaultType();
+ if (keyStoreProvider != null)
+ {
+ if (keyStoreProviderArgument != null)
+ {
+ ClassLoader loader = getContextClassLoader();
+ Class<?> clazz = loader.loadClass(keyStoreProvider);
+ Class<?>[] ctorSig = {String.class};
+ Constructor<?> ctor = clazz.getConstructor(ctorSig);
+ Object[] ctorArgs = {keyStoreProviderArgument};
+ Provider provider = (Provider) ctor.newInstance(ctorArgs);
+ keyStore = KeyStore.getInstance(keyStoreType, provider);
+ }
+ else
+ keyStore = KeyStore.getInstance(keyStoreType, keyStoreProvider);
+ }
+ else
+ keyStore = KeyStore.getInstance(keyStoreType);
+ InputStream is = null;
+ if ((!"PKCS11".equalsIgnoreCase(keyStoreType) || !"PKCS11IMPLKS".equalsIgnoreCase(keyStoreType)) && keyStoreURL != null)
+ {
+ is = keyStoreURL.openStream();
+ }
+ keyStore.load(is, keyStorePass);
+ if (keyStoreAlias != null && !keyStore.isKeyEntry(keyStoreAlias))
+ {
+ throw new IOException("Cannot find key entry with alias " + keyStoreAlias + " in the keyStore");
+ }
+ }
+ if (trustStorePass != null)
+ {
+ if (trustStoreType == null)
+ trustStoreType = KeyStore.getDefaultType();
+ if (trustStoreProvider != null)
+ {
+ if (trustStoreProviderArgument != null)
+ {
+ ClassLoader loader = getContextClassLoader();
+ Class<?> clazz = loader.loadClass(trustStoreProvider);
+ Class<?>[] ctorSig = {String.class};
+ Constructor<?> ctor = clazz.getConstructor(ctorSig);
+ Object[] ctorArgs = {trustStoreProviderArgument};
+ Provider provider = (Provider) ctor.newInstance(ctorArgs);
+ trustStore = KeyStore.getInstance(trustStoreType, provider);
+ }
+ else
+ trustStore = KeyStore.getInstance(trustStoreType, trustStoreProvider);
+ }
+ else
+ trustStore = KeyStore.getInstance(trustStoreType);
+ InputStream is = null;
+ if ((!"PKCS11".equalsIgnoreCase(trustStoreType) || !"PKCS11IMPLKS".equalsIgnoreCase(trustStoreType)) && trustStoreURL != null)
+ {
+ is = trustStoreURL.openStream();
+ }
+ trustStore.load(is, trustStorePass);
+ }
+ }
+
+ public void stop()
+ {
+ if (provider != null)
+ removeProvider(provider);
+ }
+
+ public void initializeKeyManagerFactory(KeyManagerFactory delegate) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException
+ {
+ if (keyStore == null)
+ throw new KeyStoreException("Global keystore is not correctly initialized");
+ if (log.isTraceEnabled())
+ log.trace("Using global keystore configuration");
+ delegate.init(keyStore, keyStorePass);
+ }
+
+ public KeyManager[] getKeyManagers(KeyManagerFactory delegate)
+ {
+ KeyManager[] keyManagers = delegate.getKeyManagers();
+ if (keyStoreAlias != null)
+ {
+ for (int i = 0; i < keyManagers.length; i++)
+ {
+ keyManagers[i] = new SecurityKeyManager((X509KeyManager) keyManagers[i], keyStoreAlias);
+ }
+ }
+ return keyManagers;
+ }
+
+ public void initializeTrustManagerFactory(TrustManagerFactory delegate, KeyStore ks) throws KeyStoreException
+ {
+ if (trustStore == null)
+ {
+ if (log.isTraceEnabled())
+ log.trace("Global truststore is not correctly initialized. Using local truststore configuration");
+ delegate.init(ks);
+ }
+ else
+ {
+ if (log.isTraceEnabled())
+ log.trace("Using global truststore configuration");
+ delegate.init(trustStore);
+ }
+ }
+
+ public void initializeTrustManagerFactory(TrustManagerFactory delegate, ManagerFactoryParameters spec) throws InvalidAlgorithmParameterException
+ {
+ if (trustStore == null)
+ {
+ if (log.isTraceEnabled())
+ log.trace("Global truststore is not correctly initialized. Using local truststore configuration");
+ delegate.init(spec);
+ }
+ else
+ {
+ CertPathTrustManagerParameters parameters = (CertPathTrustManagerParameters) spec;
+ PKIXBuilderParameters oldParams = (PKIXBuilderParameters) parameters.getParameters();
+
+ PKIXBuilderParameters xparams = null;
+ try
+ {
+ xparams = new PKIXBuilderParameters(trustStore, new X509CertSelector());
+ xparams.setAnyPolicyInhibited(oldParams.isAnyPolicyInhibited());
+ xparams.setCertPathCheckers(oldParams.getCertPathCheckers());
+ xparams.setCertStores(oldParams.getCertStores());
+ xparams.setDate(oldParams.getDate());
+ xparams.setExplicitPolicyRequired(oldParams.isExplicitPolicyRequired());
+ xparams.setInitialPolicies(oldParams.getInitialPolicies());
+ xparams.setMaxPathLength(oldParams.getMaxPathLength());
+ xparams.setPolicyMappingInhibited(oldParams.isPolicyMappingInhibited());
+ xparams.setPolicyQualifiersRejected(oldParams.getPolicyQualifiersRejected());
+ xparams.setRevocationEnabled(oldParams.isRevocationEnabled());
+ xparams.setSigProvider(oldParams.getSigProvider());
+ }
+ catch (KeyStoreException ke)
+ {
+ log.error("Error initializing TrustManagerFactory", ke);
+ }
+ if (log.isTraceEnabled())
+ log.trace("Using global truststore configuration");
+ ManagerFactoryParameters mfp = new CertPathTrustManagerParameters(xparams);
+ delegate.init(mfp);
+ }
+ }
+
+ private URL validateStoreURL(String storeURL) throws IOException
+ {
+ URL url = null;
+ // First see if this is a URL
+ try
+ {
+ url = new URL(storeURL);
+ }
+ catch (MalformedURLException e)
+ {
+ // Not a URL or a protocol without a handler
+ }
+
+ // Next try to locate this as file path
+ if (url == null)
+ {
+ File tst = new File(storeURL);
+ if (tst.exists() == true)
+ url = tst.toURI().toURL();
+ }
+
+ // Last try to locate this as a classpath resource
+ if (url == null)
+ {
+ ClassLoader loader = getContextClassLoader();
+ url = loader.getResource(storeURL);
+ }
+
+ // Fail if no valid key store was located
+ if (url == null)
+ {
+ String msg = "Failed to find url=" + storeURL + " as a URL, file or resource";
+ throw new MalformedURLException(msg);
+ }
+ return url;
+ }
+
+ private static ClassLoader getContextClassLoader()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ {
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+
+ private static Object addProvider(final Provider provider)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ return Security.insertProviderAt(provider, 1);
+ }
+ });
+ }
+
+ private static Object removeProvider(final Provider provider)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ Security.removeProvider(provider.getName());
+ return null;
+ }
+ });
+ }
+}
Added: trunk/security/src/main/java/org/jboss/security/ssl/KeyManagerFactoryImpl.java
===================================================================
--- trunk/security/src/main/java/org/jboss/security/ssl/KeyManagerFactoryImpl.java (rev 0)
+++ trunk/security/src/main/java/org/jboss/security/ssl/KeyManagerFactoryImpl.java 2010-07-12 19:54:20 UTC (rev 106609)
@@ -0,0 +1,101 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.ssl;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.KeyManagerFactorySpi;
+import javax.net.ssl.ManagerFactoryParameters;
+
+import org.jboss.logging.Logger;
+
+abstract class KeyManagerFactoryImpl extends KeyManagerFactorySpi
+{
+ protected KeyManagerFactory delegate;
+
+ protected String defaultAlgorithm;
+
+ protected static Logger log = Logger.getLogger(KeyManagerFactoryImpl.class);
+
+ protected JBossSSLConfiguration sslConfiguration = JBossSSLConfiguration.getInstance();
+
+ public KeyManagerFactoryImpl()
+ {
+ defaultAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
+ }
+
+ protected KeyManager[] engineGetKeyManagers()
+ {
+ return sslConfiguration.getKeyManagers(delegate);
+ }
+
+ protected void engineInit(KeyStore ks, char[] password) throws KeyStoreException, NoSuchAlgorithmException,
+ UnrecoverableKeyException
+ {
+ sslConfiguration.initializeKeyManagerFactory(delegate);
+ }
+
+ protected void engineInit(ManagerFactoryParameters spec) throws InvalidAlgorithmParameterException
+ {
+ // Not used by the underlying implementations. Throws an exception
+ delegate.init(spec);
+ }
+
+ public static class SunX509 extends KeyManagerFactoryImpl
+ {
+ public SunX509()
+ {
+ try
+ {
+ delegate = KeyManagerFactory.getInstance(defaultAlgorithm, "SunJSSE");
+ }
+ catch (Exception e)
+ {
+ log.error("Could not initialize KeyManagerFactory", e);
+ throw new IllegalStateException(e);
+ }
+ }
+ }
+
+ public static class IbmX509 extends KeyManagerFactoryImpl
+ {
+ public IbmX509()
+ {
+ try
+ {
+ delegate = KeyManagerFactory.getInstance(defaultAlgorithm, "IBMJSSE2");
+ }
+ catch (Exception e)
+ {
+ log.error("Could not initialize KeyManagerFactory", e);
+ throw new IllegalStateException(e);
+ }
+ }
+ }
+
+}
Added: trunk/security/src/main/java/org/jboss/security/ssl/TrustManagerFactoryImpl.java
===================================================================
--- trunk/security/src/main/java/org/jboss/security/ssl/TrustManagerFactoryImpl.java (rev 0)
+++ trunk/security/src/main/java/org/jboss/security/ssl/TrustManagerFactoryImpl.java 2010-07-12 19:54:20 UTC (rev 106609)
@@ -0,0 +1,96 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.ssl;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+
+import javax.net.ssl.ManagerFactoryParameters;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.TrustManagerFactorySpi;
+
+import org.jboss.logging.Logger;
+
+abstract class TrustManagerFactoryImpl extends TrustManagerFactorySpi
+{
+ protected String defaultAlgorithm;
+
+ protected TrustManagerFactory delegate;
+
+ protected Logger log = Logger.getLogger(TrustManagerFactoryImpl.class);
+
+ protected JBossSSLConfiguration sslConfiguration = JBossSSLConfiguration.getInstance();
+
+ public TrustManagerFactoryImpl()
+ {
+ defaultAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
+ }
+
+ protected TrustManager[] engineGetTrustManagers()
+ {
+ return delegate.getTrustManagers();
+ }
+
+ protected void engineInit(KeyStore ks) throws KeyStoreException
+ {
+ sslConfiguration.initializeTrustManagerFactory(delegate, ks);
+ }
+
+ protected void engineInit(ManagerFactoryParameters spec) throws InvalidAlgorithmParameterException
+ {
+ sslConfiguration.initializeTrustManagerFactory(delegate, spec);
+ }
+
+ public static class SunPKIX extends TrustManagerFactoryImpl
+ {
+ public SunPKIX()
+ {
+ try
+ {
+ delegate = TrustManagerFactory.getInstance(defaultAlgorithm, "SunJSSE");
+ }
+ catch (Exception e)
+ {
+ log.error("Could not initialize TrustManagerFactory", e);
+ throw new IllegalStateException(e);
+ }
+ }
+ }
+
+ public static class IbmPKIX extends TrustManagerFactoryImpl
+ {
+ public IbmPKIX()
+ {
+ try
+ {
+ delegate = TrustManagerFactory.getInstance(defaultAlgorithm, "IBMJSSE2");
+ }
+ catch (Exception e)
+ {
+ log.error("Could not initialize TrustManagerFactory", e);
+ throw new IllegalStateException(e);
+ }
+ }
+ }
+}
More information about the jboss-cvs-commits
mailing list