• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  *  Licensed to the Apache Software Foundation (ASF) under one or more
3  *  contributor license agreements.  See the NOTICE file distributed with
4  *  this work for additional information regarding copyright ownership.
5  *  The ASF licenses this file to You under the Apache License, Version 2.0
6  *  (the "License"); you may not use this file except in compliance with
7  *  the License.  You may obtain a copy of the License at
8  *
9  *     http://www.apache.org/licenses/LICENSE-2.0
10  *
11  *  Unless required by applicable law or agreed to in writing, software
12  *  distributed under the License is distributed on an "AS IS" BASIS,
13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  *  See the License for the specific language governing permissions and
15  *  limitations under the License.
16  */
17 
18 package org.conscrypt;
19 
20 import java.io.BufferedInputStream;
21 import java.io.FileInputStream;
22 import java.io.IOException;
23 import java.io.InputStream;
24 import java.security.GeneralSecurityException;
25 import java.security.KeyManagementException;
26 import java.security.KeyStore;
27 import java.security.SecureRandom;
28 
29 import javax.net.ssl.KeyManager;
30 import javax.net.ssl.KeyManagerFactory;
31 import javax.net.ssl.TrustManager;
32 import javax.net.ssl.TrustManagerFactory;
33 
34 /**
35  * Support class for this package.
36  */
37 public final class DefaultSSLContextImpl extends OpenSSLContextImpl {
38 
39     /**
40      * Accessed by SSLContextImpl(DefaultSSLContextImpl) holding the
41      * DefaultSSLContextImpl.class monitor
42      */
43     private static KeyManager[] KEY_MANAGERS;
44 
45     /**
46      * Accessed by SSLContextImpl(DefaultSSLContextImpl) holding the
47      * DefaultSSLContextImpl.class monitor
48      */
49     private static TrustManager[] TRUST_MANAGERS;
50 
51     /**
52      * DefaultSSLContextImpl delegates the work to the super class
53      * since there is no way to put a synchronized around both the
54      * call to super and the rest of this constructor to guarantee
55      * that we don't have races in creating the state shared between
56      * all default SSLContexts.
57      */
DefaultSSLContextImpl()58     public DefaultSSLContextImpl() throws GeneralSecurityException, IOException {
59         super(null);
60     }
61 
62     // TODO javax.net.ssl.keyStoreProvider system property
getKeyManagers()63     KeyManager[] getKeyManagers () throws GeneralSecurityException, IOException {
64         if (KEY_MANAGERS != null) {
65             return KEY_MANAGERS;
66         }
67         // find KeyStore, KeyManagers
68         String keystore = System.getProperty("javax.net.ssl.keyStore");
69         if (keystore == null) {
70             return null;
71         }
72         String keystorepwd = System.getProperty("javax.net.ssl.keyStorePassword");
73         char[] pwd = (keystorepwd == null) ? null : keystorepwd.toCharArray();
74 
75         KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
76         InputStream is = null;
77         try {
78             is = new BufferedInputStream(new FileInputStream(keystore));
79             ks.load(is, pwd);
80         } finally {
81             if (is != null) {
82                 is.close();
83             }
84         }
85 
86         String kmfAlg = KeyManagerFactory.getDefaultAlgorithm();
87         KeyManagerFactory kmf = KeyManagerFactory.getInstance(kmfAlg);
88         kmf.init(ks, pwd);
89         KEY_MANAGERS = kmf.getKeyManagers();
90         return KEY_MANAGERS;
91     }
92 
93     // TODO javax.net.ssl.trustStoreProvider system property
getTrustManagers()94     TrustManager[] getTrustManagers() throws GeneralSecurityException, IOException {
95         if (TRUST_MANAGERS != null) {
96             return TRUST_MANAGERS;
97         }
98 
99         // find TrustStore, TrustManagers
100         String keystore = System.getProperty("javax.net.ssl.trustStore");
101         if (keystore == null) {
102             return null;
103         }
104         String keystorepwd = System.getProperty("javax.net.ssl.trustStorePassword");
105         char[] pwd = (keystorepwd == null) ? null : keystorepwd.toCharArray();
106 
107         // TODO Defaults: jssecacerts; cacerts
108         KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
109         InputStream is = null;
110         try {
111             is = new BufferedInputStream(new FileInputStream(keystore));
112             ks.load(is, pwd);
113         } finally {
114             if (is != null) {
115                 is.close();
116             }
117         }
118         String tmfAlg = TrustManagerFactory.getDefaultAlgorithm();
119         TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlg);
120         tmf.init(ks);
121         TRUST_MANAGERS = tmf.getTrustManagers();
122         return TRUST_MANAGERS;
123     }
124 
125     @Override
engineInit(KeyManager[] kms, TrustManager[] tms, SecureRandom sr)126     public void engineInit(KeyManager[] kms, TrustManager[] tms,
127             SecureRandom sr) throws KeyManagementException {
128         throw new KeyManagementException("Do not init() the default SSLContext ");
129     }
130 }
131