public class TransportSecurity
extends java.lang.Object
KeyManager
and TrustManager
.
Instances are obtained using SecurityManager.getTransportSecurity(com.goldencode.p2j.cfg.BootstrapConfig)
.
Modifier and Type | Class and Description |
---|---|
class |
TransportSecurity.ZeroActionTrustManager
Zero action trust manager class which accepts anything as a valid
certificate and produces a zero list of accepted issuers.
|
Modifier and Type | Field and Description |
---|---|
private java.security.KeyStore |
keyStore
In-memory key store.
|
private javax.net.ssl.KeyManager[] |
km
Custom key manager.
|
private javax.net.ssl.TrustManager[] |
tm
Custom trust manager.
|
private java.security.KeyStore |
trustStore
In-memory trust store.
|
Constructor and Description |
---|
TransportSecurity(BootstrapConfig bc,
boolean srv,
java.security.KeyStore trust)
Uses the truststore and keystore resources defined in a given bootstrap
configuration to create in-memory
KeyStore objects holding
certificates (trust store) and the private key (key store). |
Modifier and Type | Method and Description |
---|---|
void |
attach(javax.net.ssl.SSLContext sslc)
Initializes the given SSLContext object so that the latter uses the key
manager and the trust manager embedded into this TransportSecurity
class.
|
private java.lang.String |
getSubjectAlias(BootstrapConfig bc,
boolean srv)
Looks up the proper subject alias in the given configuration.
|
private javax.net.ssl.TrustManager[] |
getTrustManagers()
Returns the trust managers which have been initialized using the
instance's defined trust store.
|
(package private) java.security.KeyStore |
getTrustStore()
Returns the trust store.
|
private java.lang.String |
verifyKeystore(java.security.KeyStore keyStore,
java.lang.String alias)
Verify and normalize the keystore to ensure that the specified alias
exists as a key entry OR that there is one and only one key entry.
|
private javax.net.ssl.KeyManager[] km
private javax.net.ssl.TrustManager[] tm
private java.security.KeyStore trustStore
private java.security.KeyStore keyStore
TransportSecurity(BootstrapConfig bc, boolean srv, java.security.KeyStore trust) throws java.security.NoSuchAlgorithmException, java.security.KeyStoreException, java.security.UnrecoverableKeyException, ConfigurationException
KeyStore
objects holding
certificates (trust store) and the private key (key store). Bootstrap
configuration flag net/connection/secure
needs to be
enabled for this setup to take place.
On the client, both the key store and the trust store may be either specified or omitted. The interpretation of these combinations is as follows:
An empty truststore on the server is allowed. This means no client TLS authentication will be in effect.
Key stores, if specified, have to contain one or more key entries.
Key entries in use can be specified by processalias or useralias keyword on the client, and alias keyword on the server.
Valid combinations on the client are:
bc
- Security related configuration information.srv
- true
if this is the server.trust
- On the server, it is a trust store loaded with certificates,
built from the directory. null
otherwise.java.security.NoSuchAlgorithmException
java.security.KeyStoreException
java.security.UnrecoverableKeyException
ConfigurationException
public void attach(javax.net.ssl.SSLContext sslc) throws java.security.KeyManagementException
sslc
- a SSLContext
that has to be set up to use the
facilities of this TransportSecurity
instancejava.security.KeyManagementException
- - if this operation failsjava.security.KeyStore getTrustStore()
TransportSecurity
private java.lang.String getSubjectAlias(BootstrapConfig bc, boolean srv) throws ConfigurationException
bc
- Security related configuration information.srv
- true
if this is the server.null
if no alias is
specified.ConfigurationException
private java.lang.String verifyKeystore(java.security.KeyStore keyStore, java.lang.String alias) throws java.security.NoSuchAlgorithmException, java.security.KeyStoreException, java.security.UnrecoverableKeyException, ConfigurationException
All unnecessary key entries are removed from the key store.
keyStore
- The key store to verify.alias
- The name used to differentiate between multiple key entries.alias
was specified as null
and the key store only has one key entry, then that name is
returned. Otherwise the alias passed as a parameter is
returned.java.security.NoSuchAlgorithmException
java.security.KeyStoreException
java.security.UnrecoverableKeyException
ConfigurationException
private javax.net.ssl.TrustManager[] getTrustManagers() throws java.security.NoSuchAlgorithmException, java.security.KeyStoreException
java.security.NoSuchAlgorithmException
java.security.KeyStoreException