/** * Initialise the default SSL socket factory so that all HTTPS * connections use the provided key store to authenticate (when the * server requies client authentication). * * @param certFile * proxy certificate * @param keyFile * private key file in DER format * @return configured SSL socket factory */ public static SSLSocketFactory getSocketFactory(File certFile, File keyFile) { KeyStore ks = getKeyStore(certFile, keyFile); KeyStore ts = null; return getSocketFactory(ks, ts); }
/** * @param sslConn */ protected void initHTTPS(HttpsURLConnection sslConn) { if (sslSocketFactory == null) // lazy init { log.debug("initHTTPS: lazy init"); AccessControlContext ac = AccessController.getContext(); Subject s = Subject.getSubject(ac); this.sslSocketFactory = SSLUtil.getSocketFactory(s); } if (sslSocketFactory != null) { log.debug("setting SSLSocketFactory on " + sslConn.getClass().getName()); sslConn.setSSLSocketFactory(sslSocketFactory); } }
public static void initSSL(File pemFile) { try { X509CertificateChain chain = readPemCertificateAndKey(pemFile); SSLSocketFactory sf = getSocketFactory(chain); HttpsURLConnection.setDefaultSSLSocketFactory(sf); } catch (InvalidKeySpecException ex) { throw new RuntimeException("failed to read RSA private key from " + pemFile, ex); } catch (NoSuchAlgorithmException ex) { throw new RuntimeException("BUG: failed to create empty KeyStore", ex); } catch (FileNotFoundException ex) { throw new RuntimeException("failed to find certificate and/or key file " + pemFile, ex); } catch (IOException ex) { throw new RuntimeException("failed to read certificate file " + pemFile, ex); } catch (CertificateException ex) { throw new RuntimeException("failed to load certificate from file " + pemFile, ex); } }
/** * Open a HttpsURLConnection with a SocketFactory created based on * user credentials. * * @param url * @return UTLConnection returns an open https connection to URL * @throws IOException */ protected HttpsURLConnection openConnection(final URL url) throws IOException { if (!url.getProtocol().equals("https")) { throw new IllegalArgumentException("Wrong protocol: " + url.getProtocol() + ". GMS works on https only"); } if (sf == null) { // lazy initialization of socket factory AccessControlContext ac = AccessController.getContext(); Subject subject = Subject.getSubject(ac); sf = SSLUtil.getSocketFactory(subject); } HttpsURLConnection con = (HttpsURLConnection) url .openConnection(); if (sf != null) con.setSSLSocketFactory(sf); return con; }
return getSocketFactory(chain);
private SSLSocketFactory getSSLSocketFactory() { AccessControlContext ac = AccessController.getContext(); Subject s = Subject.getSubject(ac); // no real Subject: can only use the one from setSSLSocketFactory if (s == null || s.getPrincipals().isEmpty()) { return sslSocketFactory; } // lazy init if (this.mySocketFactory == null) { log.debug("getSSLSocketFactory: " + s); this.mySocketFactory = SSLUtil.getSocketFactory(s); this.subjectHashCode = s.hashCode(); } else { int c = s.hashCode(); if (c != subjectHashCode) throw new IllegalStateException("Illegal use of " + this.getClass().getSimpleName() + ": subject change not supported for internal SSLSocketFactory"); } return this.mySocketFactory; }
public static SSLSocketFactory getSocketFactory(X509CertificateChain chain) { KeyStore ts = null; KeyStore ks = null; if (chain != null) ks = getKeyStore(chain.getChain(), chain.getPrivateKey()); return getSocketFactory(ks, ts); }
/** * Create an SSLSocketfactory from the credentials in the specified * Subject. This method extracts a X509CertificateChain from the * public credentials and uses the certificate chain and private key * found there to set up a KeyStore for the SSLSocketFactory. * * @param s * @return an SSLSocketFactory, or null if no X509CertificateChain can * be found */ public static SSLSocketFactory getSocketFactory(Subject s) { X509CertificateChain chain = null; if (s != null) { Set<X509CertificateChain> certs = s.getPublicCredentials(X509CertificateChain.class); for (X509CertificateChain cc : certs) { if (cc.getKey() != null) { chain = cc; break; } } } if (chain == null) return null; return getSocketFactory(chain); }