org.apache.avalon.cornerstone.blocks.sockets
Class SSLFactoryBuilder

java.lang.Object
  org.apache.avalon.framework.logger.AbstractLogEnabled
      org.apache.avalon.cornerstone.blocks.sockets.SSLFactoryBuilder

All Implemented Interfaces:

org.apache.avalon.framework.activity.Disposable, org.apache.avalon.framework.activity.Initializable, org.apache.avalon.framework.configuration.Configurable, org.apache.avalon.framework.context.Contextualizable, org.apache.avalon.framework.logger.LogEnabled

public class SSLFactoryBuilder
extends org.apache.avalon.framework.logger.AbstractLogEnabled
implements org.apache.avalon.framework.configuration.Configurable, org.apache.avalon.framework.context.Contextualizable, org.apache.avalon.framework.activity.Disposable, org.apache.avalon.framework.activity.Initializable

Builds SSLContexts with desired properties. Hides all the gory details of SSLContext productions behind nice Avalon interfaces. Married to Sun JCA implementation.

Configuration looks like:

 <ssl-factory>
    <keystore>
      <file>conf/keystore</file> <!-- keystore file location -->
      <password></password> <!-- Key Store file password, only used to check keystore integrity -->
      <key-password></key-password> <!-- Only required when you need to decrypt a private key -->
     <type>JKS</type> <!-- Key Store file format, defaults to JKS -->
     <algorithm>SunX509</algorithm> <!-- Cryptography provider ID, defaults to SunX509 -->
   </keystore>
   <!-- SSL protocol to use, defaults to TLS, another possible value is SSL -->
   <protocol>TLS</protocol>
 </ssl-factory>
 

Notes on keystore files. Absolute paths are supported. Relative paths are interpreted relative to .sar base directory. Defaults to conf/keystore. Since keystore usually contains sensitive keys it maybe beneficial to not include the keystores into the .sar files.

Author:

Greg Steuck

Field Summary

private java.io.File	m_baseDirectory
private javax.net.ssl.SSLContext	m_ctx
private java.lang.String	m_keyPassword
private java.io.File	m_keystoreFile
private java.lang.String	m_keystoreFormat
private java.lang.String	m_keystorePassword
private java.lang.String	m_protocol
private java.lang.String	m_provider

Constructor Summary

SSLFactoryBuilder()

Method Summary

javax.net.ssl.SSLServerSocketFactory	buildServerSocketFactory() Produces a fresh ssl server socket factory with configured parameters.
javax.net.ssl.SSLSocketFactory	buildSocketFactory() Produces a fresh ssl socket factory with configured parameters.
void	configure(org.apache.avalon.framework.configuration.Configuration configuration)
void	contextualize(org.apache.avalon.framework.context.Context context) Requires a BlockContext.
void	dispose()
void	initialize()
private static java.security.KeyStore	loadKeystore(java.io.InputStream keyStream, java.lang.String passphrase, java.lang.String keystoreFormat) Builds a keystore loaded from the given stream.
private static javax.net.ssl.SSLContext	makeContext(java.io.InputStream keyStream, java.lang.String keystorePassword, java.lang.String keyPassword, java.lang.String protocol, java.lang.String provider, java.lang.String keystoreFormat) Creates an SSL context which uses the keys and certificates provided by the given keyStream.

Methods inherited from class org.apache.avalon.framework.logger.AbstractLogEnabled

enableLogging, getLogger, setupLogger, setupLogger, setupLogger

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

m_baseDirectory

private java.io.File m_baseDirectory

m_keystoreFile

private java.io.File m_keystoreFile

m_keystorePassword

private java.lang.String m_keystorePassword

m_keyPassword

private java.lang.String m_keyPassword

m_protocol

private java.lang.String m_protocol

m_provider

private java.lang.String m_provider

m_keystoreFormat

private java.lang.String m_keystoreFormat

m_ctx

private javax.net.ssl.SSLContext m_ctx

Constructor Detail

SSLFactoryBuilder

public SSLFactoryBuilder()

Method Detail

contextualize

public void contextualize(org.apache.avalon.framework.context.Context context)
                   throws org.apache.avalon.framework.context.ContextException

Requires a BlockContext. We'll see how we end up expressing these dependencies.

Specified by:

contextualize in interface org.apache.avalon.framework.context.Contextualizable

Throws:

org.apache.avalon.framework.context.ContextException

configure

public void configure(org.apache.avalon.framework.configuration.Configuration configuration)
               throws org.apache.avalon.framework.configuration.ConfigurationException

Specified by:

configure in interface org.apache.avalon.framework.configuration.Configurable

Throws:

org.apache.avalon.framework.configuration.ConfigurationException

buildSocketFactory

public javax.net.ssl.SSLSocketFactory buildSocketFactory()

Produces a fresh ssl socket factory with configured parameters.

buildServerSocketFactory

public javax.net.ssl.SSLServerSocketFactory buildServerSocketFactory()

Produces a fresh ssl server socket factory with configured parameters.

initialize

public void initialize()
                throws java.io.IOException,
                       java.security.GeneralSecurityException

Specified by:

initialize in interface org.apache.avalon.framework.activity.Initializable

Throws:

java.io.IOException

java.security.GeneralSecurityException

dispose

public void dispose()

Specified by:

dispose in interface org.apache.avalon.framework.activity.Disposable

makeContext

private static javax.net.ssl.SSLContext makeContext(java.io.InputStream keyStream,
                                                    java.lang.String keystorePassword,
                                                    java.lang.String keyPassword,
                                                    java.lang.String protocol,
                                                    java.lang.String provider,
                                                    java.lang.String keystoreFormat)
                                             throws java.io.IOException,
                                                    java.security.GeneralSecurityException

Creates an SSL context which uses the keys and certificates provided by the given keyStream. For simplicity the same key stream (keystore) is used for both key and trust factory.

Parameters:

keyStream - to read the keys from

keystorePassword - password for the keystore, can be null if integrity verification is not desired

keyPassword - passphrase which unlocks the keys in the key file (should really be a char[] so that it can be cleaned after use)

protocol - the standard name of the requested protocol

provider - the standard name of the requested algorithm

keystoreFormat - the type of keystore

Returns:

context configured with these keys and certificates

Throws:

java.io.IOException - if files can't be read

java.security.GeneralSecurityException - is something goes wrong inside cryptography framework

loadKeystore

private static java.security.KeyStore loadKeystore(java.io.InputStream keyStream,
                                                   java.lang.String passphrase,
                                                   java.lang.String keystoreFormat)
                                            throws java.security.GeneralSecurityException,
                                                   java.io.IOException

Builds a keystore loaded from the given stream. The passphrase is used to verify the keystore file integrity.

Parameters:

keyStream - to load from

passphrase - for the store integrity verification (or null if integrity check is not wanted)

keystoreFormat - the type of keystore

Returns:

loaded key store

Throws:

java.io.IOException - if file can not be read

java.security.GeneralSecurityException - if key store can't be built