Source code

001/**
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements.  See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License.  You may obtain a copy of the License at
008 *
009 *      http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017package org.apache.camel.util.jsse;
018
019import java.io.IOException;
020import java.security.GeneralSecurityException;
021import java.security.KeyStore;
022import java.security.Security;
023
024import javax.net.ssl.TrustManager;
025import javax.net.ssl.TrustManagerFactory;
026
027import org.slf4j.Logger;
028import org.slf4j.LoggerFactory;
029
030public class TrustManagersParameters extends JsseParameters {
031
032    private static final Logger LOG = LoggerFactory.getLogger(TrustManagersParameters.class);
033    
034    /**
035     * The key store configuration used to create the {@link KeyStoreParameters} that the
036     * {@link TrustManager}s produced by this object's configuration expose.
037     */
038    protected KeyStoreParameters keyStore;
039
040    /**
041     * The optional provider identifier for the {@link TrustManagerFactory} used to create
042     * the {@link TrustManager}s represented by this object's configuration.
043     */
044    protected String provider;
045
046    /**
047     * The optional algorithm name for the {@link TrustManagerFactory} used to
048     * create the {@link TrustManager}s represented by this object's
049     * configuration. See the <a href=
050     * "http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html"
051     * >Java Secure Socket Extension Reference Guide</a> for information about
052     * standard algorithm names.
053     */
054    protected String algorithm;
055
056    /**
057     * To use a existing configured trust manager instead of using {@link TrustManagerFactory} to
058     * get the {@link TrustManager}.
059     */
060    protected TrustManager trustManager;
061    
062    /**
063     * Creates {@link TrustManager}s based on this instance's configuration and the
064     * {@code KeyStore} produced by the configuration returned from
065     * {@link #getKeyStore()}. The {@code KeyManager}s are produced from a
066     * factory created by using the provider and algorithm identifiers returned
067     * by {@link #getProvider()} and {@link #getAlgorithm()}, respectively. If
068     * either of these methods returns null, the default JSSE value is used
069     * instead.
070     * 
071     * @return the initialized {@code TrustManager}s
072     * @throws GeneralSecurityException if there is an error creating the
073     *             {@code TrustManagers}s or in creating the {@code KeyStore}
074     * @throws IOException if there is an error loading the {@code KeyStore}
075     *
076     * @see KeyStoreParameters#createKeyStore()
077     */
078    public TrustManager[] createTrustManagers() throws GeneralSecurityException, IOException {
079        if (trustManager != null) {
080            // use existing trust manager
081            return new TrustManager[]{trustManager};
082        }
083        
084        LOG.trace("Creating TrustManager[] from TrustManagersParameters [{}]", this);
085
086        TrustManager[] trustManagers = null;
087
088        if (this.getKeyStore() != null) {
089            String tmfAlgorithm = this.parsePropertyValue(this.getAlgorithm());
090            if (tmfAlgorithm == null) {
091                tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
092            }
093            
094            TrustManagerFactory tmf;
095            if (this.getProvider() == null) {
096                tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
097            } else {
098                tmf = TrustManagerFactory.getInstance(tmfAlgorithm, this.parsePropertyValue(this.getProvider()));
099            }
100            
101            LOG.debug("TrustManagerFactory [{}] is using provider [{}] and algorithm [{}].",
102                      new Object[] {tmf, tmf.getProvider(), tmf.getAlgorithm()});
103            
104            KeyStore ks = this.getKeyStore() == null ? null : this.getKeyStore().createKeyStore();
105            tmf.init(ks);
106            trustManagers = tmf.getTrustManagers();
107            
108            LOG.debug("TrustManager[] [{}], initialized from TrustManagerFactory [{}].", trustManagers, tmf);
109        }
110        
111        return trustManagers;
112    }
113
114    public KeyStoreParameters getKeyStore() {
115        return keyStore;
116    }
117
118    /**
119     * Sets the key store configuration used to create the {@link KeyStoreParameters} that the
120     * {@link TrustManager}s produced by this object's configuration expose.
121     * 
122     * @param value the configuration to use
123     */
124    public void setKeyStore(KeyStoreParameters value) {
125        this.keyStore = value;
126    }
127
128    public String getProvider() {
129        return provider;
130    }
131
132    /**
133     * Sets the optional provider identifier for the {@link TrustManagerFactory}
134     * used to create the {@link TrustManager}s represented by this object's
135     * configuration.
136     * 
137     * @param value the desired provider identifier or {@code null} to use the
138     *            highest priority provider implementing the algorithm
139     *            
140     * @see Security#getProviders()
141     */
142    public void setProvider(String value) {
143        this.provider = value;
144    }
145
146    public String getAlgorithm() {
147        return algorithm;
148    }
149
150    /**
151     * Sets optional algorithm name for the {@link TrustManagerFactory} used to create
152     * the {@link TrustManager}s represented by this object's configuration.  See the <a href=
153     * "http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html"
154     * >Java Secure Socket Extension Reference Guide</a> for information about
155     * standard algorithm names.
156     * 
157     * @param value the desired algorithm or {@code null} to use default
158     * 
159     * @see TrustManagerFactory#getDefaultAlgorithm()
160     */
161    public void setAlgorithm(String value) {
162        this.algorithm = value;
163    }
164
165    public TrustManager getTrustManager() {
166        return trustManager;
167    }
168
169    /**
170     * To use a existing configured trust manager instead of using {@link TrustManagerFactory} to
171     * get the {@link TrustManager}.
172     */
173    public void setTrustManager(TrustManager trustManager) {
174        this.trustManager = trustManager;
175    }
176
177    @Override
178    public String toString() {
179        StringBuilder builder = new StringBuilder();
180        if (trustManager != null) {
181            builder.append("TrustManagerType[trustManager=");
182            builder.append(trustManager);
183            builder.append("]");
184        } else {
185            builder.append("TrustManagerType[keyStore=");
186            builder.append(keyStore);
187            builder.append(", provider=");
188            builder.append(provider);
189            builder.append(", algorithm=");
190            builder.append(algorithm);
191            builder.append("]");
192        }
193        return builder.toString();
194    }
195}