Skip to content

Instantly share code, notes, and snippets.

@nicobo
Created January 17, 2012 09:35
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save nicobo/1625871 to your computer and use it in GitHub Desktop.
Save nicobo/1625871 to your computer and use it in GitHub Desktop.
Helper methods for SSL
package nicobo.ssl;
import java.io.IOException;
import java.net.URL;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
/**
* SSL connections utilities
*/
public class SSLHelper {
private static final Log log = LogFactory.getLog(SSLHelper.class);
/**
* Builds a keystore from a file.
*
* @param url
* URL to the keystore file
* @param password
* Keystore password
* @param keystoreType
* Keystore type (cf <a href=
* "http://docs.oracle.com/javase/1.4.2/docs/guide/security/CryptoSpec.html#AppA"
* >Appendix A in the Java Cryptography Architecture API
* Specification & Reference</a>)
*/
public static KeyStore createKeyStore(final URL url, final String password,
final String keystoreType) throws KeyStoreException,
NoSuchAlgorithmException, CertificateException, IOException {
if (url == null) {
throw new IllegalArgumentException("Keystore url may not be null");
}
log.debug("Initializing key store : " + url + " (type " + keystoreType
+ ")");
KeyStore keystore = KeyStore.getInstance(keystoreType);
keystore.load(url.openStream(),
password != null ? password.toCharArray() : null);
return keystore;
}
/**
* Builds a list of {@link KeyManager} from the default
* {@link KeyManagerFactory}.
*
* @param keystore
* The keystore that holds certificats
* @param password
* Keystore password
* @see KeyManagerFactory#getKeyManagers()
* @see KeyManagerFactory#getInstance(String)
* @see KeyManagerFactory#getDefaultAlgorithm()
*/
public static KeyManager[] createKeyManagers(final KeyStore keystore,
final String password) throws KeyStoreException,
NoSuchAlgorithmException, UnrecoverableKeyException {
if (keystore == null) {
throw new IllegalArgumentException("Keystore may not be null");
}
log.debug("Initializing key manager");
KeyManagerFactory kmfactory = KeyManagerFactory
.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmfactory.init(keystore, password != null ? password.toCharArray()
: null);
return kmfactory.getKeyManagers();
}
/**
* Builds a list of {@link TrustManager} from the default
* {@link TrustManagerFactory}.
*
* @param keystore
* Le keystore contenant les certificats
* @see TrustManagerFactory#getInstance(String)
* @see TrustManagerFactory#getTrustManagers()
*/
public static TrustManager[] createTrustManagers(final KeyStore keystore)
throws KeyStoreException, NoSuchAlgorithmException {
if (keystore == null) {
throw new IllegalArgumentException("Keystore may not be null");
}
log.debug("Initializing trust manager");
TrustManagerFactory tmfactory = TrustManagerFactory
.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmfactory.init(keystore);
TrustManager[] trustmanagers = tmfactory.getTrustManagers();
for (int i = 0; i < trustmanagers.length; i++) {
if (trustmanagers[i] instanceof X509TrustManager) {
trustmanagers[i] = (X509TrustManager) trustmanagers[i];
}
}
return trustmanagers;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment