Lines 249-268
Link Here
|
249 |
/* |
249 |
/* |
250 |
* Gets the SSL server's keystore. |
250 |
* Gets the SSL server's keystore. |
251 |
*/ |
251 |
*/ |
252 |
protected KeyStore getKeystore(String type, String pass) |
252 |
protected KeyStore getKeystore(String type, String provider, String pass) |
253 |
throws IOException { |
253 |
throws IOException { |
254 |
|
254 |
|
255 |
String keystoreFile = (String)attributes.get("keystore"); |
255 |
String keystoreFile = (String)attributes.get("keystore"); |
256 |
if (keystoreFile == null) |
256 |
if (keystoreFile == null) |
257 |
keystoreFile = defaultKeystoreFile; |
257 |
keystoreFile = defaultKeystoreFile; |
258 |
|
258 |
|
259 |
return getStore(type, keystoreFile, pass); |
259 |
return getStore(type, provider, keystoreFile, pass); |
260 |
} |
260 |
} |
261 |
|
261 |
|
262 |
/* |
262 |
/* |
263 |
* Gets the SSL server's truststore. |
263 |
* Gets the SSL server's truststore. |
264 |
*/ |
264 |
*/ |
265 |
protected KeyStore getTrustStore(String keystoreType) throws IOException { |
265 |
protected KeyStore getTrustStore(String keystoreType, String keystoreProvider) throws IOException { |
266 |
KeyStore trustStore = null; |
266 |
KeyStore trustStore = null; |
267 |
|
267 |
|
268 |
String trustStoreFile = (String)attributes.get("truststoreFile"); |
268 |
String trustStoreFile = (String)attributes.get("truststoreFile"); |
Lines 286-296
Link Here
|
286 |
if(truststoreType == null) { |
286 |
if(truststoreType == null) { |
287 |
truststoreType = keystoreType; |
287 |
truststoreType = keystoreType; |
288 |
} |
288 |
} |
|
|
289 |
String truststoreProvider = (String)attributes.get("truststoreProvider"); |
290 |
if(truststoreProvider == null) { |
291 |
truststoreProvider = keystoreProvider; |
292 |
} |
289 |
if(log.isDebugEnabled()) { |
293 |
if(log.isDebugEnabled()) { |
290 |
log.debug("trustType = " + truststoreType); |
294 |
log.debug("trustType = " + truststoreType); |
291 |
} |
295 |
} |
292 |
if (trustStoreFile != null && trustStorePassword != null){ |
296 |
if (trustStoreFile != null && trustStorePassword != null){ |
293 |
trustStore = getStore(truststoreType, trustStoreFile, |
297 |
trustStore = getStore(truststoreType, truststoreProvider, trustStoreFile, |
294 |
trustStorePassword); |
298 |
trustStorePassword); |
295 |
} |
299 |
} |
296 |
|
300 |
|
Lines 300-313
Link Here
|
300 |
/* |
304 |
/* |
301 |
* Gets the key- or truststore with the specified type, path, and password. |
305 |
* Gets the key- or truststore with the specified type, path, and password. |
302 |
*/ |
306 |
*/ |
303 |
private KeyStore getStore(String type, String path, String pass) |
307 |
private KeyStore getStore(String type, String provider, String path, String pass) |
304 |
throws IOException { |
308 |
throws IOException { |
305 |
|
309 |
|
306 |
KeyStore ks = null; |
310 |
KeyStore ks = null; |
307 |
InputStream istream = null; |
311 |
InputStream istream = null; |
308 |
try { |
312 |
try { |
309 |
ks = KeyStore.getInstance(type); |
313 |
if (provider != null) { |
310 |
if(! "PKCS11".equalsIgnoreCase(type) ) { |
314 |
ks = KeyStore.getInstance(type, provider); |
|
|
315 |
} else { |
316 |
ks = KeyStore.getInstance(type); |
317 |
} |
318 |
if(! "".equalsIgnoreCase(path) ) { |
311 |
File keyStoreFile = new File(path); |
319 |
File keyStoreFile = new File(path); |
312 |
if (!keyStoreFile.isAbsolute()) { |
320 |
if (!keyStoreFile.isAbsolute()) { |
313 |
keyStoreFile = new File(System.getProperty("catalina.base"), |
321 |
keyStoreFile = new File(System.getProperty("catalina.base"), |
Lines 368-373
Link Here
|
368 |
if (keystoreType == null) { |
376 |
if (keystoreType == null) { |
369 |
keystoreType = defaultKeystoreType; |
377 |
keystoreType = defaultKeystoreType; |
370 |
} |
378 |
} |
|
|
379 |
|
380 |
String keystoreProvider = (String) attributes.get("keystoreProvider"); |
371 |
|
381 |
|
372 |
String trustAlgorithm = (String)attributes.get("truststoreAlgorithm"); |
382 |
String trustAlgorithm = (String)attributes.get("truststoreAlgorithm"); |
373 |
if( trustAlgorithm == null ) { |
383 |
if( trustAlgorithm == null ) { |
Lines 375-383
Link Here
|
375 |
} |
385 |
} |
376 |
// Create and init SSLContext |
386 |
// Create and init SSLContext |
377 |
SSLContext context = SSLContext.getInstance(protocol); |
387 |
SSLContext context = SSLContext.getInstance(protocol); |
378 |
context.init(getKeyManagers(keystoreType, algorithm, |
388 |
context.init(getKeyManagers(keystoreType, keystoreProvider, algorithm, |
379 |
(String) attributes.get("keyAlias")), |
389 |
(String) attributes.get("keyAlias")), |
380 |
getTrustManagers(keystoreType, trustAlgorithm), |
390 |
getTrustManagers(keystoreType, keystoreProvider, trustAlgorithm), |
381 |
new SecureRandom()); |
391 |
new SecureRandom()); |
382 |
|
392 |
|
383 |
// create proxy |
393 |
// create proxy |
Lines 399-404
Link Here
|
399 |
* Gets the initialized key managers. |
409 |
* Gets the initialized key managers. |
400 |
*/ |
410 |
*/ |
401 |
protected KeyManager[] getKeyManagers(String keystoreType, |
411 |
protected KeyManager[] getKeyManagers(String keystoreType, |
|
|
412 |
String keystoreProvider, |
402 |
String algorithm, |
413 |
String algorithm, |
403 |
String keyAlias) |
414 |
String keyAlias) |
404 |
throws Exception { |
415 |
throws Exception { |
Lines 407-413
Link Here
|
407 |
|
418 |
|
408 |
String keystorePass = getKeystorePassword(); |
419 |
String keystorePass = getKeystorePassword(); |
409 |
|
420 |
|
410 |
KeyStore ks = getKeystore(keystoreType, keystorePass); |
421 |
KeyStore ks = getKeystore(keystoreType, keystoreProvider, keystorePass); |
411 |
if (keyAlias != null && !ks.isKeyEntry(keyAlias)) { |
422 |
if (keyAlias != null && !ks.isKeyEntry(keyAlias)) { |
412 |
throw new IOException(sm.getString("jsse.alias_no_key_entry", keyAlias)); |
423 |
throw new IOException(sm.getString("jsse.alias_no_key_entry", keyAlias)); |
413 |
} |
424 |
} |
Lines 431-437
Link Here
|
431 |
/** |
442 |
/** |
432 |
* Gets the intialized trust managers. |
443 |
* Gets the intialized trust managers. |
433 |
*/ |
444 |
*/ |
434 |
protected TrustManager[] getTrustManagers(String keystoreType, String algorithm) |
445 |
protected TrustManager[] getTrustManagers(String keystoreType, String keystoreProvider, String algorithm) |
435 |
throws Exception { |
446 |
throws Exception { |
436 |
String crlf = (String) attributes.get("crlFile"); |
447 |
String crlf = (String) attributes.get("crlFile"); |
437 |
|
448 |
|
Lines 441-447
Link Here
|
441 |
if (truststoreType == null) { |
452 |
if (truststoreType == null) { |
442 |
truststoreType = keystoreType; |
453 |
truststoreType = keystoreType; |
443 |
} |
454 |
} |
444 |
KeyStore trustStore = getTrustStore(truststoreType); |
455 |
String truststoreProvider = (String) attributes.get("truststoreProvider"); |
|
|
456 |
if (truststoreProvider == null) { |
457 |
truststoreType = keystoreProvider; |
458 |
} |
459 |
KeyStore trustStore = getTrustStore(truststoreType, truststoreProvider); |
445 |
if (trustStore != null) { |
460 |
if (trustStore != null) { |
446 |
if (crlf == null) { |
461 |
if (crlf == null) { |
447 |
TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm); |
462 |
TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm); |