package com.lz.util;
import com.lz.client.model.MyClientConfig;
import javax.net.ssl.*;
import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
public class SSLContextUtil {
private static SSLContext configureSsl(String keystorePath,
String keystorePass,
String truststorePath,
String truststorePass) throws Exception {
// Create a trust manager that does not validate certificate chains
TrustManager[] trustManagers = null;
if (truststorePath == null || truststorePass == null) {
trustManagers = new TrustManager[] {new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(X509Certificate[] certs, String authType) {
}
}};
} else {
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
File ts = new File(truststorePath);
System.out.println("Reading trust store at " + ts.getAbsolutePath());
FileInputStream fin = new FileInputStream(ts);
ks.load(fin, truststorePass.toCharArray());
fin.close();
TrustManagerFactory kmf = TrustManagerFactory.getInstance(
TrustManagerFactory.getDefaultAlgorithm());
kmf.init(ks);
trustManagers = kmf.getTrustManagers();
for (TrustManager trustManager : trustManagers) {
System.out.println("CONFIGURED TRUST MANAGER:" + trustManager);
}
}
KeyManager[] keyManagers = null;
if (keystorePath != null && keystorePass != null) {
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
File keys = new File(keystorePath);
System.out.println("Reading key store at " + keys.getAbsolutePath());
FileInputStream fin = new FileInputStream(keys);
ks.load(fin, keystorePass.toCharArray());
fin.close();
KeyManagerFactory kmf = KeyManagerFactory.getInstance(
KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, keystorePass.toCharArray());
keyManagers = kmf.getKeyManagers();
for (KeyManager keyManager : keyManagers) {
System.out.println("CONFIGURED KEY MANAGER:" + keyManager);
}
}
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(keyManagers, trustManagers, new java.security.SecureRandom());
return sc;
}
public static SSLContext createSslContext(MyClientConfig config) throws Exception {
return configureSsl(config.getKeystorePath(), config.getKeystorePass(),
config.getTruststorePath(), config.getTruststorePass());
}
}