SSLContextFactoryBean.java
/**
* Logback: the reliable, generic, fast and flexible logging framework.
* Copyright (C) 1999-2015, QOS.ch. All rights reserved.
*
* This program and the accompanying materials are dual-licensed under
* either the terms of the Eclipse Public License v1.0 as published by
* the Eclipse Foundation
*
* or (per the licensee's choosing)
*
* under the terms of the GNU Lesser General Public License version 2.1
* as published by the Free Software Foundation.
*/
package ch.qos.logback.core.net.ssl;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import ch.qos.logback.core.spi.ContextAware;
/**
* A factory bean for a JSSE {@link SSLContext}.
* <p>
* This object holds the configurable properties for an SSL context and uses
* them to create an {@link SSLContext} instance.
*
* @author Carl Harris
*/
public class SSLContextFactoryBean {
private static final String JSSE_KEY_STORE_PROPERTY = "javax.net.ssl.keyStore";
private static final String JSSE_TRUST_STORE_PROPERTY = "javax.net.ssl.trustStore";
private KeyStoreFactoryBean keyStore;
private KeyStoreFactoryBean trustStore;
private SecureRandomFactoryBean secureRandom;
private KeyManagerFactoryFactoryBean keyManagerFactory;
private TrustManagerFactoryFactoryBean trustManagerFactory;
private String protocol;
private String provider;
/**
* Creates a new {@link SSLContext} using the receiver's configuration.
*
* @param context context for status messages
* @return {@link SSLContext} object
* @throws NoSuchProviderException if a provider specified for one of the JCA
* or JSSE components utilized in creating the
* context is not known to the platform
* @throws NoSuchAlgorithmException if a JCA or JSSE algorithm, protocol, or
* type name specified for one of the
* context's components is not known to a
* given provider (or platform default
* provider for the component)
* @throws KeyManagementException if an error occurs in creating a
* {@link KeyManager} for the context
* @throws UnrecoverableKeyException if a private key needed by a
* {@link KeyManager} cannot be obtained from
* a key store
* @throws KeyStoreException if an error occurs in reading the contents
* of a key store
* @throws CertificateException if an error occurs in reading the contents
* of a certificate
*/
public SSLContext createContext(ContextAware context) throws NoSuchProviderException, NoSuchAlgorithmException,
KeyManagementException, UnrecoverableKeyException, KeyStoreException, CertificateException {
SSLContext sslContext = getProvider() != null ? SSLContext.getInstance(getProtocol(), getProvider())
: SSLContext.getInstance(getProtocol());
context.addInfo("SSL protocol '" + sslContext.getProtocol() + "' provider '" + sslContext.getProvider() + "'");
KeyManager[] keyManagers = createKeyManagers(context);
TrustManager[] trustManagers = createTrustManagers(context);
SecureRandom secureRandom = createSecureRandom(context);
sslContext.init(keyManagers, trustManagers, secureRandom);
return sslContext;
}
/**
* Creates key managers using the receiver's key store configuration.
*
* @param context context for status messages
* @return an array of key managers or {@code null} if no key store
* configuration was provided
* @throws NoSuchProviderException if a provider specified for one of the key
* manager components is not known to the
* platform
* @throws NoSuchAlgorithmException if an algorithm specified for one of the key
* manager components is not known to the
* relevant provider
* @throws KeyStoreException if an error occurs in reading a key store
*/
private KeyManager[] createKeyManagers(ContextAware context)
throws NoSuchProviderException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException {
if (getKeyStore() == null)
return null;
KeyStore keyStore = getKeyStore().createKeyStore();
context.addInfo("key store of type '" + keyStore.getType() + "' provider '" + keyStore.getProvider() + "': "
+ getKeyStore().getLocation());
KeyManagerFactory kmf = getKeyManagerFactory().createKeyManagerFactory();
context.addInfo("key manager algorithm '" + kmf.getAlgorithm() + "' provider '" + kmf.getProvider() + "'");
char[] passphrase = getKeyStore().getPassword().toCharArray();
kmf.init(keyStore, passphrase);
return kmf.getKeyManagers();
}
/**
* Creates trust managers using the receiver's trust store configuration.
*
* @param context context for status messages
* @return an array of trust managers or {@code null} if no trust store
* configuration was provided
* @throws NoSuchProviderException if a provider specified for one of the trust
* manager components is not known to the
* platform
* @throws NoSuchAlgorithmException if an algorithm specified for one of the
* trust manager components is not known to the
* relevant provider
* @throws KeyStoreException if an error occurs in reading a key store
* containing trust anchors
*/
private TrustManager[] createTrustManagers(ContextAware context)
throws NoSuchProviderException, NoSuchAlgorithmException, KeyStoreException {
if (getTrustStore() == null)
return null;
KeyStore trustStore = getTrustStore().createKeyStore();
context.addInfo("trust store of type '" + trustStore.getType() + "' provider '" + trustStore.getProvider()
+ "': " + getTrustStore().getLocation());
TrustManagerFactory tmf = getTrustManagerFactory().createTrustManagerFactory();
context.addInfo("trust manager algorithm '" + tmf.getAlgorithm() + "' provider '" + tmf.getProvider() + "'");
tmf.init(trustStore);
return tmf.getTrustManagers();
}
private SecureRandom createSecureRandom(ContextAware context)
throws NoSuchProviderException, NoSuchAlgorithmException {
SecureRandom secureRandom = getSecureRandom().createSecureRandom();
context.addInfo("secure random algorithm '" + secureRandom.getAlgorithm() + "' provider '"
+ secureRandom.getProvider() + "'");
return secureRandom;
}
/**
* Gets the key store configuration.
*
* @return key store factory bean or {@code null} if no key store configuration
* was provided
*/
public KeyStoreFactoryBean getKeyStore() {
if (keyStore == null) {
keyStore = keyStoreFromSystemProperties(JSSE_KEY_STORE_PROPERTY);
}
return keyStore;
}
/**
* Sets the key store configuration.
*
* @param keyStore the key store factory bean to set
*/
public void setKeyStore(KeyStoreFactoryBean keyStore) {
this.keyStore = keyStore;
}
/**
* Gets the trust store configuration.
*
* @return trust store factory bean or {@code null} if no trust store
* configuration was provided
*/
public KeyStoreFactoryBean getTrustStore() {
if (trustStore == null) {
trustStore = keyStoreFromSystemProperties(JSSE_TRUST_STORE_PROPERTY);
}
return trustStore;
}
/**
* Sets the trust store configuration.
*
* @param trustStore the trust store factory bean to set
*/
public void setTrustStore(KeyStoreFactoryBean trustStore) {
this.trustStore = trustStore;
}
/**
* Constructs a key store factory bean using JSSE system properties.
*
* @param property base property name (e.g. {@code javax.net.ssl.keyStore})
* @return key store or {@code null} if no value is defined for the base system
* property name
*/
private KeyStoreFactoryBean keyStoreFromSystemProperties(String property) {
if (System.getProperty(property) == null)
return null;
KeyStoreFactoryBean keyStore = new KeyStoreFactoryBean();
keyStore.setLocation(locationFromSystemProperty(property));
keyStore.setProvider(System.getProperty(property + "Provider"));
keyStore.setPassword(System.getProperty(property + "Password"));
keyStore.setType(System.getProperty(property + "Type"));
return keyStore;
}
/**
* Constructs a resource location from a JSSE system property.
*
* @param name property name (e.g. {@code javax.net.ssl.keyStore})
* @return URL for the location specified in the property or {@code null} if no
* value is defined for the property
*/
private String locationFromSystemProperty(String name) {
String location = System.getProperty(name);
if (location != null && !location.startsWith("file:")) {
location = "file:" + location;
}
return location;
}
/**
* Gets the secure random generator configuration.
*
* @return secure random factory bean; if no secure random generator
* configuration has been set, a default factory bean is returned
*/
public SecureRandomFactoryBean getSecureRandom() {
if (secureRandom == null) {
return new SecureRandomFactoryBean();
}
return secureRandom;
}
/**
* Sets the secure random generator configuration.
*
* @param secureRandom the secure random factory bean to set
*/
public void setSecureRandom(SecureRandomFactoryBean secureRandom) {
this.secureRandom = secureRandom;
}
/**
* Gets the key manager factory configuration.
*
* @return factory bean; if no key manager factory configuration has been set, a
* default factory bean is returned
*/
public KeyManagerFactoryFactoryBean getKeyManagerFactory() {
if (keyManagerFactory == null) {
return new KeyManagerFactoryFactoryBean();
}
return keyManagerFactory;
}
/**
* Sets the key manager factory configuration.
*
* @param keyManagerFactory the key manager factory bean to set
*/
public void setKeyManagerFactory(KeyManagerFactoryFactoryBean keyManagerFactory) {
this.keyManagerFactory = keyManagerFactory;
}
/**
* Gets the trust manager factory configuration.
*
* @return factory bean; if no trust manager factory configuration has been set,
* a default factory bean is returned
*/
public TrustManagerFactoryFactoryBean getTrustManagerFactory() {
if (trustManagerFactory == null) {
return new TrustManagerFactoryFactoryBean();
}
return trustManagerFactory;
}
/**
* Sets the trust manager factory configuration.
*
* @param trustManagerFactory the factory bean to set
*/
public void setTrustManagerFactory(TrustManagerFactoryFactoryBean trustManagerFactory) {
this.trustManagerFactory = trustManagerFactory;
}
/**
* Gets the secure transport protocol name.
*
* @return protocol name (e.g. {@code SSL}, {@code TLS}); the
* {@link SSL#DEFAULT_PROTOCOL} is returned if no protocol has been
* configured
*/
public String getProtocol() {
if (protocol == null) {
return SSL.DEFAULT_PROTOCOL;
}
return protocol;
}
/**
* Sets the secure transport protocol name.
*
* @param protocol a protocol name, which must be recognized by the provider
* specified by {@link #setProvider(String)} or by the
* platform's default provider if no platform was specified.
*/
public void setProtocol(String protocol) {
this.protocol = protocol;
}
/**
* Gets the JSSE provider name for the SSL context.
*
* @return JSSE provider name
*/
public String getProvider() {
return provider;
}
/**
* Sets the JSSE provider name for the SSL context.
*
* @param provider name of the JSSE provider to use in creating the SSL context
*/
public void setProvider(String provider) {
this.provider = provider;
}
}