/// <summary>Initializes the keystores of the factory.</summary> /// <param name="mode">if the keystores are to be used in client or server mode.</param> /// <exception cref="System.IO.IOException"> /// thrown if the keystores could not be initialized due /// to an IO error. /// </exception> /// <exception cref="GeneralSecurityException"> /// thrown if the keystores could not be /// initialized due to a security error. /// </exception> public virtual void Init(SSLFactory.Mode mode) { bool requireClientCert = conf.GetBoolean(SSLFactory.SslRequireClientCertKey, SSLFactory .DefaultSslRequireClientCert); // certificate store string keystoreType = conf.Get(ResolvePropertyName(mode, SslKeystoreTypeTplKey), DefaultKeystoreType); KeyStore keystore = KeyStore.GetInstance(keystoreType); string keystoreKeyPassword = null; if (requireClientCert || mode == SSLFactory.Mode.Server) { string locationProperty = ResolvePropertyName(mode, SslKeystoreLocationTplKey); string keystoreLocation = conf.Get(locationProperty, string.Empty); if (keystoreLocation.IsEmpty()) { throw new GeneralSecurityException("The property '" + locationProperty + "' has not been set in the ssl configuration file." ); } string passwordProperty = ResolvePropertyName(mode, SslKeystorePasswordTplKey); string keystorePassword = GetPassword(conf, passwordProperty, string.Empty); if (keystorePassword.IsEmpty()) { throw new GeneralSecurityException("The property '" + passwordProperty + "' has not been set in the ssl configuration file." ); } string keyPasswordProperty = ResolvePropertyName(mode, SslKeystoreKeypasswordTplKey ); // Key password defaults to the same value as store password for // compatibility with legacy configurations that did not use a separate // configuration property for key password. keystoreKeyPassword = GetPassword(conf, keyPasswordProperty, keystorePassword); Log.Debug(mode.ToString() + " KeyStore: " + keystoreLocation); InputStream @is = new FileInputStream(keystoreLocation); try { keystore.Load(@is, keystorePassword.ToCharArray()); } finally { @is.Close(); } Log.Debug(mode.ToString() + " Loaded KeyStore: " + keystoreLocation); } else { keystore.Load(null, null); } KeyManagerFactory keyMgrFactory = KeyManagerFactory.GetInstance(SSLFactory.Sslcertificate ); keyMgrFactory.Init(keystore, (keystoreKeyPassword != null) ? keystoreKeyPassword. ToCharArray() : null); keyManagers = keyMgrFactory.GetKeyManagers(); //trust store string truststoreType = conf.Get(ResolvePropertyName(mode, SslTruststoreTypeTplKey ), DefaultKeystoreType); string locationProperty_1 = ResolvePropertyName(mode, SslTruststoreLocationTplKey ); string truststoreLocation = conf.Get(locationProperty_1, string.Empty); if (!truststoreLocation.IsEmpty()) { string passwordProperty = ResolvePropertyName(mode, SslTruststorePasswordTplKey); string truststorePassword = GetPassword(conf, passwordProperty, string.Empty); if (truststorePassword.IsEmpty()) { throw new GeneralSecurityException("The property '" + passwordProperty + "' has not been set in the ssl configuration file." ); } long truststoreReloadInterval = conf.GetLong(ResolvePropertyName(mode, SslTruststoreReloadIntervalTplKey ), DefaultSslTruststoreReloadInterval); Log.Debug(mode.ToString() + " TrustStore: " + truststoreLocation); trustManager = new ReloadingX509TrustManager(truststoreType, truststoreLocation, truststorePassword, truststoreReloadInterval); trustManager.Init(); Log.Debug(mode.ToString() + " Loaded TrustStore: " + truststoreLocation); trustManagers = new TrustManager[] { trustManager }; } else { Log.Debug("The property '" + locationProperty_1 + "' has not been set, " + "no TrustStore will be loaded" ); trustManagers = null; } }
public static string ResolvePropertyName(SSLFactory.Mode mode, string template) { return(MessageFormat.Format(template, StringUtils.ToLowerCase(mode.ToString()))); }