/// <summary>Initializes the keystores of the factory.</summary>
/// <param name="mode">if the keystores are to be used in client or server mode.</param>
/// <exception cref="System.IO.IOException">
/// thrown if the keystores could not be initialized due
/// to an IO error.
/// </exception>
/// <exception cref="GeneralSecurityException">
/// thrown if the keystores could not be
/// initialized due to a security error.
/// </exception>
public virtual void Init(SSLFactory.Mode mode)
{
bool requireClientCert = conf.GetBoolean(SSLFactory.SslRequireClientCertKey, SSLFactory
.DefaultSslRequireClientCert);
// certificate store
string keystoreType = conf.Get(ResolvePropertyName(mode, SslKeystoreTypeTplKey),
DefaultKeystoreType);
KeyStore keystore = KeyStore.GetInstance(keystoreType);
string keystoreKeyPassword = null;
if (requireClientCert || mode == SSLFactory.Mode.Server)
{
string locationProperty = ResolvePropertyName(mode, SslKeystoreLocationTplKey);
string keystoreLocation = conf.Get(locationProperty, string.Empty);
if (keystoreLocation.IsEmpty())
{
throw new GeneralSecurityException("The property '" + locationProperty + "' has not been set in the ssl configuration file."
);
}
string passwordProperty = ResolvePropertyName(mode, SslKeystorePasswordTplKey);
string keystorePassword = GetPassword(conf, passwordProperty, string.Empty);
if (keystorePassword.IsEmpty())
{
throw new GeneralSecurityException("The property '" + passwordProperty + "' has not been set in the ssl configuration file."
);
}
string keyPasswordProperty = ResolvePropertyName(mode, SslKeystoreKeypasswordTplKey
);
// Key password defaults to the same value as store password for
// compatibility with legacy configurations that did not use a separate
// configuration property for key password.
keystoreKeyPassword = GetPassword(conf, keyPasswordProperty, keystorePassword);
Log.Debug(mode.ToString() + " KeyStore: " + keystoreLocation);
InputStream @is = new FileInputStream(keystoreLocation);
try
{
keystore.Load(@is, keystorePassword.ToCharArray());
}
finally
{
@is.Close();
}
Log.Debug(mode.ToString() + " Loaded KeyStore: " + keystoreLocation);
}
else
{
keystore.Load(null, null);
}
KeyManagerFactory keyMgrFactory = KeyManagerFactory.GetInstance(SSLFactory.Sslcertificate
);
keyMgrFactory.Init(keystore, (keystoreKeyPassword != null) ? keystoreKeyPassword.
ToCharArray() : null);
keyManagers = keyMgrFactory.GetKeyManagers();
//trust store
string truststoreType = conf.Get(ResolvePropertyName(mode, SslTruststoreTypeTplKey
), DefaultKeystoreType);
string locationProperty_1 = ResolvePropertyName(mode, SslTruststoreLocationTplKey
);
string truststoreLocation = conf.Get(locationProperty_1, string.Empty);
if (!truststoreLocation.IsEmpty())
{
string passwordProperty = ResolvePropertyName(mode, SslTruststorePasswordTplKey);
string truststorePassword = GetPassword(conf, passwordProperty, string.Empty);
if (truststorePassword.IsEmpty())
{
throw new GeneralSecurityException("The property '" + passwordProperty + "' has not been set in the ssl configuration file."
);
}
long truststoreReloadInterval = conf.GetLong(ResolvePropertyName(mode, SslTruststoreReloadIntervalTplKey
), DefaultSslTruststoreReloadInterval);
Log.Debug(mode.ToString() + " TrustStore: " + truststoreLocation);
trustManager = new ReloadingX509TrustManager(truststoreType, truststoreLocation,
truststorePassword, truststoreReloadInterval);
trustManager.Init();
Log.Debug(mode.ToString() + " Loaded TrustStore: " + truststoreLocation);
trustManagers = new TrustManager[] { trustManager };
}
else
{
Log.Debug("The property '" + locationProperty_1 + "' has not been set, " + "no TrustStore will be loaded"
);
trustManagers = null;
}
}
public static string ResolvePropertyName(SSLFactory.Mode mode, string template)
{
return(MessageFormat.Format(template, StringUtils.ToLowerCase(mode.ToString())));
}
