sslcontextfactorybean.java

apache 的一个socket框架

/*
 *  Licensed to the Apache Software Foundation (ASF) under one
 *  or more contributor license agreements.  See the NOTICE file
 *  distributed with this work for additional information
 *  regarding copyright ownership.  The ASF licenses this file
 *  to you under the Apache License, Version 2.0 (the
 *  "License"); you may not use this file except in compliance
 *  with the License.  You may obtain a copy of the License at
 *  
 *    http://www.apache.org/licenses/LICENSE-2.0
 *  
 *  Unless required by applicable law or agreed to in writing,
 *  software distributed under the License is distributed on an
 *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 *  KIND, either express or implied.  See the License for the
 *  specific language governing permissions and limitations
 *  under the License. 
 *  
 */
package org.apache.mina.integration.spring.ssl;

import java.security.KeyStore;
import java.security.SecureRandom;

import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.ManagerFactoryParameters;

import org.springframework.beans.factory.config.AbstractFactoryBean;
import org.springframework.util.Assert;

/**
 * Spring {@link org.springframework.beans.factory.FactoryBean} implementation 
 * which makes it possible to configure {@link javax.net.ssl.SSLContext} 
 * instances using Spring.
 * <p>
 * If no properties are set the returned {@link javax.net.ssl.SSLContext} will
 * be equivalent to what the following creates:
 * <pre>
 *      SSLContext c = SSLContext.getInstance( "TLS" );
 *      c.init( null, null, null );
 * </pre>
 * </p>
 * <p>
 * Use the properties prefixed with <code>keyManagerFactory</code> to control
 * the creation of the {@link javax.net.ssl.KeyManager} to be used.
 * </p>
 * <p>
 * Use the properties prefixed with <code>trustManagerFactory</code> to control
 * the creation of the {@link javax.net.ssl.TrustManagerFactory} to be used.
 * </p>
 *
 * @author The Apache Directory Project (mina-dev@directory.apache.org)
 * @version $Rev: 555855 $, $Date: 2007-07-13 12:19:00 +0900 (금, 13  7월 2007) $
 */
public class SSLContextFactoryBean extends AbstractFactoryBean {
    private String protocol = "TLS";

    private String provider = null;

    private SecureRandom secureRandom = null;

    private KeyStore keyManagerFactoryKeyStore = null;

    private char[] keyManagerFactoryKeyStorePassword = null;

    private KeyManagerFactory keyManagerFactory = null;

    private String keyManagerFactoryAlgorithm = null;

    private String keyManagerFactoryProvider = null;

    private boolean keyManagerFactoryAlgorithmUseDefault = false;

    private KeyStore trustManagerFactoryKeyStore = null;

    private TrustManagerFactory trustManagerFactory = null;

    private String trustManagerFactoryAlgorithm = null;

    private String trustManagerFactoryProvider = null;

    private boolean trustManagerFactoryAlgorithmUseDefault = false;

    private ManagerFactoryParameters trustManagerFactoryParameters = null;

    protected Object createInstance() throws Exception {
        KeyManagerFactory kmf = this.keyManagerFactory;
        TrustManagerFactory tmf = this.trustManagerFactory;

        if (kmf == null) {
            String algorithm = keyManagerFactoryAlgorithm;
            if (algorithm == null && keyManagerFactoryAlgorithmUseDefault) {
                algorithm = KeyManagerFactory.getDefaultAlgorithm();
            }
            if (algorithm != null) {
                if (keyManagerFactoryProvider == null) {
                    kmf = KeyManagerFactory.getInstance(algorithm);
                } else {
                    kmf = KeyManagerFactory.getInstance(algorithm,
                            keyManagerFactoryProvider);
                }
            }
        }

        if (tmf == null) {
            String algorithm = trustManagerFactoryAlgorithm;
            if (algorithm == null && trustManagerFactoryAlgorithmUseDefault) {
                algorithm = TrustManagerFactory.getDefaultAlgorithm();
            }
            if (algorithm != null) {
                if (trustManagerFactoryProvider == null) {
                    tmf = TrustManagerFactory.getInstance(algorithm);
                } else {
                    tmf = TrustManagerFactory.getInstance(algorithm,
                            trustManagerFactoryProvider);
                }
            }
        }

        KeyManager[] keyManagers = null;
        if (kmf != null) {
            kmf.init(keyManagerFactoryKeyStore,
                    keyManagerFactoryKeyStorePassword);
            keyManagers = kmf.getKeyManagers();
        }
        TrustManager[] trustManagers = null;
        if (tmf != null) {
            if (trustManagerFactoryParameters != null) {
                tmf.init(trustManagerFactoryParameters);
            } else {
                tmf.init(trustManagerFactoryKeyStore);
            }
            trustManagers = tmf.getTrustManagers();
        }

        SSLContext context = null;
        if (provider == null) {
            context = SSLContext.getInstance(protocol);
        } else {
            context = SSLContext.getInstance(protocol, provider);
        }

        context.init(keyManagers, trustManagers, secureRandom);

        return context;
    }

    public Class getObjectType() {
        return SSLContext.class;
    }

    /**
     * Sets the protocol to use when creating the {@link SSLContext}. The
     * default is <code>TLS</code>.
     * 
     * @param protocol the name of the protocol.
     * @throws IllegalArgumentException if the specified value is 
     *         <code>null</code>.
     */
    public void setProtocol(String protocol) {
        Assert.notNull(protocol, "Property 'protocol' may not be null");
        this.protocol = protocol;
    }

    /**
     * If this is set to <code>true</code> while no {@link KeyManagerFactory}
     * has been set using {@link #setKeyManagerFactory(KeyManagerFactory)} and
     * no algorithm has been set using 
     * {@link #setKeyManagerFactoryAlgorithm(String)} the default algorithm
     * return by {@link KeyManagerFactory#getDefaultAlgorithm()} will be used.
     * 
     * @param useDefault <code>true</code> or <code>false</code>.
     */
    public void setKeyManagerFactoryAlgorithmUseDefault(boolean useDefault) {
        this.keyManagerFactoryAlgorithmUseDefault = useDefault;
    }

    /**
     * If this is set to <code>true</code> while no {@link TrustManagerFactory}
     * has been set using {@link #setTrustManagerFactory(TrustManagerFactory)} and
     * no algorithm has been set using 
     * {@link #setTrustManagerFactoryAlgorithm(String)} the default algorithm
     * return by {@link TrustManagerFactory#getDefaultAlgorithm()} will be used.
     * 
     * @param useDefault <code>true</code> or <code>false</code>.
     */
    public void setTrustManagerFactoryAlgorithmUseDefault(boolean useDefault) {
        this.trustManagerFactoryAlgorithmUseDefault = useDefault;
    }

    /**
     * Sets the {@link KeyManagerFactory} to use. If this is set the properties
     * which are used by this factory bean to create a {@link KeyManagerFactory}
     * will all be ignored.
     * 
     * @param factory the factory.
     */
    public void setKeyManagerFactory(KeyManagerFactory factory) {
        this.keyManagerFactory = factory;
    }

    /**
     * Sets the algorithm to use when creating the {@link KeyManagerFactory} 
     * using {@link KeyManagerFactory#getInstance(java.lang.String)} or
     * {@link KeyManagerFactory#getInstance(java.lang.String, java.lang.String)}.
     * <p>
     * This property will be ignored if a {@link KeyManagerFactory} has been
     * set directly using {@link #setKeyManagerFactory(KeyManagerFactory)}.
     * </p>
     * <p>
     * If this property isn't set while no {@link KeyManagerFactory} has been 
     * set using {@link #setKeyManagerFactory(KeyManagerFactory)} and 
     * {@link #setKeyManagerFactoryAlgorithmUseDefault(boolean)} has been set to 
     * <code>true</code> the value returned 
     * by {@link KeyManagerFactory#getDefaultAlgorithm()} will be used instead.
     * </p> 
     * 
     * @param algorithm the algorithm to use.
     */
    public void setKeyManagerFactoryAlgorithm(String algorithm) {
        this.keyManagerFactoryAlgorithm = algorithm;
    }

    /**
     * Sets the provider to use when creating the {@link KeyManagerFactory} 
     * using 
     * {@link KeyManagerFactory#getInstance(java.lang.String, java.lang.String)}.
     * <p>
     * This property will be ignored if a {@link KeyManagerFactory} has been
     * set directly using {@link #setKeyManagerFactory(KeyManagerFactory)}.
     * </p>
     * <p>
     * If this property isn't set and no {@link KeyManagerFactory} has been set
     * using {@link #setKeyManagerFactory(KeyManagerFactory)} 
     * {@link KeyManagerFactory#getInstance(java.lang.String)} will be used
     * to create the {@link KeyManagerFactory}.
     * </p> 
     * 
     * @param provider the name of the provider.
     */
    public void setKeyManagerFactoryProvider(String provider) {
        this.keyManagerFactoryProvider = provider;
    }

    /**
     * Sets the {@link KeyStore} which will be used in the call to 
     * {@link KeyManagerFactory#init(java.security.KeyStore, char[])} when
     * the {@link SSLContext} is created. 
     * 
     * @param keyStore the key store.
     */
    public void setKeyManagerFactoryKeyStore(KeyStore keyStore) {
        this.keyManagerFactoryKeyStore = keyStore;
    }

    /**
     * Sets the password which will be used in the call to 
     * {@link KeyManagerFactory#init(java.security.KeyStore, char[])} when
     * the {@link SSLContext} is created. 
     * 
     * @param password the password. Use <code>null</code> to disable password.
     */
    public void setKeyManagerFactoryKeyStorePassword(String password) {
        if (password != null) {
            this.keyManagerFactoryKeyStorePassword = password.toCharArray();
        } else {
            this.keyManagerFactoryKeyStorePassword = null;
        }
    }

    /**
     * Sets the {@link TrustManagerFactory} to use. If this is set the properties
     * which are used by this factory bean to create a {@link TrustManagerFactory}
     * will all be ignored.
     * 
     * @param factory the factory.
     */
    public void setTrustManagerFactory(TrustManagerFactory factory) {
        this.trustManagerFactory = factory;
    }

    /**
     * Sets the algorithm to use when creating the {@link TrustManagerFactory} 
     * using {@link TrustManagerFactory#getInstance(java.lang.String)} or
     * {@link TrustManagerFactory#getInstance(java.lang.String, java.lang.String)}.
     * <p>
     * This property will be ignored if a {@link TrustManagerFactory} has been
     * set directly using {@link #setTrustManagerFactory(TrustManagerFactory)}.
     * </p>
     * <p>
     * If this property isn't set while no {@link TrustManagerFactory} has been 
     * set using {@link #setTrustManagerFactory(TrustManagerFactory)} and 
     * {@link #setTrustManagerFactoryAlgorithmUseDefault(boolean)} has been set to 
     * <code>true</code> the value returned 
     * by {@link TrustManagerFactory#getDefaultAlgorithm()} will be used instead.
     * </p> 
     * 
     * @param algorithm the algorithm to use.
     */
    public void setTrustManagerFactoryAlgorithm(String algorithm) {
        this.trustManagerFactoryAlgorithm = algorithm;
    }

    /**
     * Sets the {@link KeyStore} which will be used in the call to 
     * {@link TrustManagerFactory#init(java.security.KeyStore)} when
     * the {@link SSLContext} is created. 
     * <p>
     * This property will be ignored if {@link ManagerFactoryParameters} has been
     * set directly using {@link #setTrustManagerFactoryParameters(ManagerFactoryParameters)}.
     * </p>
     * 
     * @param keyStore the key store.
     */
    public void setTrustManagerFactoryKeyStore(KeyStore keyStore) {
        this.trustManagerFactoryKeyStore = keyStore;
    }

    /**
     * Sets the {@link ManagerFactoryParameters} which will be used in the call to
     * {@link TrustManagerFactory#init(javax.net.ssl.ManagerFactoryParameters)} when
     * the {@link SSLContext} is created.
     *  
     * @param parameters describing provider-specific trust material.
     */
    public void setTrustManagerFactoryParameters(
            ManagerFactoryParameters parameters) {
        this.trustManagerFactoryParameters = parameters;
    }

    /**
     * Sets the provider to use when creating the {@link TrustManagerFactory} 
     * using 
     * {@link TrustManagerFactory#getInstance(java.lang.String, java.lang.String)}.
     * <p>
     * This property will be ignored if a {@link TrustManagerFactory} has been
     * set directly using {@link #setTrustManagerFactory(TrustManagerFactory)}.
     * </p>
     * <p>
     * If this property isn't set and no {@link TrustManagerFactory} has been set
     * using {@link #setTrustManagerFactory(TrustManagerFactory)} 
     * {@link TrustManagerFactory#getInstance(java.lang.String)} will be used
     * to create the {@link TrustManagerFactory}.
     * </p> 
     * 
     * @param provider the name of the provider.
     */
    public void setTrustManagerFactoryProvider(String provider) {
        this.trustManagerFactoryProvider = provider;
    }

    /**
     * Sets the {@link SecureRandom} to use when initializing the 
     * {@link SSLContext}. The JVM's default will be used if this isn't set.
     * 
     * @param secureRandom the {@link SecureRandom} or <code>null</code> if the 
     *        JVM's default should be used.
     * @see SSLContext#init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], java.security.SecureRandom)
     */
    public void setSecureRandom(SecureRandom secureRandom) {
        this.secureRandom = secureRandom;
    }

}