sslcontextfactory.java

mina是以Java实现的一个开源的网络程序框架

/*
 *  Licensed to the Apache Software Foundation (ASF) under one
 *  or more contributor license agreements.  See the NOTICE file
 *  distributed with this work for additional information
 *  regarding copyright ownership.  The ASF licenses this file
 *  to you under the Apache License, Version 2.0 (the
 *  "License"); you may not use this file except in compliance
 *  with the License.  You may obtain a copy of the License at
 *
 *    http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing,
 *  software distributed under the License is distributed on an
 *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 *  KIND, either express or implied.  See the License for the
 *  specific language governing permissions and limitations
 *  under the License.
 *
 */
package org.apache.mina.filter.ssl;

import java.security.KeyStore;
import java.security.SecureRandom;

import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;

/**
 * A factory that creates and configures a new {@link SSLContext}.
 * <p>
 * If no properties are set the returned {@link SSLContext} will
 * be equivalent to what the following creates:
 * <pre>
 *      SSLContext c = SSLContext.getInstance( "TLS" );
 *      c.init(null, null, null);
 * </pre>
 * </p>
 * <p>
 * Use the properties prefixed with <code>keyManagerFactory</code> to control
 * the creation of the {@link KeyManager} to be used.
 * </p>
 * <p>
 * Use the properties prefixed with <code>trustManagerFactory</code> to control
 * the creation of the {@link TrustManagerFactory} to be used.
 * </p>
 *
 * @author The Apache MINA Project (dev@mina.apache.org)
 * @version $Rev: 636238 $, $Date: 2008-03-12 08:36:04 +0100 (Wed, 12 Mar 2008) $
 */
public class SslContextFactory {
    
    private String provider = null;
    private String protocol = "TLS";
    private SecureRandom secureRandom = null;
    private KeyStore keyManagerFactoryKeyStore = null;
    private char[] keyManagerFactoryKeyStorePassword = null;
    private KeyManagerFactory keyManagerFactory = null;
    private String keyManagerFactoryAlgorithm = null;
    private String keyManagerFactoryProvider = null;
    private boolean keyManagerFactoryAlgorithmUseDefault = true;
    private KeyStore trustManagerFactoryKeyStore = null;
    private TrustManagerFactory trustManagerFactory = null;
    private String trustManagerFactoryAlgorithm = null;
    private String trustManagerFactoryProvider = null;
    private boolean trustManagerFactoryAlgorithmUseDefault = true;
    private ManagerFactoryParameters trustManagerFactoryParameters = null;
    private int clientSessionCacheSize = -1;
    private int clientSessionTimeout = -1;
    private int serverSessionCacheSize = -1;
    private int serverSessionTimeout = -1;

    public SSLContext newInstance() throws Exception {
        KeyManagerFactory kmf = this.keyManagerFactory;
        TrustManagerFactory tmf = this.trustManagerFactory;

        if (kmf == null) {
            String algorithm = keyManagerFactoryAlgorithm;
            if (algorithm == null && keyManagerFactoryAlgorithmUseDefault) {
                algorithm = KeyManagerFactory.getDefaultAlgorithm();
            }
            if (algorithm != null) {
                if (keyManagerFactoryProvider == null) {
                    kmf = KeyManagerFactory.getInstance(algorithm);
                } else {
                    kmf = KeyManagerFactory.getInstance(algorithm,
                            keyManagerFactoryProvider);
                }
            }
        }

        if (tmf == null) {
            String algorithm = trustManagerFactoryAlgorithm;
            if (algorithm == null && trustManagerFactoryAlgorithmUseDefault) {
                algorithm = TrustManagerFactory.getDefaultAlgorithm();
            }
            if (algorithm != null) {
                if (trustManagerFactoryProvider == null) {
                    tmf = TrustManagerFactory.getInstance(algorithm);
                } else {
                    tmf = TrustManagerFactory.getInstance(algorithm,
                            trustManagerFactoryProvider);
                }
            }
        }

        KeyManager[] keyManagers = null;
        if (kmf != null) {
            kmf.init(keyManagerFactoryKeyStore,
                    keyManagerFactoryKeyStorePassword);
            keyManagers = kmf.getKeyManagers();
        }
        TrustManager[] trustManagers = null;
        if (tmf != null) {
            if (trustManagerFactoryParameters != null) {
                tmf.init(trustManagerFactoryParameters);
            } else {
                tmf.init(trustManagerFactoryKeyStore);
            }
            trustManagers = tmf.getTrustManagers();
        }

        SSLContext context = null;
        if (provider == null) {
            context = SSLContext.getInstance(protocol);
        } else {
            context = SSLContext.getInstance(protocol, provider);
        }

        context.init(keyManagers, trustManagers, secureRandom);

        if (clientSessionCacheSize >= 0) {
            context.getClientSessionContext().setSessionCacheSize(
                    clientSessionCacheSize);
        }

        if (clientSessionTimeout >= 0) {
            context.getClientSessionContext().setSessionTimeout(
                    clientSessionTimeout);
        }

        if (serverSessionCacheSize >= 0) {
            context.getServerSessionContext().setSessionCacheSize(
                    serverSessionCacheSize);
        }

        if (serverSessionTimeout >= 0) {
            context.getServerSessionContext().setSessionTimeout(
                    serverSessionTimeout);
        }

        return context;
    }

    /**
     * Sets the provider of the new {@link SSLContext}. The default value is
     * <tt>null</tt>, which means the default provider will be used.
     * 
     * @param provider the name of the {@link SSLContext} provider
     */
    public void setProvider(String provider) {
        this.provider = provider;
    }

    /**
     * Sets the protocol to use when creating the {@link SSLContext}. The
     * default is <code>TLS</code>.
     *
     * @param protocol the name of the protocol.
     */
    public void setProtocol(String protocol) {
        if (protocol == null) {
            throw new NullPointerException("protocol");
        }
        this.protocol = protocol;
    }

    /**
     * If this is set to <code>true</code> while no {@link KeyManagerFactory}
     * has been set using {@link #setKeyManagerFactory(KeyManagerFactory)} and
     * no algorithm has been set using
     * {@link #setKeyManagerFactoryAlgorithm(String)} the default algorithm
     * return by {@link KeyManagerFactory#getDefaultAlgorithm()} will be used.
     * The default value of this property is <tt>true<tt/>.
     *
     * @param useDefault
     *            <code>true</code> or <code>false</code>.
     */
    public void setKeyManagerFactoryAlgorithmUseDefault(boolean useDefault) {
        this.keyManagerFactoryAlgorithmUseDefault = useDefault;
    }

    /**
     * If this is set to <code>true</code> while no {@link TrustManagerFactory}
     * has been set using {@link #setTrustManagerFactory(TrustManagerFactory)} and
     * no algorithm has been set using
     * {@link #setTrustManagerFactoryAlgorithm(String)} the default algorithm
     * return by {@link TrustManagerFactory#getDefaultAlgorithm()} will be used.
     * The default value of this property is <tt>true<tt/>.
     *
     * @param useDefault <code>true</code> or <code>false</code>.
     */
    public void setTrustManagerFactoryAlgorithmUseDefault(boolean useDefault) {
        this.trustManagerFactoryAlgorithmUseDefault = useDefault;
    }

    /**
     * Sets the {@link KeyManagerFactory} to use. If this is set the properties
     * which are used by this factory bean to create a {@link KeyManagerFactory}