/*
* Gets the SSL server's keystore.
*/
- protected KeyStore getKeystore(String type, String pass)
+ protected KeyStore getKeystore(String type, String provider, String pass)
throws IOException {
String keystoreFile = (String)attributes.get("keystore");
if (keystoreFile == null)
keystoreFile = defaultKeystoreFile;
- return getStore(type, keystoreFile, pass);
+ return getStore(type, provider, keystoreFile, pass);
}
/*
* Gets the SSL server's truststore.
*/
- protected KeyStore getTrustStore(String keystoreType) throws IOException {
+ protected KeyStore getTrustStore(String keystoreType,
+ String keystoreProvider) throws IOException {
KeyStore trustStore = null;
String truststoreFile = (String)attributes.get("truststoreFile");
log.debug("trustType = " + truststoreType);
}
+ String truststoreProvider =
+ (String)attributes.get("truststoreProvider");
+ if( truststoreProvider == null) {
+ truststoreProvider =
+ System.getProperty("javax.net.ssl.trustStoreProvider");
+ }
+ if (truststoreProvider == null) {
+ truststoreProvider = keystoreProvider;
+ }
+ if(log.isDebugEnabled()) {
+ log.debug("trustProvider = " + truststoreProvider);
+ }
+
if (truststoreFile != null && truststorePassword != null){
- trustStore = getStore(truststoreType, truststoreFile,
- truststorePassword);
+ trustStore = getStore(truststoreType, truststoreProvider,
+ truststoreFile, truststorePassword);
}
return trustStore;
/*
* Gets the key- or truststore with the specified type, path, and password.
*/
- private KeyStore getStore(String type, String path, String pass)
- throws IOException {
+ private KeyStore getStore(String type, String provider, String path,
+ String pass) throws IOException {
KeyStore ks = null;
InputStream istream = null;
try {
- ks = KeyStore.getInstance(type);
+ if (provider == null) {
+ ks = KeyStore.getInstance(type);
+ } else {
+ ks = KeyStore.getInstance(type, provider);
+ }
if(!("PKCS11".equalsIgnoreCase(type) ||
"".equalsIgnoreCase(path))) {
File keyStoreFile = new File(path);
keystoreType = defaultKeystoreType;
}
+ String keystoreProvider =
+ (String) attributes.get("keystoreProvider");
+
String trustAlgorithm =
(String)attributes.get("truststoreAlgorithm");
if( trustAlgorithm == null ) {
// Create and init SSLContext
SSLContext context = SSLContext.getInstance(protocol);
- context.init(getKeyManagers(keystoreType, algorithm,
- (String) attributes.get("keyAlias")),
- getTrustManagers(keystoreType, trustAlgorithm),
+ context.init(getKeyManagers(keystoreType, keystoreProvider,
+ algorithm,
+ (String) attributes.get("keyAlias")),
+ getTrustManagers(keystoreType, keystoreProvider,
+ trustAlgorithm),
new SecureRandom());
// create proxy
* Gets the initialized key managers.
*/
protected KeyManager[] getKeyManagers(String keystoreType,
+ String keystoreProvider,
String algorithm,
String keyAlias)
throws Exception {
String keystorePass = getKeystorePassword();
- KeyStore ks = getKeystore(keystoreType, keystorePass);
+ KeyStore ks = getKeystore(keystoreType, keystoreProvider, keystorePass);
if (keyAlias != null && !ks.isKeyEntry(keyAlias)) {
throw new IOException(
sm.getString("jsse.alias_no_key_entry", keyAlias));
* Gets the intialized trust managers.
*/
protected TrustManager[] getTrustManagers(String keystoreType,
- String algorithm) throws Exception {
+ String keystoreProvider, String algorithm)
+ throws Exception {
String crlf = (String) attributes.get("crlFile");
TrustManager[] tms = null;
- String truststoreType = (String) attributes.get("truststoreType");
- if (truststoreType == null) {
- truststoreType = keystoreType;
- }
- KeyStore trustStore = getTrustStore(truststoreType);
+ KeyStore trustStore = getTrustStore(keystoreType, keystoreProvider);
if (trustStore != null) {
if (crlf == null) {
TrustManagerFactory tmf =
If not specified, the default value is "<code>JKS</code>".</p>
</attribute>
+ <attribute name="keystoreProvider" required="false">
+ <p>The name of the keystore provider to be used for the server
+ certificate. If not specified, the list of registered providers is
+ traversed in preference order and the first provider that supports the
+ <code>keystoreType</code> is used.
+ </p>
+ </attribute>
+
<attribute name="sslProtocol" required="false">
<p>The version of the SSL protocol to use. If not specified,
the default is "<code>TLS</code>".</p>
TrustStore then you are using for the KeyStore.</p>
</attribute>
+ <attribute name="truststoreProvider" required="false">
+ <p>The name of the truststore provider to be used for the server
+ certificate. If not specified, the list of registered providers is
+ traversed in preference order and the first provider that supports the
+ <code>truststoreType</code> is used.
+ </p>
+ </attribute>
+
</attributes>
<p>For more information, see the
projects / tomcat7.0 / commitdiff