You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hc.apache.org by ol...@apache.org on 2011/10/08 13:50:02 UTC
svn commit: r1180360 -
/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/conn/SchemeRegistryFactory.java
Author: olegk
Date: Sat Oct 8 11:50:01 2011
New Revision: 1180360
URL: http://svn.apache.org/viewvc?rev=1180360&view=rev
Log:
Added method to SchemeRegistryFactory to initialize default scheme registry using system properties
Modified:
httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/conn/SchemeRegistryFactory.java
Modified: httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/conn/SchemeRegistryFactory.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/conn/SchemeRegistryFactory.java?rev=1180360&r1=1180359&r2=1180360&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/conn/SchemeRegistryFactory.java (original)
+++ httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/conn/SchemeRegistryFactory.java Sat Oct 8 11:50:01 2011
@@ -26,6 +26,16 @@
*/
package org.apache.http.impl.conn;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManagerFactory;
+
import org.apache.http.annotation.ThreadSafe;
import org.apache.http.conn.scheme.PlainSocketFactory;
import org.apache.http.conn.scheme.Scheme;
@@ -38,6 +48,10 @@ import org.apache.http.conn.ssl.SSLSocke
@ThreadSafe
public final class SchemeRegistryFactory {
+ /**
+ * Initializes default scheme registry based on JSSE defaults. System properties will
+ * not be taken into consideration.
+ */
public static SchemeRegistry createDefault() {
SchemeRegistry registry = new SchemeRegistry();
registry.register(
@@ -47,5 +61,128 @@ public final class SchemeRegistryFactory
return registry;
}
+ private final static char[] EMPTY_PASSWORD = "".toCharArray();
+
+ /**
+ * Initializes default scheme registry using system properties as described in
+ * <a href="http://download.oracle.com/javase/1,5.0/docs/guide/security/jsse/JSSERefGuide.html">
+ * "JavaTM Secure Socket Extension (JSSE) Reference Guide for the JavaTM 2 Platform
+ * Standard Edition 5</a>
+ *
+ * @since 4.2
+ */
+ public static SchemeRegistry createSystemDefault() throws IOException, GeneralSecurityException {
+ SchemeRegistry registry = new SchemeRegistry();
+ registry.register(
+ new Scheme("http", 80, PlainSocketFactory.getSocketFactory()));
+
+ TrustManagerFactory tmfactory = null;
+
+ String trustAlgorithm = System.getProperty("ssl.TrustManagerFactory.algorithm");
+ if (trustAlgorithm == null) {
+ trustAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
+ }
+ String trustStoreType = System.getProperty("javax.net.ssl.trustStoreType");
+ if (trustStoreType == null) {
+ trustStoreType = KeyStore.getDefaultType();
+ }
+ if ("none".equalsIgnoreCase(trustStoreType)) {
+ tmfactory = TrustManagerFactory.getInstance(trustAlgorithm);
+ } else {
+ File trustStoreFile = null;
+ String s = System.getProperty("javax.net.ssl.trustStore");
+ if (s != null) {
+ trustStoreFile = new File(s);
+ tmfactory = TrustManagerFactory.getInstance(trustAlgorithm);
+ String trustStoreProvider = System.getProperty("javax.net.ssl.trustStoreProvider");
+ KeyStore trustStore;
+ if (trustStoreProvider != null) {
+ trustStore = KeyStore.getInstance(trustStoreType, trustStoreProvider);
+ } else {
+ trustStore = KeyStore.getInstance(trustStoreType);
+ }
+ String trustStorePassword = System.getProperty("javax.net.ssl.trustStorePassword");
+ FileInputStream instream = new FileInputStream(trustStoreFile);
+ try {
+ trustStore.load(instream, trustStorePassword != null ?
+ trustStorePassword.toCharArray() : EMPTY_PASSWORD);
+ } finally {
+ instream.close();
+ }
+ tmfactory.init(trustStore);
+ } else {
+ File javaHome = new File(System.getProperty("java.home"));
+ File file = new File(javaHome, "lib/security/jssecacerts");
+ if (!file.exists()) {
+ file = new File(javaHome, "lib/security/cacerts");
+ trustStoreFile = file;
+ } else {
+ trustStoreFile = file;
+ }
+ tmfactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+ KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
+ String trustStorePassword = System.getProperty("javax.net.ssl.trustStorePassword");
+ if (trustStorePassword == null) {
+ trustStorePassword = "changeit";
+ }
+ FileInputStream instream = new FileInputStream(trustStoreFile);
+ try {
+ trustStore.load(instream, trustStorePassword.toCharArray());
+ } finally {
+ instream.close();
+ }
+ tmfactory.init(trustStore);
+ }
+ }
+
+ KeyManagerFactory kmfactory = null;
+ String keyAlgorithm = System.getProperty("ssl.KeyManagerFactory.algorithm");
+ if (keyAlgorithm == null) {
+ keyAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
+ }
+ String keyStoreType = System.getProperty("javax.net.ssl.keyStoreType");
+ if (keyStoreType == null) {
+ keyStoreType = KeyStore.getDefaultType();
+ }
+ if ("none".equalsIgnoreCase(keyStoreType)) {
+ kmfactory = KeyManagerFactory.getInstance(keyAlgorithm);
+ } else {
+ File keyStoreFile = null;
+ String s = System.getProperty("javax.net.ssl.keyStore");
+ if (s != null) {
+ keyStoreFile = new File(s);
+ }
+ if (keyStoreFile != null) {
+ kmfactory = KeyManagerFactory.getInstance(keyAlgorithm);
+ String keyStoreProvider = System.getProperty("javax.net.ssl.keyStoreProvider");
+ KeyStore keyStore;
+ if (keyStoreProvider != null) {
+ keyStore = KeyStore.getInstance(keyStoreType, keyStoreProvider);
+ } else {
+ keyStore = KeyStore.getInstance(keyStoreType);
+ }
+ String keyStorePassword = System.getProperty("javax.net.ssl.keyStorePassword");
+ FileInputStream instream = new FileInputStream(keyStoreFile);
+ try {
+ keyStore.load(instream, keyStorePassword != null ?
+ keyStorePassword.toCharArray() : EMPTY_PASSWORD);
+ } finally {
+ instream.close();
+ }
+ kmfactory.init(keyStore, keyStorePassword != null ?
+ keyStorePassword.toCharArray() : EMPTY_PASSWORD);
+ }
+ }
+
+ SSLContext sslcontext = SSLContext.getInstance("TLS");
+ sslcontext.init(
+ kmfactory != null ? kmfactory.getKeyManagers() : null,
+ tmfactory != null ? tmfactory.getTrustManagers() : null,
+ null);
+
+ registry.register(
+ new Scheme("https", 443, new SSLSocketFactory(sslcontext)));
+ return registry;
+ }
}