View Javadoc

1   /*
2    * Copyright 2005-2012 the original author or authors.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.springframework.ws.soap.security.support;
18  
19  import java.io.File;
20  import java.io.IOException;
21  import java.security.GeneralSecurityException;
22  import java.security.KeyStore;
23  
24  import org.springframework.core.io.FileSystemResource;
25  import org.springframework.core.io.Resource;
26  import org.springframework.util.StringUtils;
27  
28  /**
29   * Generic utility methods for dealing with [email protected] KeyStore} objects.
30   *
31   * @author Arjen Poutsma
32   * @since 1.5.0
33   */
34  public abstract class KeyStoreUtils {
35  
36      /**
37       * Loads the key store indicated by system properties. This method tries to load a key store by consulting the
38       * following system properties:<code>javax.net.ssl.keyStore</code>, <code>javax.net.ssl.keyStorePassword</code>, and
39       * <code>javax.net.ssl.keyStoreType</code>.
40       * <p/>
41       * If these properties specify a file with an appropriate password, the factory uses this file for the key store. If
42       * that file does not exist, then a default, empty keystore is created.
43       * <p/>
44       * This behavior corresponds to the standard J2SDK behavior for SSL key stores.
45       *
46       * @see <a href="http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html#X509KeyManager">The
47       *      standard J2SDK SSL key store mechanism</a>
48       */
49      public static KeyStore loadDefaultKeyStore() throws GeneralSecurityException, IOException {
50          Resource location = null;
51          String type = null;
52          String password = null;
53          String locationProperty = System.getProperty("javax.net.ssl.keyStore");
54          if (StringUtils.hasLength(locationProperty)) {
55              File f = new File(locationProperty);
56              if (f.exists() && f.isFile() && f.canRead()) {
57                  location = new FileSystemResource(f);
58              }
59              String passwordProperty = System.getProperty("javax.net.ssl.keyStorePassword");
60              if (StringUtils.hasLength(passwordProperty)) {
61                  password = passwordProperty;
62              }
63              type = System.getProperty("javax.net.ssl.keyStoreType");
64          }
65          // use the factory bean here, easier to setup
66          KeyStoreFactoryBean factoryBean = new KeyStoreFactoryBean();
67          factoryBean.setLocation(location);
68          factoryBean.setPassword(password);
69          factoryBean.setType(type);
70          factoryBean.afterPropertiesSet();
71          return factoryBean.getObject();
72      }
73  
74      /**
75       * Loads a default trust store. This method uses the following algorithm: <ol> <li> If the system property
76       * <code>javax.net.ssl.trustStore</code> is defined, its value is loaded. If the
77       * <code>javax.net.ssl.trustStorePassword</code> system property is also defined, its value is used as a password.
78       * If the <code>javax.net.ssl.trustStoreType</code> system property is defined, its value is used as a key store
79       * type.
80       * <p/>
81       * If <code>javax.net.ssl.trustStore</code> is defined but the specified file does not exist, then a default, empty
82       * trust store is created. </li> <li> If the <code>javax.net.ssl.trustStore</code> system property was not
83       * specified, but if the file <code>$JAVA_HOME/lib/security/jssecacerts</code> exists, that file is used. </li>
84       * Otherwise, <li>If the file <code>$JAVA_HOME/lib/security/cacerts</code> exists, that file is used. </ol>
85       * <p/>
86       * This behavior corresponds to the standard J2SDK behavior for SSL trust stores.
87       *
88       * @see <a href="http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html#X509TrustManager">The
89       *      standard J2SDK SSL trust store mechanism</a>
90       */
91      public static KeyStore loadDefaultTrustStore() throws GeneralSecurityException, IOException {
92          Resource location = null;
93          String type = null;
94          String password = null;
95          String locationProperty = System.getProperty("javax.net.ssl.trustStore");
96          if (StringUtils.hasLength(locationProperty)) {
97              File f = new File(locationProperty);
98              if (f.exists() && f.isFile() && f.canRead()) {
99                  location = new FileSystemResource(f);
100             }
101             String passwordProperty = System.getProperty("javax.net.ssl.trustStorePassword");
102             if (StringUtils.hasLength(passwordProperty)) {
103                 password = passwordProperty;
104             }
105             type = System.getProperty("javax.net.ssl.trustStoreType");
106         }
107         else {
108             String javaHome = System.getProperty("java.home");
109             location = new FileSystemResource(javaHome + "/lib/security/jssecacerts");
110             if (!location.exists()) {
111                 location = new FileSystemResource(javaHome + "/lib/security/cacerts");
112             }
113         }
114         // use the factory bean here, easier to setup
115         KeyStoreFactoryBean factoryBean = new KeyStoreFactoryBean();
116         factoryBean.setLocation(location);
117         factoryBean.setPassword(password);
118         factoryBean.setType(type);
119         factoryBean.afterPropertiesSet();
120         return factoryBean.getObject();
121     }
122 
123 }