1 /*
2 * Copyright 2005-2012 the original author or authors.
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 package org.springframework.ws.soap.security.support;
18
19 import java.io.File;
20 import java.io.IOException;
21 import java.security.GeneralSecurityException;
22 import java.security.KeyStore;
23
24 import org.springframework.core.io.FileSystemResource;
25 import org.springframework.core.io.Resource;
26 import org.springframework.util.StringUtils;
27
28 /**
29 * Generic utility methods for dealing with {@link KeyStore} objects.
30 *
31 * @author Arjen Poutsma
32 * @since 1.5.0
33 */
34 public abstract class KeyStoreUtils {
35
36 /**
37 * Loads the key store indicated by system properties. This method tries to load a key store by consulting the
38 * following system properties:<code>javax.net.ssl.keyStore</code>, <code>javax.net.ssl.keyStorePassword</code>, and
39 * <code>javax.net.ssl.keyStoreType</code>.
40 * <p/>
41 * If these properties specify a file with an appropriate password, the factory uses this file for the key store. If
42 * that file does not exist, then a default, empty keystore is created.
43 * <p/>
44 * This behavior corresponds to the standard J2SDK behavior for SSL key stores.
45 *
46 * @see <a href="http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html#X509KeyManager">The
47 * standard J2SDK SSL key store mechanism</a>
48 */
49 public static KeyStore loadDefaultKeyStore() throws GeneralSecurityException, IOException {
50 Resource location = null;
51 String type = null;
52 String password = null;
53 String locationProperty = System.getProperty("javax.net.ssl.keyStore");
54 if (StringUtils.hasLength(locationProperty)) {
55 File f = new File(locationProperty);
56 if (f.exists() && f.isFile() && f.canRead()) {
57 location = new FileSystemResource(f);
58 }
59 String passwordProperty = System.getProperty("javax.net.ssl.keyStorePassword");
60 if (StringUtils.hasLength(passwordProperty)) {
61 password = passwordProperty;
62 }
63 type = System.getProperty("javax.net.ssl.keyStoreType");
64 }
65 // use the factory bean here, easier to setup
66 KeyStoreFactoryBean factoryBean = new KeyStoreFactoryBean();
67 factoryBean.setLocation(location);
68 factoryBean.setPassword(password);
69 factoryBean.setType(type);
70 factoryBean.afterPropertiesSet();
71 return factoryBean.getObject();
72 }
73
74 /**
75 * Loads a default trust store. This method uses the following algorithm: <ol> <li> If the system property
76 * <code>javax.net.ssl.trustStore</code> is defined, its value is loaded. If the
77 * <code>javax.net.ssl.trustStorePassword</code> system property is also defined, its value is used as a password.
78 * If the <code>javax.net.ssl.trustStoreType</code> system property is defined, its value is used as a key store
79 * type.
80 * <p/>
81 * If <code>javax.net.ssl.trustStore</code> is defined but the specified file does not exist, then a default, empty
82 * trust store is created. </li> <li> If the <code>javax.net.ssl.trustStore</code> system property was not
83 * specified, but if the file <code>$JAVA_HOME/lib/security/jssecacerts</code> exists, that file is used. </li>
84 * Otherwise, <li>If the file <code>$JAVA_HOME/lib/security/cacerts</code> exists, that file is used. </ol>
85 * <p/>
86 * This behavior corresponds to the standard J2SDK behavior for SSL trust stores.
87 *
88 * @see <a href="http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html#X509TrustManager">The
89 * standard J2SDK SSL trust store mechanism</a>
90 */
91 public static KeyStore loadDefaultTrustStore() throws GeneralSecurityException, IOException {
92 Resource location = null;
93 String type = null;
94 String password = null;
95 String locationProperty = System.getProperty("javax.net.ssl.trustStore");
96 if (StringUtils.hasLength(locationProperty)) {
97 File f = new File(locationProperty);
98 if (f.exists() && f.isFile() && f.canRead()) {
99 location = new FileSystemResource(f);
100 }
101 String passwordProperty = System.getProperty("javax.net.ssl.trustStorePassword");
102 if (StringUtils.hasLength(passwordProperty)) {
103 password = passwordProperty;
104 }
105 type = System.getProperty("javax.net.ssl.trustStoreType");
106 }
107 else {
108 String javaHome = System.getProperty("java.home");
109 location = new FileSystemResource(javaHome + "/lib/security/jssecacerts");
110 if (!location.exists()) {
111 location = new FileSystemResource(javaHome + "/lib/security/cacerts");
112 }
113 }
114 // use the factory bean here, easier to setup
115 KeyStoreFactoryBean factoryBean = new KeyStoreFactoryBean();
116 factoryBean.setLocation(location);
117 factoryBean.setPassword(password);
118 factoryBean.setType(type);
119 factoryBean.afterPropertiesSet();
120 return factoryBean.getObject();
121 }
122
123 }