当前位置: 首页>>代码示例>>Java>>正文


Java SSLConfig.getKeyStore方法代码示例

本文整理汇总了Java中org.jivesoftware.openfire.net.SSLConfig.getKeyStore方法的典型用法代码示例。如果您正苦于以下问题:Java SSLConfig.getKeyStore方法的具体用法?Java SSLConfig.getKeyStore怎么用?Java SSLConfig.getKeyStore使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在org.jivesoftware.openfire.net.SSLConfig的用法示例。

在下文中一共展示了SSLConfig.getKeyStore方法的2个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Java代码示例。

示例1: startTLS

import org.jivesoftware.openfire.net.SSLConfig; //导入方法依赖的package包/类
public void startTLS(boolean clientMode, String remoteServer, ClientAuth authentication) throws Exception {
    boolean c2s = (remoteServer == null);
    KeyStore ksKeys = SSLConfig.getKeyStore();
    String keypass = SSLConfig.getKeyPassword();

    KeyStore ksTrust = (c2s ? SSLConfig.getc2sTrustStore() : SSLConfig.gets2sTrustStore() );
    String trustpass = (c2s ? SSLConfig.getc2sTrustPassword() : SSLConfig.gets2sTrustPassword() );
    if (c2s)  Log.debug("NIOConnection: startTLS: using c2s");
    else Log.debug("NIOConnection: startTLS: using s2s");
    // KeyManager's decide which key material to use.
    KeyManager[] km = SSLJiveKeyManagerFactory.getKeyManagers(ksKeys, keypass);

    // TrustManager's decide whether to allow connections.
    TrustManager[] tm = SSLJiveTrustManagerFactory.getTrustManagers(ksTrust, trustpass);

    if (clientMode || authentication == ClientAuth.needed || authentication == ClientAuth.wanted) {
        // We might need to verify a certificate from our peer, so get different TrustManager[]'s
        if(c2s) {
            // Check if we can trust certificates presented by the client
            tm = new TrustManager[]{new ClientTrustManager(ksTrust)};
        } else {
            // Check if we can trust certificates presented by the server
            tm = new TrustManager[]{new ServerTrustManager(remoteServer, ksTrust, this)};
        }
    }

    SSLContext tlsContext = SSLContext.getInstance("TLS");

    tlsContext.init(km, tm, null);

    SSLFilter filter = new SSLFilter(tlsContext);
    filter.setUseClientMode(clientMode);
    if (authentication == ClientAuth.needed) {
        filter.setNeedClientAuth(true);
    }
    else if (authentication == ClientAuth.wanted) {
        // Just indicate that we would like to authenticate the client but if client
        // certificates are self-signed or have no certificate chain then we are still
        // good
        filter.setWantClientAuth(true);
    }
    // TODO Temporary workaround (placing SSLFilter before ExecutorFilter) to avoid deadlock. Waiting for
    // MINA devs feedback
    ioSession.getFilterChain().addBefore("org.apache.mina.common.ExecutorThreadModel", "tls", filter);
    //ioSession.getFilterChain().addAfter("org.apache.mina.common.ExecutorThreadModel", "tls", filter);
    ioSession.setAttribute(SSLFilter.DISABLE_ENCRYPTION_ONCE, Boolean.TRUE);
    if (!clientMode) {
        // Indicate the client that the server is ready to negotiate TLS
        deliverRawText("<proceed xmlns=\"urn:ietf:params:xml:ns:xmpp-tls\"/>");
    }
}
 
开发者ID:coodeer,项目名称:g3server,代码行数:52,代码来源:NIOConnection.java


示例2: startTLS

import org.jivesoftware.openfire.net.SSLConfig; //导入方法依赖的package包/类
public void startTLS(boolean clientMode, String remoteServer, ClientAuth authentication) throws Exception {
    boolean c2s = (remoteServer == null);
    KeyStore ksKeys = SSLConfig.getKeyStore();
    String keypass = SSLConfig.getKeyPassword();

    KeyStore ksTrust = (c2s ? SSLConfig.getc2sTrustStore() : SSLConfig.gets2sTrustStore() );
    String trustpass = (c2s ? SSLConfig.getc2sTrustPassword() : SSLConfig.gets2sTrustPassword() );
    if (c2s)  Log.debug("NIOConnection: startTLS: using c2s");
    else Log.debug("NIOConnection: startTLS: using s2s");
    // KeyManager's decide which key material to use.
    KeyManager[] km = SSLJiveKeyManagerFactory.getKeyManagers(ksKeys, keypass);

    // TrustManager's decide whether to allow connections.
    TrustManager[] tm = SSLJiveTrustManagerFactory.getTrustManagers(ksTrust, trustpass);

    if (clientMode || authentication == ClientAuth.needed || authentication == ClientAuth.wanted) {
        // We might need to verify a certificate from our peer, so get different TrustManager[]'s
        if(c2s) {
            // Check if we can trust certificates presented by the client
            tm = new TrustManager[]{new ClientTrustManager(ksTrust)};
        } else {
            // Check if we can trust certificates presented by the server
            tm = new TrustManager[]{new ServerTrustManager(remoteServer, ksTrust, this)};
        }
    }

    String algorithm = JiveGlobals.getProperty("xmpp.socket.ssl.algorithm", "TLS");
    SSLContext tlsContext = SSLContext.getInstance(algorithm);

    tlsContext.init(km, tm, null);

    SSLFilter filter = new SSLFilter(tlsContext);
    filter.setUseClientMode(clientMode);
    if (authentication == ClientAuth.needed) {
        filter.setNeedClientAuth(true);
    }
    else if (authentication == ClientAuth.wanted) {
        // Just indicate that we would like to authenticate the client but if client
        // certificates are self-signed or have no certificate chain then we are still
        // good
        filter.setWantClientAuth(true);
    }
    // TODO Temporary workaround (placing SSLFilter before ExecutorFilter) to avoid deadlock. Waiting for
    // MINA devs feedback
    ioSession.getFilterChain().addBefore("org.apache.mina.common.ExecutorThreadModel", "tls", filter);
    //ioSession.getFilterChain().addAfter("org.apache.mina.common.ExecutorThreadModel", "tls", filter);
    ioSession.setAttribute(SSLFilter.DISABLE_ENCRYPTION_ONCE, Boolean.TRUE);
    if (!clientMode) {
        // Indicate the client that the server is ready to negotiate TLS
        deliverRawText("<proceed xmlns=\"urn:ietf:params:xml:ns:xmpp-tls\"/>");
    }
}
 
开发者ID:idwanglu2010,项目名称:openfire,代码行数:53,代码来源:NIOConnection.java



注:本文中的org.jivesoftware.openfire.net.SSLConfig.getKeyStore方法示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。