Source Code of play.server.ssl.SslHttpServerContextFactory

package play.server.ssl;


import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMReader;
import org.bouncycastle.openssl.PasswordFinder;
import play.Logger;
import play.Play;


import javax.net.ssl.*;
import java.io.FileInputStream;
import java.io.FileReader;
import java.net.Socket;
import java.security.*;
import java.security.cert.X509Certificate;
import java.util.Properties;
import java.util.Vector;


import static org.apache.commons.io.IOUtils.closeQuietly;


public class SslHttpServerContextFactory {


    private static final String PROTOCOL = "SSL";
    private static final SSLContext SERVER_CONTEXT;


    static {


        String algorithm = Security.getProperty("ssl.KeyManagerFactory.algorithm");
        if (algorithm == null) {
            algorithm = "SunX509";
        }


        SSLContext serverContext = null;
        KeyStore ks = null;
        try {
            final Properties p = Play.configuration;


            // Made sure play reads the properties
            // Look if we have key and cert files. If we do, we use our own keymanager
            if (Play.getFile(p.getProperty("certificate.key.file", "conf/host.key")).exists()
                && Play.getFile(p.getProperty("certificate.file", "conf/host.cert")).exists())
            {
                Security.addProvider(new BouncyCastleProvider());


                // Initialize the SSLContext to work with our key managers.
                serverContext = SSLContext.getInstance(PROTOCOL);
                TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
                tmf.init(KeyStore.getInstance(p.getProperty("trustmanager.algorithm", "JKS")));


                serverContext.init(new KeyManager[]{PEMKeyManager.instance}, tmf.getTrustManagers(), null);
            } else {
                // Try to load it from the keystore
                ks = KeyStore.getInstance(p.getProperty("keystore.algorithm", "JKS"));
                // Load the file from the conf
                char[] certificatePassword = p.getProperty("keystore.password", "secret").toCharArray();
                ks.load(new FileInputStream(Play.getFile(p.getProperty("keystore.file", "conf/certificate.jks"))),
                        certificatePassword);


                // Set up key manager factory to use our key store
                KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
                kmf.init(ks, certificatePassword);
                TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
                tmf.init(ks);


                // Initialize the SSLContext to work with our key managers.
                serverContext = SSLContext.getInstance(PROTOCOL);
                serverContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
            }
        } catch (Exception e) {
            throw new Error("Failed to initialize the server-side SSLContext", e);
        }


        SERVER_CONTEXT = serverContext;
    }


    public static SSLContext getServerContext() {
        return SERVER_CONTEXT;
    }


    public static class PEMKeyManager extends X509ExtendedKeyManager {


        static PEMKeyManager instance = new PEMKeyManager();
        PrivateKey key;
        X509Certificate[] chain;


        public PEMKeyManager() {
            PEMReader keyReader = null;
            PEMReader reader = null;
            try {
                final Properties p = Play.configuration;


                keyReader = new PEMReader(new FileReader(Play.getFile(p.getProperty("certificate.key.file",
                                                                                               "conf/host.key"))),
                                                    new PasswordFinder() {
                    public char[] getPassword() {
                        return p.getProperty("certificate.password", "secret").toCharArray();
                    }
                });
                key = ((KeyPair) keyReader.readObject()).getPrivate();


                reader = new PEMReader(new FileReader(Play.getFile(p.getProperty("certificate.file", "conf/host.cert"))));


            X509Certificate cert;
            Vector chainVector = new Vector();
        
            while ((cert = (X509Certificate) reader.readObject()) != null) {
                chainVector.add(cert);
            }
            chain = (X509Certificate[])chainVector.toArray(new X509Certificate[1]);
            } catch (Exception e) {
                e.printStackTrace();
                Logger.error(e, "");
            } finally {
                closeQuietly(keyReader);
                closeQuietly(reader);
            }
        }


        public String chooseEngineServerAlias(String s, Principal[] principals, SSLEngine sslEngine) {
            return "";
        }


        public String[] getClientAliases(String s, Principal[] principals) {
            return new String[]{""};
        }


        public String chooseClientAlias(String[] strings, Principal[] principals, Socket socket) {
            return "";
        }


        public String[] getServerAliases(String s, Principal[] principals) {
            return new String[]{""};
        }


        public String chooseServerAlias(String s, Principal[] principals, Socket socket) {
            return "";
        }


        public X509Certificate[] getCertificateChain(String s) {
            return chain;
        }


        public PrivateKey getPrivateKey(String s) {
            return key;
        }
    }


}
Source Code of play.server.ssl.SslHttpServerContextFactory

Related Classes of play.server.ssl.SslHttpServerContextFactory
