Example 1 with PKCS11KeyManager
use of com.unboundid.util.ssl.PKCS11KeyManager in project ldapsdk by pingidentity.
the class LDAPCommandLineTool method createSSLUtil.
/**
* Creates the SSLUtil instance to use for secure communication.
*
* @param force Indicates whether to create the SSLUtil object even if
* neither the "--useSSL" nor the "--useStartTLS" argument was
* provided. The key store and/or trust store paths must still
* have been provided. This may be useful for tools that
* accept SSL-based communication but do not themselves intend
* to perform SSL-based communication as an LDAP client.
*
* @return The SSLUtil instance to use for secure communication, or
* {@code null} if secure communication is not needed.
*
* @throws LDAPException If a problem occurs while creating the SSLUtil
* instance.
*/
@Nullable()
public SSLUtil createSSLUtil(final boolean force) throws LDAPException {
if (force || useSSL.isPresent() || useStartTLS.isPresent()) {
KeyManager keyManager = null;
if (keyStorePath.isPresent()) {
char[] pw = null;
if (keyStorePassword.isPresent()) {
pw = keyStorePassword.getValue().toCharArray();
} else if (keyStorePasswordFile.isPresent()) {
try {
pw = getPasswordFileReader().readPassword(keyStorePasswordFile.getValue());
} catch (final Exception e) {
Debug.debugException(e);
throw new LDAPException(ResultCode.LOCAL_ERROR, ERR_LDAP_TOOL_CANNOT_READ_KEY_STORE_PASSWORD.get(StaticUtils.getExceptionMessage(e)), e);
}
} else if (promptForKeyStorePassword.isPresent()) {
getOut().print(INFO_LDAP_TOOL_ENTER_KEY_STORE_PASSWORD.get());
pw = StaticUtils.toUTF8String(PasswordReader.readPassword()).toCharArray();
getOut().println();
}
try {
if (keyStoreFormat.isPresent() && keyStoreFormat.getValue().equalsIgnoreCase("PKCS11")) {
keyManager = new PKCS11KeyManager(null, new File(keyStorePath.getValue()), null, pw, certificateNickname.getValue());
} else {
keyManager = new KeyStoreKeyManager(keyStorePath.getValue(), pw, keyStoreFormat.getValue(), certificateNickname.getValue(), true);
}
} catch (final Exception e) {
Debug.debugException(e);
throw new LDAPException(ResultCode.LOCAL_ERROR, ERR_LDAP_TOOL_CANNOT_CREATE_KEY_MANAGER.get(StaticUtils.getExceptionMessage(e)), e);
}
}
final TrustManager tm;
if (trustAll.isPresent()) {
tm = new TrustAllTrustManager(false);
} else if (trustStorePath.isPresent()) {
char[] pw = null;
if (trustStorePassword.isPresent()) {
pw = trustStorePassword.getValue().toCharArray();
} else if (trustStorePasswordFile.isPresent()) {
try {
pw = getPasswordFileReader().readPassword(trustStorePasswordFile.getValue());
} catch (final Exception e) {
Debug.debugException(e);
throw new LDAPException(ResultCode.LOCAL_ERROR, ERR_LDAP_TOOL_CANNOT_READ_TRUST_STORE_PASSWORD.get(StaticUtils.getExceptionMessage(e)), e);
}
} else if (promptForTrustStorePassword.isPresent()) {
getOut().print(INFO_LDAP_TOOL_ENTER_TRUST_STORE_PASSWORD.get());
pw = StaticUtils.toUTF8String(PasswordReader.readPassword()).toCharArray();
getOut().println();
}
final TrustStoreTrustManager trustStoreTrustManager = new TrustStoreTrustManager(trustStorePath.getValue(), pw, trustStoreFormat.getValue(), true);
if (defaultTrust.isPresent()) {
tm = InternalSDKHelper.getPreferredNonInteractiveTrustManagerChain(trustStoreTrustManager);
} else {
tm = trustStoreTrustManager;
}
} else if (defaultTrust.isPresent()) {
tm = InternalSDKHelper.getPreferredNonInteractiveTrustManagerChain();
} else if (promptTrustManager.get() != null) {
tm = promptTrustManager.get();
} else {
final ArrayList<String> expectedAddresses = new ArrayList<>(5);
if (useSSL.isPresent() || useStartTLS.isPresent()) {
expectedAddresses.addAll(host.getValues());
}
final AggregateTrustManager atm = InternalSDKHelper.getPreferredPromptTrustManagerChain(expectedAddresses);
if (promptTrustManager.compareAndSet(null, atm)) {
tm = atm;
} else {
tm = promptTrustManager.get();
}
}
return new SSLUtil(keyManager, tm);
} else {
return null;
}
}
Also used :
KeyStoreKeyManager(com.unboundid.util.ssl.KeyStoreKeyManager)
PKCS11KeyManager(com.unboundid.util.ssl.PKCS11KeyManager)
TrustStoreTrustManager(com.unboundid.util.ssl.TrustStoreTrustManager)
ArrayList(java.util.ArrayList)
TrustAllTrustManager(com.unboundid.util.ssl.TrustAllTrustManager)
ArgumentException(com.unboundid.util.args.ArgumentException)
LDAPException(com.unboundid.ldap.sdk.LDAPException)
TrustManager(javax.net.ssl.TrustManager)
TrustAllTrustManager(com.unboundid.util.ssl.TrustAllTrustManager)
TrustStoreTrustManager(com.unboundid.util.ssl.TrustStoreTrustManager)
AggregateTrustManager(com.unboundid.util.ssl.AggregateTrustManager)
AggregateTrustManager(com.unboundid.util.ssl.AggregateTrustManager)
SSLUtil(com.unboundid.util.ssl.SSLUtil)
LDAPException(com.unboundid.ldap.sdk.LDAPException)
KeyStoreKeyManager(com.unboundid.util.ssl.KeyStoreKeyManager)
PKCS11KeyManager(com.unboundid.util.ssl.PKCS11KeyManager)
KeyManager(javax.net.ssl.KeyManager)
File(java.io.File)
Aggregations
LDAPException (com.unboundid.ldap.sdk.LDAPException)1
ArgumentException (com.unboundid.util.args.ArgumentException)1
AggregateTrustManager (com.unboundid.util.ssl.AggregateTrustManager)1
KeyStoreKeyManager (com.unboundid.util.ssl.KeyStoreKeyManager)1
PKCS11KeyManager (com.unboundid.util.ssl.PKCS11KeyManager)1
SSLUtil (com.unboundid.util.ssl.SSLUtil)1
TrustAllTrustManager (com.unboundid.util.ssl.TrustAllTrustManager)1
TrustStoreTrustManager (com.unboundid.util.ssl.TrustStoreTrustManager)1
File (java.io.File)1
ArrayList (java.util.ArrayList)1
KeyManager (javax.net.ssl.KeyManager)1
TrustManager (javax.net.ssl.TrustManager)1
