Examples with SSLParams org.glassfish.admin.mbeanserver.ssl.SSLParams used on opensource projects

Example 1 with SSLParams

use of org.glassfish.admin.mbeanserver.ssl.SSLParams in project Payara by payara.

the class RMIConnectorStarter method convertToSSLParams.

/**
 * Utility method to convert the SSLConfiguration to lightweight structure
 * which can be used without depending upon GlassFish.
 *
 * @param sslConfig
 * @return
 */
private SSLParams convertToSSLParams(Ssl sslConfig) {
    // Get the values from the System properties
    String trustStoreType = sslConfig.getTrustStoreType() == null ? System.getProperty("javax.net.ssl.trustStoreType", "JKS") : sslConfig.getTrustStoreType();
    String trustStorePwd = sslConfig.getTrustStorePassword() == null ? masterPassword : sslConfig.getTrustStorePassword();
    File trustStore = sslConfig.getTrustStore() == null ? new File(System.getProperty("javax.net.ssl.trustStore")) : new File(sslConfig.getTrustStore());
    String keyStoreType = sslConfig.getTrustStoreType() == null ? System.getProperty("javax.net.ssl.keyStoreType", "JKS") : sslConfig.getKeyStoreType();
    String keyStorePwd = sslConfig.getTrustStorePassword() == null ? masterPassword : sslConfig.getKeyStorePassword();
    File keyStore = sslConfig.getTrustStore() == null ? new File(System.getProperty("javax.net.ssl.keyStore")) : new File(sslConfig.getKeyStore());
    SSLParams sslParams = new SSLParams(trustStore, trustStorePwd, trustStoreType);
    sslParams.setTrustAlgorithm(sslConfig.getTrustAlgorithm());
    sslParams.setCertNickname(sslConfig.getCertNickname());
    sslParams.setCrlFile(sslConfig.getCrlFile());
    sslParams.setClientAuthEnabled(sslConfig.getClientAuthEnabled());
    sslParams.setClientAuth(sslConfig.getClientAuth());
    sslParams.setKeyAlgorithm(sslConfig.getKeyAlgorithm());
    sslParams.setKeyStore(keyStore.getAbsolutePath());
    sslParams.setKeyStorePassword(keyStorePwd);
    sslParams.setKeyStoreType(keyStoreType);
    sslParams.setSsl2Ciphers(sslConfig.getSsl2Ciphers());
    sslParams.setSsl2Enabled(sslConfig.getSsl2Enabled());
    sslParams.setSsl3Enabled(sslConfig.getSsl3Enabled());
    sslParams.setSsl3TlsCiphers(sslConfig.getSsl3TlsCiphers());
    sslParams.setTlsEnabled(sslConfig.getTlsEnabled());
    sslParams.setTlsRollbackEnabled(sslConfig.getTlsRollbackEnabled());
    return sslParams;
}

Example 2 with SSLParams

use of org.glassfish.admin.mbeanserver.ssl.SSLParams in project Payara by payara.

the class RMIConnectorStarter method getClientSocketFactory.

/**
 * This method sets up an environment based on passed in SSL configuration
 *
 * @param sslConfig
 * @return SslRMIClientSocketFactory
 */
private SslRMIClientSocketFactory getClientSocketFactory(Ssl sslConfig) {
    // create SSLParams
    SSLParams sslParams = convertToSSLParams(sslConfig);
    // configure the context using these params
    SSLClientConfigurator sslCC = SSLClientConfigurator.getInstance();
    sslCC.setSSLParams(sslParams);
    SSLContext sslContext = sslCC.configure(sslParams);
    // Now pass this context to the ClientSocketFactory
    Security.setProperty("ssl.SocketFactory.provider", sslContext.getClass().getName());
    String enabledProtocols = sslCC.getEnabledProtocolsAsString();
    if (enabledProtocols != null) {
        System.setProperty("javax.rmi.ssl.client.enabledProtocols", enabledProtocols);
    }
    String enabledCipherSuites = sslCC.getEnabledCipherSuitesAsString();
    if (enabledCipherSuites != null) {
        System.setProperty("javax.rmi.ssl.client.enabledCipherSuites", enabledCipherSuites);
    }
    // The keystore and truststore locations are already available as System properties
    // Hence we just add the passwords
    System.setProperty("javax.net.ssl.keyStorePassword", sslParams.getKeyStorePassword() == null ? "changeit" : sslParams.getKeyStorePassword());
    System.setProperty("javax.net.ssl.trustStorePassword", sslParams.getTrustStorePassword() == null ? "changeit" : sslParams.getTrustStorePassword());
    SslRMIClientSocketFactory sslRMICsf = new SslRMIClientSocketFactory();
    return sslRMICsf;
}