View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one or more
3    * contributor license agreements. See the NOTICE file distributed with
4    * this work for additional information regarding copyright ownership.
5    * The ASF licenses this file to You under the Apache license, Version 2.0
6    * (the "License"); you may not use this file except in compliance with
7    * the License. You may obtain a copy of the License at
8    *
9    *      http://www.apache.org/licenses/LICENSE-2.0
10   *
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the license for the specific language governing permissions and
15   * limitations under the license.
16   */
17  package org.apache.logging.log4j.core.net.ssl;
18  
19  import java.security.KeyStoreException;
20  import java.security.NoSuchAlgorithmException;
21  import java.util.Arrays;
22  
23  import javax.net.ssl.TrustManagerFactory;
24  
25  import org.apache.logging.log4j.core.Core;
26  import org.apache.logging.log4j.core.config.plugins.Plugin;
27  import org.apache.logging.log4j.core.config.plugins.PluginAttribute;
28  import org.apache.logging.log4j.core.config.plugins.PluginFactory;
29  
30  /**
31   * Configuration of the TrustStore
32   */
33  @Plugin(name = "TrustStore", category = Core.CATEGORY_NAME, printObject = true)
34  public class TrustStoreConfiguration extends AbstractKeyStoreConfiguration {
35  
36      private final String trustManagerFactoryAlgorithm;
37  
38      public TrustStoreConfiguration(final String location,
39                                     final PasswordProvider passwordProvider,
40                                     final String keyStoreType,
41                                     final String trustManagerFactoryAlgorithm) throws StoreConfigurationException {
42          super(location, passwordProvider, keyStoreType);
43          this.trustManagerFactoryAlgorithm = trustManagerFactoryAlgorithm == null ? TrustManagerFactory
44                  .getDefaultAlgorithm() : trustManagerFactoryAlgorithm;
45      }
46  
47      /**
48       * @deprecated Use {@link #TrustStoreConfiguration(String, PasswordProvider, String, String)} instead
49       */
50      @Deprecated
51      public TrustStoreConfiguration(final String location, final char[] password, final String keyStoreType,
52              final String trustManagerFactoryAlgorithm) throws StoreConfigurationException {
53          this(location, new MemoryPasswordProvider(password), keyStoreType, trustManagerFactoryAlgorithm);
54          if (password != null) {
55              Arrays.fill(password, '\0');
56          }
57      }
58  
59      /**
60       * @deprecated Use {@link #TrustStoreConfiguration(String, PasswordProvider, String, String)} instead
61       */
62      @Deprecated
63      public TrustStoreConfiguration(final String location, final String password, final String keyStoreType,
64              final String trustManagerFactoryAlgorithm) throws StoreConfigurationException {
65          this(location, new MemoryPasswordProvider(password == null ? null : password.toCharArray()), keyStoreType,
66                  trustManagerFactoryAlgorithm);
67      }
68  
69      /**
70       * Creates a KeyStoreConfiguration.
71       *
72       * @param location
73       *        The location of the KeyStore, a file path, URL or resource.
74       * @param password
75       *        The password to access the KeyStore.
76       * @param keyStoreType
77       *        The KeyStore type, null defaults to {@code "JKS"}.
78       * @param trustManagerFactoryAlgorithm
79       *        The standard name of the requested trust management algorithm. See the Java Secure Socket Extension Reference Guide for information these names.
80       * @return a new TrustStoreConfiguration
81       * @throws StoreConfigurationException Thrown if this instance cannot load the KeyStore.
82       */
83      @PluginFactory
84      public static TrustStoreConfiguration createKeyStoreConfiguration(
85              // @formatter:off
86              @PluginAttribute("location") final String location,
87              @PluginAttribute(value = "password", sensitive = true) final char[] password,
88              @PluginAttribute("passwordEnvironmentVariable") final String passwordEnvironmentVariable,
89              @PluginAttribute("passwordFile") final String passwordFile,
90              @PluginAttribute("type") final String keyStoreType,
91              @PluginAttribute("trustManagerFactoryAlgorithm") final String trustManagerFactoryAlgorithm) throws StoreConfigurationException {
92              // @formatter:on
93  
94          if (password != null && passwordEnvironmentVariable != null && passwordFile != null) {
95              throw new IllegalStateException("You MUST set only one of 'password', 'passwordEnvironmentVariable' or 'passwordFile'.");
96          }
97          try {
98              // @formatter:off
99              PasswordProvider provider = passwordFile != null
100                     ? new FilePasswordProvider(passwordFile)
101                     : passwordEnvironmentVariable != null
102                             ? new EnvironmentPasswordProvider(passwordEnvironmentVariable)
103                             // the default is memory char[] array, which may be null
104                             : new MemoryPasswordProvider(password);
105             // @formatter:on
106             if (password != null) {
107                 Arrays.fill(password, '\0');
108             }
109             return new TrustStoreConfiguration(location, provider, keyStoreType, trustManagerFactoryAlgorithm);
110         } catch (Exception ex) {
111             throw new StoreConfigurationException("Could not configure TrustStore", ex);
112         }
113     }
114 
115     /**
116      * @deprecated Use {@link #createKeyStoreConfiguration(String, char[], String, String, String, String)}
117      */
118     public static TrustStoreConfiguration createKeyStoreConfiguration(
119             // @formatter:off
120             final String location,
121             final char[] password,
122             final String keyStoreType,
123             final String trustManagerFactoryAlgorithm) throws StoreConfigurationException {
124         // @formatter:on
125         return createKeyStoreConfiguration(location, password, null, null, keyStoreType, trustManagerFactoryAlgorithm);
126     }
127 
128     /**
129      * Creates a KeyStoreConfiguration.
130      *
131      * @param location The location of the KeyStore, a file path, URL or resource.
132      * @param password The password to access the KeyStore.
133      * @param keyStoreType The KeyStore type, null defaults to {@code "JKS"}.
134      * @param trustManagerFactoryAlgorithm The standard name of the requested trust management algorithm. See the Java
135      * Secure Socket Extension Reference Guide for information these names.
136      * @return a new TrustStoreConfiguration
137      * @throws StoreConfigurationException Thrown if this instance cannot load the KeyStore.
138      * @deprecated Use createKeyStoreConfiguration(String, char[], String, String)
139      */
140     @Deprecated
141     public static TrustStoreConfiguration createKeyStoreConfiguration(
142             // @formatter:off
143             final String location,
144             final String password,
145             final String keyStoreType,
146             final String trustManagerFactoryAlgorithm) throws StoreConfigurationException {
147             // @formatter:on
148         return createKeyStoreConfiguration(location, (password == null ? null : password.toCharArray()),
149                 null, null, keyStoreType, trustManagerFactoryAlgorithm);
150     }
151 
152     public TrustManagerFactory initTrustManagerFactory() throws NoSuchAlgorithmException, KeyStoreException {
153         final TrustManagerFactory tmFactory = TrustManagerFactory.getInstance(this.trustManagerFactoryAlgorithm);
154         tmFactory.init(this.getKeyStore());
155         return tmFactory;
156     }
157 
158     @Override
159     public int hashCode() {
160         final int prime = 31;
161         int result = super.hashCode();
162         result = prime * result
163                 + ((trustManagerFactoryAlgorithm == null) ? 0 : trustManagerFactoryAlgorithm.hashCode());
164         return result;
165     }
166 
167     @Override
168     public boolean equals(final Object obj) {
169         if (this == obj) {
170             return true;
171         }
172         if (!super.equals(obj)) {
173             return false;
174         }
175         if (getClass() != obj.getClass()) {
176             return false;
177         }
178         final TrustStoreConfiguration other = (TrustStoreConfiguration) obj;
179         if (trustManagerFactoryAlgorithm == null) {
180             if (other.trustManagerFactoryAlgorithm != null) {
181                 return false;
182             }
183         } else if (!trustManagerFactoryAlgorithm.equals(other.trustManagerFactoryAlgorithm)) {
184             return false;
185         }
186         return true;
187     }
188 
189     public String getTrustManagerFactoryAlgorithm() {
190         return trustManagerFactoryAlgorithm;
191     }
192 }