View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one or more
3    * contributor license agreements. See the NOTICE file distributed with
4    * this work for additional information regarding copyright ownership.
5    * The ASF licenses this file to You under the Apache license, Version 2.0
6    * (the "License"); you may not use this file except in compliance with
7    * the License. You may obtain a copy of the License at
8    *
9    *      http://www.apache.org/licenses/LICENSE-2.0
10   *
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the license for the specific language governing permissions and
15   * limitations under the license.
16   */
17  package org.apache.logging.log4j.core.net.ssl;
18  
19  import java.security.KeyStoreException;
20  import java.security.NoSuchAlgorithmException;
21  import java.util.Arrays;
22  
23  import javax.net.ssl.TrustManagerFactory;
24  
25  import org.apache.logging.log4j.core.Core;
26  import org.apache.logging.log4j.core.config.plugins.Plugin;
27  import org.apache.logging.log4j.core.config.plugins.PluginAttribute;
28  import org.apache.logging.log4j.core.config.plugins.PluginFactory;
29  
30  /**
31   * Configuration of the TrustStore
32   */
33  @Plugin(name = "TrustStore", category = Core.CATEGORY_NAME, printObject = true)
34  public class TrustStoreConfiguration extends AbstractKeyStoreConfiguration {
35  
36      private final String trustManagerFactoryAlgorithm;
37  
38      public TrustStoreConfiguration(final String location,
39                                     final PasswordProvider passwordProvider,
40                                     final String keyStoreType,
41                                     final String trustManagerFactoryAlgorithm) throws StoreConfigurationException {
42          super(location, passwordProvider, keyStoreType);
43          this.trustManagerFactoryAlgorithm = trustManagerFactoryAlgorithm == null ? TrustManagerFactory
44                  .getDefaultAlgorithm() : trustManagerFactoryAlgorithm;
45      }
46  
47      /**
48       * @deprecated Use {@link #TrustStoreConfiguration(String, PasswordProvider, String, String)} instead
49       */
50      @Deprecated
51      public TrustStoreConfiguration(final String location, final char[] password, final String keyStoreType,
52              final String trustManagerFactoryAlgorithm) throws StoreConfigurationException {
53          this(location, new MemoryPasswordProvider(password), keyStoreType, trustManagerFactoryAlgorithm);
54          if (password != null) {
55              Arrays.fill(password, '\0');
56          }
57      }
58  
59      /**
60       * @deprecated Use {@link #TrustStoreConfiguration(String, PasswordProvider, String, String)} instead
61       */
62      @Deprecated
63      public TrustStoreConfiguration(final String location, final String password, final String keyStoreType,
64              final String trustManagerFactoryAlgorithm) throws StoreConfigurationException {
65          this(location, new MemoryPasswordProvider(password == null ? null : password.toCharArray()), keyStoreType,
66                  trustManagerFactoryAlgorithm);
67      }
68  
69      /**
70       * Creates a KeyStoreConfiguration.
71       *
72       * @param location
73       *        The location of the KeyStore, a file path, URL or resource.
74       * @param password
75       *        The password to access the KeyStore.
76       * @param keyStoreType
77       *        The KeyStore type, null defaults to {@code "JKS"}.
78       * @param trustManagerFactoryAlgorithm
79       *        The standard name of the requested trust management algorithm. See the Java Secure Socket Extension Reference Guide for information these names.
80       * @return a new TrustStoreConfiguration
81       * @throws StoreConfigurationException Thrown if this instance cannot load the KeyStore.
82       */
83      @PluginFactory
84      public static TrustStoreConfiguration createKeyStoreConfiguration(
85              // @formatter:off
86              @PluginAttribute("location") final String location,
87              @PluginAttribute(value = "password", sensitive = true) final char[] password,
88              @PluginAttribute("passwordEnvironmentVariable") final String passwordEnvironmentVariable,
89              @PluginAttribute("passwordFile") final String passwordFile,
90              @PluginAttribute("type") final String keyStoreType,
91              @PluginAttribute("trustManagerFactoryAlgorithm") final String trustManagerFactoryAlgorithm) throws StoreConfigurationException {
92              // @formatter:on
93  
94          if (password != null && passwordEnvironmentVariable != null && passwordFile != null) {
95              throw new IllegalStateException("You MUST set only one of 'password', 'passwordEnvironmentVariable' or 'passwordFile'.");
96          }
97          try {
98              // @formatter:off
99              final PasswordProvider provider = passwordFile != null
100                     ? new FilePasswordProvider(passwordFile)
101                     : passwordEnvironmentVariable != null
102                             ? new EnvironmentPasswordProvider(passwordEnvironmentVariable)
103                             // the default is memory char[] array, which may be null
104                             : new MemoryPasswordProvider(password);
105             // @formatter:on
106             if (password != null) {
107                 Arrays.fill(password, '\0');
108             }
109             return new TrustStoreConfiguration(location, provider, keyStoreType, trustManagerFactoryAlgorithm);
110         } catch (final Exception ex) {
111             throw new StoreConfigurationException("Could not configure TrustStore", ex);
112         }
113     }
114 
115     /**
116      * @deprecated Use {@link #createKeyStoreConfiguration(String, char[], String, String, String, String)}
117      */
118     @Deprecated
119     public static TrustStoreConfiguration createKeyStoreConfiguration(
120             // @formatter:off
121             final String location,
122             final char[] password,
123             final String keyStoreType,
124             final String trustManagerFactoryAlgorithm) throws StoreConfigurationException {
125         // @formatter:on
126         return createKeyStoreConfiguration(location, password, null, null, keyStoreType, trustManagerFactoryAlgorithm);
127     }
128 
129     /**
130      * Creates a KeyStoreConfiguration.
131      *
132      * @param location The location of the KeyStore, a file path, URL or resource.
133      * @param password The password to access the KeyStore.
134      * @param keyStoreType The KeyStore type, null defaults to {@code "JKS"}.
135      * @param trustManagerFactoryAlgorithm The standard name of the requested trust management algorithm. See the Java
136      * Secure Socket Extension Reference Guide for information these names.
137      * @return a new TrustStoreConfiguration
138      * @throws StoreConfigurationException Thrown if this instance cannot load the KeyStore.
139      * @deprecated Use createKeyStoreConfiguration(String, char[], String, String)
140      */
141     @Deprecated
142     public static TrustStoreConfiguration createKeyStoreConfiguration(
143             // @formatter:off
144             final String location,
145             final String password,
146             final String keyStoreType,
147             final String trustManagerFactoryAlgorithm) throws StoreConfigurationException {
148             // @formatter:on
149         return createKeyStoreConfiguration(location, (password == null ? null : password.toCharArray()),
150                 null, null, keyStoreType, trustManagerFactoryAlgorithm);
151     }
152 
153     public TrustManagerFactory initTrustManagerFactory() throws NoSuchAlgorithmException, KeyStoreException {
154         final TrustManagerFactory tmFactory = TrustManagerFactory.getInstance(this.trustManagerFactoryAlgorithm);
155         tmFactory.init(this.getKeyStore());
156         return tmFactory;
157     }
158 
159     @Override
160     public int hashCode() {
161         final int prime = 31;
162         int result = super.hashCode();
163         result = prime * result
164                 + ((trustManagerFactoryAlgorithm == null) ? 0 : trustManagerFactoryAlgorithm.hashCode());
165         return result;
166     }
167 
168     @Override
169     public boolean equals(final Object obj) {
170         if (this == obj) {
171             return true;
172         }
173         if (!super.equals(obj)) {
174             return false;
175         }
176         if (getClass() != obj.getClass()) {
177             return false;
178         }
179         final TrustStoreConfiguration other = (TrustStoreConfiguration) obj;
180         if (trustManagerFactoryAlgorithm == null) {
181             if (other.trustManagerFactoryAlgorithm != null) {
182                 return false;
183             }
184         } else if (!trustManagerFactoryAlgorithm.equals(other.trustManagerFactoryAlgorithm)) {
185             return false;
186         }
187         return true;
188     }
189 
190     public String getTrustManagerFactoryAlgorithm() {
191         return trustManagerFactoryAlgorithm;
192     }
193 }