001/* 002 * The contents of this file are subject to the terms of the Common Development and 003 * Distribution License (the License). You may not use this file except in compliance with the 004 * License. 005 * 006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the 007 * specific language governing permission and limitations under the License. 008 * 009 * When distributing Covered Software, include this CDDL Header Notice in each file and include 010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL 011 * Header, with the fields enclosed by brackets [] replaced by your own identifying 012 * information: "Portions copyright [year] [name of copyright owner]". 013 * 014 * Copyright 2014 ForgeRock AS. 015 */ 016 017package org.forgerock.openig.security; 018 019import static java.lang.String.*; 020 021import java.security.KeyStore; 022 023import javax.net.ssl.TrustManager; 024import javax.net.ssl.TrustManagerFactory; 025 026import org.forgerock.json.fluent.JsonValue; 027import org.forgerock.openig.heap.GenericHeaplet; 028import org.forgerock.openig.heap.HeapException; 029 030/** 031 * Represents an SSL Java {@link TrustManager}. 032 * <pre> 033 * { 034 * "name": "MyTrustManager", 035 * "type": "TrustManager", 036 * "config": { 037 * "keystore": "MyKeyStore", 038 * "alg": "SunX509" 039 * } 040 * } 041 * </pre> 042 * <ul> 043 * <li>{@literal keystore}: Reference a KeyStore heap object (string, required).</li> 044 * <li>{@literal alg}: Trust manager algorithm (defaults to platform's default type) (string, optional).</li> 045 * </ul> 046 * @since 3.1 047 */ 048public class TrustManagerHeaplet extends GenericHeaplet { 049 050 @Override 051 public Object create() throws HeapException { 052 JsonValue storeRef = config.get("keystore").required(); 053 KeyStore keyStore = heap.resolve(storeRef, KeyStore.class); 054 String algorithm = config.get("alg").defaultTo(TrustManagerFactory.getDefaultAlgorithm()).asString(); 055 056 TrustManagerFactory factory; 057 try { 058 factory = TrustManagerFactory.getInstance(algorithm); 059 factory.init(keyStore); 060 } catch (Exception e) { 061 throw new HeapException(loadingError(algorithm, storeRef), e); 062 } 063 064 // Retrieve manager 065 TrustManager[] managers = factory.getTrustManagers(); 066 if (managers.length == 1) { 067 return managers[0]; 068 } else if (managers.length > 1) { 069 logger.warning("Only the first TrustManager will be selected"); 070 return managers[0]; 071 } 072 throw new HeapException(loadingError(algorithm, storeRef)); 073 074 } 075 076 private String loadingError(final String algorithm, final JsonValue reference) { 077 return format("Cannot build TrustManager[alg:%s] from KeyStore %s", 078 algorithm, 079 reference.asString()); 080 } 081}