org.jivesoftware.openfire.net
Class SSLJiveKeyManagerFactory

java.lang.Object
  org.jivesoftware.openfire.net.SSLJiveKeyManagerFactory

public class SSLJiveKeyManagerFactory
extends Object

A custom KeyManagerFactory that creates a key manager list using the default key manager or a standard keystore as specified in openfire.xml. The default keystore provided with the Jive distribution uses the Sun Java Keystore (JKS) and that takes a single password which must apply to both the keystore and the key itself. Users may specify another keystore type and keystore location. Alternatively, don't set a keystore type to use the JVM defaults and configure your JVMs security files (see your JVM documentation) to plug in any KeyManagerFactory provider.

Author:

Iain Shigeoka

Constructor Summary

SSLJiveKeyManagerFactory()

Method Summary

static KeyManager[]	getKeyManagers(KeyStore keystore, String keypass)
static KeyManager[]	getKeyManagers(String storeType, String keystore, String keypass) Creates a KeyManager list which is null if the storeType is null, or is a standard KeyManager that uses a KeyStore of type storeType, located at 'keystore' location under home, and uses 'keypass' as the password for the keystore password and key password.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SSLJiveKeyManagerFactory

public SSLJiveKeyManagerFactory()

Method Detail

getKeyManagers

public static KeyManager[] getKeyManagers(String storeType,
                                          String keystore,
                                          String keypass)
                                   throws NoSuchAlgorithmException,
                                          KeyStoreException,
                                          IOException,
                                          CertificateException,
                                          UnrecoverableKeyException

Creates a KeyManager list which is null if the storeType is null, or is a standard KeyManager that uses a KeyStore of type storeType, located at 'keystore' location under home, and uses 'keypass' as the password for the keystore password and key password. The default Jive keystore contains a self-signed X509 certificate pair under the alias '127.0.0.1' in a Java KeyStore (JKS) with initial password 'changeit'. This is sufficient for local host testing but should be using standard key management tools for any significant testing or deployment. See the Jive XMPP server security documentation for more information.

Parameters:

storeType - The type of keystore (e.g. "JKS") to use or null to indicate no keystore should be used

keystore - The relative location of the keystore under home

keypass - The password for the keystore and key

Returns:

An array of relevant KeyManagers (may be null indicating a default KeyManager should be created)

Throws:

NoSuchAlgorithmException - If the keystore type doesn't exist (not provided or configured with your JVM)

KeyStoreException - If the keystore is corrupt

IOException - If the keystore could not be located or loaded

CertificateException - If there were no certificates to be loaded or they are invalid

UnrecoverableKeyException - If they keystore coud not be opened (typically the password is bad)

getKeyManagers

public static KeyManager[] getKeyManagers(KeyStore keystore,
                                          String keypass)