in proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java [289:345]
private SSLContext getOrCreateSslContext(SslDomain sslDomain)
{
if(_sslContext == null && sslDomain.getSslContext() != null)
{
_sslContext = sslDomain.getSslContext();
}
else if(_sslContext == null)
{
if(_logger.isLoggable(Level.FINE))
{
_logger.fine("lazily creating new SSLContext using domain " + sslDomain);
}
final char[] dummyPassword = "unused-passphrase".toCharArray(); // Dummy password required by KeyStore and KeyManagerFactory, but never referred to again
try
{
SSLContext sslContext = SSLContext.getInstance(TLS_PROTOCOL);
KeyStore ksKeys = createKeyStoreFrom(sslDomain, dummyPassword);
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ksKeys, dummyPassword);
final TrustManager[] trustManagers;
if (sslDomain.getPeerAuthentication() == SslDomain.VerifyMode.ANONYMOUS_PEER)
{
trustManagers = new TrustManager[] { new AlwaysTrustingTrustManager() };
}
else
{
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ksKeys);
trustManagers = tmf.getTrustManagers();
}
sslContext.init(kmf.getKeyManagers(), trustManagers, null);
_sslContext = sslContext;
}
catch (NoSuchAlgorithmException e)
{
throw new TransportException("Unexpected exception creating SSLContext", e);
}
catch (KeyStoreException e)
{
throw new TransportException("Unexpected exception creating SSLContext", e);
}
catch (UnrecoverableKeyException e)
{
throw new TransportException("Unexpected exception creating SSLContext", e);
}
catch (KeyManagementException e)
{
throw new TransportException("Unexpected exception creating SSLContext", e);
}
}
return _sslContext;
}