makeSSLServerSocketFactory method that accepts a KeyManager array

The other makeSSLServerSocketFactory method accepts a KeyManagerFactory which
it retrieves an array of KeyManagers from. It is cumbersome to wrap the
KeyManagerFactory but easy to wrap KeyManagers individually. Supporting
callers providing their own KeyManagers allows for more advanced keystore
management.

1 files changed, 20 insertions, 0 deletions

diff --git a/core/src/main/java/fi/iki/elonen/NanoHTTPD.java b/core/src/main/java/fi/iki/elonen/NanoHTTPD.java
index 1b46dab..f2df6a8 100644
--- a/core/src/main/java/fi/iki/elonen/NanoHTTPD.java
+++ b/core/src/main/java/fi/iki/elonen/NanoHTTPD.java
@@ -231,6 +231,26 @@ public abstract class NanoHTTPD {
       return res;
    }
 
+   /**
+    * Creates an SSLSocketFactory for HTTPS.
+    *
+    * Pass a loaded KeyStore and an array of loaded KeyManagers.
+    * These objects must properly loaded/initialized by the caller.
+    */
+   public static SSLServerSocketFactory makeSSLSocketFactory(KeyStore loadedKeyStore, KeyManager[] keyManagers) throws IOException {
+      SSLServerSocketFactory res = null;
+      try {
+         TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+         trustManagerFactory.init(loadedKeyStore);
+         SSLContext ctx = SSLContext.getInstance("TLS");
+         ctx.init(keyManagers, trustManagerFactory.getTrustManagers(), null);
+         res = ctx.getServerSocketFactory();
+      } catch (Exception e) {
+         throw new IOException(e);
+      }
+      return res;
+   }
+
   /**
    * Call before start() to serve over HTTPS instead of HTTP
    */