diff options
author | Daniel McCarney <daniel@binaryparadox.net> | 2013-12-13 02:02:11 -0500 |
---|---|---|
committer | Hans-Christoph Steiner <hans@eds.org> | 2015-05-08 16:25:52 -0400 |
commit | 58ff2b12484f4e86e424b69d0f2f5937aae819c0 (patch) | |
tree | 09ce601eee8b61f7c6e7582ddc138f3a129fc7ed /core | |
parent | a0b8acc4118d1a1b6112c6be8ed341211ca45867 (diff) | |
download | nanohttpd-58ff2b12484f4e86e424b69d0f2f5937aae819c0.tar.gz |
makeSSLServerSocketFactory method that accepts a KeyManager array
The other makeSSLServerSocketFactory method accepts a KeyManagerFactory which
it retrieves an array of KeyManagers from. It is cumbersome to wrap the
KeyManagerFactory but easy to wrap KeyManagers individually. Supporting
callers providing their own KeyManagers allows for more advanced keystore
management.
Diffstat (limited to 'core')
-rw-r--r-- | core/src/main/java/fi/iki/elonen/NanoHTTPD.java | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/core/src/main/java/fi/iki/elonen/NanoHTTPD.java b/core/src/main/java/fi/iki/elonen/NanoHTTPD.java index 1b46dab..f2df6a8 100644 --- a/core/src/main/java/fi/iki/elonen/NanoHTTPD.java +++ b/core/src/main/java/fi/iki/elonen/NanoHTTPD.java @@ -231,6 +231,26 @@ public abstract class NanoHTTPD { return res; } + /** + * Creates an SSLSocketFactory for HTTPS. + * + * Pass a loaded KeyStore and an array of loaded KeyManagers. + * These objects must properly loaded/initialized by the caller. + */ + public static SSLServerSocketFactory makeSSLSocketFactory(KeyStore loadedKeyStore, KeyManager[] keyManagers) throws IOException { + SSLServerSocketFactory res = null; + try { + TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); + trustManagerFactory.init(loadedKeyStore); + SSLContext ctx = SSLContext.getInstance("TLS"); + ctx.init(keyManagers, trustManagerFactory.getTrustManagers(), null); + res = ctx.getServerSocketFactory(); + } catch (Exception e) { + throw new IOException(e); + } + return res; + } + /** * Call before start() to serve over HTTPS instead of HTTP */ |