KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > com > caucho > vfs > JsseSSLFactory


1 /*
2  * Copyright (c) 1998-2006 Caucho Technology -- all rights reserved
3  *
4  * This file is part of Resin(R) Open Source
5  *
6  * Each copy or derived work must preserve the copyright notice and this
7  * notice unmodified.
8  *
9  * Resin Open Source is free software; you can redistribute it and/or modify
10  * it under the terms of the GNU General Public License as published by
11  * the Free Software Foundation; either version 2 of the License, or
12  * (at your option) any later version.
13  *
14  * Resin Open Source is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE, or any warranty
17  * of NON-INFRINGEMENT. See the GNU General Public License for more
18  * details.
19  *
20  * You should have received a copy of the GNU General Public License
21  * along with Resin Open Source; if not, write to the
22  * Free SoftwareFoundation, Inc.
23  * 59 Temple Place, Suite 330
24  * Boston, MA 02111-1307 USA
25  *
26  * @author Scott Ferguson
27  */
28
29 package com.caucho.vfs;
30
31 import com.caucho.config.ConfigException;
32 import com.caucho.util.L10N;
33
34 import javax.annotation.PostConstruct;
35 import javax.net.ssl.KeyManagerFactory;
36 import javax.net.ssl.SSLContext;
37 import javax.net.ssl.SSLServerSocket;
38 import javax.net.ssl.SSLServerSocketFactory;
39 import java.io.IOException JavaDoc;
40 import java.io.InputStream JavaDoc;
41 import java.net.InetAddress JavaDoc;
42 import java.net.ServerSocket JavaDoc;
43 import java.security.GeneralSecurityException JavaDoc;
44 import java.security.Key JavaDoc;
45 import java.security.KeyStore JavaDoc;
46 import java.security.cert.Certificate JavaDoc;
47
48 /**
49  * Abstract socket to handle both normal sockets and bin/resin sockets.
50  */
51 public class JsseSSLFactory implements SSLFactory {
52   private static final L10N L = new L10N(JsseSSLFactory.class);
53   
54   private Path _keyStoreFile;
55   private String JavaDoc _alias;
56   private String JavaDoc _password;
57   private String JavaDoc _verifyClient;
58   private String JavaDoc _keyStoreType = "jks";
59   private String JavaDoc _keyManagerFactory = "SunX509";
60   private String JavaDoc _sslContext = "TLS";
61
62   private KeyStore JavaDoc _keyStore;
63   
64   /**
65    * Creates a ServerSocket factory without initializing it.
66    */
67   public JsseSSLFactory()
68   {
69   }
70
71   /**
72    * Sets the key store
73    */
74   public void setKeyStoreFile(Path keyStoreFile)
75   {
76     _keyStoreFile = keyStoreFile;
77   }
78
79   /**
80    * Returns the certificate file.
81    */
82   public Path getKeyStoreFile()
83   {
84     return _keyStoreFile;
85   }
86
87   /**
88    * Sets the password.
89    */
90   public void setPassword(String JavaDoc password)
91   {
92     _password = password;
93   }
94
95   /**
96    * Returns the key file.
97    */
98   public String JavaDoc getPassword()
99   {
100     return _password;
101   }
102
103   /**
104    * Sets the certificate alias
105    */
106   public void setAlias(String JavaDoc alias)
107   {
108     _alias = alias;
109   }
110
111   /**
112    * Returns the alias.
113    */
114   public String JavaDoc getAlias()
115   {
116     return _alias;
117   }
118
119   /**
120    * Sets the verifyClient.
121    */
122   public void setVerifyClient(String JavaDoc verifyClient)
123   {
124     _verifyClient = verifyClient;
125   }
126
127   /**
128    * Returns the key file.
129    */
130   public String JavaDoc getVerifyClient()
131   {
132     return _verifyClient;
133   }
134
135   /**
136    * Sets the key-manager-factory
137    */
138   public void setKeyManagerFactory(String JavaDoc keyManagerFactory)
139   {
140     _keyManagerFactory = keyManagerFactory;
141   }
142
143   /**
144    * Sets the ssl-context
145    */
146   public void setSSLContext(String JavaDoc sslContext)
147   {
148     _sslContext = sslContext;
149   }
150
151   /**
152    * Sets the key-store
153    */
154   public void setKeyStoreType(String JavaDoc keyStore)
155   {
156     _keyStoreType = keyStore;
157   }
158
159   /**
160    * Initialize
161    */
162   @PostConstruct
163   public void init()
164     throws ConfigException, IOException JavaDoc, GeneralSecurityException JavaDoc
165   {
166     if (_keyStoreFile == null)
167       throw new ConfigException(L.l("`key-store-file' is required for JSSE."));
168     if (_password == null)
169       throw new ConfigException(L.l("`password' is required for JSSE."));
170
171     _keyStore = KeyStore.getInstance(_keyStoreType);
172     
173     InputStream JavaDoc is = _keyStoreFile.openRead();
174     try {
175       _keyStore.load(is, _password.toCharArray());
176     } finally {
177       is.close();
178     }
179
180     if (_alias != null) {
181       Key JavaDoc key = _keyStore.getKey(_alias, _password.toCharArray());
182
183       if (key == null)
184     throw new ConfigException(L.l("JSSE alias '{0}' does not have a corresponding key.",
185                   _alias));
186
187       Certificate JavaDoc []certChain = _keyStore.getCertificateChain(_alias);
188       
189       if (certChain == null)
190     throw new ConfigException(L.l("JSSE alias '{0}' does not have a corresponding certificate chain.",
191                   _alias));
192
193       _keyStore = KeyStore.getInstance(_keyStoreType);
194       _keyStore.load(null, _password.toCharArray());
195
196       _keyStore.setKeyEntry(_alias, key, _password.toCharArray(), certChain);
197     }
198   }
199
200   /**
201    * Creates the SSL ServerSocket.
202    */
203   public QServerSocket create(InetAddress JavaDoc host, int port)
204     throws IOException JavaDoc, GeneralSecurityException JavaDoc
205   {
206     if (_keyStore == null)
207       throw new IOException JavaDoc(L.l("key store is missing"));
208
209     KeyManagerFactory kmf = KeyManagerFactory.getInstance(_keyManagerFactory);
210     
211     kmf.init(_keyStore, _password.toCharArray());
212       
213     SSLContext sslContext = SSLContext.getInstance(_sslContext);
214
215     sslContext.init(kmf.getKeyManagers(), null, null);
216
217     SSLServerSocketFactory factory;
218     factory = sslContext.getServerSocketFactory();
219
220     ServerSocket serverSocket;
221
222     int listen = 100;
223
224     if (host == null)
225       serverSocket = factory.createServerSocket(port, listen);
226     else
227       serverSocket = factory.createServerSocket(port, listen, host);
228
229     SSLServerSocket sslServerSocket = (SSLServerSocket) serverSocket;
230     
231     if ("required".equals(_verifyClient))
232       sslServerSocket.setNeedClientAuth(true);
233
234     /*
235     boolean hasRestriction = false;
236     ArrayList<String> protocols = new ArrayList();
237     if (node.getBoolean("tls1", true)) {
238       protocols.add("TLSv1");
239       protocols.add("TLS");
240     }
241     else
242       hasRestriction = true;
243     
244     if (node.getBoolean("ssl2", true)) {
245       protocols.add("SSLv2");
246     }
247     else
248       hasRestriction = true;
249     
250     if (node.getBoolean("ssl3", true)) {
251       protocols.add("SSLv3");
252     }
253     else
254       hasRestriction = true;
255
256     if (hasRestriction)
257       sslServerSocket.setEnabledProtocols((String []) protocols.toArray(new String[protocols.size()]));
258     */
259
260     return new QServerSocketWrapper(serverSocket);
261   }
262 }
263
264
Popular Tags