KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > com > sun > enterprise > iiop > IIOPSSLSocketFactory


1 /*
2  * The contents of this file are subject to the terms
3  * of the Common Development and Distribution License
4  * (the License). You may not use this file except in
5  * compliance with the License.
6  *
7  * You can obtain a copy of the license at
8  * https://glassfish.dev.java.net/public/CDDLv1.0.html or
9  * glassfish/bootstrap/legal/CDDLv1.0.txt.
10  * See the License for the specific language governing
11  * permissions and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL
14  * Header Notice in each file and include the License file
15  * at glassfish/bootstrap/legal/CDDLv1.0.txt.
16  * If applicable, add the following below the CDDL Header,
17  * with the fields enclosed by brackets [] replaced by
18  * you own identifying information:
19  * "Portions Copyrighted [year] [name of copyright owner]"
20  *
21  * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
22  */
23 package com.sun.enterprise.iiop;
24
25 import java.io.IOException JavaDoc;
26 import java.io.Serializable JavaDoc;
27 import java.net.InetSocketAddress JavaDoc;
28 import java.net.ServerSocket JavaDoc;
29 import java.net.Socket JavaDoc;
30 import java.net.SocketException JavaDoc;
31 import java.nio.channels.ServerSocketChannel JavaDoc;
32 import java.nio.channels.SocketChannel JavaDoc;
33 import java.rmi.server.RMISocketFactory JavaDoc;
34 import java.security.KeyStore JavaDoc;
35 import java.security.SecureRandom JavaDoc;
36 import java.text.MessageFormat JavaDoc;
37 import java.util.ArrayList JavaDoc;
38 import java.util.Enumeration JavaDoc;
39 import java.util.Hashtable JavaDoc;
40 import java.util.Map JavaDoc;
41 import java.util.Properties JavaDoc;
42 import java.util.StringTokenizer JavaDoc;
43 import java.util.logging.Level JavaDoc;
44 import java.util.logging.Logger JavaDoc;
45 import java.security.KeyStore JavaDoc;
46 import java.security.SecureRandom JavaDoc;
47 import java.rmi.server.RMISocketFactory JavaDoc;
48 import javax.net.ssl.KeyManager;
49 import javax.net.ssl.KeyManagerFactory;
50 import javax.net.ssl.SSLContext;
51 import javax.net.ssl.SSLSocket;
52 import javax.net.ssl.SSLSocketFactory;
53 import javax.net.ssl.SSLServerSocket;
54 import javax.net.ssl.SSLServerSocketFactory;
55 import javax.net.ssl.TrustManagerFactory;
56 import javax.net.ssl.X509KeyManager;
57
58 import com.sun.corba.ee.impl.orbutil.ORBConstants;
59 import com.sun.corba.ee.pept.transport.Acceptor;
60 import com.sun.corba.ee.spi.orb.ORB;
61 import com.sun.corba.ee.spi.transport.ORBSocketFactory;
62
63 import com.sun.enterprise.Switch;
64 import com.sun.enterprise.config.serverbeans.IiopListener;
65 import com.sun.enterprise.config.serverbeans.IiopService;
66 import com.sun.enterprise.config.serverbeans.ServerBeansFactory;
67 import com.sun.enterprise.config.serverbeans.Ssl;
68 import com.sun.enterprise.config.ConfigContext;
69 import com.sun.enterprise.iiop.security.SecurityMechanismSelector;
70 import com.sun.enterprise.iiop.security.ConnectionContext;
71 import com.sun.enterprise.security.CipherInfo;
72 import com.sun.enterprise.security.SSLUtils;
73 import com.sun.enterprise.security.ssl.J2EEKeyManager;
74 import com.sun.enterprise.server.J2EEServer;
75 import com.sun.enterprise.server.ApplicationServer;
76 import com.sun.enterprise.util.Utility;
77 import com.sun.enterprise.util.TypeUtil;
78
79 import com.sun.logging.LogDomains;
80
81
82 /**
83  * This is socket factory used to create either plain sockets or SSL
84  * sockets based on the target's policies and the client policies.
85  * @author Vivek Nagar
86  * @author Shing Wai Chan
87  */
88 public class IIOPSSLSocketFactory implements ORBSocketFactory, Serializable JavaDoc
89 {
90     private static Logger JavaDoc _logger = null;
91     static{
92         _logger=LogDomains.getLogger(LogDomains.CORBA_LOGGER);
93         com.sun.enterprise.security.KeyTool.initProvider();
94     }
95
96     private static final String JavaDoc TLS = "TLS";
97     private static final String JavaDoc SSL3 = "SSLv3";
98     private static final String JavaDoc SSL2 = "SSLv2";
99     private static final String JavaDoc SSL = "SSL";
100     private static final String JavaDoc SSL_MUTUALAUTH = "SSL_MUTUALAUTH";
101     private static final String JavaDoc PERSISTENT_SSL = "PERSISTENT_SSL";
102
103     private static final int BACKLOG = 50;
104
105     private static SecureRandom JavaDoc sr = J2EEServer.secureRandom;
106
107     /* this is stored for the Server side of SSL Connections.
108      * Note: There will be only a port per iiop listener and a corresponding
109      * ctx for that port
110      */
111     /*
112      * @todo provide an interface to the admin, so that whenever a iiop-listener
113      * is added / removed, we modify the hashtable,
114      */
115     private Map JavaDoc portToSSLInfo = new Hashtable JavaDoc();
116     /* this is stored for the client side of SSL Connections.
117      * Note: There will be only 1 ctx for the client side, as we will reuse the
118      * ctx for all SSL connections
119      */
120     private SSLInfo clientSslInfo = null;
121
122     private ORB orb;
123
124     /**
125      * Constructs an <code>IIOPSSLSocketFactory</code>
126      */
127     public IIOPSSLSocketFactory() {
128         try {
129             if (Switch.getSwitch().getContainerType() == Switch.EJBWEB_CONTAINER) {
130                 ConfigContext configContext =
131                     ApplicationServer.getServerContext().getConfigContext();
132                 IiopService iiopBean = ServerBeansFactory.getIiopServiceBean(configContext);
133
134                 IiopListener[] iiopListeners = iiopBean.getIiopListener();
135                 int listenersLength = (iiopListeners != null) ? iiopListeners.length : 0;
136                 for (int i = 0; i < listenersLength; i++) {
137                     Ssl ssl = iiopListeners[i].getSsl();
138                     SSLInfo sslInfo = null;
139                     if (iiopListeners[i].isSecurityEnabled()) {
140                         if (ssl != null) {
141                             sslInfo = init(ssl.getCertNickname(),
142                                 ssl.isSsl2Enabled(), ssl.getSsl2Ciphers(),
143                                 ssl.isSsl3Enabled(), ssl.getSsl3TlsCiphers(),
144                                 ssl.isTlsEnabled());
145                         } else {
146                             sslInfo = getDefaultSslInfo();
147                         }
148                         portToSSLInfo.put(
149                             new Integer JavaDoc(iiopListeners[i].getPort()), sslInfo);
150                     }
151                 }
152
153                 if (iiopBean.getSslClientConfig() != null &&
154                         iiopBean.getSslClientConfig().isEnabled()) {
155                     Ssl outboundSsl = iiopBean.getSslClientConfig().getSsl();
156                     if (outboundSsl != null) {
157                         clientSslInfo = init(outboundSsl.getCertNickname(),
158                             outboundSsl.isSsl2Enabled(),
159                             outboundSsl.getSsl2Ciphers(),
160                             outboundSsl.isSsl3Enabled(),
161                             outboundSsl.getSsl3TlsCiphers(),
162                             outboundSsl.isTlsEnabled());
163                     }
164                 }
165                 if (clientSslInfo == null) {
166                     clientSslInfo = getDefaultSslInfo();
167                 }
168             } else {
169                 com.sun.enterprise.config.clientbeans.Ssl clientSsl =
170                         SSLUtils.getAppclientSsl();
171                 if (clientSsl != null) {
172                     clientSslInfo = init(clientSsl.getCertNickname(),
173                         clientSsl.isSsl2Enabled(), clientSsl.getSsl2Ciphers(),
174                         clientSsl.isSsl3Enabled(), clientSsl.getSsl3TlsCiphers(),
175                         clientSsl.isTlsEnabled());
176                 } else { // include case keystore, truststore jvm option
177 clientSslInfo = getDefaultSslInfo();
178                 }
179             }
180         } catch (Exception JavaDoc e) {
181             _logger.log(Level.SEVERE,"iiop.init_exception",e);
182             throw new IllegalStateException JavaDoc(e.toString());
183         }
184     }
185
186     /**
187      * Return a default SSLInfo object.
188      */
189     private SSLInfo getDefaultSslInfo() throws Exception JavaDoc {
190         return init(null, false, null, true, null, true);
191     }
192
193     /**
194      * serveralias/clientalias cannot be set at the same time.
195      * this method encapsulates the common code for both the client side and
196      * server side to create a SSLContext
197      * it is called once for each serveralias and once for each clientalias
198      */
199     private SSLInfo init(String JavaDoc alias,
200             boolean ssl2Enabled, String JavaDoc ssl2Ciphers,
201             boolean ssl3Enabled, String JavaDoc ssl3TlsCiphers,
202             boolean tlsEnabled) throws Exception JavaDoc {
203         String JavaDoc protocol;
204         if (tlsEnabled) {
205             protocol = TLS;
206         } else if (ssl3Enabled) {
207             protocol = SSL3;
208         } else if (ssl2Enabled) {
209             protocol = SSL2;
210         } else { // default
211 protocol = "SSL";
212         }
213
214         String JavaDoc[] ssl3TlsCipherArr = null;
215         if (tlsEnabled || ssl3Enabled) {
216             ssl3TlsCipherArr = getEnabledCipherSuites(ssl3TlsCiphers,
217                     false, ssl3Enabled, tlsEnabled);
218         }
219
220         String JavaDoc[] ssl2CipherArr = null;
221         if (ssl2Enabled) {
222             ssl2CipherArr = getEnabledCipherSuites(ssl2Ciphers,
223                     true, false, false);
224         }
225
226         SSLContext ctx = SSLContext.getInstance(protocol);
227
228         KeyStore JavaDoc[] kstores = SSLUtils.getKeyStores();
229         if (alias == null) {
230             // @todo read logger string from the Logstrings.properties file.
231 if (_logger.isLoggable(Level.FINE)) {
232                 _logger.log(Level.FINE, "Security: Alias unspecified! Keystore will fall back to default alias.");
233             }
234             /* jsse seems to hang if choosing a default alias. Lets pick one from
235              * the keystore and set it explicitly
236              */
237             KeyStore JavaDoc ks = kstores[0];
238             if (ks != null && ks.size() > 0) {
239                 Enumeration JavaDoc e = ks.aliases();
240                 while (e.hasMoreElements()) {
241                     String JavaDoc temp = (String JavaDoc)e.nextElement();
242                     if (ks.isKeyEntry(temp)) {
243                         alias = temp;
244                         break;
245                     }
246                 }
247             }
248         } else {
249             if (!SSLUtils.isTokenKeyAlias(alias)) {
250                 throw new IllegalStateException JavaDoc(getFormatMessage(
251                     "iiop.cannot_find_keyalias", new Object JavaDoc[] { alias }));
252             }
253         }
254             
255         KeyManager[] old = SSLUtils.getKeyManagers();
256         int oldLength = (old != null)? old.length : 0;
257         KeyManager[] mgrs = new J2EEKeyManager[oldLength];
258             
259         for (int i = 0; i < oldLength; i++) {
260             if (_logger.isLoggable(Level.FINE)) {
261                 StringBuffer JavaDoc msg = new StringBuffer JavaDoc("Setting J2EEKeyManager for ");
262                 msg.append(" alias : "+alias);
263                 _logger.log(Level.FINE, msg.toString());
264             }
265             mgrs[i] = new J2EEKeyManager((X509KeyManager)old[i], alias);
266         }
267         ctx.init(mgrs, SSLUtils.getTrustManagers(), sr);
268
269         return new SSLInfo(ctx, ssl3TlsCipherArr, ssl2CipherArr);
270     }
271
272     //----- implements com.sun.corba.ee.spi.transport.ORBSocketFactory -----
273
274     public void setORB(ORB orb) {
275         this.orb = orb;
276     }
277
278     /**
279      * Create a server socket on the specified InetSocketAddress based on the
280      * type of the server socket (SSL, SSL_MUTUALAUTH, PERSISTENT_SSL or CLEAR_TEXT).
281      * @param the type of socket to create.
282      * @param inetSocketAddress the InetSocketAddress
283      * @return the server socket on the specified InetSocketAddress
284      * @exception IOException if an I/O error occurs during server socket
285      * creation
286      */
287     public ServerSocket JavaDoc createServerSocket(String JavaDoc type,
288             InetSocketAddress JavaDoc inetSocketAddress) throws IOException JavaDoc {
289
290     if (_logger.isLoggable(Level.FINE)) {
291         _logger.log(Level.FINE, "Creating server socket for type =" + type
292                 + " inetSocketAddress =" + inetSocketAddress);
293     }
294
295     if(type.equals(SSL_MUTUALAUTH) || type.equals(SSL) ||
296         type.equals(PERSISTENT_SSL)) {
297         return createSSLServerSocket(type, inetSocketAddress);
298     } else {
299             ServerSocket JavaDoc serverSocket = null;
300             if (orb.getORBData().acceptorSocketType().equals(
301                     ORBConstants.SOCKETCHANNEL)) {
302                 ServerSocketChannel JavaDoc serverSocketChannel =
303                         ServerSocketChannel.open();
304                 serverSocket = serverSocketChannel.socket();
305             } else {
306                 serverSocket = new ServerSocket JavaDoc();
307             }
308
309         serverSocket.bind(inetSocketAddress);
310         return serverSocket;
311     }
312     }
313
314     /**
315      * Create a client socket for the specified InetSocketAddress. Creates an SSL
316      * socket if the type specified is SSL or SSL_MUTUALAUTH.
317      * @param type
318      * @param inetSocketAddress
319      * @return the socket.
320      */
321     public Socket JavaDoc createSocket(String JavaDoc type, InetSocketAddress JavaDoc inetSocketAddress)
322             throws IOException JavaDoc {
323
324     try {
325         String JavaDoc host = inetSocketAddress.getHostName();
326         int port = inetSocketAddress.getPort();
327         if (_logger.isLoggable(Level.FINE)) {
328         _logger.log(Level.FINE, "createSocket(" + type + ", " + host + ", " +port + ")");
329         }
330         if (type.equals(SSL) || type.equals(SSL_MUTUALAUTH)) {
331         return createSSLSocket(host, port);
332         } else {
333                 Socket JavaDoc socket = null;
334         if (_logger.isLoggable(Level.FINE)) {
335             _logger.log(Level.FINE, "Creating CLEAR_TEXT socket for:" +port);
336         }
337
338                 if (orb.getORBData().connectionSocketType().equals(
339                         ORBConstants.SOCKETCHANNEL)) {
340                 SocketChannel JavaDoc socketChannel =
341                             SocketChannel.open(inetSocketAddress);
342                 socket = socketChannel.socket();
343             } else {
344                     socket = new Socket JavaDoc(inetSocketAddress.getHostName(),
345                         inetSocketAddress.getPort());
346             }
347
348                 // Disable Nagle's algorithm (i.e. always send immediately).
349 socket.setTcpNoDelay(true);
350                 return socket;
351         }
352     } catch ( Exception JavaDoc ex ) {
353         if(_logger.isLoggable(Level.FINE)) {
354         _logger.log(Level.FINE,"Exception creating socket",ex);
355         }
356         throw new RuntimeException JavaDoc(ex);
357     }
358     }
359
360     public void setAcceptedSocketOptions(Acceptor acceptor,
361             ServerSocket JavaDoc serverSocket, Socket JavaDoc socket) throws SocketException JavaDoc {
362
363     if (_logger.isLoggable(Level.FINE)) {
364         _logger.log(Level.FINE, "setAcceptedSocketOptions: " + acceptor
365                     + " " + serverSocket + " " + socket);
366     }
367         // Disable Nagle's algorithm (i.e., always send immediately).
368 socket.setTcpNoDelay(true);
369     }
370
371     //----- END implements com.sun.corba.ee.spi.transport.ORBSocketFactory -----
372
373     /**
374      * Create an SSL server socket at the specified InetSocketAddress. If the type
375      * is SSL_MUTUALAUTH then SSL client authentication is requested.
376      */
377     private ServerSocket JavaDoc createSSLServerSocket(String JavaDoc type,
378             InetSocketAddress JavaDoc inetSocketAddress) throws IOException JavaDoc {
379
380         if (inetSocketAddress == null) {
381             throw new IOException JavaDoc(getFormatMessage(
382                 "iiop.invalid_sslserverport",
383                 new Object JavaDoc[] { null }));
384         }
385         int port = inetSocketAddress.getPort();
386         Integer JavaDoc iport = new Integer JavaDoc(port);
387         SSLInfo sslInfo = (SSLInfo)portToSSLInfo.get(iport);
388         if (sslInfo == null) {
389             throw new IOException JavaDoc(getFormatMessage(
390                 "iiop.invalid_sslserverport",
391                 new Object JavaDoc[] { iport }));
392         }
393         SSLServerSocketFactory ssf = sslInfo.getContext().getServerSocketFactory();
394         String JavaDoc[] ssl3TlsCiphers = sslInfo.getSsl3TlsCiphers();
395         String JavaDoc[] ssl2Ciphers = sslInfo.getSsl2Ciphers();
396         String JavaDoc[] ciphers = null;
397         if (ssl3TlsCiphers != null || ssl2Ciphers != null) {
398             String JavaDoc[] socketCiphers = ssf.getDefaultCipherSuites();
399             ciphers = mergeCiphers(socketCiphers, ssl3TlsCiphers, ssl2Ciphers);
400         }
401
402     String JavaDoc cs[] = null;
403
404     if(_logger.isLoggable(Level.FINE)) {
405         cs = ssf.getSupportedCipherSuites();
406         for(int i=0; i < cs.length; ++i) {
407         _logger.log(Level.FINE,"Cipher Suite: " + cs[i]);
408         }
409     }
410     ServerSocket JavaDoc ss = null;
411         try{
412             // bugfix for 6349541
413 // specify the ip address to bind to, 50 is the default used
414 // by the ssf implementation when only the port is specified
415 ss = ssf.createServerSocket(port, BACKLOG, inetSocketAddress.getAddress());
416             if (ciphers != null) {
417                 ((SSLServerSocket)ss).setEnabledCipherSuites(ciphers);
418             }
419         } catch(IOException JavaDoc e) {
420             _logger.log(Level.SEVERE, "iiop.createsocket_exception",
421                 new Object JavaDoc[] { type, String.valueOf(port) });
422             _logger.log(Level.SEVERE, "", e);
423             throw e;
424         }
425
426     try {
427         if(type.equals(SSL_MUTUALAUTH)) {
428         _logger.log(Level.FINE,"Setting Mutual auth");
429         ((SSLServerSocket)ss).setNeedClientAuth(true);
430         }
431     } catch(Exception JavaDoc e) {
432         _logger.log(Level.SEVERE,"iiop.cipher_exception",e);
433         throw new IOException JavaDoc(e.getMessage());
434     }
435     if(_logger.isLoggable(Level.FINE)) {
436         _logger.log(Level.FINE,"Created server socket:" + ss);
437     }
438     return ss;
439     }
440
441     /**
442      * Create an SSL socket at the specified host and port.
443      * @param the host
444      * @param the port
445      * @return the socket.
446      */
447     private Socket JavaDoc createSSLSocket(String JavaDoc host, int port)
448         throws IOException JavaDoc {
449             
450     SSLSocket socket = null;
451     SSLSocketFactory factory = null;
452         try{
453             // get socketfactory+sanity check
454 // clientSslInfo is never null
455 factory = clientSslInfo.getContext().getSocketFactory();
456
457             if(_logger.isLoggable(Level.FINE)) {
458                   _logger.log(Level.FINE,"Creating SSL Socket for host:" + host +" port:" + port);
459             }
460             String JavaDoc[] ssl3TlsCiphers = clientSslInfo.getSsl3TlsCiphers();
461             String JavaDoc[] ssl2Ciphers = clientSslInfo.getSsl2Ciphers();
462             String JavaDoc[] clientCiphers = null;
463             if (ssl3TlsCiphers != null || ssl2Ciphers != null) {
464                 String JavaDoc[] socketCiphers = factory.getDefaultCipherSuites();
465                 clientCiphers = mergeCiphers(socketCiphers, ssl3TlsCiphers, ssl2Ciphers);
466             }
467
468             socket = (SSLSocket)factory.createSocket(host, port);
469             if (clientCiphers != null) {
470                 socket.setEnabledCipherSuites(clientCiphers);
471             }
472         }catch(Exception JavaDoc e) {
473             if(_logger.isLoggable(Level.FINE)) {
474                 _logger.log(Level.FINE, "iiop.createsocket_exception",
475                 new Object JavaDoc[] { host, String.valueOf(port) });
476                 _logger.log(Level.FINE, "", e);
477             }
478             IOException JavaDoc e2 = new IOException JavaDoc(
479             "Error opening SSL socket to host="+host+" port="+port);
480             e2.initCause(e);
481             throw e2;
482         }
483         return socket;
484     }
485
486     /**
487      * This API return an array of String listing the enabled cipher suites.
488      * Input is the cipherSuiteStr from xml which a space separated list
489      * ciphers with a prefix '+' indicating enabled, '-' indicating disabled.
490      * If no cipher is enabled, then it returns an empty array.
491      * If no cipher is specified, then all are enabled and it returns null.
492      * @param cipherSuiteStr cipherSuiteStr from xml
493      * @param ssl2Enabled
494      * @param ssl3Enabled
495      * @param tlsEnabled
496      * @return an array of enabled Ciphers
497      */
498     private String JavaDoc[] getEnabledCipherSuites(String JavaDoc cipherSuiteStr,
499             boolean ssl2Enabled, boolean ssl3Enabled, boolean tlsEnabled) {
500         String JavaDoc[] cipherArr = null;
501         if (cipherSuiteStr != null && cipherSuiteStr.length() > 0) {
502             ArrayList JavaDoc cipherList = new ArrayList JavaDoc();
503             StringTokenizer JavaDoc tokens = new StringTokenizer JavaDoc(cipherSuiteStr, ",");
504             while (tokens.hasMoreTokens()) {
505                 String JavaDoc cipherAction = tokens.nextToken();
506                 if (cipherAction.startsWith("+")) {
507                     String JavaDoc cipher = cipherAction.substring(1);
508                     CipherInfo cipherInfo = CipherInfo.getCipherInfo(cipher);
509                     if (cipherInfo != null &&
510                             isValidProtocolCipher(cipherInfo, ssl2Enabled,
511                                 ssl3Enabled, tlsEnabled)) {
512                         cipherList.add(cipherInfo.getCipherName());
513                     } else {
514                         throw new IllegalStateException JavaDoc(getFormatMessage(
515                             "iiop.unknown_cipher",
516                             new Object JavaDoc[] { cipher }));
517                     }
518                 } else if (cipherAction.startsWith("-")) {
519                     String JavaDoc cipher = cipherAction.substring(1);
520                     CipherInfo cipherInfo = CipherInfo.getCipherInfo(cipher);
521                     if (cipherInfo == null ||
522                             !isValidProtocolCipher(cipherInfo, ssl2Enabled,
523                                 ssl3Enabled, tlsEnabled)) {
524                         throw new IllegalStateException JavaDoc(getFormatMessage(
525                             "iiop.unknown_cipher",
526                             new Object JavaDoc[] { cipher }));
527                     }
528                 } else if (cipherAction.trim().length() > 0) {
529                     throw new IllegalStateException JavaDoc(getFormatMessage(
530                         "iiop.invalid_cipheraction",
531                         new Object JavaDoc[] { cipherAction }));
532                 }
533             }
534
535             cipherArr = (String JavaDoc[])cipherList.toArray(
536                     new String JavaDoc[cipherList.size()]);
537         }
538         return cipherArr;
539     }
540
541     /**
542      * Return an array of merged ciphers.
543      * @param enableCiphers ciphers enabled by socket factory
544      * @param ssl3TlsCiphers
545      * @param ssl2Ciphers
546      */
547     private String JavaDoc[] mergeCiphers(String JavaDoc[] enableCiphers,
548             String JavaDoc[] ssl3TlsCiphers, String JavaDoc[] ssl2Ciphers) {
549         if (ssl3TlsCiphers == null && ssl2Ciphers == null) {
550             return null;
551         }
552
553         int eSize = (enableCiphers != null)? enableCiphers.length : 0;
554
555         if (_logger.isLoggable(Level.FINE)) {
556             StringBuffer JavaDoc buf = new StringBuffer JavaDoc("Default socket ciphers: ");
557             for (int i = 0; i < eSize; i++) {
558                 buf.append(enableCiphers[i] + ", ");
559             }
560             _logger.log(Level.FINE, buf.toString());
561         }
562
563         ArrayList JavaDoc cList = new ArrayList JavaDoc();
564         if (ssl3TlsCiphers != null) {
565             for (int i = 0; i < ssl3TlsCiphers.length; i++) {
566                 cList.add(ssl3TlsCiphers[i]);
567             }
568         } else {
569             for (int i = 0; i < eSize; i++) {
570                 String JavaDoc cipher = enableCiphers[i];
571                 CipherInfo cInfo = CipherInfo.getCipherInfo(cipher);
572                 if (cInfo != null && (cInfo.isTLS() || cInfo.isSSL3())) {
573                     cList.add(cipher);
574                 }
575             }
576         }
577         
578         if (ssl2Ciphers != null) {
579             for (int i = 0; i < ssl2Ciphers.length; i++) {
580                 cList.add(ssl2Ciphers[i]);
581             }
582         } else {
583             for (int i = 0; i < eSize; i++) {
584                 String JavaDoc cipher = enableCiphers[i];
585                 CipherInfo cInfo = CipherInfo.getCipherInfo(cipher);
586                 if (cInfo != null && cInfo.isSSL2()) {
587                     cList.add(cipher);
588                 }
589             }
590         }
591
592         if (_logger.isLoggable(Level.FINE)) {
593             _logger.log(Level.FINE, "Merged socket ciphers: " + cList);
594         }
595
596         return (String JavaDoc[])cList.toArray(new String JavaDoc[cList.size()]);
597     }
598
599     /**
600      * Check whether given cipherInfo belongs to given protocol.
601      * @param cipherInfo
602      * @param ssl2Enabled
603      * @param ssl3Enabled
604      * @param tlsEnabled
605      */
606     private boolean isValidProtocolCipher(CipherInfo cipherInfo,
607             boolean ssl2Enabled, boolean ssl3Enabled, boolean tlsEnabled) {
608         return (tlsEnabled && cipherInfo.isTLS() ||
609                 ssl3Enabled && cipherInfo.isSSL3() ||
610                 ssl2Enabled && cipherInfo.isSSL2());
611     }
612
613     /**
614      * This API get the format string from resource bundle of _logger.
615      * @param key the key of the message
616      * @param params the parameter array of Object
617      * @return the format String for _logger
618      */
619     private String JavaDoc getFormatMessage(String JavaDoc key, Object JavaDoc[] params) {
620         return MessageFormat.format(
621             _logger.getResourceBundle().getString(key), params);
622     }
623
624     class SSLInfo {
625         private SSLContext ctx;
626         private String JavaDoc[] ssl3TlsCiphers = null;
627         private String JavaDoc[] ssl2Ciphers = null;
628
629         SSLInfo(SSLContext ctx, String JavaDoc[] ssl3TlsCiphers, String JavaDoc[] ssl2Ciphers) {
630             this.ctx = ctx;
631             this.ssl3TlsCiphers = ssl3TlsCiphers;
632             this.ssl2Ciphers = ssl2Ciphers;
633         }
634
635         SSLContext getContext() {
636             return ctx;
637         }
638
639         String JavaDoc[] getSsl3TlsCiphers() {
640             return ssl3TlsCiphers;
641         }
642
643         String JavaDoc[] getSsl2Ciphers() {
644             return ssl2Ciphers;
645         }
646     }
647 }
648
Popular Tags