1 16 package com.sun.slamd.example; 17 18 19 20 import java.io.*; 21 import java.net.*; 22 import java.security.*; 23 import java.security.cert.*; 24 import java.util.*; 25 import javax.net.ssl.*; 26 import netscape.ldap.*; 27 28 29 30 42 public class JSSERandomClientCertSocketFactory 43 extends SSLSocketFactory 44 implements LDAPSocketFactory, X509KeyManager, X509TrustManager 45 { 46 boolean alwaysRandom; 51 52 boolean debugMode; 55 56 boolean disableSessionCaching; 59 60 Random random; 63 64 SSLContext sslContext; 66 67 SSLSocketFactory sslSocketFactory; 69 70 String currentAlias; 73 74 String [] aliases; 76 77 X509KeyManager parentKeyManager; 80 81 82 83 95 public JSSERandomClientCertSocketFactory(String keyStoreFile, 96 char[] keyStorePassword) 97 throws LDAPException 98 { 99 this(keyStoreFile, keyStorePassword, false); 100 } 101 102 103 104 118 public JSSERandomClientCertSocketFactory(String keyStoreFile, 119 char[] keyStorePassword, 120 boolean debugMode) 121 throws LDAPException 122 { 123 this.debugMode = debugMode; 124 alwaysRandom = false; 125 disableSessionCaching = false; 126 127 128 KeyStore keyStore; 130 try 131 { 132 FileInputStream inputStream = new FileInputStream(keyStoreFile); 133 keyStore = KeyStore.getInstance("JKS"); 134 keyStore.load(inputStream, keyStorePassword); 135 inputStream.close(); 136 } 137 catch (Exception e) 138 { 139 String message = "Unable to read key store file \"" + keyStoreFile + 140 "\" -- " + e; 141 142 if (debugMode) 143 { 144 System.err.println(message); 145 } 146 147 throw new LDAPException(message); 148 } 149 150 151 try 152 { 153 ArrayList aliasList = new ArrayList(); 156 Enumeration keyStoreAliases = keyStore.aliases(); 157 158 while (keyStoreAliases.hasMoreElements()) 159 { 160 String alias = (String ) keyStoreAliases.nextElement(); 161 if (keyStore.isKeyEntry(alias)) 162 { 163 aliasList.add(keyStoreAliases.nextElement()); 164 } 165 } 166 167 aliases = new String [aliasList.size()]; 168 aliasList.toArray(aliases); 169 } 170 catch (KeyStoreException kse) 171 { 172 String message = "Unable to retrieve aliases of client certificates " + 173 "from the key store -- " + kse; 174 175 if (debugMode) 176 { 177 System.err.println(message); 178 } 179 180 throw new LDAPException(message); 181 } 182 183 184 if ((aliases == null) || (aliases.length == 0)) 186 { 187 String message = "No client certificates found in key store \"" + 188 keyStoreFile + "\""; 189 190 if (debugMode) 191 { 192 System.err.println(message); 193 } 194 195 throw new LDAPException(message); 196 } 197 198 199 try 201 { 202 KeyManagerFactory keyManagerFactory = 203 KeyManagerFactory.getInstance("SunX509"); 204 keyManagerFactory.init(keyStore, keyStorePassword); 205 KeyManager[] managers = keyManagerFactory.getKeyManagers(); 206 if ((managers == null) || (managers.length == 0)) 207 { 208 throw new NoSuchAlgorithmException("No X.509 key managers are " + 209 "available."); 210 } 211 212 parentKeyManager = (X509KeyManager) managers[0]; 213 } 214 catch (Exception e) 215 { 216 String message = "Unable to obtain a handle to the default X.509 key " + 217 "manager -- " + e; 218 219 if (debugMode) 220 { 221 System.err.println(message); 222 } 223 224 throw new LDAPException(message); 225 } 226 227 228 229 Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); 231 System.setProperty("java.protocol.handler.pkgs", 232 "com.sun.net.ssl.internal.www.protocol"); 233 234 235 try 237 { 238 sslContext = SSLContext.getInstance("SSLv3"); 239 } 240 catch (NoSuchAlgorithmException nsae) 241 { 242 String message = "Unable to initialize the SSL context -- " + nsae; 243 244 if (debugMode) 245 { 246 System.err.println(message); 247 } 248 249 throw new LDAPException(message); 250 } 251 252 253 try 256 { 257 sslContext.init(new KeyManager[] { this }, new TrustManager[] { this }, 258 null); 259 } 260 catch (KeyManagementException kme) 261 { 262 String message = "Unable to regsiter a key and trust managers with the " + 263 "SSL context: " + kme; 264 265 if (debugMode) 266 { 267 System.err.println(message); 268 } 269 270 throw new LDAPException(message); 271 } 272 273 274 sslSocketFactory = sslContext.getSocketFactory(); 276 277 278 random = new Random(); 281 282 283 if (debugMode) 286 { 287 System.err.println("New JSSERandomClientCertSocketFactory created"); 288 } 289 } 290 291 292 293 302 public String getCurrentAlias() 303 { 304 return currentAlias; 305 } 306 307 308 309 327 public void setCurrentAlias(String alias) 328 { 329 this.currentAlias = alias; 330 } 331 332 333 334 341 public String [] getAliases() 342 { 343 return aliases; 344 } 345 346 347 348 352 public void chooseNewClientCert() 353 { 354 currentAlias = null; 355 } 356 357 358 359 368 public boolean alwaysRandom() 369 { 370 return alwaysRandom; 371 } 372 373 374 375 383 public void setAlwaysRandom(boolean alwaysRandom) 384 { 385 this.alwaysRandom = alwaysRandom; 386 } 387 388 389 390 397 public boolean disableSessionCaching() 398 { 399 return disableSessionCaching; 400 } 401 402 403 404 412 public void setDisableSessionCaching(boolean disableSessionCaching) 413 { 414 this.disableSessionCaching = disableSessionCaching; 415 } 416 417 418 419 432 public String chooseClientAlias(String [] keyTypes, Principal[] issuers, 433 Socket socket) 434 { 435 if (currentAlias != null) 436 { 437 return currentAlias; 438 } 439 440 String alias = aliases[(random.nextInt() & 0x7FFFFFFF) % aliases.length]; 441 if (! alwaysRandom) 442 { 443 currentAlias = alias; 444 } 445 446 return alias; 447 } 448 449 450 451 463 public String [] getClientAliases(String keyType, Principal[] issuers) 464 { 465 return parentKeyManager.getClientAliases(keyType, issuers); 466 } 467 468 469 470 483 public String chooseServerAlias(String keyType, Principal[] issuers, 484 Socket socket) 485 { 486 return parentKeyManager.chooseServerAlias(keyType, issuers, socket); 487 } 488 489 490 491 503 public String [] getServerAliases(String keyType, Principal[] issuers) 504 { 505 return parentKeyManager.getServerAliases(keyType, issuers); 506 } 507 508 509 510 519 public PrivateKey getPrivateKey(String alias) 520 { 521 return parentKeyManager.getPrivateKey(alias); 522 } 523 524 525 526 537 public X509Certificate[] getCertificateChain(String alias) 538 { 539 return parentKeyManager.getCertificateChain(alias); 540 } 541 542 543 544 551 public void checkClientTrusted(X509Certificate[] chain, String authType) 552 { 553 if (debugMode) 556 { 557 System.err.println("checkClientTrusted() invoked"); 558 } 559 } 560 561 562 563 570 public void checkServerTrusted(X509Certificate[] chain, String authType) 571 { 572 if (debugMode) 575 { 576 System.err.println("checkServerTrusted() invoked"); 577 } 578 } 579 580 581 582 588 public X509Certificate[] getAcceptedIssuers() 589 { 590 if (debugMode) 591 { 592 System.err.println("getAcceptedIssuers() invoked"); 593 } 594 595 return null; 596 } 597 598 599 600 615 public Socket makeSocket(String host, int port) 616 throws LDAPException 617 { 618 if (debugMode) 619 { 620 System.err.println("makeSocket(" + host + "," + port + ") invoked"); 621 } 622 623 try 624 { 625 SSLSocket sslSocket = 626 (SSLSocket) sslSocketFactory.createSocket(host, port); 627 if (disableSessionCaching) 628 { 629 sslSocket.getSession().invalidate(); 630 } 631 632 return sslSocket; 633 } 634 catch (Exception e) 635 { 636 throw new LDAPException("Unable to establish the SSL connection: " + e); 637 } 638 } 639 640 641 642 652 public Socket createSocket(String host, int port) 653 throws IOException 654 { 655 if (debugMode) 656 { 657 System.err.println("createSocket(" + host + "," + port + ") invoked"); 658 } 659 660 SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket(host, port); 661 if (disableSessionCaching) 662 { 663 sslSocket.getSession().invalidate(); 664 } 665 666 return sslSocket; 667 } 668 669 670 671 685 public Socket createSocket(String host, int port, InetAddress localHost, 686 int localPort) 687 throws IOException 688 { 689 if (debugMode) 690 { 691 System.err.println("createSocket(" + host + "," + port + ", " + 692 localHost.getHostAddress() + ", " + localPort + 693 ") invoked"); 694 } 695 696 SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket(host, port, 697 localHost, 698 localPort); 699 if (disableSessionCaching) 700 { 701 sslSocket.getSession().invalidate(); 702 } 703 704 return sslSocket; 705 } 706 707 708 709 719 public Socket createSocket(InetAddress host, int port) 720 throws IOException 721 { 722 if (debugMode) 723 { 724 System.err.println("createSocket(" + host.getHostAddress() + ", " + port + 725 ") invoked"); 726 } 727 728 SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket(host, port); 729 if (disableSessionCaching) 730 { 731 sslSocket.getSession().invalidate(); 732 } 733 734 return sslSocket; 735 } 736 737 738 739 753 public Socket createSocket(InetAddress host, int port, 754 InetAddress localAddress, int localPort) 755 throws IOException 756 { 757 if (debugMode) 758 { 759 System.err.println("createSocket(" + host.getHostAddress() + "," + port + 760 ", " + localAddress.getHostAddress() + ", " + 761 localPort + ") invoked"); 762 } 763 764 SSLSocket sslSocket = 765 (SSLSocket) sslSocketFactory.createSocket(host, port, localAddress, 766 localPort); 767 if (disableSessionCaching) 768 { 769 sslSocket.getSession().invalidate(); 770 } 771 772 return sslSocket; 773 } 774 775 776 777 788 public Socket createSocket(Socket socket, String host, int port, 789 boolean autoClose) 790 throws IOException 791 { 792 if (debugMode) 793 { 794 System.err.println("createSocket(Socket, " + host + ", " + port + ", " + 795 autoClose + ") invoked"); 796 } 797 798 SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket(socket, 799 host, port, 800 autoClose); 801 if (disableSessionCaching) 802 { 803 sslSocket.getSession().invalidate(); 804 } 805 806 return sslSocket; 807 } 808 809 810 811 816 public String [] getDefaultCipherSuites() 817 { 818 if (debugMode) 819 { 820 System.err.println("getDefaultCipherSuites() invoked"); 821 } 822 823 return sslSocketFactory.getDefaultCipherSuites(); 824 } 825 826 827 828 833 public String [] getSupportedCipherSuites() 834 { 835 if (debugMode) 836 { 837 System.err.println("getSupportedCipherSuites() invoked"); 838 } 839 840 return sslSocketFactory.getSupportedCipherSuites(); 841 } 842 } 843 844
| Popular Tags
|