SSLNetwork


1   /*
2    * Copyright (C) 2003 - 2004 SCALAGENT
3    *
4    * This library is free software; you can redistribute it and/or
5    * modify it under the terms of the GNU Lesser General Public
6    * License as published by the Free Software Foundation; either
7    * version 2.1 of the License, or any later version.
8    * 
9    * This library is distributed in the hope that it will be useful,
10   * but WITHOUT ANY WARRANTY; without even the implied warranty of
11   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
12   * Lesser General Public License for more details.
13   * 
14   * You should have received a copy of the GNU Lesser General Public
15   * License along with this library; if not, write to the Free Software
16   * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
17   * USA.
18   *
19   * Initial developer(s): ScalAgent Distributed Technologies
20   * Contributor(s): 
21   */
22  package fr.dyade.aaa.agent;
23  
24  import java.io.*;
25  import java.net.*;
26  import javax.net.ssl.*;
27  import javax.security.cert.X509Certificate;
28  import java.security.KeyStore  ;
29  import java.security.SecureRandom  ;
30  
31  /**
32   *
33   */
34  public final class SSLNetwork extends PoolNetwork {
35    public final static String   SSLCONTEXT = "fr.dyade.aaa.agent.SSLNetwork.SSLContext";
36    public final static String   KTYPE = "fr.dyade.aaa.agent.SSLNetwork.KeyStoreType";
37  
38    /**
39     * Name of property that allow to fix the keystore's password:
40     * "SSLNetwork.pass". By default the password is "changeit".
41     * This property can be fixed either from <code>java</code> launching
42     * command (-Dname=value), or by in <code>a3servers.xml</code> configuration
43     * file (property element).
44     */
45    public final static String   PASS = "SSLNetwork.pass";
46    /**
47     * Name of property that allow to fix the keystore's pathname:
48     * "SSLNetwork.keyfile". By default the key file is ".keystore".
49     * This property can be fixed either from <code>java</code> launching
50     * command (-Dname=value), or by in <code>a3servers.xml</code> configuration
51     * file (property element).
52     */
53    public final static String   KEYFILE = "SSLNetwork.keyfile";
54  
55    SSLSocketFactory socketFactory = null;
56    SSLServerSocketFactory serverSocketFactory = null;
57  
58    public SSLNetwork() throws Exception   {
59      super();
60      name = "SSLNetwork#" + AgentServer.getServerId();
61  
62      char[] pass =  AgentServer.getProperty(PASS, "changeit").toCharArray();
63      String   keyFile = AgentServer.getProperty(KEYFILE, ".keystore");
64  
65      KeyStore   keystore = KeyStore.getInstance(AgentServer.getProperty(KTYPE, "JKS"));
66      keystore.load(new FileInputStream(keyFile), pass);
67  
68      KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
69      kmf.init(keystore, pass);
70  
71      TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
72      tmf.init(keystore);
73  
74      SSLContext ctx = SSLContext.getInstance(AgentServer.getProperty(SSLCONTEXT, "TLS"));
75      ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
76  
77      socketFactory = ctx.getSocketFactory();
78      serverSocketFactory = ctx.getServerSocketFactory();
79    }
80  
81    /**
82     *  This method creates and returns a socket connected to a ServerSocket at
83     * the specified network address and port. It may be overloaded in subclass,
84     * in order to create particular subclasses of sockets.
85     * <p>
86     *  Due to polymorphism of both factories and sockets, different kinds of
87     * sockets can be used by the same application code. The sockets returned
88     * to the application can be subclasses of <a HREF="java.net.Socket">
89     * Socket</a>, so that they can directly expose new APIs for features such
90     * as compression, security, or firewall tunneling.
91     *
92     * @param host    the server host.
93     * @param port    the server port.
94     * @return        a socket connected to a ServerSocket at the specified
95     *            network address and port.
96     *
97     * @exception IOException if the connection can't be established
98     */
99    Socket createSocket(InetAddress host, int port) throws IOException {
100     return socketFactory.createSocket(host, port);
101   }
102 
103   /**
104    *  This method creates and returns a server socket which uses all network
105    * interfaces on the host, and is bound to the specified port. It may be
106    * overloaded in subclass, in order to create particular subclasses of
107    * server sockets.
108    *
109    * @return        a server socket bound to the specified port.
110    *
111    * @exception IOException for networking errors
112    */
113   ServerSocket createServerSocket(int port) throws IOException {
114     ServerSocket serverSocket = null;
115     serverSocket = serverSocketFactory.createServerSocket(port);
116     ((SSLServerSocket) serverSocket).setNeedClientAuth(true);
117 
118     return serverSocket;
119   }
120 
121   /**
122    *  Configures this socket using the socket options established for this
123    * factory. It may be overloaded in subclass, in order to handle particular
124    * subclasses of sockets
125    *
126    * @param Socket  the socket.
127    *
128    * @exception IOException for networking errors
129    */ 
130   void setSocketOption(Socket sock) throws SocketException {
131     // Don't use TCP data coalescing - ie Nagle's algorithm
132     sock.setTcpNoDelay(true);
133     // Read operation will block indefinitely until requested data arrives
134     sock.setSoTimeout(0);
135     // Set Linger-on-Close timeout.
136     sock.setSoLinger(true, 60);
137   }
138 
139 }
140
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags