IBMJSSESocketFactory


1   /*
2    * Copyright 2001-2004 The Apache Software Foundation.
3    * 
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    * 
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    * 
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.apache.axis.components.net;
17  
18  import com.ibm.jsse.JSSEProvider;
19  import com.ibm.net.ssl.KeyManagerFactory;
20  import com.ibm.net.ssl.SSLContext;
21  import com.ibm.net.ssl.TrustManager;
22  import com.ibm.net.ssl.TrustManagerFactory;
23  import org.apache.axis.utils.Messages;
24  import org.apache.axis.utils.XMLUtils;
25  
26  import javax.net.ssl.SSLSocket;
27  import javax.net.ssl.SSLSocketFactory;
28  import java.io.BufferedWriter  ;
29  import java.io.FileInputStream  ;
30  import java.io.FileNotFoundException  ;
31  import java.io.IOException  ;
32  import java.io.InputStream  ;
33  import java.io.OutputStream  ;
34  import java.io.OutputStreamWriter  ;
35  import java.io.PrintWriter  ;
36  import java.net.Socket  ;
37  import java.security.KeyStore  ;
38  import java.security.Security  ;
39  import java.util.Hashtable  ;
40  
41  /**
42   * SSL socket factory. It _requires_ a valid RSA key and
43   * JSSE. (borrowed code from tomcat)
44   *
45   * @author Davanum Srinivas (dims@yahoo.com)
46   */
47  public class IBMJSSESocketFactory extends JSSESocketFactory implements SecureSocketFactory {
48  
49      /** Field keystoreType           */
50      private String   keystoreType;
51  
52      /** Field defaultKeystoreType           */
53      static String   defaultKeystoreType = "JKS";
54  
55      /** Field defaultProtocol           */
56      static String   defaultProtocol = "TLS";
57  
58      /** Field defaultAlgorithm           */
59      static String   defaultAlgorithm = "IbmX509";
60  
61      /** Field defaultClientAuth           */
62      static boolean defaultClientAuth = false;
63  
64      /** Field clientAuth           */
65      private boolean clientAuth = false;
66  
67      /** Field defaultKeystoreFile           */
68      static String   defaultKeystoreFile =
69          System.getProperty("user.home") + "/.keystore";
70  
71      /** Field defaultKeyPass           */
72      static String   defaultKeyPass = "changeit";
73  
74      /**
75       * Constructor IBMJSSESocketFactory
76       *
77       * @param attributes
78       */
79      public IBMJSSESocketFactory(Hashtable   attributes) {
80          super(attributes);
81      }
82  
83      /**
84       * Read the keystore, init the SSL socket factory
85       *
86       * @throws IOException
87       */
88      protected void initFactory() throws IOException   {
89  
90          try {
91              Security.addProvider(new com.ibm.jsse.JSSEProvider());
92              Security.addProvider(new com.ibm.crypto.provider.IBMJCE());
93  
94              if(attributes == null) {
95                  //No configuration specified. Get the default.
96                  sslFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
97              } else {
98                  //Configuration specified in wsdd.
99                  SSLContext context = getContext();
100                 sslFactory = context.getSocketFactory();
101             }
102         } catch (Exception   e) {
103             if (e instanceof IOException  ) {
104                 throw (IOException  ) e;
105             }
106             throw new IOException  (e.getMessage());
107         }
108     }
109 
110     /**
111      * gets a SSL Context
112      *
113      * @return SSLContext
114      * @throws Exception
115      */
116     protected SSLContext getContext() throws Exception   {
117         // Please don't change the name of the attribute - other
118         // software may depend on it ( j2ee for sure )
119         String   keystoreFile = (String  ) attributes.get("keystore");
120         if (keystoreFile == null) {
121             keystoreFile = defaultKeystoreFile;
122         }
123 
124         keystoreType = (String  ) attributes.get("keystoreType");
125         if (keystoreType == null) {
126             keystoreType = defaultKeystoreType;
127         }
128 
129         // determine whether we want client authentication
130         // the presence of the attribute enables client auth
131         clientAuth = null != (String  ) attributes.get("clientauth");
132         String   keyPass = (String  ) attributes.get("keypass");
133         if (keyPass == null) {
134             keyPass = defaultKeyPass;
135         }
136 
137         String   keystorePass = (String  ) attributes.get("keystorePass");
138         if (keystorePass == null) {
139             keystorePass = keyPass;
140         }
141 
142         // protocol for the SSL ie - TLS, SSL v3 etc.
143         String   protocol = (String  ) attributes.get("protocol");
144         if (protocol == null) {
145             protocol = defaultProtocol;
146         }
147 
148         // Algorithm used to encode the certificate ie - SunX509
149         String   algorithm = (String  ) attributes.get("algorithm");
150         if (algorithm == null) {
151             algorithm = defaultAlgorithm;
152         }
153 
154         // You can't use ssl without a server certificate.
155         // Create a KeyStore ( to get server certs )
156         KeyStore   kstore = initKeyStore(keystoreFile, keystorePass);
157 
158         // Key manager will extract the server key
159         KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
160 
161         kmf.init(kstore, keyPass.toCharArray());
162 
163         // If client authentication is needed, set up TrustManager
164         TrustManager[] tm = null;
165 
166         if (clientAuth) {
167             TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
168 
169             tmf.init(kstore);
170             tm = tmf.getTrustManagers();
171         }
172 
173         // Create a SSLContext ( to create the ssl factory )
174         // This is the only way to use server sockets with JSSE 1.0.1
175         SSLContext context = SSLContext.getInstance(protocol);    // SSL
176 
177         // init context with the key managers
178         context.init(kmf.getKeyManagers(), tm,
179                 new java.security.SecureRandom  ());
180         return context;
181     }
182 
183     /**
184      * intializes a keystore.
185      *
186      * @param keystoreFile
187      * @param keyPass
188      *
189      * @return keystore
190      * @throws IOException
191      */
192     private KeyStore   initKeyStore(String   keystoreFile, String   keyPass)
193             throws IOException   {
194         try {
195             KeyStore   kstore = KeyStore.getInstance(keystoreType);
196 
197             InputStream   istream = new FileInputStream  (keystoreFile);
198             kstore.load(istream, keyPass.toCharArray());
199             return kstore;
200         } catch (FileNotFoundException   fnfe) {
201             throw fnfe;
202         } catch (IOException   ioe) {
203             throw ioe;
204         } catch (Exception   ex) {
205             ex.printStackTrace();
206             throw new IOException  ("Exception trying to load keystore "
207                     + keystoreFile + ": " + ex.getMessage());
208         }
209     }
210 }
211
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags