KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > tomcat > util > net > jsse > JSSE13SocketFactory


1 /*
2  * Copyright 1999-2004 The Apache Software Foundation
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16
17 package org.apache.tomcat.util.net.jsse;
18
19 import java.io.IOException JavaDoc;
20 import java.security.KeyStore JavaDoc;
21 import java.security.SecureRandom JavaDoc;
22 import java.security.Security JavaDoc;
23 import java.security.Provider JavaDoc;
24
25 import javax.net.ssl.SSLServerSocket;
26 import javax.net.ssl.SSLSocket;
27
28 /*
29   1. Make the JSSE's jars available, either as an installed
30      extension (copy them into jre/lib/ext) or by adding
31      them to the Tomcat classpath.
32   2. keytool -genkey -alias tomcat -keyalg RSA
33      Use "changeit" as password ( this is the default we use )
34  */
35
36 /**
37  * SSL server socket factory. It _requires_ a valid RSA key and
38  * JSSE.
39  *
40  * @author Harish Prabandham
41  * @author Costin Manolache
42  * @author Stefan Freyr Stefansson
43  * @author EKR -- renamed to JSSESocketFactory
44  * @author Bill Barker
45  */
46 public class JSSE13SocketFactory extends JSSESocketFactory
47 {
48     /**
49      * Flag for client authentication
50      */
51     protected boolean clientAuth = false;
52
53     public JSSE13SocketFactory () {
54         super();
55     }
56
57     /**
58      * Reads the keystore and initializes the SSL socket factory.
59      *
60      * NOTE: This method is identical in functionality to the method of the
61      * same name in JSSE14SocketFactory, except that this method is used with
62      * JSSE 1.0.x (which is an extension to the 1.3 JVM), whereas the other is
63      * used with JSSE 1.1.x (which ships with the 1.4 JVM). Therefore, this
64      * method uses classes in com.sun.net.ssl, which have since moved to
65      * javax.net.ssl, and explicitly registers the required security providers,
66      * which come standard in a 1.4 JVM.
67      */
68      void init() throws IOException JavaDoc {
69         try {
70             try {
71                 Class JavaDoc ssps = Class.forName("sun.security.provider.Sun");
72                 Security.addProvider ((Provider JavaDoc)ssps.newInstance());
73             }catch(Exception JavaDoc cnfe) {
74                 //Ignore, since this is a non-Sun JVM
75 }
76             Security.addProvider (new com.sun.net.ssl.internal.ssl.Provider());
77
78             String JavaDoc clientAuthStr = (String JavaDoc)attributes.get("clientauth");
79             if("true".equalsIgnoreCase(clientAuthStr) ||
80                "yes".equalsIgnoreCase(clientAuthStr) ||
81                "want".equalsIgnoreCase(clientAuthStr)) {
82                 clientAuth = true;
83             }
84             
85             // SSL protocol variant (e.g., TLS, SSL v3, etc.)
86 String JavaDoc protocol = (String JavaDoc)attributes.get("protocol");
87             if (protocol == null) protocol = defaultProtocol;
88             
89             // Certificate encoding algorithm (e.g., SunX509)
90 String JavaDoc algorithm = (String JavaDoc)attributes.get("algorithm");
91             if (algorithm == null) algorithm = defaultAlgorithm;
92
93             // Set up KeyManager, which will extract server key
94 com.sun.net.ssl.KeyManagerFactory kmf =
95                 com.sun.net.ssl.KeyManagerFactory.getInstance(algorithm);
96             String JavaDoc keystoreType = (String JavaDoc)attributes.get("keystoreType");
97             if (keystoreType == null) {
98                 keystoreType = defaultKeystoreType;
99             }
100             String JavaDoc keystorePass = getKeystorePassword();
101             kmf.init(getKeystore(keystoreType, keystorePass),
102                      keystorePass.toCharArray());
103
104             // Set up TrustManager
105 com.sun.net.ssl.TrustManager[] tm = null;
106             String JavaDoc truststoreType = (String JavaDoc)attributes.get("truststoreType");
107             if(truststoreType == null) {
108                 truststoreType = keystoreType;
109             }
110             KeyStore JavaDoc trustStore = getTrustStore(truststoreType);
111             if (trustStore != null) {
112                 com.sun.net.ssl.TrustManagerFactory tmf =
113                     com.sun.net.ssl.TrustManagerFactory.getInstance("SunX509");
114                 tmf.init(trustStore);
115                 tm = tmf.getTrustManagers();
116             }
117
118             // Create and init SSLContext
119 com.sun.net.ssl.SSLContext context =
120                 com.sun.net.ssl.SSLContext.getInstance(protocol);
121             context.init(kmf.getKeyManagers(), tm, new SecureRandom JavaDoc());
122
123             // Create proxy
124 sslProxy = context.getServerSocketFactory();
125
126             // Determine which cipher suites to enable
127 String JavaDoc requestedCiphers = (String JavaDoc)attributes.get("ciphers");
128             enabledCiphers = getEnabledCiphers(requestedCiphers,
129                      sslProxy.getSupportedCipherSuites());
130
131         } catch(Exception JavaDoc e) {
132             if( e instanceof IOException JavaDoc )
133                 throw (IOException JavaDoc)e;
134             throw new IOException JavaDoc(e.getMessage());
135         }
136     }
137     protected String JavaDoc[] getEnabledProtocols(SSLServerSocket socket,
138                                            String JavaDoc requestedProtocols){
139         return null;
140     }
141     protected void setEnabledProtocols(SSLServerSocket socket,
142                                              String JavaDoc [] protocols){
143     }
144
145     protected void configureClientAuth(SSLServerSocket socket){
146         socket.setNeedClientAuth(clientAuth);
147     }
148
149     protected void configureClientAuth(SSLSocket socket){
150         // In JSSE 1.0.2 docs it does not explicitly
151 // state whether SSLSockets returned from
152 // SSLServerSocket.accept() inherit this setting.
153 socket.setNeedClientAuth(clientAuth);
154     }
155
156 }
157
Popular Tags