KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > tomcat > util > net > jsse > JSSE14SocketFactory


1 /*
2  * Copyright 1999-2004 The Apache Software Foundation
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16
17 package org.apache.tomcat.util.net.jsse;
18
19 import java.io.IOException JavaDoc;
20 import java.security.KeyStore JavaDoc;
21 import java.security.SecureRandom JavaDoc;
22 import java.util.Vector JavaDoc;
23
24 import javax.net.ssl.KeyManager;
25 import javax.net.ssl.KeyManagerFactory;
26 import javax.net.ssl.SSLContext;
27 import javax.net.ssl.SSLServerSocket;
28 import javax.net.ssl.SSLSocket;
29 import javax.net.ssl.TrustManager;
30 import javax.net.ssl.TrustManagerFactory;
31 import javax.net.ssl.X509KeyManager;
32
33 import org.apache.tomcat.util.res.StringManager;
34
35 /*
36   1. Make the JSSE's jars available, either as an installed
37      extension (copy them into jre/lib/ext) or by adding
38      them to the Tomcat classpath.
39   2. keytool -genkey -alias tomcat -keyalg RSA
40      Use "changeit" as password ( this is the default we use )
41  */
42
43 /**
44  * SSL server socket factory. It _requires_ a valid RSA key and
45  * JSSE.
46  *
47  * @author Harish Prabandham
48  * @author Costin Manolache
49  * @author Stefan Freyr Stefansson
50  * @author EKR -- renamed to JSSESocketFactory
51  * @author Jan Luehe
52  */
53 public class JSSE14SocketFactory extends JSSESocketFactory {
54
55     private static StringManager sm =
56         StringManager.getManager("org.apache.tomcat.util.net.jsse.res");
57
58     /**
59      * Flag to state that we require client authentication.
60      */
61     protected boolean requireClientAuth = false;
62
63     /**
64      * Flag to state that we would like client authentication.
65      */
66     protected boolean wantClientAuth = false;
67
68     public JSSE14SocketFactory () {
69         super();
70     }
71
72     /**
73      * Reads the keystore and initializes the SSL socket factory.
74      */
75     void init() throws IOException JavaDoc {
76         try {
77
78             String JavaDoc clientAuthStr = (String JavaDoc) attributes.get("clientauth");
79             if("true".equalsIgnoreCase(clientAuthStr) ||
80                "yes".equalsIgnoreCase(clientAuthStr)) {
81                 requireClientAuth = true;
82             } else if("want".equalsIgnoreCase(clientAuthStr)) {
83                 wantClientAuth = true;
84             }
85
86             // SSL protocol variant (e.g., TLS, SSL v3, etc.)
87 String JavaDoc protocol = (String JavaDoc) attributes.get("protocol");
88             if (protocol == null) {
89                 protocol = defaultProtocol;
90             }
91
92             // Certificate encoding algorithm (e.g., SunX509)
93 String JavaDoc algorithm = (String JavaDoc) attributes.get("algorithm");
94             if (algorithm == null) {
95                 algorithm = defaultAlgorithm;
96             }
97
98             String JavaDoc keystoreType = (String JavaDoc) attributes.get("keystoreType");
99             if (keystoreType == null) {
100                 keystoreType = defaultKeystoreType;
101             }
102
103         String JavaDoc trustAlgorithm = (String JavaDoc)attributes.get("truststoreAlgorithm");
104         if( trustAlgorithm == null ) {
105         trustAlgorithm = algorithm;
106         }
107             // Create and init SSLContext
108 SSLContext context = SSLContext.getInstance(protocol);
109             context.init(getKeyManagers(keystoreType, algorithm,
110                                         (String JavaDoc) attributes.get("keyAlias")),
111                          getTrustManagers(keystoreType, trustAlgorithm),
112                          new SecureRandom JavaDoc());
113
114             // create proxy
115 sslProxy = context.getServerSocketFactory();
116
117             // Determine which cipher suites to enable
118 String JavaDoc requestedCiphers = (String JavaDoc)attributes.get("ciphers");
119             enabledCiphers = getEnabledCiphers(requestedCiphers,
120                                                sslProxy.getSupportedCipherSuites());
121
122         } catch(Exception JavaDoc e) {
123             if( e instanceof IOException JavaDoc )
124                 throw (IOException JavaDoc)e;
125             throw new IOException JavaDoc(e.getMessage());
126         }
127     }
128
129     /**
130      * Gets the initialized key managers.
131      */
132     protected KeyManager[] getKeyManagers(String JavaDoc keystoreType,
133                                           String JavaDoc algorithm,
134                                           String JavaDoc keyAlias)
135                 throws Exception JavaDoc {
136
137         KeyManager[] kms = null;
138
139         String JavaDoc keystorePass = getKeystorePassword();
140
141         KeyStore JavaDoc ks = getKeystore(keystoreType, keystorePass);
142         if (keyAlias != null && !ks.isKeyEntry(keyAlias)) {
143             throw new IOException JavaDoc(sm.getString("jsse.alias_no_key_entry", keyAlias));
144         }
145
146         KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
147         kmf.init(ks, keystorePass.toCharArray());
148
149         kms = kmf.getKeyManagers();
150         if (keyAlias != null) {
151             if (JSSESocketFactory.defaultKeystoreType.equals(keystoreType)) {
152                 keyAlias = keyAlias.toLowerCase();
153             }
154             for(int i=0; i<kms.length; i++) {
155                 kms[i] = new JSSEKeyManager((X509KeyManager)kms[i], keyAlias);
156             }
157         }
158
159         return kms;
160     }
161
162     /**
163      * Gets the intialized trust managers.
164      */
165     protected TrustManager[] getTrustManagers(String JavaDoc keystoreType, String JavaDoc algorithm)
166                 throws Exception JavaDoc {
167
168         TrustManager[] tms = null;
169
170         String JavaDoc truststoreType = (String JavaDoc)attributes.get("truststoreType");
171         if(truststoreType == null) {
172             truststoreType = keystoreType;
173         }
174         KeyStore JavaDoc trustStore = getTrustStore(truststoreType);
175         if (trustStore != null) {
176             TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
177             tmf.init(trustStore);
178             tms = tmf.getTrustManagers();
179         }
180
181         return tms;
182     }
183     protected void setEnabledProtocols(SSLServerSocket socket, String JavaDoc []protocols){
184         if (protocols != null) {
185             socket.setEnabledProtocols(protocols);
186         }
187     }
188
189     protected String JavaDoc[] getEnabledProtocols(SSLServerSocket socket,
190                                            String JavaDoc requestedProtocols){
191         String JavaDoc[] supportedProtocols = socket.getSupportedProtocols();
192
193         String JavaDoc[] enabledProtocols = null;
194
195         if (requestedProtocols != null) {
196             Vector JavaDoc vec = null;
197             String JavaDoc protocol = requestedProtocols;
198             int index = requestedProtocols.indexOf(',');
199             if (index != -1) {
200                 int fromIndex = 0;
201                 while (index != -1) {
202                     protocol = requestedProtocols.substring(fromIndex, index).trim();
203                     if (protocol.length() > 0) {
204                         /*
205                          * Check to see if the requested protocol is among the
206                          * supported protocols, i.e., may be enabled
207                          */
208                         for (int i=0; supportedProtocols != null
209                                      && i<supportedProtocols.length; i++) {
210                             if (supportedProtocols[i].equals(protocol)) {
211                                 if (vec == null) {
212                                     vec = new Vector JavaDoc();
213                                 }
214                                 vec.addElement(protocol);
215                                 break;
216                             }
217                         }
218                     }
219                     fromIndex = index+1;
220                     index = requestedProtocols.indexOf(',', fromIndex);
221                 } // while
222 protocol = requestedProtocols.substring(fromIndex);
223             }
224
225             if (protocol != null) {
226                 protocol = protocol.trim();
227                 if (protocol.length() > 0) {
228                     /*
229                      * Check to see if the requested protocol is among the
230                      * supported protocols, i.e., may be enabled
231                      */
232                     for (int i=0; supportedProtocols != null
233                                  && i<supportedProtocols.length; i++) {
234                         if (supportedProtocols[i].equals(protocol)) {
235                             if (vec == null) {
236                                 vec = new Vector JavaDoc();
237                             }
238                             vec.addElement(protocol);
239                             break;
240                         }
241                     }
242                 }
243             }
244
245             if (vec != null) {
246                 enabledProtocols = new String JavaDoc[vec.size()];
247                 vec.copyInto(enabledProtocols);
248             }
249         }
250
251         return enabledProtocols;
252     }
253
254     protected void configureClientAuth(SSLServerSocket socket){
255         if (wantClientAuth){
256             socket.setWantClientAuth(wantClientAuth);
257         } else {
258             socket.setNeedClientAuth(requireClientAuth);
259         }
260     }
261
262     protected void configureClientAuth(SSLSocket socket){
263         // Per JavaDocs: SSLSockets returned from
264 // SSLServerSocket.accept() inherit this setting.
265 }
266     
267 }
268
Popular Tags