1 16 17 package org.apache.tomcat.util.net.puretls; 18 19 import java.io.IOException ; 20 import java.net.InetAddress ; 21 import java.net.ServerSocket ; 22 import java.net.Socket ; 23 import java.net.SocketException ; 24 import java.util.Vector ; 25 26 import COM.claymoresystems.ptls.SSLContext; 27 import COM.claymoresystems.ptls.SSLException; 28 import COM.claymoresystems.ptls.SSLServerSocket; 29 import COM.claymoresystems.ptls.SSLSocket; 30 import COM.claymoresystems.sslg.SSLPolicyInt; 31 32 41 42 public class PureTLSSocketFactory 43 extends org.apache.tomcat.util.net.ServerSocketFactory 44 { 45 static org.apache.commons.logging.Log logger = 46 org.apache.commons.logging.LogFactory.getLog(PureTLSSocketFactory.class); 47 static String defaultProtocol = "TLS"; 48 static boolean defaultClientAuth = false; 49 static String defaultKeyStoreFile = "server.pem"; 50 static String defaultKeyPass = "password"; 51 static String defaultRootFile = "root.pem"; 52 static String defaultRandomFile = "random.pem"; 53 54 private COM.claymoresystems.ptls.SSLContext context=null; 55 56 public PureTLSSocketFactory() { 57 } 58 59 public ServerSocket createSocket(int port) 60 throws IOException 61 { 62 init(); 63 return new SSLServerSocket(context,port); 64 } 65 66 public ServerSocket createSocket(int port, int backlog) 67 throws IOException 68 { 69 init(); 70 ServerSocket tmp; 71 72 try { 73 tmp=new SSLServerSocket(context,port,backlog); 74 } 75 catch (IOException e){ 76 throw e; 77 } 78 return tmp; 79 } 80 81 public ServerSocket createSocket(int port, int backlog, 82 InetAddress ifAddress) 83 throws IOException 84 { 85 init(); 86 return new SSLServerSocket(context,port,backlog,ifAddress); 87 } 88 89 private void init() 90 throws IOException 91 { 92 if(context!=null) 93 return; 94 95 boolean clientAuth=defaultClientAuth; 96 97 try { 98 String keyStoreFile=(String )attributes.get("keystore"); 99 if(keyStoreFile==null) keyStoreFile=defaultKeyStoreFile; 100 101 String keyPass=(String )attributes.get("keypass"); 102 if(keyPass==null) keyPass=defaultKeyPass; 103 104 String rootFile=(String )attributes.get("rootfile"); 105 if(rootFile==null) rootFile=defaultRootFile; 106 107 String randomFile=(String )attributes.get("randomfile"); 108 if(randomFile==null) randomFile=defaultRandomFile; 109 110 String protocol=(String )attributes.get("protocol"); 111 if(protocol==null) protocol=defaultProtocol; 112 113 String clientAuthStr=(String )attributes.get("clientauth"); 114 if(clientAuthStr != null){ 115 if(clientAuthStr.equals("true")){ 116 clientAuth=true; 117 } else if(clientAuthStr.equals("false")) { 118 clientAuth=false; 119 } else { 120 throw new IOException ("Invalid value '" + 121 clientAuthStr + 122 "' for 'clientauth' parameter:"); 123 } 124 } 125 126 SSLContext tmpContext=new SSLContext(); 127 try { 128 tmpContext.loadRootCertificates(rootFile); 129 } catch(IOException iex) { 130 if(logger.isDebugEnabled()) 131 logger.debug("Error loading Client Root Store: " + 132 rootFile,iex); 133 } 134 tmpContext.loadEAYKeyFile(keyStoreFile,keyPass); 135 tmpContext.useRandomnessFile(randomFile,keyPass); 136 137 SSLPolicyInt policy=new SSLPolicyInt(); 138 policy.requireClientAuth(clientAuth); 139 policy.handshakeOnConnect(false); 140 policy.waitOnClose(false); 141 short [] enabledCiphers = getEnabledCiphers(policy.getCipherSuites()); 142 if( enabledCiphers != null ) { 143 policy.setCipherSuites(enabledCiphers); 144 } 145 tmpContext.setPolicy(policy); 146 context=tmpContext; 147 } catch (Exception e){ 148 logger.info("Error initializing SocketFactory",e); 149 throw new IOException (e.getMessage()); 150 } 151 } 152 153 160 private short [] getEnabledCiphers(short [] supportedCiphers) { 161 162 short [] enabledCiphers = null; 163 164 String attrValue = (String )attributes.get("ciphers"); 165 if (attrValue != null) { 166 Vector vec = null; 167 int fromIndex = 0; 168 int index = attrValue.indexOf(',', fromIndex); 169 while (index != -1) { 170 String cipher = attrValue.substring(fromIndex, index).trim(); 171 int cipherValue = SSLPolicyInt.getCipherSuiteNumber(cipher); 172 176 if( cipherValue >= 0) { 177 for (int i=0; supportedCiphers != null 178 && i<supportedCiphers.length; i++) { 179 180 if (cipherValue == supportedCiphers[i]) { 181 if (vec == null) { 182 vec = new Vector (); 183 } 184 vec.addElement(new Integer (cipherValue)); 185 break; 186 } 187 } 188 } 189 fromIndex = index+1; 190 index = attrValue.indexOf(',', fromIndex); 191 } 192 193 if (vec != null) { 194 int nCipher = vec.size(); 195 enabledCiphers = new short[nCipher]; 196 for(int i=0; i < nCipher; i++) { 197 Integer value = (Integer )vec.elementAt(i); 198 enabledCiphers[i] = value.shortValue(); 199 } 200 } 201 } 202 203 return enabledCiphers; 204 205 } 206 207 public Socket acceptSocket(ServerSocket socket) 208 throws IOException 209 { 210 try { 211 Socket sock=socket.accept(); 212 return sock; 213 } catch (SSLException e){ 214 logger.debug("SSL handshake error",e); 215 throw new SocketException ("SSL handshake error" + e.toString()); 216 } 217 } 218 219 public void handshake(Socket sock) 220 throws IOException 221 { 222 ((SSLSocket)sock).handshake(); 223 } 224 } 225 226 227 228 229 230 | Popular Tags |