KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > tomcat > util > net > puretls > PureTLSSocketFactory


1 /*
2  * Copyright 1999-2004 The Apache Software Foundation
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16
17 package org.apache.tomcat.util.net.puretls;
18
19 import java.io.IOException JavaDoc;
20 import java.net.InetAddress JavaDoc;
21 import java.net.ServerSocket JavaDoc;
22 import java.net.Socket JavaDoc;
23 import java.net.SocketException JavaDoc;
24 import java.util.Vector JavaDoc;
25
26 import COM.claymoresystems.ptls.SSLContext;
27 import COM.claymoresystems.ptls.SSLException;
28 import COM.claymoresystems.ptls.SSLServerSocket;
29 import COM.claymoresystems.ptls.SSLSocket;
30 import COM.claymoresystems.sslg.SSLPolicyInt;
31
32 /**
33  * SSL server socket factory--wraps PureTLS
34  *
35  * @author Eric Rescorla
36  *
37  * some sections of this file cribbed from SSLSocketFactory
38  * (the JSSE socket factory)
39  *
40  */
41  
42 public class PureTLSSocketFactory
43     extends org.apache.tomcat.util.net.ServerSocketFactory
44 {
45     static org.apache.commons.logging.Log logger =
46     org.apache.commons.logging.LogFactory.getLog(PureTLSSocketFactory.class);
47     static String JavaDoc defaultProtocol = "TLS";
48     static boolean defaultClientAuth = false;
49     static String JavaDoc defaultKeyStoreFile = "server.pem";
50     static String JavaDoc defaultKeyPass = "password";
51     static String JavaDoc defaultRootFile = "root.pem";
52     static String JavaDoc defaultRandomFile = "random.pem";
53     
54     private COM.claymoresystems.ptls.SSLContext context=null;
55     
56     public PureTLSSocketFactory() {
57     }
58
59     public ServerSocket JavaDoc createSocket(int port)
60     throws IOException JavaDoc
61     {
62     init();
63     return new SSLServerSocket(context,port);
64     }
65
66     public ServerSocket JavaDoc createSocket(int port, int backlog)
67     throws IOException JavaDoc
68     {
69     init();
70     ServerSocket JavaDoc tmp;
71     
72     try {
73         tmp=new SSLServerSocket(context,port,backlog);
74     }
75     catch (IOException JavaDoc e){
76         throw e;
77     }
78     return tmp;
79     }
80
81     public ServerSocket JavaDoc createSocket(int port, int backlog,
82                      InetAddress JavaDoc ifAddress)
83     throws IOException JavaDoc
84     {
85     init();
86     return new SSLServerSocket(context,port,backlog,ifAddress);
87     }
88
89     private void init()
90     throws IOException JavaDoc
91     {
92     if(context!=null)
93         return;
94     
95     boolean clientAuth=defaultClientAuth;
96
97     try {
98         String JavaDoc keyStoreFile=(String JavaDoc)attributes.get("keystore");
99         if(keyStoreFile==null) keyStoreFile=defaultKeyStoreFile;
100         
101         String JavaDoc keyPass=(String JavaDoc)attributes.get("keypass");
102         if(keyPass==null) keyPass=defaultKeyPass;
103         
104         String JavaDoc rootFile=(String JavaDoc)attributes.get("rootfile");
105         if(rootFile==null) rootFile=defaultRootFile;
106
107         String JavaDoc randomFile=(String JavaDoc)attributes.get("randomfile");
108         if(randomFile==null) randomFile=defaultRandomFile;
109         
110         String JavaDoc protocol=(String JavaDoc)attributes.get("protocol");
111         if(protocol==null) protocol=defaultProtocol;
112
113         String JavaDoc clientAuthStr=(String JavaDoc)attributes.get("clientauth");
114         if(clientAuthStr != null){
115         if(clientAuthStr.equals("true")){
116             clientAuth=true;
117         } else if(clientAuthStr.equals("false")) {
118             clientAuth=false;
119         } else {
120             throw new IOException JavaDoc("Invalid value '" +
121                       clientAuthStr +
122                       "' for 'clientauth' parameter:");
123         }
124         }
125
126             SSLContext tmpContext=new SSLContext();
127             try {
128                 tmpContext.loadRootCertificates(rootFile);
129             } catch(IOException JavaDoc iex) {
130                 if(logger.isDebugEnabled())
131                     logger.debug("Error loading Client Root Store: " +
132                                  rootFile,iex);
133             }
134             tmpContext.loadEAYKeyFile(keyStoreFile,keyPass);
135         tmpContext.useRandomnessFile(randomFile,keyPass);
136         
137         SSLPolicyInt policy=new SSLPolicyInt();
138         policy.requireClientAuth(clientAuth);
139             policy.handshakeOnConnect(false);
140             policy.waitOnClose(false);
141             short [] enabledCiphers = getEnabledCiphers(policy.getCipherSuites());
142             if( enabledCiphers != null ) {
143                 policy.setCipherSuites(enabledCiphers);
144             }
145             tmpContext.setPolicy(policy);
146         context=tmpContext;
147     } catch (Exception JavaDoc e){
148         logger.info("Error initializing SocketFactory",e);
149         throw new IOException JavaDoc(e.getMessage());
150     }
151     }
152
153     /*
154      * Determines the SSL cipher suites to be enabled.
155      *
156      * @return Array of SSL cipher suites to be enabled, or null if the
157      * cipherSuites property was not specified (meaning that all supported
158      * cipher suites are to be enabled)
159      */
160     private short [] getEnabledCiphers(short [] supportedCiphers) {
161
162         short [] enabledCiphers = null;
163
164         String JavaDoc attrValue = (String JavaDoc)attributes.get("ciphers");
165         if (attrValue != null) {
166             Vector JavaDoc vec = null;
167             int fromIndex = 0;
168             int index = attrValue.indexOf(',', fromIndex);
169             while (index != -1) {
170                 String JavaDoc cipher = attrValue.substring(fromIndex, index).trim();
171                 int cipherValue = SSLPolicyInt.getCipherSuiteNumber(cipher);
172                 /*
173                  * Check to see if the requested cipher is among the supported
174                  * ciphers, i.e., may be enabled
175                  */
176                 if( cipherValue >= 0) {
177                     for (int i=0; supportedCiphers != null
178                              && i<supportedCiphers.length; i++) {
179
180                         if (cipherValue == supportedCiphers[i]) {
181                             if (vec == null) {
182                                 vec = new Vector JavaDoc();
183                             }
184                             vec.addElement(new Integer JavaDoc(cipherValue));
185                             break;
186                         }
187                     }
188                 }
189                 fromIndex = index+1;
190                 index = attrValue.indexOf(',', fromIndex);
191             }
192
193             if (vec != null) {
194                 int nCipher = vec.size();
195                 enabledCiphers = new short[nCipher];
196                 for(int i=0; i < nCipher; i++) {
197                     Integer JavaDoc value = (Integer JavaDoc)vec.elementAt(i);
198                     enabledCiphers[i] = value.shortValue();
199                 }
200             }
201         }
202
203         return enabledCiphers;
204
205     }
206
207     public Socket JavaDoc acceptSocket(ServerSocket JavaDoc socket)
208     throws IOException JavaDoc
209     {
210     try {
211         Socket JavaDoc sock=socket.accept();
212         return sock;
213     } catch (SSLException e){
214             logger.debug("SSL handshake error",e);
215             throw new SocketException JavaDoc("SSL handshake error" + e.toString());
216     }
217     }
218
219     public void handshake(Socket JavaDoc sock)
220      throws IOException JavaDoc
221     {
222     ((SSLSocket)sock).handshake();
223     }
224 }
225
226     
227     
228
229
230
Popular Tags