1 16 17 package org.apache.tomcat.util.net.puretls; 18 19 import java.io.ByteArrayInputStream ; 20 import java.io.IOException ; 21 import java.security.cert.CertificateFactory ; 22 import java.security.cert.X509Certificate ; 23 import java.util.Vector ; 24 25 import org.apache.tomcat.util.buf.HexUtils; 26 import org.apache.tomcat.util.net.SSLSupport; 27 28 import COM.claymoresystems.cert.X509Cert; 29 import COM.claymoresystems.ptls.SSLSocket; 30 import COM.claymoresystems.sslg.SSLPolicyInt; 31 32 33 43 44 class PureTLSSupport implements SSLSupport { 45 static org.apache.commons.logging.Log logger = 46 org.apache.commons.logging.LogFactory.getLog(PureTLSSupport.class); 47 48 private COM.claymoresystems.ptls.SSLSocket ssl; 49 50 PureTLSSupport(SSLSocket sock){ 51 ssl=sock; 52 } 53 54 public String getCipherSuite() throws IOException { 55 int cs=ssl.getCipherSuite(); 56 return SSLPolicyInt.getCipherSuiteName(cs); 57 } 58 59 public Object [] getPeerCertificateChain() 60 throws IOException { 61 return getPeerCertificateChain(false); 62 } 63 64 public Object [] getPeerCertificateChain(boolean force) 65 throws IOException { 66 Vector v=ssl.getCertificateChain(); 67 68 if(v == null && force) { 69 SSLPolicyInt policy=new SSLPolicyInt(); 70 policy.requireClientAuth(true); 71 policy.handshakeOnConnect(false); 72 policy.waitOnClose(false); 73 ssl.renegotiate(policy); 74 v = ssl.getCertificateChain(); 75 } 76 77 if(v==null) 78 return null; 79 80 java.security.cert.X509Certificate [] chain= 81 new java.security.cert.X509Certificate [v.size()]; 82 83 try { 84 for(int i=1;i<=v.size();i++){ 85 byte buffer[]=((X509Cert)v.elementAt( 89 v.size()-i)).getDER(); 90 91 CertificateFactory cf = 92 CertificateFactory.getInstance("X.509"); 93 ByteArrayInputStream stream = 94 new ByteArrayInputStream (buffer); 95 96 X509Certificate xCert = (X509Certificate )cf.generateCertificate(stream); 97 chain[i-1]= xCert; 98 if(logger.isTraceEnabled()) { 99 logger.trace("Cert # " + i + " = " + xCert); 100 } 101 } 102 } catch (java.security.cert.CertificateException e) { 103 logger.info("JDK's broken cert handling can't parse this certificate (which PureTLS likes)",e); 104 throw new IOException ("JDK's broken cert handling can't parse this certificate (which PureTLS likes)"); 105 } 106 return chain; 107 } 108 109 112 public Integer getKeySize() 113 throws IOException { 114 115 int cs=ssl.getCipherSuite(); 116 String cipherSuite = SSLPolicyInt.getCipherSuiteName(cs); 117 int size = 0; 118 for (int i = 0; i < ciphers.length; i++) { 119 if (cipherSuite.indexOf(ciphers[i].phrase) >= 0) { 120 size = ciphers[i].keySize; 121 break; 122 } 123 } 124 Integer keySize = new Integer (size); 125 return keySize; 126 } 127 128 public String getSessionId() 129 throws IOException { 130 byte [] ssl_session = ssl.getSessionID(); 131 if(ssl_session == null) 132 return null; 133 return HexUtils.convert(ssl_session); 134 } 135 136 } 137 138 139 140 141 142 143 144 | Popular Tags |