PureTLSSupport


1   /*
2    *  Copyright 1999-2004 The Apache Software Foundation
3    *
4    *  Licensed under the Apache License, Version 2.0 (the "License");
5    *  you may not use this file except in compliance with the License.
6    *  You may obtain a copy of the License at
7    *
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    *
10   *  Unless required by applicable law or agreed to in writing, software
11   *  distributed under the License is distributed on an "AS IS" BASIS,
12   *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   *  See the License for the specific language governing permissions and
14   *  limitations under the License.
15   */
16  
17  package org.apache.tomcat.util.net.puretls;
18  
19  import java.io.ByteArrayInputStream  ;
20  import java.io.IOException  ;
21  import java.security.cert.CertificateFactory  ;
22  import java.security.cert.X509Certificate  ;
23  import java.util.Vector  ;
24  
25  import org.apache.tomcat.util.buf.HexUtils;
26  import org.apache.tomcat.util.net.SSLSupport;
27  
28  import COM.claymoresystems.cert.X509Cert;
29  import COM.claymoresystems.ptls.SSLSocket;
30  import COM.claymoresystems.sslg.SSLPolicyInt;
31  
32  
33  /* PureTLSSupport
34  
35     Concrete implementation class for PureTLS
36     Support classes.
37  
38     This will only work with JDK 1.2 and up since it
39     depends on JDK 1.2's certificate support
40  
41     @author EKR
42  */
43  
44  class PureTLSSupport implements SSLSupport {
45      static org.apache.commons.logging.Log logger =
46      org.apache.commons.logging.LogFactory.getLog(PureTLSSupport.class);
47  
48      private COM.claymoresystems.ptls.SSLSocket ssl;
49  
50      PureTLSSupport(SSLSocket sock){
51          ssl=sock;
52      }
53  
54      public String   getCipherSuite() throws IOException   {
55          int cs=ssl.getCipherSuite();
56          return SSLPolicyInt.getCipherSuiteName(cs);
57      }
58  
59      public Object  [] getPeerCertificateChain()
60          throws IOException   {
61      return getPeerCertificateChain(false);
62      }
63  
64      public Object  [] getPeerCertificateChain(boolean force)
65          throws IOException   {
66          Vector   v=ssl.getCertificateChain();
67  
68      if(v == null && force) {
69          SSLPolicyInt policy=new SSLPolicyInt();
70          policy.requireClientAuth(true);
71          policy.handshakeOnConnect(false);
72          policy.waitOnClose(false);
73          ssl.renegotiate(policy);
74          v = ssl.getCertificateChain();
75      }
76  
77          if(v==null)
78              return null;
79          
80          java.security.cert.X509Certificate  [] chain=
81              new java.security.cert.X509Certificate  [v.size()];
82  
83          try {
84            for(int i=1;i<=v.size();i++){
85              // PureTLS provides cert chains with the peer
86              // cert last but the Servlet 2.3 spec (S 4.7) requires
87              // the opposite order so we reverse the chain as we go
88              byte buffer[]=((X509Cert)v.elementAt(
89                   v.size()-i)).getDER();
90              
91              CertificateFactory   cf =
92                CertificateFactory.getInstance("X.509");
93              ByteArrayInputStream   stream =
94                new ByteArrayInputStream  (buffer);
95  
96              X509Certificate   xCert = (X509Certificate  )cf.generateCertificate(stream);
97              chain[i-1]= xCert;
98              if(logger.isTraceEnabled()) {
99          logger.trace("Cert # " + i + " = " + xCert);
100         }
101           }
102         } catch (java.security.cert.CertificateException   e) {
103         logger.info("JDK's broken cert handling can't parse this certificate (which PureTLS likes)",e);
104             throw new IOException  ("JDK's broken cert handling can't parse this certificate (which PureTLS likes)");
105         }
106         return chain;
107     }
108 
109     /**
110      * Lookup the symmetric key size.
111      */
112     public Integer   getKeySize() 
113         throws IOException   {
114 
115         int cs=ssl.getCipherSuite();
116         String   cipherSuite = SSLPolicyInt.getCipherSuiteName(cs);
117         int size = 0;
118         for (int i = 0; i < ciphers.length; i++) {
119             if (cipherSuite.indexOf(ciphers[i].phrase) >= 0) {
120                 size = ciphers[i].keySize;
121                 break;
122             }
123         }
124         Integer   keySize = new Integer  (size);
125         return keySize;
126     }
127 
128     public String   getSessionId()
129         throws IOException   {
130         byte [] ssl_session = ssl.getSessionID();
131         if(ssl_session == null)
132             return null;
133         return HexUtils.convert(ssl_session);
134     }
135 
136 }
137 
138 
139 
140 
141 
142 
143 
144
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags