KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > tomcat > util > net > puretls > PureTLSSupport


1 /*
2  * Copyright 1999-2004 The Apache Software Foundation
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */

16
17 package org.apache.tomcat.util.net.puretls;
18
19 import java.io.ByteArrayInputStream JavaDoc;
20 import java.io.IOException JavaDoc;
21 import java.security.cert.CertificateFactory JavaDoc;
22 import java.security.cert.X509Certificate JavaDoc;
23 import java.util.Vector JavaDoc;
24
25 import org.apache.tomcat.util.buf.HexUtils;
26 import org.apache.tomcat.util.net.SSLSupport;
27
28 import COM.claymoresystems.cert.X509Cert;
29 import COM.claymoresystems.ptls.SSLSocket;
30 import COM.claymoresystems.sslg.SSLPolicyInt;
31
32
33 /* PureTLSSupport
34
35    Concrete implementation class for PureTLS
36    Support classes.
37
38    This will only work with JDK 1.2 and up since it
39    depends on JDK 1.2's certificate support
40
41    @author EKR
42 */

43
44 class PureTLSSupport implements SSLSupport {
45     static org.apache.commons.logging.Log logger =
46     org.apache.commons.logging.LogFactory.getLog(PureTLSSupport.class);
47
48     private COM.claymoresystems.ptls.SSLSocket ssl;
49
50     PureTLSSupport(SSLSocket sock){
51         ssl=sock;
52     }
53
54     public String JavaDoc getCipherSuite() throws IOException JavaDoc {
55         int cs=ssl.getCipherSuite();
56         return SSLPolicyInt.getCipherSuiteName(cs);
57     }
58
59     public Object JavaDoc[] getPeerCertificateChain()
60         throws IOException JavaDoc {
61     return getPeerCertificateChain(false);
62     }
63
64     public Object JavaDoc[] getPeerCertificateChain(boolean force)
65         throws IOException JavaDoc {
66         Vector JavaDoc v=ssl.getCertificateChain();
67
68     if(v == null && force) {
69         SSLPolicyInt policy=new SSLPolicyInt();
70         policy.requireClientAuth(true);
71         policy.handshakeOnConnect(false);
72         policy.waitOnClose(false);
73         ssl.renegotiate(policy);
74         v = ssl.getCertificateChain();
75     }
76
77         if(v==null)
78             return null;
79         
80         java.security.cert.X509Certificate JavaDoc[] chain=
81             new java.security.cert.X509Certificate JavaDoc[v.size()];
82
83         try {
84           for(int i=1;i<=v.size();i++){
85             // PureTLS provides cert chains with the peer
86
// cert last but the Servlet 2.3 spec (S 4.7) requires
87
// the opposite order so we reverse the chain as we go
88
byte buffer[]=((X509Cert)v.elementAt(
89                  v.size()-i)).getDER();
90             
91             CertificateFactory JavaDoc cf =
92               CertificateFactory.getInstance("X.509");
93             ByteArrayInputStream JavaDoc stream =
94               new ByteArrayInputStream JavaDoc(buffer);
95
96             X509Certificate JavaDoc xCert = (X509Certificate JavaDoc)cf.generateCertificate(stream);
97             chain[i-1]= xCert;
98             if(logger.isTraceEnabled()) {
99         logger.trace("Cert # " + i + " = " + xCert);
100         }
101           }
102         } catch (java.security.cert.CertificateException JavaDoc e) {
103         logger.info("JDK's broken cert handling can't parse this certificate (which PureTLS likes)",e);
104             throw new IOException JavaDoc("JDK's broken cert handling can't parse this certificate (which PureTLS likes)");
105         }
106         return chain;
107     }
108
109     /**
110      * Lookup the symmetric key size.
111      */

112     public Integer JavaDoc getKeySize()
113         throws IOException JavaDoc {
114
115         int cs=ssl.getCipherSuite();
116         String JavaDoc cipherSuite = SSLPolicyInt.getCipherSuiteName(cs);
117         int size = 0;
118         for (int i = 0; i < ciphers.length; i++) {
119             if (cipherSuite.indexOf(ciphers[i].phrase) >= 0) {
120                 size = ciphers[i].keySize;
121                 break;
122             }
123         }
124         Integer JavaDoc keySize = new Integer JavaDoc(size);
125         return keySize;
126     }
127
128     public String JavaDoc getSessionId()
129         throws IOException JavaDoc {
130         byte [] ssl_session = ssl.getSessionID();
131         if(ssl_session == null)
132             return null;
133         return HexUtils.convert(ssl_session);
134     }
135
136 }
137
138
139
140
141
142
143
144
Popular Tags