1 30 31 32 package org.hsqldb; 33 34 import java.net.InetAddress ; 35 import java.net.ServerSocket ; 36 import java.net.Socket ; 37 import java.net.UnknownHostException ; 38 import java.security.Principal ; 39 import java.security.Provider ; 40 import java.security.PublicKey ; 41 import java.security.Security ; 42 43 import javax.net.ssl.HandshakeCompletedEvent; 44 import javax.net.ssl.HandshakeCompletedListener; 45 import javax.net.ssl.SSLServerSocket; 46 import javax.net.ssl.SSLServerSocketFactory; 47 import javax.net.ssl.SSLSession; 48 import javax.net.ssl.SSLSocket; 49 import javax.net.ssl.SSLSocketFactory; 50 import javax.security.cert.X509Certificate; 51 52 import org.hsqldb.lib.StringConverter; 53 54 62 public final class HsqlSocketFactorySecure extends HsqlSocketFactory 63 implements HandshakeCompletedListener { 64 65 67 68 protected Object socketFactory; 69 70 71 protected Object serverSocketFactory; 72 73 77 protected final Object socket_factory_mutex = new Object (); 78 79 83 protected final Object server_socket_factory_mutex = new Object (); 84 85 87 91 protected HsqlSocketFactorySecure() throws Exception { 92 93 super(); 94 95 Provider p; 96 String cls; 97 98 if (Security.getProvider("SunJSSE") == null) { 99 try { 100 p = (Provider ) Class.forName( 101 "com.sun.net.ssl.internal.ssl.Provider").newInstance(); 102 103 Security.addProvider(p); 104 } catch (Exception e) {} 105 } 106 } 107 108 public void configureSocket(Socket socket) { 110 111 SSLSocket s; 112 113 super.configureSocket(socket); 114 115 s = (SSLSocket) socket; 116 117 s.addHandshakeCompletedListener(this); 118 } 119 120 129 public ServerSocket createServerSocket(int port) throws Exception { 130 131 SSLServerSocket ss; 132 133 ss = (SSLServerSocket) getServerSocketFactoryImpl() 134 .createServerSocket(port); 135 136 if (Trace.TRACE) { 137 Trace.printSystemOut("[" + this + "]: createServerSocket()"); 138 Trace.printSystemOut("capabilities for " + ss + ":"); 139 Trace.printSystemOut("----------------------------"); 140 dump("supported cipher suites", ss.getSupportedCipherSuites()); 141 dump("enabled cipher suites", ss.getEnabledCipherSuites()); 142 } 143 144 return ss; 145 } 146 147 156 public ServerSocket createServerSocket(int port, 157 String address) throws Exception { 158 159 SSLServerSocket ss; 160 InetAddress addr; 161 162 addr = InetAddress.getByName(address); 163 ss = (SSLServerSocket) getServerSocketFactoryImpl() 164 .createServerSocket(port, 128, addr); 165 166 if (Trace.TRACE) { 167 Trace.printSystemOut("[" + this + "]: createServerSocket()"); 168 Trace.printSystemOut("capabilities for " + ss + ":"); 169 Trace.printSystemOut("----------------------------"); 170 dump("supported cipher suites", ss.getSupportedCipherSuites()); 171 dump("enabled cipher suites", ss.getEnabledCipherSuites()); 172 } 173 174 return ss; 175 } 176 177 private static void dump(String title, String [] as) { 178 179 Trace.printSystemOut(title); 180 Trace.printSystemOut("----------------------------"); 181 182 for (int i = 0; i < as.length; i++) { 183 Trace.printSystemOut(String.valueOf(as[i])); 184 } 185 186 Trace.printSystemOut("----------------------------"); 187 } 188 189 199 public Socket createSocket(String host, int port) throws Exception { 200 201 SSLSocket socket; 202 203 socket = (SSLSocket) getSocketFactoryImpl().createSocket(host, port); 204 205 socket.addHandshakeCompletedListener(this); 206 socket.startHandshake(); 207 208 verify(host, socket.getSession()); 244 245 return socket; 246 } 247 248 253 public boolean isSecure() { 254 return true; 255 } 256 257 259 266 protected SSLServerSocketFactory getServerSocketFactoryImpl() 267 throws Exception { 268 269 Object factory; 270 271 synchronized (server_socket_factory_mutex) { 272 factory = serverSocketFactory; 273 274 if (factory == null) { 275 factory = SSLServerSocketFactory.getDefault(); 276 serverSocketFactory = factory; 277 } 278 } 279 280 return (SSLServerSocketFactory) factory; 281 } 282 283 290 protected SSLSocketFactory getSocketFactoryImpl() throws Exception { 291 292 Object factory; 293 294 synchronized (socket_factory_mutex) { 295 factory = socketFactory; 296 297 if (factory == null) { 298 factory = SSLSocketFactory.getDefault(); 299 socketFactory = factory; 300 } 301 } 302 303 return (SSLSocketFactory) factory; 304 } 305 306 316 protected void verify(String host, SSLSession session) throws Exception { 317 318 X509Certificate[] chain; 319 X509Certificate certificate; 320 Principal principal; 321 PublicKey publicKey; 322 String DN; 323 String CN; 324 int start; 325 int end; 326 String emsg; 327 328 chain = session.getPeerCertificateChain(); 329 certificate = chain[0]; 330 principal = certificate.getSubjectDN(); 331 DN = String.valueOf(principal); 332 start = DN.indexOf("CN="); 333 334 if (start < 0) { 335 throw new UnknownHostException ( 336 Trace.getMessage(Trace.HsqlSocketFactorySecure_verify)); 337 } 338 339 start += 3; 340 end = DN.indexOf(',', start); 341 CN = DN.substring(start, (end > -1) ? end 342 : DN.length()); 343 344 if (CN.length() < 1) { 345 throw new UnknownHostException ( 346 Trace.getMessage(Trace.HsqlSocketFactorySecure_verify2)); 347 } 348 349 if (!CN.equalsIgnoreCase(host)) { 350 351 throw new UnknownHostException ( 353 Trace.getMessage( 354 Trace.HsqlSocketFactorySecure_verify3, true, 355 new Object [] { 356 CN, host 357 })); 358 } 359 } 360 361 public void handshakeCompleted(HandshakeCompletedEvent evt) { 362 363 SSLSession session; 364 String sessionId; 365 SSLSocket socket; 366 367 if (Trace.TRACE) { 368 socket = evt.getSocket(); 369 session = evt.getSession(); 370 371 Trace.printSystemOut("SSL handshake completed:"); 372 Trace.printSystemOut( 373 "------------------------------------------------"); 374 Trace.printSystemOut("socket: : " + socket); 375 Trace.printSystemOut("cipher suite : " 376 + session.getCipherSuite()); 377 378 sessionId = StringConverter.byteToHex(session.getId()); 379 380 Trace.printSystemOut("session id : " + sessionId); 381 Trace.printSystemOut( 382 "------------------------------------------------"); 383 } 384 } 385 } 386 | Popular Tags |