SSLServerSocketFactory


1   package org.jacorb.security.ssl.iaik;
2   
3   /*
4    *        Written for JacORB - a free Java ORB
5    *
6    *   Copyright (C) 1999-2004 Gerald Brose
7    *
8    *   This library is free software; you can redistribute it and/or
9    *   modify it under the terms of the GNU Library General Public
10   *   License as published by the Free Software Foundation; either
11   *   version 2 of the License, or (at your option) any later version.
12   *
13   *   This library is distributed in the hope that it will be useful,
14   *   but WITHOUT ANY WARRANTY; without even the implied warranty of
15   *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
16   *   Library General Public License for more details.
17   *
18   *   You should have received a copy of the GNU Library General Public
19   *   License along with this library; if not, write to the Free
20   *   Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21   */
22  
23  
24  import org.apache.avalon.framework.logger.Logger;
25  import org.apache.avalon.framework.configuration.*;
26  
27  import org.jacorb.security.util.*;
28  import org.jacorb.security.level2.*;
29  
30  import iaik.security.ssl.*;
31  
32  import java.net.*;
33  import java.util.*;
34  import java.io.IOException  ;
35  import java.security.ProviderException  ;
36  import java.security.cert.X509Certificate  ;
37  
38  public class SSLServerSocketFactory
39      implements org.jacorb.orb.factory.SSLServerSocketFactory, Configurable
40  {
41      private SSLServerContext defaultContext;
42      private CipherSuite[] cs;
43      private Logger logger;
44      private short serverRequiredOptions = 0;
45      private short serverSupportedOptions = 0;
46      private boolean iaikDebug = false;
47      private List trusteeFileNames;
48      private org.jacorb.orb.ORB orb;
49  
50      public SSLServerSocketFactory( org.jacorb.orb.ORB orb )
51          throws ConfigurationException
52      {
53          this.orb = orb;
54          cs = SSLSetup.getCipherSuites();
55      }
56  
57      public void configure(Configuration configuration)
58          throws ConfigurationException
59      {
60          logger = 
61              ((org.jacorb.config.Configuration)configuration).getNamedLogger("jacorb.security.jsse");
62  
63          serverRequiredOptions = 
64              Short.parseShort(
65                  configuration.getAttribute("jacorb.security.ssl.server.required_options","0"),
66                  16);
67  
68          serverSupportedOptions = 
69              Short.parseShort(
70                  configuration.getAttribute("jacorb.security.ssl.server.aupported_options","0"),
71                  16);
72  
73          defaultContext = new SSLServerContext();
74  
75          try
76          {
77              
78              //the SSL server always has to have own certificates
79              org.jacorb.security.level2.KeyAndCert[] kac =
80                  getSSLCredentials( orb );
81  
82              for( int i = 0; i < kac.length; i++ )
83              {
84                  defaultContext.addServerCredentials( (X509Certificate  []) kac[i].chain,
85                                                       kac[i].key );
86              }
87  
88              if(( serverRequiredOptions  & 0x40) != 0 )
89                  //Establish trust in client requireded means
90                  //that we must request the clients certificates
91              {
92                  defaultContext.setRequestClientCertificate( true );
93                  defaultContext.setChainVerifier( new ServerChainVerifier( true ));
94  
95                  trusteeFileNames =
96                      ((org.jacorb.config.Configuration)configuration).getAttributeList("jacorb.security.trustees");
97                  
98                  if( trusteeFileNames.isEmpty())
99                  {
100                     logger.warn("No trusted certificates specified. This will accept all peer certificate chains!");
101                 }
102                 else
103                 {
104                     for( Iterator iter = trusteeFileNames.iterator(); iter.hasNext(); )
105                     {
106                         String   fName = (String  )iter.next();
107                         defaultContext.addTrustedCertificate( CertUtils.readCertificate(fName));
108                     }
109                 }
110 
111             }
112         }
113         catch( Exception   g)
114         {
115             if (logger.isWarnEnabled())
116                 logger.warn("GeneralSecurityException", g);
117             throw new ConfigurationException(g.getMessage());
118         }
119         if( iaikDebug )
120         {
121             defaultContext.setDebugStream( System.out );
122         }
123     }
124 
125     private org.jacorb.security.level2.KeyAndCert[] getSSLCredentials( org.jacorb.orb.ORB orb )
126     {
127         CurrentImpl  securityCurrent = null;
128 
129         try
130         {
131             securityCurrent = 
132                 (CurrentImpl)orb.resolve_initial_references("SecurityCurrent");
133         }
134         catch ( org.omg.CORBA.ORBPackage.InvalidName   in )
135         {
136             throw new ProviderException  ("Unable to obtain Security Current.");
137         }
138 
139         return securityCurrent.getSSLCredentials();
140     }
141 
142     /**
143      * Returns a server socket which uses all network interfaces on
144      * the host, and is bound to the specified port.
145      * Parameters:
146      *     port - the port to listen to
147      * Throws:
148      *     IOException - for networking errors
149      */
150 
151     public ServerSocket createServerSocket (int port)
152         throws IOException  
153     {
154         if (defaultContext == null)
155             throw new IOException  ("Cannot support SSL, no default SSL context found!");
156 
157         return new SSLServerSocket(port, defaultContext);
158     }
159 
160     /** Returns a server socket which uses all network interfaces
161      * on the host, is bound to a the specified port, and uses the
162      * specified connection backlog. The socket is configured with
163      * the socket options (such as accept timeout) given to this factory.
164      * Parameters:
165      *     port - the port to listen to
166      *     backlog - how many connections are queued
167      * Throws:
168      *     IOException - for networking errors
169      */
170 
171     public ServerSocket createServerSocket(int port,int backlog)
172         throws IOException  
173     {
174         if ( defaultContext == null )
175             throw new IOException  ("Cannot support SSL, no default SSL context found!");
176 
177         return new SSLServerSocket(port, backlog, defaultContext);
178     }
179 
180     /**
181      * Returns a server socket which uses only the specified network
182      * interface on the local host, is bound to a the specified port,
183      * and uses the specified connection backlog. The socket is
184      * configured with the socket options (such as accept timeout)
185      * given to this factory.
186      * Parameters:
187      *     port - the port to listen to
188      *     backlog - how many connections are queued
189      *     ifAddress - the network interface address to use
190      * Throws:
191      *     IOException - for networking errors
192      */
193 
194     public ServerSocket createServerSocket (int port,
195                                             int backlog,
196                                             InetAddress ifAddress)
197         throws IOException  
198     {
199         if (defaultContext == null)
200             throw new IOException  ("Cannot support SSL, no default SSL context found!");
201         return new SSLServerSocket (port, backlog, ifAddress, defaultContext);
202     }
203 
204     /**
205      * Returns the list of cipher suites which are enabled by
206      * default. Unless a different list is enabled, handshaking
207      * on an SSL connection will use one of these cipher suites.
208      * The minimum quality of service for these defaults requires
209      * confidentiality protection and server authentication.
210      * Returns:
211      *    array of the cipher suites enabled by default
212      * See Also:
213      */
214 
215     public String  [] getDefaultCipherSuites()
216     {
217         String   lst[] = new String  [cs.length];
218         for (int i = 0; i < lst.length; i++)
219             lst [i] = cs[i].toString();
220         return lst;
221     }
222 
223     /**
224      * Returns the names of the cipher suites which could be
225      * enabled for use on an SSL connection.
226      * Normally, only a subset of these will actually be enabled
227      * by default, since this list may include
228      * cipher suites which do not meet quality of service requirements for those defaults.
229      * Such cipher suites are useful in specialized applications.
230      * Returns:
231      *     an array of cipher suite names
232      */
233 
234     public String  [] getSupportedCipherSuites()
235     {
236         CipherSuite[] suites = CipherSuite.getDefault ();
237         String   lst[] = new String  [ suites.length ];
238         for( int i = 0; i < lst.length; i++ )
239             lst [ i ] = suites[ i ].toString ();
240         return lst;
241     }
242 
243     public boolean isSSL( ServerSocket s )
244     {
245         return (s instanceof SSLServerSocket);
246     }
247 }
248
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags