KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > jacorb > security > ssl > sun_jsse > SSLServerSocketFactory


1 /*
2  * JacORB - a free Java ORB
3  *
4  * Copyright (C) 1999-2004 Gerald Brose
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Library General Public
8  * License as published by the Free Software Foundation; either
9  * version 2 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14  * Library General Public License for more details.
15  *
16  * You should have received a copy of the GNU Library General Public
17  * License along with this library; if not, write to the Free
18  * Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
19  *
20  */
21 package org.jacorb.security.ssl.sun_jsse;
22
23 import org.apache.avalon.framework.logger.Logger;
24 import org.apache.avalon.framework.configuration.*;
25
26 import java.net.*;
27 import java.io.*;
28 import java.security.*;
29 import java.util.*;
30
31 import javax.net.ssl.*;
32 import javax.net.*;
33
34 /**
35  * @author Nicolas Noffke
36  * $Id: SSLServerSocketFactory.java,v 1.18 2004/11/18 17:17:31 nicolas Exp $
37  */
38
39 public class SSLServerSocketFactory
40     implements org.jacorb.orb.factory.SSLServerSocketFactory, Configurable
41 {
42     private ServerSocketFactory factory = null;
43     private boolean require_mutual_auth = false;
44     private boolean request_mutual_auth = false;
45     private boolean trusteesFromKS = false;
46     private String JavaDoc[] cipher_suites = null;
47     private String JavaDoc[] enabledProtocols = null;
48     private TrustManager trustManager = null;
49     private short serverSupportedOptions = 0;
50     private short serverRequiredOptions = 0;
51     private String JavaDoc keystore_location = null;
52     private String JavaDoc keystore_passphrase = null;
53     private Logger logger;
54
55     public SSLServerSocketFactory( org.jacorb.orb.ORB orb )
56     {
57     }
58
59     public void configure(Configuration configuration)
60         throws ConfigurationException
61     {
62         logger =
63             ((org.jacorb.config.Configuration)configuration).getNamedLogger("jacorb.security.jsse");
64
65  
66         trusteesFromKS =
67             configuration.getAttributeAsBoolean("jacorb.security.jsse.trustees_from_ks", false);
68
69
70         serverSupportedOptions =
71             Short.parseShort(
72                 configuration.getAttribute("jacorb.security.ssl.server.supported_options","20"),
73                 16); // 16 is the base as we take the string value as hex!
74
75         serverRequiredOptions =
76             Short.parseShort(
77                 configuration.getAttribute("jacorb.security.ssl.server.required_options","0"),
78                 16);
79
80         if( (serverSupportedOptions & 0x40) != 0 )
81         {
82             // would prefer to establish trust in client. If client can
83 // support authentication, it will, otherwise we will continue
84 if (logger.isInfoEnabled())
85                 logger.info("Will create SSL sockets that request client authentication" );
86
87             request_mutual_auth = true;
88         }
89
90         if( (serverRequiredOptions & 0x40) != 0 )
91         {
92             //required: establish trust in client
93 //--> force other side to authenticate
94 require_mutual_auth = true;
95             request_mutual_auth = false;
96             if (logger.isInfoEnabled())
97                 logger.info("Will create SSL sockets that require client authentication" );
98         }
99
100         keystore_location =
101             configuration.getAttribute("jacorb.security.keystore","UNSET");
102
103         keystore_passphrase =
104             configuration.getAttribute("jacorb.security.keystore_password","UNSET" );
105             
106         try
107         {
108             trustManager = (TrustManager) ((org.jacorb.config.Configuration)configuration).getAttributeAsObject
109                                                ("jacorb.security.ssl.server.trust_manager");
110         }
111         catch (ConfigurationException ce)
112         {
113             if (logger.isErrorEnabled())
114             {
115                 logger.error("TrustManager object creation failed. Please check value of property "
116                              + "'jacorb.security.ssl.server.trust_manager'. Current value: "
117                              + configuration.getAttribute("jacorb.security.ssl.server.trust_manager", ""), ce);
118             }
119         }
120         
121         if (configuration.getAttribute("jacorb.security.ssl.server.protocols", null) != null)
122         {
123             enabledProtocols = (String JavaDoc[]) ((org.jacorb.config.Configuration)configuration).getAttributeList
124                                             ("jacorb.security.ssl.server.protocols").toArray();
125             if (logger.isDebugEnabled())
126             {
127                 logger.debug("Setting user specified server enabled protocols : " +
128                              configuration.getAttribute("jacorb.security.ssl.server.protocols", ""));
129             }
130         }
131  
132         try
133         {
134             factory = createServerSocketFactory();
135         }
136         catch( Exception JavaDoc e )
137         {
138             if (logger.isWarnEnabled())
139                 logger.warn("Exception", e );
140         }
141
142         if( factory == null )
143         {
144             if (logger.isErrorEnabled())
145                 logger.error("Unable to create ServerSocketFactory!" );
146             throw new ConfigurationException("Unable to create ServerSocketFactory!");
147         }
148
149
150         // Andrew T. Finnell
151 // We need to obtain all the cipher suites to use from the
152 // properties file.
153 String JavaDoc cipher_suite_list =
154             configuration.getAttribute("jacorb.security.ssl.server.cipher_suites",null );
155     
156         if ( cipher_suite_list != null )
157         {
158             StringTokenizer tokenizer =
159                 new StringTokenizer( cipher_suite_list, "," );
160             
161             // Get the number of ciphers in the list
162 int tokens = tokenizer.countTokens();
163             
164             if ( tokens > 0 )
165             {
166                 // Create an array of strings to store the ciphers
167 cipher_suites = new String JavaDoc [tokens];
168                 
169                 // This will fill the array in reverse order but that
170 // doesn't matter
171 while( tokenizer.hasMoreElements() )
172                 {
173                     cipher_suites[--tokens] = tokenizer.nextToken();
174                 }
175             }
176         }
177     }
178            
179     public ServerSocket createServerSocket( int port )
180         throws IOException
181     {
182         SSLServerSocket s = (SSLServerSocket)
183             factory.createServerSocket( port );
184
185         if (request_mutual_auth)
186         {
187             s.setWantClientAuth( request_mutual_auth );
188         }
189         else if (require_mutual_auth)
190         {
191             s.setNeedClientAuth( require_mutual_auth );
192         }
193
194         // Andrew T. Finnell / Change made for e-Security Inc. 2002
195 // We need a way to enable the cipher suites that we would
196 // like to use. We should obtain these from the properties file.
197 if( cipher_suites != null )
198         {
199             s.setEnabledCipherSuites ( cipher_suites );
200         }
201         
202         if (enabledProtocols != null)
203         {
204             s.setEnabledProtocols(enabledProtocols);
205         }
206
207         return s;
208     }
209
210
211     public ServerSocket createServerSocket( int port, int backlog )
212         throws IOException
213     {
214         SSLServerSocket s = (SSLServerSocket)
215             factory.createServerSocket( port, backlog );
216
217         if (request_mutual_auth)
218         {
219             s.setWantClientAuth( request_mutual_auth );
220         }
221         else if (require_mutual_auth)
222         {
223             s.setNeedClientAuth( require_mutual_auth );
224         }
225
226         // Andrew T. Finnell / Change made for e-Security Inc. 2002
227 // We need a way to enable the cipher suites that we would
228 // like to use. We should obtain these from the properties file.
229 if( cipher_suites != null )
230         {
231             s.setEnabledCipherSuites ( cipher_suites );
232         }
233         
234         if (enabledProtocols != null)
235         {
236             s.setEnabledProtocols(enabledProtocols);
237         }
238
239         return s;
240     }
241
242     public ServerSocket createServerSocket (int port,
243                                             int backlog,
244                                             InetAddress ifAddress)
245         throws IOException
246     {
247         SSLServerSocket s = (SSLServerSocket)
248             factory.createServerSocket( port, backlog, ifAddress );
249
250         if (request_mutual_auth)
251         {
252             s.setWantClientAuth( request_mutual_auth );
253         }
254         else if (require_mutual_auth)
255         {
256             s.setNeedClientAuth( require_mutual_auth );
257         }
258
259         // Andrew T. Finnell / Change made for e-Security Inc. 2002
260 // We need a way to enable the cipher suites that we would
261 // like to use. We should obtain these from the properties file.
262 if( cipher_suites != null )
263         {
264             s.setEnabledCipherSuites ( cipher_suites );
265         }
266         
267         if (enabledProtocols != null)
268         {
269             s.setEnabledProtocols(enabledProtocols);
270         }
271
272         return s;
273     }
274
275     public boolean isSSL( java.net.ServerSocket JavaDoc s )
276     {
277         return (s instanceof SSLServerSocket);
278     }
279
280     private ServerSocketFactory createServerSocketFactory()
281         throws IOException, java.security.GeneralSecurityException JavaDoc
282     {
283         KeyStore key_store =
284             KeyStoreUtil.getKeyStore( keystore_location,
285                                       keystore_passphrase.toCharArray() );
286
287         KeyManagerFactory kmf = KeyManagerFactory.getInstance( "SunX509" );
288         kmf.init( key_store, keystore_passphrase.toCharArray() );
289         TrustManagerFactory tmf = null;
290         
291         //only add trusted certs, if establish trust in client
292 //is required
293 if(( serverRequiredOptions & 0x40) != 0 ||
294            ( serverSupportedOptions & 0x40) != 0)
295         {
296             tmf = TrustManagerFactory.getInstance( "SunX509" );
297         
298             if( trusteesFromKS )
299             {
300                 tmf.init( key_store );
301             }
302             else
303             {
304                 tmf.init( (KeyStore) null );
305             }
306         }
307         
308         TrustManager[] trustManagers;
309         
310         if (trustManager == null)
311         {
312             trustManagers = (tmf == null)? null : tmf.getTrustManagers();
313         }
314         else
315         {
316             trustManagers = new TrustManager[] { trustManager };
317             if (logger.isDebugEnabled())
318             {
319                 logger.debug("Setting user specified server TrustManger : " + trustManager.getClass().toString());
320             }
321         }
322         
323         SSLContext ctx = SSLContext.getInstance( "TLS" );
324         ctx.init( kmf.getKeyManagers(),
325                   trustManagers,
326                   null );
327         
328         return ctx.getServerSocketFactory();
329     }
330 }
331
Popular Tags