SSLSocketFactory


1   package org.jacorb.security.ssl.sun_jsse;
2   
3   /*
4    *       JacORB - a free Java ORB
5    *
6    *   Copyright (C) 2000-2004 Gerald Brose
7    *
8    *   This library is free software; you can redistribute it and/or
9    *   modify it under the terms of the GNU Library General Public
10   *   License as published by the Free Software Foundation; either
11   *   version 2 of the License, or (at your option) any later version.
12   *
13   *   This library is distributed in the hope that it will be useful,
14   *   but WITHOUT ANY WARRANTY; without even the implied warranty of
15   *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
16   *   Library General Public License for more details.
17   *
18   *   You should have received a copy of the GNU Library General Public
19   *   License along with this library; if not, write to the Free
20   *   Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21   */
22  
23  import org.jacorb.security.level2.*;
24  
25  import java.net.*;
26  import java.io.*;
27  import java.security.*;
28  import java.util.*;
29  
30  import org.apache.avalon.framework.logger.Logger;
31  import org.apache.avalon.framework.configuration.*;
32  
33  import javax.net.ssl.*;
34  import javax.net.*;
35  
36  
37  /**
38   * @author Nicolas Noffke
39   * $Id: SSLSocketFactory.java,v 1.17 2004/11/18 16:53:02 nicolas Exp $
40   */
41  
42  public class SSLSocketFactory 
43      implements org.jacorb.orb.factory.SocketFactory, Configurable
44  {    
45      private SocketFactory factory = null;
46      private String  [] cipher_suites = null;
47      private String  [] enabledProtocols = null;
48      private TrustManager trustManager = null;
49  
50      private boolean trusteesFromKS = false;
51      private short clientSupportedOptions = 0;
52      private String   keystore_location = null;
53      private String   keystore_passphrase = null;
54      private Logger logger;
55  
56      
57      public SSLSocketFactory( org.jacorb.orb.ORB orb ) 
58          throws ConfigurationException
59      {
60          configure( orb.getConfiguration());
61      }
62  
63  
64      public void configure(Configuration configuration)
65          throws ConfigurationException
66      {
67          logger = 
68              ((org.jacorb.config.Configuration)configuration).getNamedLogger("jacorb.security.jsse");
69  
70          trusteesFromKS = 
71              configuration.getAttributeAsBoolean("jacorb.security.jsse.trustees_from_ks",false);
72  
73          keystore_location = 
74              configuration.getAttribute("jacorb.security.keystore","UNSET");
75  
76          keystore_passphrase = 
77              configuration.getAttribute("jacorb.security.keystore_password","UNSET" );
78  
79          clientSupportedOptions = 
80              Short.parseShort(
81                  configuration.getAttribute("jacorb.security.ssl.client.supported_options","0"),
82                  16);
83          try
84          {
85              trustManager = (TrustManager) ((org.jacorb.config.Configuration)configuration).getAttributeAsObject
86                                              ("jacorb.security.ssl.client.trust_manager");
87          }
88          catch (ConfigurationException ce)
89          {
90              if (logger.isErrorEnabled())
91              {
92                  logger.error("TrustManager object creation failed. Please check value of property "
93                               + "'jacorb.security.ssl.client.trust_manager'. Current value: " 
94                               + configuration.getAttribute("jacorb.security.ssl.client.trust_manager", ""), ce); 
95              }
96          }
97          
98          if (configuration.getAttribute("jacorb.security.ssl.client.protocols", null) != null)
99          {
100             enabledProtocols = (String  []) ((org.jacorb.config.Configuration)configuration).getAttributeList
101                                             ("jacorb.security.ssl.client.protocols").toArray();
102             if (logger.isDebugEnabled())
103             {
104                 logger.debug("Setting user specified client enabled protocols : " + 
105                              configuration.getAttribute("jacorb.security.ssl.client.protocols", ""));
106             }
107         }     
108 
109         try
110         {
111             factory = createSocketFactory();
112         }
113         catch( Exception   e )
114         {
115             if (logger.isWarnEnabled())
116                 logger.warn("Exception", e );
117         }
118 
119         if( factory == null )
120         {
121             if (logger.isErrorEnabled())
122                 logger.error("Unable to create SSLSocketFactory!" );
123             throw new ConfigurationException("Unable to create SSLSocketFactory!");
124         }
125     
126         // Andrew T. Finnell / Change made for e-Security Inc. 2002
127         // We need to obtain all the cipher suites to use from the 
128         // properties file.
129         String   cipher_suite_list = 
130             configuration.getAttribute("jacorb.security.ssl.server.cipher_suites", null );
131     
132         if ( cipher_suite_list != null )
133         {
134             StringTokenizer tokenizer =
135                 new StringTokenizer( cipher_suite_list, "," );
136         
137             // Get the number of ciphers in the list
138             int tokens = tokenizer.countTokens();
139             
140             if ( tokens > 0 )
141             {
142                 // Create an array of strings to store the ciphers
143                 cipher_suites = new String  [tokens];
144                 
145                 // This will fill the array in reverse order but that doesn't
146                 // matter
147                 while( tokenizer.hasMoreElements() )
148                 {
149                     cipher_suites[--tokens] = tokenizer.nextToken();
150                 }
151             }
152         }
153     }
154 
155     public Socket createSocket( String   host, 
156                                 int port )
157         throws IOException, UnknownHostException
158     {       
159         SSLSocket s = (SSLSocket)factory.createSocket( host, port );
160         // Andrew T. Finnell
161         // We need a way to enable the cipher suites that we would like to use
162         // We should obtain these from the properties file
163         if( cipher_suites != null )
164         {
165             s.setEnabledCipherSuites( cipher_suites );
166         }
167         
168         if (enabledProtocols != null)
169         {
170             s.setEnabledProtocols(enabledProtocols);
171         }
172         
173         return s;
174     }
175 
176     public boolean isSSL ( java.net.Socket   s )
177     { 
178         return (s instanceof SSLSocket); 
179     }
180 
181     private SocketFactory createSocketFactory() 
182         throws IOException, java.security.GeneralSecurityException  
183     {
184         KeyManagerFactory kmf = null;
185         KeyStore key_store = null;
186 
187         if( trusteesFromKS || ( clientSupportedOptions& 0x40) != 0 )
188         {            
189             key_store = 
190                 KeyStoreUtil.getKeyStore( keystore_location,
191                                           keystore_passphrase.toCharArray() );
192             //only add own credentials, if establish trust in
193             //client is supported
194             if( ( clientSupportedOptions & 0x40) != 0 ) 
195             {        
196                 kmf = KeyManagerFactory.getInstance( "SunX509" );
197                 kmf.init( key_store, keystore_passphrase.toCharArray() );
198             }
199         }
200         
201         TrustManagerFactory tmf = 
202             TrustManagerFactory.getInstance( "SunX509" );
203         
204         if( key_store != null && trusteesFromKS )
205         {
206             //take trusted certificates from keystore
207             if (logger.isInfoEnabled())
208                 logger.info("Loading certs from keystore " + key_store );
209             tmf.init( key_store );
210         }
211         else
212         {
213             tmf.init( (KeyStore) null );
214         }
215         
216         TrustManager[] trustManagers;
217         
218         if (trustManager == null)
219         {
220             trustManagers = tmf.getTrustManagers();
221         }
222         else
223         {
224             if (logger.isDebugEnabled())
225             {
226                 logger.debug("Setting user specified client TrustManger : " + trustManager.getClass().toString());
227             }
228             trustManagers = new TrustManager[] { trustManager };
229         }
230         
231         SSLContext ctx = SSLContext.getInstance( "TLS" );
232 
233         ctx.init( (kmf == null)? null : kmf.getKeyManagers(), 
234                   trustManagers, 
235                   null );
236         
237         return ctx.getSocketFactory();
238     }
239 }
240 
241 
242
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags