KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > jacorb > security > ssl > sun_jsse > SSLSocketFactory


1 package org.jacorb.security.ssl.sun_jsse;
2
3 /*
4  * JacORB - a free Java ORB
5  *
6  * Copyright (C) 2000-2004 Gerald Brose
7  *
8  * This library is free software; you can redistribute it and/or
9  * modify it under the terms of the GNU Library General Public
10  * License as published by the Free Software Foundation; either
11  * version 2 of the License, or (at your option) any later version.
12  *
13  * This library is distributed in the hope that it will be useful,
14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16  * Library General Public License for more details.
17  *
18  * You should have received a copy of the GNU Library General Public
19  * License along with this library; if not, write to the Free
20  * Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21  */

22
23 import org.jacorb.security.level2.*;
24
25 import java.net.*;
26 import java.io.*;
27 import java.security.*;
28 import java.util.*;
29
30 import org.apache.avalon.framework.logger.Logger;
31 import org.apache.avalon.framework.configuration.*;
32
33 import javax.net.ssl.*;
34 import javax.net.*;
35
36
37 /**
38  * @author Nicolas Noffke
39  * $Id: SSLSocketFactory.java,v 1.17 2004/11/18 16:53:02 nicolas Exp $
40  */

41
42 public class SSLSocketFactory
43     implements org.jacorb.orb.factory.SocketFactory, Configurable
44 {
45     private SocketFactory factory = null;
46     private String JavaDoc[] cipher_suites = null;
47     private String JavaDoc[] enabledProtocols = null;
48     private TrustManager trustManager = null;
49
50     private boolean trusteesFromKS = false;
51     private short clientSupportedOptions = 0;
52     private String JavaDoc keystore_location = null;
53     private String JavaDoc keystore_passphrase = null;
54     private Logger logger;
55
56     
57     public SSLSocketFactory( org.jacorb.orb.ORB orb )
58         throws ConfigurationException
59     {
60         configure( orb.getConfiguration());
61     }
62
63
64     public void configure(Configuration configuration)
65         throws ConfigurationException
66     {
67         logger =
68             ((org.jacorb.config.Configuration)configuration).getNamedLogger("jacorb.security.jsse");
69
70         trusteesFromKS =
71             configuration.getAttributeAsBoolean("jacorb.security.jsse.trustees_from_ks",false);
72
73         keystore_location =
74             configuration.getAttribute("jacorb.security.keystore","UNSET");
75
76         keystore_passphrase =
77             configuration.getAttribute("jacorb.security.keystore_password","UNSET" );
78
79         clientSupportedOptions =
80             Short.parseShort(
81                 configuration.getAttribute("jacorb.security.ssl.client.supported_options","0"),
82                 16);
83         try
84         {
85             trustManager = (TrustManager) ((org.jacorb.config.Configuration)configuration).getAttributeAsObject
86                                             ("jacorb.security.ssl.client.trust_manager");
87         }
88         catch (ConfigurationException ce)
89         {
90             if (logger.isErrorEnabled())
91             {
92                 logger.error("TrustManager object creation failed. Please check value of property "
93                              + "'jacorb.security.ssl.client.trust_manager'. Current value: "
94                              + configuration.getAttribute("jacorb.security.ssl.client.trust_manager", ""), ce);
95             }
96         }
97         
98         if (configuration.getAttribute("jacorb.security.ssl.client.protocols", null) != null)
99         {
100             enabledProtocols = (String JavaDoc[]) ((org.jacorb.config.Configuration)configuration).getAttributeList
101                                             ("jacorb.security.ssl.client.protocols").toArray();
102             if (logger.isDebugEnabled())
103             {
104                 logger.debug("Setting user specified client enabled protocols : " +
105                              configuration.getAttribute("jacorb.security.ssl.client.protocols", ""));
106             }
107         }
108
109         try
110         {
111             factory = createSocketFactory();
112         }
113         catch( Exception JavaDoc e )
114         {
115             if (logger.isWarnEnabled())
116                 logger.warn("Exception", e );
117         }
118
119         if( factory == null )
120         {
121             if (logger.isErrorEnabled())
122                 logger.error("Unable to create SSLSocketFactory!" );
123             throw new ConfigurationException("Unable to create SSLSocketFactory!");
124         }
125     
126         // Andrew T. Finnell / Change made for e-Security Inc. 2002
127
// We need to obtain all the cipher suites to use from the
128
// properties file.
129
String JavaDoc cipher_suite_list =
130             configuration.getAttribute("jacorb.security.ssl.server.cipher_suites", null );
131     
132         if ( cipher_suite_list != null )
133         {
134             StringTokenizer tokenizer =
135                 new StringTokenizer( cipher_suite_list, "," );
136         
137             // Get the number of ciphers in the list
138
int tokens = tokenizer.countTokens();
139             
140             if ( tokens > 0 )
141             {
142                 // Create an array of strings to store the ciphers
143
cipher_suites = new String JavaDoc[tokens];
144                 
145                 // This will fill the array in reverse order but that doesn't
146
// matter
147
while( tokenizer.hasMoreElements() )
148                 {
149                     cipher_suites[--tokens] = tokenizer.nextToken();
150                 }
151             }
152         }
153     }
154
155     public Socket createSocket( String JavaDoc host,
156                                 int port )
157         throws IOException, UnknownHostException
158     {
159         SSLSocket s = (SSLSocket)factory.createSocket( host, port );
160         // Andrew T. Finnell
161
// We need a way to enable the cipher suites that we would like to use
162
// We should obtain these from the properties file
163
if( cipher_suites != null )
164         {
165             s.setEnabledCipherSuites( cipher_suites );
166         }
167         
168         if (enabledProtocols != null)
169         {
170             s.setEnabledProtocols(enabledProtocols);
171         }
172         
173         return s;
174     }
175
176     public boolean isSSL ( java.net.Socket JavaDoc s )
177     {
178         return (s instanceof SSLSocket);
179     }
180
181     private SocketFactory createSocketFactory()
182         throws IOException, java.security.GeneralSecurityException JavaDoc
183     {
184         KeyManagerFactory kmf = null;
185         KeyStore key_store = null;
186
187         if( trusteesFromKS || ( clientSupportedOptions& 0x40) != 0 )
188         {
189             key_store =
190                 KeyStoreUtil.getKeyStore( keystore_location,
191                                           keystore_passphrase.toCharArray() );
192             //only add own credentials, if establish trust in
193
//client is supported
194
if( ( clientSupportedOptions & 0x40) != 0 )
195             {
196                 kmf = KeyManagerFactory.getInstance( "SunX509" );
197                 kmf.init( key_store, keystore_passphrase.toCharArray() );
198             }
199         }
200         
201         TrustManagerFactory tmf =
202             TrustManagerFactory.getInstance( "SunX509" );
203         
204         if( key_store != null && trusteesFromKS )
205         {
206             //take trusted certificates from keystore
207
if (logger.isInfoEnabled())
208                 logger.info("Loading certs from keystore " + key_store );
209             tmf.init( key_store );
210         }
211         else
212         {
213             tmf.init( (KeyStore) null );
214         }
215         
216         TrustManager[] trustManagers;
217         
218         if (trustManager == null)
219         {
220             trustManagers = tmf.getTrustManagers();
221         }
222         else
223         {
224             if (logger.isDebugEnabled())
225             {
226                 logger.debug("Setting user specified client TrustManger : " + trustManager.getClass().toString());
227             }
228             trustManagers = new TrustManager[] { trustManager };
229         }
230         
231         SSLContext ctx = SSLContext.getInstance( "TLS" );
232
233         ctx.init( (kmf == null)? null : kmf.getKeyManagers(),
234                   trustManagers,
235                   null );
236         
237         return ctx.getSocketFactory();
238     }
239 }
240
241
242
Popular Tags