SSLServerSocketFactory


1   /*
2   * JBoss, Home of Professional Open Source
3   * Copyright 2005, JBoss Inc., and individual contributors as indicated
4   * by the @authors tag. See the copyright.txt in the distribution for a
5   * full listing of individual contributors.
6   *
7   * This is free software; you can redistribute it and/or modify it
8   * under the terms of the GNU Lesser General Public License as
9   * published by the Free Software Foundation; either version 2.1 of
10  * the License, or (at your option) any later version.
11  *
12  * This software is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15  * Lesser General Public License for more details.
16  *
17  * You should have received a copy of the GNU Lesser General Public
18  * License along with this software; if not, write to the Free
19  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21  */
22  package org.jboss.iiop.jacorb;
23  
24  import java.io.IOException  ;
25  import java.net.InetAddress  ;
26  import java.net.ServerSocket  ;
27  import javax.net.ssl.SSLServerSocket;
28  
29  import org.jboss.iiop.CorbaORBService;
30  import org.jboss.logging.Logger;
31  import org.jboss.security.SecurityDomain;
32  import org.jboss.security.ssl.DomainServerSocketFactory;
33  import org.jboss.system.Registry;
34  
35  /**
36   * This implementation of the JacORB-specific interface 
37   * <code>org.jacorb.orb.factory.SSLServerSocketFactory</code> uses the JSSE
38   * KeyManagerFactory and TrustManagerFactory objects encapsulated by 
39   * a JBossSX SecurityDomain. It looks up the 
40   * <code>org.jboss.security.SecurityDomain</code> instance bound to the 
41   * name <code>CorbaORBService.SSL_DOMAIN</code> in the JBoss registry.
42   *
43   * @author <a HREF="mailto:reverbel@ime.usp.br">Francisco Reverbel</a>
44   * @version $Revision: 37459 $
45   */
46  public class SSLServerSocketFactory 
47     implements org.jacorb.orb.factory.SSLServerSocketFactory,
48                org.apache.avalon.framework.configuration.Configurable
49  {
50     // Static --------------------------------------------------------
51     
52     private static Logger log = Logger.getLogger(SSLServerSocketFactory.class);
53     
54     // Attributes ----------------------------------------------------
55     
56     private DomainServerSocketFactory domainFactory = null;
57     private boolean require_mutual_auth = false;
58     private boolean request_mutual_auth = false;
59     
60     // Constructor ---------------------------------------------------
61     
62     public SSLServerSocketFactory(org.jacorb.orb.ORB orb)
63        throws IOException  
64     {
65        log.info("Creating");
66        
67        SecurityDomain securityDomain = 
68           (SecurityDomain)Registry.lookup(CorbaORBService.SSL_DOMAIN);
69  
70        try
71        {
72           domainFactory = new DomainServerSocketFactory(securityDomain);
73        }
74        catch (IOException   e)
75        {
76           log.warn("Could not create DomainServerSocketFactory: " + e);
77           log.debug("Exception creating DomainServerSockedFactory: ", e);
78           throw e;
79        }
80  
81        short serverSupportedOptions = Short.parseShort(
82              orb.getConfiguration().getAttribute(
83                    "jacorb.security.ssl.server.supported_options","20"),
84              16); // 16 is the base as we take the string value as hex!      
85        short serverRequiredOptions = Short.parseShort(
86               orb.getConfiguration().getAttribute(
87                    "jacorb.security.ssl.server.required_options","0"),
88               16); // 16 is the base as we take the string value as hex!      
89  
90  
91        if ((serverSupportedOptions & 0x40) != 0)
92        {
93           // would prefer to establish trust in client.  If client can support
94           // authentication, it will, otherwise we will continue
95           request_mutual_auth = true;
96        }
97        if ((serverRequiredOptions & 0x40) != 0)
98        {
99           //required: establish trust in client
100          //--> force other side to authenticate
101          require_mutual_auth = true;
102          request_mutual_auth = false;
103       }
104       if (request_mutual_auth)
105          log.info("Will create SSL sockets that support client authentication");
106       else if (require_mutual_auth)
107          log.info("Will create SSL sockets that require client authentication");
108       log.info("Created");
109    }
110            
111    // JacORB SSLServerSocketFactory implementation ------------------
112    // (interface org.jacorb.orb.factory.SSLServerSocketFactory)
113 
114    public ServerSocket   createServerSocket(int port)
115       throws IOException  
116    {
117       SSLServerSocket s = 
118          (SSLServerSocket)domainFactory.createServerSocket(port);
119 
120       if (request_mutual_auth) 
121          s.setWantClientAuth(request_mutual_auth);
122       else if (require_mutual_auth) 
123          s.setNeedClientAuth(require_mutual_auth);
124 
125       return s;
126    }
127    
128    public ServerSocket   createServerSocket(int port, int backlog) 
129       throws IOException  
130    {
131       SSLServerSocket s = 
132          (SSLServerSocket)domainFactory.createServerSocket(port, backlog);
133 
134       if (request_mutual_auth) 
135          s.setWantClientAuth(request_mutual_auth);
136       else if (require_mutual_auth) 
137          s.setNeedClientAuth(require_mutual_auth);
138 
139       return s;
140    }
141 
142    public ServerSocket   createServerSocket(int port,
143                                           int backlog,
144                                           InetAddress   ifAddress)
145       throws IOException      
146    {
147       SSLServerSocket s = 
148          (SSLServerSocket)domainFactory.createServerSocket(port, 
149                                                            backlog, ifAddress);
150 
151       if (request_mutual_auth) 
152          s.setWantClientAuth(request_mutual_auth);
153       else if (require_mutual_auth) 
154          s.setNeedClientAuth(require_mutual_auth);
155 
156       return s;
157    }
158    
159    public boolean isSSL(java.net.ServerSocket   s)
160    { 
161       return (s instanceof SSLServerSocket); 
162    }
163    
164    public void switchToClientMode(java.net.Socket   socket)
165    {
166       // no-op
167    }
168 
169    // Avalon Configurable implementation ----------------------------
170    
171    public void configure(
172          org.apache.avalon.framework.configuration.Configuration configuration)
173       throws org.apache.avalon.framework.configuration.ConfigurationException
174    {
175       // no-op
176    }
177 }
178
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags