SSLTcpProxyService


1   /*
2    * JORAM: Java(TM) Open Reliable Asynchronous Messaging
3    * Copyright (C) 2005 - 2006 ScalAgent Distributed Technologies
4    *
5    * This library is free software; you can redistribute it and/or
6    * modify it under the terms of the GNU Lesser General Public
7    * License as published by the Free Software Foundation; either
8    * version 2.1 of the License, or any later version.
9    * 
10   * This library is distributed in the hope that it will be useful,
11   * but WITHOUT ANY WARRANTY; without even the implied warranty of
12   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
13   * Lesser General Public License for more details.
14   * 
15   * You should have received a copy of the GNU Lesser General Public
16   * License along with this library; if not, write to the Free Software
17   * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
18   * USA.
19   *
20   * Initial developer(s): ScalAgent Distributed Technologies
21   * Contributor(s): Alex Porras (MediaOcean)
22   */
23  package org.objectweb.joram.mom.proxies.tcp;
24  
25  import fr.dyade.aaa.agent.*;
26  import fr.dyade.aaa.util.*;
27  
28  import java.net.*;
29  import java.util.*;
30  import java.io.FileInputStream  ;
31  import java.security.KeyStore  ;
32  import java.security.SecureRandom  ;
33  import javax.net.ServerSocketFactory;
34  import javax.net.ssl.SSLServerSocketFactory;
35  import javax.net.ssl.KeyManagerFactory;
36  import javax.net.ssl.TrustManagerFactory;
37  import javax.net.ssl.TrustManager;
38  import javax.net.ssl.SSLServerSocket;
39  import javax.net.ssl.SSLContext;
40  
41  import org.objectweb.joram.shared.JoramTracing;
42  import org.objectweb.util.monolog.api.BasicLevel;
43  
44  /**
45   * Starts a SSLTCP entry point for MOM clients.
46   */
47  public class SSLTcpProxyService extends TcpProxyService {
48  
49    private final static String   CIPHER = "org.objectweb.joram.cipherList";
50    private final static String   KS = "org.objectweb.joram.keystore";
51    private final static String   KS_PASS = "org.objectweb.joram.keystorepass";
52    private final static String   KS_TYPE = "org.objectweb.joram.keystoretype";
53    private final static String   SSLCONTEXT = "org.objectweb.joram.sslCtx";
54  
55  
56    /**
57     * Initializes the SSLTCP entry point by creating a
58     * ssl server socket listening to the specified port.
59     * 
60     * @param args stringified listening port
61     * @param firstTime <code>true</code> 
62     * when the agent server starts.   
63     */
64    public static void init(String   args, boolean firstTime) 
65      throws Exception   {
66      if (JoramTracing.dbgProxy.isLoggable(BasicLevel.DEBUG))
67        JoramTracing.dbgProxy.log(
68          BasicLevel.DEBUG, "SSLTcpProxyService.init(" + 
69          args + ',' + firstTime + ')');
70  
71      int port =  DEFAULT_PORT;;
72      String   address = DEFAULT_BINDADDRESS;
73      if (args != null) {
74        StringTokenizer st = new StringTokenizer(args);      
75        port = Integer.parseInt(st.nextToken());
76        if (st.hasMoreTokens()) {
77          address = st.nextToken();
78        }
79      }
80      
81      int backlog = Integer.getInteger(BACKLOG_PROP, DEFAULT_BACKLOG).intValue();
82  
83      // Create the socket here in order to throw an exception
84      // if the socket can't be created (even if firstTime is false).
85      ServerSocket serverSocket;
86  
87      if (JoramTracing.dbgProxy.isLoggable(BasicLevel.DEBUG))
88        JoramTracing.dbgProxy.log(
89          BasicLevel.DEBUG, "SSLTcpProxyService.init() - binding to address " + address + ", port " + port);
90  
91      serverSocket = createServerSocket(port, backlog, address);
92      int poolSize = Integer.getInteger(POOL_SIZE_PROP, DEFAULT_POOL_SIZE).intValue();
93  
94      int timeout = Integer.getInteger(SO_TIMEOUT_PROP, DEFAULT_SO_TIMEOUT).intValue();
95      
96      proxyService = new SSLTcpProxyService(serverSocket, poolSize, timeout);
97      proxyService.start();
98    }
99    
100   public SSLTcpProxyService(ServerSocket serverSocket,
101                             int poolSize,
102                             int timeout) {
103     super(serverSocket,poolSize,timeout);
104   }
105 
106   private static ServerSocketFactory createServerSocketFactory() 
107     throws Exception   {
108     char[] keyStorePass =  System.getProperty(KS_PASS, "jorampass").toCharArray();
109     String   keystoreFile = System.getProperty(KS, "./joram_ks");
110     String   sslContext = System.getProperty(SSLCONTEXT, "SSL");
111     String   ksType = System.getProperty(KS_TYPE, "JKS");
112 
113     if (JoramTracing.dbgProxy.isLoggable(BasicLevel.DEBUG))
114       JoramTracing.dbgProxy.log(BasicLevel.DEBUG,
115                                 "SSLTcpProxyService.createServerSocketFactory:" +
116                                 keystoreFile + ':' + keyStorePass);
117 
118     KeyStore   keystore = KeyStore.getInstance(ksType);
119     keystore.load(new FileInputStream  (keystoreFile), keyStorePass);
120     
121     KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
122     kmf.init(keystore,keyStorePass);
123     
124     TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
125     tmf.init(keystore);       
126     TrustManager[] trustManagers = tmf.getTrustManagers();
127     
128     SSLContext ctx = SSLContext.getInstance(sslContext);
129     SecureRandom   securerandom = SecureRandom.getInstance("SHA1PRNG");
130 //    SecureRandom securerandom = null;
131     ctx.init(kmf.getKeyManagers(),trustManagers,securerandom);
132     
133     return (ServerSocketFactory) ctx.getServerSocketFactory();
134   }
135 
136   private static ServerSocket createServerSocket(int port, int backlog, String   address) throws Exception   {
137     ServerSocketFactory serverSocketFactory = createServerSocketFactory();
138 
139     SSLServerSocket serverSocket = null;
140     if (address.equals("0.0.0.0")) {
141       serverSocket = (SSLServerSocket) serverSocketFactory.createServerSocket(port, backlog);
142     } else {
143       serverSocket = (SSLServerSocket) serverSocketFactory.createServerSocket(port, backlog, InetAddress.getByName(address));
144     }
145 
146     // require mutual authentification
147     serverSocket.setNeedClientAuth(true);
148     // request mutual authentification
149     //serverSocket.setWantClientAuth(true);
150     String  [] cipherTable = getCipherList();
151     if (cipherTable != null && cipherTable.length > 0)
152       serverSocket.setEnabledCipherSuites(cipherTable);
153 
154     return serverSocket;
155   }
156 
157   private static String   [] getCipherList() throws Exception   {
158     String   cipherList = System.getProperty(CIPHER,null);
159     String  [] cipherTable = null;
160     if ( cipherList != null ) {
161       StringTokenizer tokenizer = new StringTokenizer( cipherList,",");
162       int tokens = tokenizer.countTokens();
163       if (tokens > 0) {
164         cipherTable = new String  [tokens];
165         while(tokenizer.hasMoreElements())
166           cipherTable[--tokens] = tokenizer.nextToken();
167       }
168     }
169     return cipherTable;
170   }
171 }
172
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags