Java tutorial
/* * ==================================================================== * * The Apache Software License, Version 1.1 * * Copyright (c) 1999 The Apache Software Foundation. All rights * reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The end-user documentation included with the redistribution, if * any, must include the following acknowlegement: * "This product includes software developed by the * Apache Software Foundation (http://www.apache.org/)." * Alternately, this acknowlegement may appear in the software itself, * if and wherever such third-party acknowlegements normally appear. * * 4. The names "The Jakarta Project", "Tomcat", and "Apache Software * Foundation" must not be used to endorse or promote products derived * from this software without prior written permission. For written * permission, please contact apache@apache.org. * * 5. Products derived from this software may not be called "Apache" * nor may "Apache" appear in their names without prior written * permission of the Apache Group. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * ==================================================================== * * This software consists of voluntary contributions made by many * individuals on behalf of the Apache Software Foundation. For more * information on the Apache Software Foundation, please see * <http://www.apache.org/>. * * [Additional notices, if required by prior licensing conditions] * */ package org.apache.tomcat.util.net.puretls; import java.io.IOException; import java.net.InetAddress; import java.net.ServerSocket; import java.net.Socket; import java.net.SocketException; import java.util.Vector; import COM.claymoresystems.ptls.SSLContext; import COM.claymoresystems.ptls.SSLException; import COM.claymoresystems.ptls.SSLServerSocket; import COM.claymoresystems.ptls.SSLSocket; import COM.claymoresystems.sslg.SSLPolicyInt; /** * SSL server socket factory--wraps PureTLS * * @author Eric Rescorla * * some sections of this file cribbed from SSLSocketFactory * (the JSSE socket factory) * */ public class PureTLSSocketFactory extends org.apache.tomcat.util.net.ServerSocketFactory { static org.apache.commons.logging.Log logger = org.apache.commons.logging.LogFactory .getLog(PureTLSSocketFactory.class); static String defaultProtocol = "TLS"; static boolean defaultClientAuth = false; static String defaultKeyStoreFile = "server.pem"; static String defaultKeyPass = "password"; static String defaultRootFile = "root.pem"; static String defaultRandomFile = "random.pem"; private COM.claymoresystems.ptls.SSLContext context = null; public PureTLSSocketFactory() { } public ServerSocket createSocket(int port) throws IOException { init(); return new SSLServerSocket(context, port); } public ServerSocket createSocket(int port, int backlog) throws IOException { init(); ServerSocket tmp; try { tmp = new SSLServerSocket(context, port, backlog); } catch (IOException e) { throw e; } return tmp; } public ServerSocket createSocket(int port, int backlog, InetAddress ifAddress) throws IOException { init(); return new SSLServerSocket(context, port, backlog, ifAddress); } private void init() throws IOException { if (context != null) return; boolean clientAuth = defaultClientAuth; try { String keyStoreFile = (String) attributes.get("keystore"); if (keyStoreFile == null) keyStoreFile = defaultKeyStoreFile; String keyPass = (String) attributes.get("keypass"); if (keyPass == null) keyPass = defaultKeyPass; String rootFile = (String) attributes.get("rootfile"); if (rootFile == null) rootFile = defaultRootFile; String randomFile = (String) attributes.get("randomfile"); if (randomFile == null) randomFile = defaultRandomFile; String protocol = (String) attributes.get("protocol"); if (protocol == null) protocol = defaultProtocol; String clientAuthStr = (String) attributes.get("clientauth"); if (clientAuthStr != null) { if (clientAuthStr.equals("true")) { clientAuth = true; } else if (clientAuthStr.equals("false")) { clientAuth = false; } else { throw new IOException("Invalid value '" + clientAuthStr + "' for 'clientauth' parameter:"); } } SSLContext tmpContext = new SSLContext(); try { tmpContext.loadRootCertificates(rootFile); } catch (IOException iex) { if (logger.isDebugEnabled()) logger.debug("Error loading Client Root Store: " + rootFile, iex); } tmpContext.loadEAYKeyFile(keyStoreFile, keyPass); tmpContext.useRandomnessFile(randomFile, keyPass); SSLPolicyInt policy = new SSLPolicyInt(); policy.requireClientAuth(clientAuth); policy.handshakeOnConnect(false); policy.waitOnClose(false); short[] enabledCiphers = getEnabledCiphers(policy.getCipherSuites()); if (enabledCiphers != null) { policy.setCipherSuites(enabledCiphers); } tmpContext.setPolicy(policy); context = tmpContext; } catch (Exception e) { logger.info("Error initializing SocketFactory", e); throw new IOException(e.getMessage()); } } /* * Determines the SSL cipher suites to be enabled. * * @return Array of SSL cipher suites to be enabled, or null if the * cipherSuites property was not specified (meaning that all supported * cipher suites are to be enabled) */ private short[] getEnabledCiphers(short[] supportedCiphers) { short[] enabledCiphers = null; String attrValue = (String) attributes.get("ciphers"); if (attrValue != null) { Vector vec = null; int fromIndex = 0; int index = attrValue.indexOf(',', fromIndex); while (index != -1) { String cipher = attrValue.substring(fromIndex, index).trim(); int cipherValue = SSLPolicyInt.getCipherSuiteNumber(cipher); /* * Check to see if the requested cipher is among the supported * ciphers, i.e., may be enabled */ if (cipherValue >= 0) { for (int i = 0; supportedCiphers != null && i < supportedCiphers.length; i++) { if (cipherValue == supportedCiphers[i]) { if (vec == null) { vec = new Vector(); } vec.addElement(new Integer(cipherValue)); break; } } } fromIndex = index + 1; index = attrValue.indexOf(',', fromIndex); } if (vec != null) { int nCipher = vec.size(); enabledCiphers = new short[nCipher]; for (int i = 0; i < nCipher; i++) { Integer value = (Integer) vec.elementAt(i); enabledCiphers[i] = value.shortValue(); } } } return enabledCiphers; } public Socket acceptSocket(ServerSocket socket) throws IOException { try { Socket sock = socket.accept(); return sock; } catch (SSLException e) { logger.debug("SSL handshake error", e); throw new SocketException("SSL handshake error" + e.toString()); } } public void handshake(Socket sock) throws IOException { ((SSLSocket) sock).handshake(); } }