avalon-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From hamm...@apache.org
Subject cvs commit: jakarta-avalon-cornerstone/src/java/org/apache/avalon/cornerstone/blocks/sockets TLSSocketFactory.java TLSServerSocketFactory.java
Date Mon, 03 Jun 2002 21:23:01 GMT
hammant     2002/06/03 14:23:01

  Modified:    .        build.xml
               lib      README.txt
               src/java/org/apache/avalon/cornerstone/blocks/sockets
                        TLSServerSocketFactory.java
  Added:       src/java/org/apache/avalon/cornerstone/blocks/sockets
                        TLSSocketFactory.java
  Log:
  TLS factories from Andrei Ivanov
  
  Revision  Changes    Path
  1.104     +2 -0      jakarta-avalon-cornerstone/build.xml
  
  Index: build.xml
  ===================================================================
  RCS file: /home/cvs/jakarta-avalon-cornerstone/build.xml,v
  retrieving revision 1.103
  retrieving revision 1.104
  diff -u -r1.103 -r1.104
  --- build.xml	4 May 2002 08:18:19 -0000	1.103
  +++ build.xml	3 Jun 2002 21:23:00 -0000	1.104
  @@ -124,6 +124,8 @@
         <src path="${test.dir}"/>
         <exclude name="org/apache/avalon/cornerstone/blocks/sockets/TLSServerSocketFactory.java"
                  unless="jsse.present" />
  +      <exclude name="org/apache/avalon/cornerstone/blocks/sockets/TLSSocketFactory.java"
  +               unless="jsse.present" />               
         <exclude name="org/apache/avalon/cornerstone/blocks/soapification/glue/**.java"
                  unless="glue.present" />
         <exclude name="org/apache/avalon/cornerstone/blocks/dom/**.java"
  
  
  
  1.2       +1 -1      jakarta-avalon-cornerstone/lib/README.txt
  
  Index: README.txt
  ===================================================================
  RCS file: /home/cvs/jakarta-avalon-cornerstone/lib/README.txt,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- README.txt	11 Dec 2001 10:49:19 -0000	1.1
  +++ README.txt	3 Jun 2002 21:23:00 -0000	1.2
  @@ -1 +1 @@
  -Place any third party jars here.
  \ No newline at end of file
  +Place jsse.jar here to compile TLS aware socket factory and server socket factory.
  \ No newline at end of file
  
  
  
  1.8       +12 -1     jakarta-avalon-cornerstone/src/java/org/apache/avalon/cornerstone/blocks/sockets/TLSServerSocketFactory.java
  
  Index: TLSServerSocketFactory.java
  ===================================================================
  RCS file: /home/cvs/jakarta-avalon-cornerstone/src/java/org/apache/avalon/cornerstone/blocks/sockets/TLSServerSocketFactory.java,v
  retrieving revision 1.7
  retrieving revision 1.8
  diff -u -r1.7 -r1.8
  --- TLSServerSocketFactory.java	16 Mar 2002 00:18:34 -0000	1.7
  +++ TLSServerSocketFactory.java	3 Jun 2002 21:23:00 -0000	1.8
  @@ -39,6 +39,7 @@
    * @author <a href="mailto:">Harish Prabandham</a>
    * @author <a href="mailto:">Costin Manolache</a>
    * @author <a href="mailto:">Craig McClanahan</a>
  + * @author <a href="mailto:myfam@surfeu.fi">Andrei Ivanov</a> 
    */
   public class TLSServerSocketFactory
       extends AbstractLogEnabled
  @@ -49,6 +50,7 @@
   
       protected String m_keyStoreFile;
       protected String m_keyStorePassword;
  +    protected String m_keyPassword;      
       protected String m_keyStoreType;
       protected String m_keyStoreProtocol;
       protected String m_keyStoreAlgorithm;
  @@ -66,6 +68,7 @@
        * <keystore>
        *  <file>conf/keystore</file> <!-- location of keystore relative to
.sar base directory -->
        *  <password></password> <!-- Password for the Key Store file -->
  +     *  <key-password></key-password> <!-- Optional private Key Password
-->
        *  <type>JKS</type> <!-- Type of the Key Store file -->
        *  <protocol>TLS</protocol> <!-- SSL protocol to use -->
        *  <algorithm>SunX509</algorithm> <!-- Certificate encoding algorithm
-->
  @@ -81,6 +84,7 @@
           final Configuration keyStore = configuration.getChild( "keystore" );
           m_keyStoreFile = keyStore.getChild( "file" ).getValue( "conf/keystore" );
           m_keyStorePassword = keyStore.getChild( "password" ).getValue();
  +        m_keyPassword = keyStore.getChild( "key-password" ).getValue(null);           

           m_keyStoreType = keyStore.getChild( "type" ).getValue( "JKS" );
           m_keyStoreProtocol = keyStore.getChild( "protocol" ).getValue( "TLS" );
           m_keyStoreAlgorithm = keyStore.getChild( "algorithm" ).getValue( "SunX509" );
  @@ -128,7 +132,14 @@
           final KeyManagerFactory keyManagerFactory =
               KeyManagerFactory.getInstance( m_keyStoreAlgorithm );
   
  -        keyManagerFactory.init( keyStore, m_keyStorePassword.toCharArray() );
  +        if ( null == m_keyPassword ) 
  +        {
  +          keyManagerFactory.init( keyStore, m_keyStorePassword.toCharArray() );
  +        } else 
  +        {
  +          keyManagerFactory.init( keyStore, m_keyPassword.toCharArray() );
  +        }
  +        
   
           final TrustManagerFactory tmf = TrustManagerFactory.getInstance( m_keyStoreAlgorithm
);
           tmf.init( keyStore );
  
  
  
  1.1                  jakarta-avalon-cornerstone/src/java/org/apache/avalon/cornerstone/blocks/sockets/TLSSocketFactory.java
  
  Index: TLSSocketFactory.java
  ===================================================================
  /*
   * Copyright (C) The Apache Software Foundation. All rights reserved.
   *
   * This software is published under the terms of the Apache Software License
   * version 1.1, a copy of which has been included with this distribution in
   * the LICENSE.txt file.
   */
  package org.apache.avalon.cornerstone.blocks.sockets;
  
  import com.sun.net.ssl.KeyManagerFactory;
  import com.sun.net.ssl.SSLContext;
  import com.sun.net.ssl.TrustManagerFactory;
  import java.io.File;
  import java.io.FileInputStream;
  import java.io.IOException;
  import java.net.InetAddress;
  import java.net.Socket;
  import java.net.UnknownHostException;
  import java.security.KeyStore;
  import javax.net.ssl.SSLSocket;
  import javax.net.ssl.SSLSocketFactory;
  import javax.security.cert.X509Certificate;
  import org.apache.avalon.cornerstone.services.sockets.SocketFactory;
  import org.apache.avalon.framework.activity.Initializable;
  import org.apache.avalon.framework.component.Component;
  import org.apache.avalon.framework.configuration.Configurable;
  import org.apache.avalon.framework.configuration.Configuration;
  import org.apache.avalon.framework.configuration.ConfigurationException;
  import org.apache.avalon.framework.context.Context;
  import org.apache.avalon.framework.context.Contextualizable;
  import org.apache.avalon.framework.logger.AbstractLogEnabled;
  import org.apache.avalon.phoenix.BlockContext;
  
  import org.apache.avalon.framework.configuration.DefaultConfigurationBuilder;
  
  /**
   * Factory implementation for client TLS TCP sockets.
   *
   * @author <a href="mailto:peter@apache.org">Peter Donald</a>
   * @author <a href="mailto:fede@apache.org">Federico Barbieri</a>
   * @author <a href="mailto:charles@benett1.demon.co.uk">Charles Benett</a>
   * @author <a href="mailto:">Harish Prabandham</a>
   * @author <a href="mailto:">Costin Manolache</a>
   * @author <a href="mailto:">Craig McClanahan</a>
   * @author <a href="mailto:myfam@surfeu.fi">Andrei Ivanov</a>
   */
  public class TLSSocketFactory
      extends AbstractLogEnabled
      implements SocketFactory, Component, Contextualizable, Configurable, Initializable
  {
      
      protected SSLSocketFactory m_factory;
      
      protected File m_baseDirectory;
      
      protected String m_keyStoreFile;
      protected String m_keyStorePassword;
      protected String m_keyPassword;
      protected String m_keyStoreType;
      protected String m_keyStoreProtocol;
      protected String m_keyStoreAlgorithm;
      protected boolean m_keyStoreAuthenticateClients;
      
      public void contextualize ( final Context context )
      {
          final BlockContext blockContext = (BlockContext)context;
          m_baseDirectory = blockContext.getBaseDirectory ();
      }
      
      /**
       * Configure factory. Sample config is
       *
       * <keystore>
       *  <file>conf/keystore</file> <!-- location of keystore relative to
.sar base directory -->
       *  <password></password> <!-- Password for the Key Store file -->
       *  <key-password></key-password> <!-- Optional private Key Password
-->
       *  <type>JKS</type> <!-- Type of the Key Store file -->
       *  <protocol>TLS</protocol> <!-- SSL protocol to use -->
       *  <algorithm>SunX509</algorithm> <!-- Certificate encoding algorithm
-->
       *  <authenticate-client>false</authenticate-client> <!-- Require client
authentication? -->
       * <keystore>
       *
       * @param configuration the Configuration
       * @exception ConfigurationException if an error occurs
       */
      public void configure ( final Configuration configuration )
          throws ConfigurationException
      {
          final Configuration keyStore = configuration.getChild ( "keystore" );
          m_keyStoreFile = keyStore.getChild ( "file" ).getValue ( "conf/keystore" );
          m_keyStorePassword = keyStore.getChild ( "password" ).getValue ();
          m_keyPassword = keyStore.getChild ( "key-password" ).getValue (null);
          m_keyStoreType = keyStore.getChild ( "type" ).getValue ( "JKS" );
          m_keyStoreProtocol = keyStore.getChild ( "protocol" ).getValue ( "TLS" );
          m_keyStoreAlgorithm = keyStore.getChild ( "algorithm" ).getValue ( "SunX509" );
          m_keyStoreAuthenticateClients 
              = keyStore.getChild ( "authenticate-client" ).getValueAsBoolean ( false );
          
      }
      
      public void initialize ()
          throws Exception
      {
          final KeyStore keyStore = initKeyStore ();
          initSSLFactory ( keyStore );
      }
      
      
      protected KeyStore initKeyStore ()
      throws Exception
      {
          try
          {
              final KeyStore keyStore = KeyStore.getInstance ( m_keyStoreType );
              File keyStoreFile = new File ( m_baseDirectory, m_keyStoreFile );
              if (!keyStoreFile.exists () ) keyStoreFile = new File ( m_baseDirectory + m_keyStoreFile
);
              final FileInputStream input = new FileInputStream ( keyStoreFile );
              
              keyStore.load ( input, m_keyStorePassword.toCharArray () );
              getLogger ().info ( "Keystore loaded from: " + keyStoreFile );
              
              return keyStore;
          }
          catch( final Exception e )
          {
              getLogger ().error ( "Exception loading keystore from: " + m_keyStoreFile, e
);
              throw e;
          }
      }
      
      protected void initSSLFactory ( final KeyStore keyStore )
      throws Exception
      {
          
          java.security.Security.addProvider ( new sun.security.provider.Sun () );
          java.security.Security.addProvider ( new com.sun.net.ssl.internal.ssl.Provider ()
);
          
          // set up key manager to do server authentication
          final SSLContext sslContext = SSLContext.getInstance ( m_keyStoreProtocol );
          final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance ( m_keyStoreAlgorithm
);
          
          if ( null == m_keyPassword )
          {
              keyManagerFactory.init ( keyStore, m_keyStorePassword.toCharArray () );
          } else
          {
              keyManagerFactory.init ( keyStore, m_keyPassword.toCharArray () );
          }
          
          final TrustManagerFactory tmf = TrustManagerFactory.getInstance ( m_keyStoreAlgorithm
);
          tmf.init ( keyStore );
          
          sslContext.init ( keyManagerFactory.getKeyManagers (),
                            tmf.getTrustManagers (),
                            new java.security.SecureRandom () );
          
          // Create socket factory
          m_factory = sslContext.getSocketFactory ();
      }
      
      protected void initSocket ( final Socket socket )
      {
          final SSLSocket sslSocket = (SSLSocket) socket;
          
          // Enable all available cipher suites when the socket is connected
          final String[] cipherSuites = sslSocket.getSupportedCipherSuites ();
          sslSocket.setEnabledCipherSuites ( cipherSuites );
          
          // Set client authentication if necessary
          sslSocket.setNeedClientAuth ( m_keyStoreAuthenticateClients );
      }
      
      /**
       * Returns a socket layered over an existing socket connected to the named
       * host, at the given port. This constructor can be used when tunneling SSL
       * through a proxy or when negotiating the use of SSL over an existing socket.
       * The host and port refer to the logical peer destination. This socket is
       * configured using the socket options established for this factory.
       *
       * @param s - the existing socket
       * @param host - the server host
       * @param port - the server port
       * @param autoClose - close the underlying socket when this socket is closed
       *
       * @exception IOException - if the connection can't be established
       * @exception UnknownHostException - if the host is not known
       */
      public Socket createSocket (Socket s, String host, int port, boolean autoClose) throws
IOException
      {
          final Socket socket = m_factory.createSocket ( s, host, port, autoClose );
          initSocket ( socket );
          return socket;
      }
      
      /**
       * Returns a socket connected to a ServerSocket at the specified network
       * address and port. This socket is configured using the socket options
       * established for this factory.
       *
       * @param host - the server host
       * @param port - the server port
       *
       * @exception IOException - if the connection can't be established
       * @exception UnknownHostException - if the host is not known
       */
      public Socket createSocket (String host, int port) throws IOException, UnknownHostException
      {
          InetAddress address = InetAddress.getByName (host);
          return this.createSocket (address, port);
      }
      
      /**
       * Returns a socket connected to a ServerSocket on the named host, at the
       * given port. The client address address is the specified host and port.
       * This socket is configured using the socket options established for this
       * factory.
       *
       * @param host - the server host
       * @param port - the server port
       * @param localAddress - the client host
       * @param localPort - the client port
       *
       * @exception IOException - if the connection can't be established
       * @exception UnknownHostException - if the host is not known
       */
      public Socket createSocket (String host, int port, InetAddress localAddress, int localPort)
      throws IOException, UnknownHostException
      {
          InetAddress address = InetAddress.getByName (host);
          return this.createSocket (address, port, localAddress, localPort);
          
      }
      
      /**
       * Create a socket and connect to remote address specified.
       *
       * @param address the remote address
       * @param port the remote port
       * @return the socket
       * @exception IOException if an error occurs
       */
      public Socket createSocket (InetAddress address, int port) throws IOException
      {
          final Socket socket = m_factory.createSocket ( address, port );
          initSocket ( socket );
          return socket;
      }
      
      /**
       * Create a socket and connect to remote address specified
       * originating from specified local address.
       *
       * @param address the remote address
       * @param port the remote port
       * @param localAddress the local address
       * @param localPort the local port
       * @return the socket
       * @exception IOException if an error occurs
       */
      public Socket createSocket (InetAddress address, int port, InetAddress localAddress,
int localPort) throws IOException
      {
          final Socket socket = m_factory.createSocket ( address, port, localAddress, localPort
);
          initSocket ( socket );
          return socket;
      }
      
  }
  
  
  
  

--
To unsubscribe, e-mail:   <mailto:avalon-cvs-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:avalon-cvs-help@jakarta.apache.org>


Mime
View raw message