geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jdil...@apache.org
Subject svn commit: r576849 - /geronimo/sandbox/gshell/trunk/gshell-remote/gshell-remote-common/src/main/java/org/apache/geronimo/gshell/remote/ssl/
Date Tue, 18 Sep 2007 11:24:09 GMT
Author: jdillon
Date: Tue Sep 18 04:24:08 2007
New Revision: 576849

URL: http://svn.apache.org/viewvc?rev=576849&view=rev
Log:
Tidy up and components the ssl support classes we have right now, drop those we aren't using

Added:
    geronimo/sandbox/gshell/trunk/gshell-remote/gshell-remote-common/src/main/java/org/apache/geronimo/gshell/remote/ssl/SSLContextFactory.java
Removed:
    geronimo/sandbox/gshell/trunk/gshell-remote/gshell-remote-common/src/main/java/org/apache/geronimo/gshell/remote/ssl/BogusTrustManagerFactory.java
    geronimo/sandbox/gshell/trunk/gshell-remote/gshell-remote-common/src/main/java/org/apache/geronimo/gshell/remote/ssl/SSLServerSocketFactory.java
    geronimo/sandbox/gshell/trunk/gshell-remote/gshell-remote-common/src/main/java/org/apache/geronimo/gshell/remote/ssl/SSLSocketFactory.java
Modified:
    geronimo/sandbox/gshell/trunk/gshell-remote/gshell-remote-common/src/main/java/org/apache/geronimo/gshell/remote/ssl/BogusSSLContextFactory.java

Modified: geronimo/sandbox/gshell/trunk/gshell-remote/gshell-remote-common/src/main/java/org/apache/geronimo/gshell/remote/ssl/BogusSSLContextFactory.java
URL: http://svn.apache.org/viewvc/geronimo/sandbox/gshell/trunk/gshell-remote/gshell-remote-common/src/main/java/org/apache/geronimo/gshell/remote/ssl/BogusSSLContextFactory.java?rev=576849&r1=576848&r2=576849&view=diff
==============================================================================
--- geronimo/sandbox/gshell/trunk/gshell-remote/gshell-remote-common/src/main/java/org/apache/geronimo/gshell/remote/ssl/BogusSSLContextFactory.java
(original)
+++ geronimo/sandbox/gshell/trunk/gshell-remote/gshell-remote-common/src/main/java/org/apache/geronimo/gshell/remote/ssl/BogusSSLContextFactory.java
Tue Sep 18 04:24:08 2007
@@ -18,7 +18,7 @@
  */
 
 //
-// NOTE: Snatched from Apache Mina'a Examples
+// NOTE: Snatched and massaged from Apache Mina'a Examples
 //
 
 package org.apache.geronimo.gshell.remote.ssl;
@@ -26,116 +26,172 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.security.GeneralSecurityException;
+import java.security.InvalidAlgorithmParameterException;
 import java.security.KeyStore;
+import java.security.KeyStoreException;
 import java.security.Security;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
 
 import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.ManagerFactoryParameters;
 import javax.net.ssl.SSLContext;
-
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactorySpi;
+import javax.net.ssl.X509TrustManager;
+
+import org.codehaus.plexus.component.annotations.Component;
+import org.codehaus.plexus.personality.plexus.lifecycle.phase.Initializable;
+import org.codehaus.plexus.personality.plexus.lifecycle.phase.InitializationException;
 import org.codehaus.plexus.util.IOUtil;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 /**
  * Factory to create a bougus SSLContext.
  *
- * @author The Apache MINA Project (dev@mina.apache.org)
- * @version $Rev$, $Date$
+ * @version $Rev$ $Date$
  */
+@Component(role=SSLContextFactory.class, hint="bogus")
 public class BogusSSLContextFactory
+    implements SSLContextFactory, Initializable
 {
     private static final String PROTOCOL = "TLS";
 
+    private static final String DEFAULT_KEY_MANAGER_FACTORY_ALGORITHM = "SunX509";
+
     private static final String KEY_MANAGER_FACTORY_ALGORITHM;
 
     static {
         String algorithm = Security.getProperty("ssl.KeyManagerFactory.algorithm");
         
         if (algorithm == null) {
-            algorithm = "SunX509";
+            algorithm = DEFAULT_KEY_MANAGER_FACTORY_ALGORITHM;
         }
 
         KEY_MANAGER_FACTORY_ALGORITHM = algorithm;
     }
 
-    /**
-     * Bougus Server certificate keystore file name.
-     */
-    private static final String BOGUS_KEYSTORE = "bogus.cert";
-
+    //
     // NOTE: The keystore was generated using keytool:
     //   keytool -genkey -alias bogus -keysize 512 -validity 3650
     //           -keyalg RSA -dname "CN=bogus.com, OU=XXX CA,
     //               O=Bogus Inc, L=Stockholm, S=Stockholm, C=SE"
     //           -keypass boguspw -storepass boguspw -keystore bogus.cert
 
-    /**
-     * Bougus keystore password.
-     */
-    private static final char[] BOGUS_PW = {'b', 'o', 'g', 'u', 's', 'p', 'w'};
-
-    private static SSLContext serverInstance = null;
-
-    private static SSLContext clientInstance = null;
-
-    public static SSLContext getInstance(boolean server) throws GeneralSecurityException
{
-        SSLContext retInstance = null;
-        if (server) {
-            if (serverInstance == null) {
-                synchronized (BogusSSLContextFactory.class) {
-                    if (serverInstance == null) {
-                        try {
-                            serverInstance = createBougusServerSSLContext();
-                        }
-                        catch (Exception e) {
-                            throw new GeneralSecurityException("Can't create Server SSLContext",
e);
-                        }
-                    }
-                }
-            }
+    private Logger log = LoggerFactory.getLogger(getClass());
+
+    // @Configuration
+    private boolean preload = true;
+
+    // @Configuration
+    private String keystoreResource = "bogus.cert";
+
+    // @Configuration
+    private char[] keystorePassword = { 'b', 'o', 'g', 'u', 's', 'p', 'w' };
+
+    private SSLContext serverInstance;
 
-            retInstance = serverInstance;
+    private SSLContext clientInstance;
+
+    public synchronized void initialize() throws InitializationException {
+        if (preload) {
+            log.debug("Preloading SSLContext instances");
+            
+            try {
+                createServerContext();
+                createClientContext();
+            }
+            catch (GeneralSecurityException e) {
+                throw new InitializationException("Failed to setup SSLContext instances",
e);
+            }
         }
-        else {
-            if (clientInstance == null) {
-                synchronized (BogusSSLContextFactory.class) {
-                    if (clientInstance == null) {
-                        clientInstance = createBougusClientSSLContext();
-                    }
+    }
+
+    //
+    // SSLContextFactory
+    //
+
+    public synchronized SSLContext createServerContext() throws GeneralSecurityException
{
+        if (serverInstance == null) {
+            KeyStore keyStore;
+
+            try {
+                keyStore = KeyStore.getInstance("JKS");
+
+                InputStream in = getClass().getResourceAsStream(keystoreResource);
+                if (in == null) {
+                    throw new GeneralSecurityException("Failed to load bogus keystore from
resource: " + keystoreResource);
                 }
+
+                try {
+                    keyStore.load(in, keystorePassword);
+                }
+                finally {
+                    IOUtil.close(in);
+                }
+            }
+            catch (IOException e) {
+                throw new GeneralSecurityException("Failed to load bogus keystore", e);
             }
 
-            retInstance = clientInstance;
+            // Set up key manager factory to use our key store
+            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KEY_MANAGER_FACTORY_ALGORITHM);
+            keyManagerFactory.init(keyStore, keystorePassword);
+
+            // Initialize the SSLContext to work with our key managers.
+            SSLContext context = SSLContext.getInstance(PROTOCOL);
+            context.init(keyManagerFactory.getKeyManagers(), BogusTrustManagerFactory.X509_MANAGERS,
null);
+
+            serverInstance = context;
+
+            log.debug("Created server SSLContext: {}", serverInstance);
         }
-        
-        return retInstance;
+
+        return serverInstance;
     }
 
-    private static SSLContext createBougusServerSSLContext() throws GeneralSecurityException,
IOException {
-        // Create keystore
-        KeyStore ks = KeyStore.getInstance("JKS");
-        InputStream in = null;
-
-        try {
-            in = BogusSSLContextFactory.class.getResourceAsStream(BOGUS_KEYSTORE);
-            ks.load(in, BOGUS_PW);
-        }
-        finally {
-            IOUtil.close(in);
-        }
+    public synchronized SSLContext createClientContext() throws GeneralSecurityException
{
+        if (clientInstance == null) {
+            SSLContext context = SSLContext.getInstance(PROTOCOL);
+            context.init(null, BogusTrustManagerFactory.X509_MANAGERS, null);
 
-        // Set up key manager factory to use our key store
-        KeyManagerFactory kmf = KeyManagerFactory.getInstance(KEY_MANAGER_FACTORY_ALGORITHM);
-        kmf.init(ks, BOGUS_PW);
-
-        // Initialize the SSLContext to work with our key managers.
-        SSLContext sslContext = SSLContext.getInstance(PROTOCOL);
-        sslContext.init(kmf.getKeyManagers(), BogusTrustManagerFactory.X509_MANAGERS, null);
+            clientInstance = context;
+
+            log.debug("Created client SSLContext: {}", clientInstance);
+        }
 
-        return sslContext;
+        return clientInstance;
     }
 
-    private static SSLContext createBougusClientSSLContext() throws GeneralSecurityException
{
-        SSLContext context = SSLContext.getInstance(PROTOCOL);
-        context.init(null, BogusTrustManagerFactory.X509_MANAGERS, null);
-        return context;
+    //
+    // BogusTrustManagerFactory
+    //
+
+    private static class BogusTrustManagerFactory
+        extends TrustManagerFactorySpi
+    {
+        private static final X509TrustManager X509 = new X509TrustManager() {
+            public void checkClientTrusted(X509Certificate[] c, String s) throws CertificateException
{}
+
+            public void checkServerTrusted(X509Certificate[] c, String s) throws CertificateException
{}
+
+            public X509Certificate[] getAcceptedIssuers() {
+                return new X509Certificate[0];
+            }
+        };
+
+        private static final TrustManager[] X509_MANAGERS = { X509 };
+
+        @Override
+        protected TrustManager[] engineGetTrustManagers() {
+            return X509_MANAGERS;
+        }
+
+        @Override
+        protected void engineInit(KeyStore keystore) throws KeyStoreException {}
+
+        @Override
+        protected void engineInit(ManagerFactoryParameters managerFactoryParameters) throws
InvalidAlgorithmParameterException {}
     }
 }

Added: geronimo/sandbox/gshell/trunk/gshell-remote/gshell-remote-common/src/main/java/org/apache/geronimo/gshell/remote/ssl/SSLContextFactory.java
URL: http://svn.apache.org/viewvc/geronimo/sandbox/gshell/trunk/gshell-remote/gshell-remote-common/src/main/java/org/apache/geronimo/gshell/remote/ssl/SSLContextFactory.java?rev=576849&view=auto
==============================================================================
--- geronimo/sandbox/gshell/trunk/gshell-remote/gshell-remote-common/src/main/java/org/apache/geronimo/gshell/remote/ssl/SSLContextFactory.java
(added)
+++ geronimo/sandbox/gshell/trunk/gshell-remote/gshell-remote-common/src/main/java/org/apache/geronimo/gshell/remote/ssl/SSLContextFactory.java
Tue Sep 18 04:24:08 2007
@@ -0,0 +1,46 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+//
+// NOTE: Snatched from Apache Mina'a Examples
+//
+
+package org.apache.geronimo.gshell.remote.ssl;
+
+import java.security.GeneralSecurityException;
+
+import javax.net.ssl.SSLContext;
+
+/**
+ * Provides an abstraction of client and server {@link SSLContext} creation.
+ *
+ * @version $Rev: 576656 $ $Date: 2007-09-17 19:02:43 -0700 (Mon, 17 Sep 2007) $
+ */
+public interface SSLContextFactory
+{
+    /**
+     * Creates a {@link SSLContext} suiteable for server-side usage.
+     */
+    SSLContext createServerContext() throws GeneralSecurityException;
+
+    /**
+     * Creates a {@link SSLContext} suiteable for client-side usage.
+     */
+    SSLContext createClientContext() throws GeneralSecurityException;
+}
\ No newline at end of file



Mime
View raw message