hc-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ol...@apache.org
Subject svn commit: r358353 - /jakarta/httpcomponents/trunk/http-core/src/java/org/apache/http/impl/io/SSLSocketFactory.java
Date Wed, 21 Dec 2005 19:32:03 GMT
Author: olegk
Date: Wed Dec 21 11:31:57 2005
New Revision: 358353

URL: http://svn.apache.org/viewcvs?rev=358353&view=rev
Log:
Removed all references to Java 1.4 specific classes. HttpCore components are now fully Java
1.3 compatible

Modified:
    jakarta/httpcomponents/trunk/http-core/src/java/org/apache/http/impl/io/SSLSocketFactory.java

Modified: jakarta/httpcomponents/trunk/http-core/src/java/org/apache/http/impl/io/SSLSocketFactory.java
URL: http://svn.apache.org/viewcvs/jakarta/httpcomponents/trunk/http-core/src/java/org/apache/http/impl/io/SSLSocketFactory.java?rev=358353&r1=358352&r2=358353&view=diff
==============================================================================
--- jakarta/httpcomponents/trunk/http-core/src/java/org/apache/http/impl/io/SSLSocketFactory.java
(original)
+++ jakarta/httpcomponents/trunk/http-core/src/java/org/apache/http/impl/io/SSLSocketFactory.java
Wed Dec 21 11:31:57 2005
@@ -31,22 +31,8 @@
 
 import java.io.IOException;
 import java.net.InetAddress;
-import java.net.InetSocketAddress;
 import java.net.Socket;
 import java.net.UnknownHostException;
-import java.security.KeyManagementException;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
-import java.security.UnrecoverableKeyException;
-
-import javax.net.SocketFactory;
-import javax.net.ssl.KeyManager;
-import javax.net.ssl.KeyManagerFactory;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.TrustManagerFactory;
 
 import org.apache.http.ConnectTimeoutException;
 import org.apache.http.io.SecureSocketFactory;
@@ -54,88 +40,13 @@
 import org.apache.http.params.HttpParams;
 
 /**
- * <p>
- * SSLProtocolSocketFactory can be used to validate the identity of the HTTPS 
- * server against a list of trusted certificates and to authenticate to the HTTPS 
- * server using a private key. 
- * </p>
- * 
- * <p>
- * SSLProtocolSocketFactory will enable server authentication when supplied with
- * a {@link KeyStore truststore} file containg one or several trusted certificates. 
- * The client secure socket will reject the connection during the SSL session handshake 
- * if the target HTTPS server attempts to authenticate itself with a non-trusted 
- * certificate.
- * </p>
- * 
- * <p>
- * Use JDK keytool utility to import a trusted certificate and generate a truststore file:
   
- *    <pre>
- *     keytool -import -alias "my server cert" -file server.crt -keystore my.truststore
- *    </pre>
- * </p>
- * 
- * <p>
- * SSLProtocolSocketFactory will enable client authentication when supplied with
- * a {@link KeyStore keystore} file containg a private key/public certificate pair. 
- * The client secure socket will use the private key to authenticate itself to the target

- * HTTPS server during the SSL session handshake if requested to do so by the server. 
- * The target HTTPS server will in its turn verify the certificate presented by the client
- * in order to establish client's authenticity
- * </p>
- * 
- * <p>
- * Use the following sequence of actions to generate a keystore file
- * </p>
- *   <ul>
- *     <li>
- *      <p>
- *      Use JDK keytool utility to generate a new key
- *      <pre>keytool -genkey -v -alias "my client key" -validity 365 -keystore my.keystore</pre>
- *      For simplicity use the same password for the key as that of the keystore
- *      </p>
- *     </li>
- *     <li>
- *      <p>
- *      Issue a certificate signing request (CSR)
- *      <pre>keytool -certreq -alias "my client key" -file mycertreq.csr -keystore
my.keystore</pre>
- *     </p>
- *     </li>
- *     <li>
- *      <p>
- *      Send the certificate request to the trusted Certificate Authority for signature.

- *      One may choose to act as her own CA and sign the certificate request using a PKI

- *      tool, such as OpenSSL.
- *      </p>
- *     </li>
- *     <li>
- *      <p>
- *       Import the trusted CA root certificate
- *       <pre>keytool -import -alias "my trusted ca" -file caroot.crt -keystore my.keystore</pre>

- *      </p>
- *     </li>
- *     <li>
- *      <p>
- *       Import the PKCS#7 file containg the complete certificate chain
- *       <pre>keytool -import -alias "my client key" -file mycert.p7 -keystore my.keystore</pre>

- *      </p>
- *     </li>
- *     <li>
- *      <p>
- *       Verify the content the resultant keystore file
- *       <pre>keytool -list -v -keystore my.keystore</pre> 
- *      </p>
- *     </li>
- *   </ul>
+ * <p>A wrapper class for the standard JSSE SSLSocketFactory</p>
+ *   
  * @author <a href="mailto:oleg at ural.ru">Oleg Kalnichevski</a>
  */
 
 public class SSLSocketFactory implements SecureSocketFactory {
 
-    public static final String TLS   = "TLS";
-    public static final String SSL   = "SSL";
-    public static final String SSLV2 = "SSLv2";
-    
     /**
      * The factory singleton.
      */
@@ -149,83 +60,6 @@
         return DEFAULT_FACTORY;
     }
     
-    private final SSLContext sslcontext;
-    private final SocketFactory socketfactory;
-
-    public SSLSocketFactory(
-        String algorithm, 
-        final KeyStore keystore, 
-        final String keystorePassword, 
-        final KeyStore truststore,
-        final SecureRandom random) 
-        throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException
-    {
-        super();
-        if (algorithm == null) {
-            algorithm = TLS;
-        }
-        KeyManager[] keymanagers = null;
-        if (keystore != null) {
-            keymanagers = createKeyManagers(keystore, keystorePassword);
-        }
-        TrustManager[] trustmanagers = null;
-        if (truststore != null) {
-            trustmanagers = createTrustManagers(keystore);
-        }
-        this.sslcontext = SSLContext.getInstance(algorithm);
-        this.sslcontext.init(keymanagers, trustmanagers, random);
-        this.socketfactory = this.sslcontext.getSocketFactory();
-    }
-
-    public SSLSocketFactory(
-            final KeyStore keystore, 
-            final String keystorePassword, 
-            final KeyStore truststore) 
-            throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException
-    {
-        this(TLS, keystore, keystorePassword, truststore, null);
-    }
-
-    public SSLSocketFactory(final KeyStore keystore, final String keystorePassword) 
-            throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException
-    {
-        this(TLS, keystore, keystorePassword, null, null);
-    }
-
-    public SSLSocketFactory(final KeyStore truststore) 
-            throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException
-    {
-        this(TLS, null, null, truststore, null);
-    }
-
-    public SSLSocketFactory() {
-        super();
-        this.sslcontext = null;
-        this.socketfactory = javax.net.ssl.SSLSocketFactory.getDefault(); 
-    }
-
-    private static KeyManager[] createKeyManagers(final KeyStore keystore, final String password)
-        throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
-        if (keystore == null) {
-            throw new IllegalArgumentException("Keystore may not be null");
-        }
-        KeyManagerFactory kmfactory = KeyManagerFactory.getInstance(
-            KeyManagerFactory.getDefaultAlgorithm());
-        kmfactory.init(keystore, password != null ? password.toCharArray(): null);
-        return kmfactory.getKeyManagers(); 
-    }
-
-    private static TrustManager[] createTrustManagers(final KeyStore keystore)
-        throws KeyStoreException, NoSuchAlgorithmException { 
-        if (keystore == null) {
-            throw new IllegalArgumentException("Keystore may not be null");
-        }
-        TrustManagerFactory tmfactory = TrustManagerFactory.getInstance(
-            TrustManagerFactory.getDefaultAlgorithm());
-        tmfactory.init(keystore);
-        return tmfactory.getTrustManagers();
-    }
-
     /**
      * Attempts to get a new socket connection to the given host within the given time limit.
      *  
@@ -255,13 +89,17 @@
         if (params == null) {
             throw new IllegalArgumentException("Parameters may not be null");
         }
-        Socket socket = this.socketfactory.createSocket();
+        int timeout = HttpConnectionParams.getConnectionTimeout(params);
+        if (timeout != 0) {
+            throw new IllegalStateException("Connection timeout is not supported in old IO
mode");
+        }
+        javax.net.ssl.SSLSocketFactory socketfactory = 
+            (javax.net.ssl.SSLSocketFactory) javax.net.ssl.SSLSocketFactory.getDefault();
         if (localAddress != null) {
-            socket.bind(new InetSocketAddress(localAddress, localPort));
+            return socketfactory.createSocket(host, port, localAddress, localPort);
+        } else {
+            return socketfactory.createSocket(host, port);
         }
-        int timeout = HttpConnectionParams.getConnectionTimeout(params);
-        socket.connect(new InetSocketAddress(host, port), timeout);
-        return socket;
     }
 
     /**
@@ -274,12 +112,9 @@
         boolean autoClose)
         throws IOException, UnknownHostException
     {
-        return this.sslcontext.getSocketFactory().createSocket(
-            socket,
-            host,
-            port,
-            autoClose
-        );
+        javax.net.ssl.SSLSocketFactory socketfactory = 
+            (javax.net.ssl.SSLSocketFactory) javax.net.ssl.SSLSocketFactory.getDefault();
+        return socketfactory.createSocket(socket, host, port, autoClose);
     }
     
 }



Mime
View raw message