tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Betteridge <n.betteri...@syntactics.com>
Subject Re: Resend: SSL portability and Coyote
Date Mon, 29 Apr 2002 09:20:53 GMT
Erik

This is what I'm currently using for Catalina as  a
SSLServerSocketFactory - some of it may look familiar!

rgds



import java.io.InputStream;
import java.io.IOException;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;

import COM.claymoresystems.ptls.SSLContext;
import COM.claymoresystems.ptls.SSLContext;
import COM.claymoresystems.ptls.SSLSocket;
import COM.claymoresystems.ptls.SSLServerSocket;
import COM.claymoresystems.sslg.SSLPolicyInt;

/**
 * SSL server socket factory--wraps PureTLS
 *
 * @author Eric Rescorla
 *
 * some sections of this file cribbed from SSLSocketFactory
 * (the JSSE socket factory)
 *
 */

 
public class PureTLSSocketFactory 
    implements org.apache.catalina.net.ServerSocketFactory
{
    static String defaultProtocol = "TLS";
    static boolean defaultClientAuth = false;
    static String pureTLSCertificateFactoryName =
"com.syntactics.server.net.PureTLSCertificateFactory";
    private PureTLSCertificateFactoryInterface pureTLSCertificateFactory
= null;
    
    private SSLContext context=null;
    
    public PureTLSSocketFactory() {
    }

    /**
     * Should we require client authentication?
     */
    private boolean clientAuth = false;

    public boolean getClientAuth() {
        return (this.clientAuth);
    }

    public void setClientAuth(boolean clientAuth) {
        this.clientAuth = clientAuth;
    }
    
    public String getPureTLSCertificateFactory() {
        return pureTLSCertificateFactoryName;
    }
    
    public void setPureTLSCertificateFactory(String
pureTLSCertificateFactory) {
        this.pureTLSCertificateFactoryName = pureTLSCertificateFactory;
    }

    public ServerSocket createSocket(int port)
	throws IOException
    {
	init();
	return new SSLServerSocket(context,port);
    }

    public ServerSocket createSocket(int port, int backlog)
	throws IOException
    {
	init();
	ServerSocket tmp;
	
	try {
	    tmp=new SSLServerSocket(context,port,backlog);
	}
	catch (IOException e){
	    throw e;
	}
	return tmp;
    }

    public ServerSocket createSocket(int port, int backlog,
				     InetAddress ifAddress)
	throws IOException
    {
	init();
	return new SSLServerSocket(context,port,backlog,ifAddress);
    }

    private void init()
	throws IOException//, ClassNotFoundException, IllegalAccessException,
InstantiationException
    {
        try {
            pureTLSCertificateFactory =
(PureTLSCertificateFactoryInterface)Class.forName(pureTLSCertificateFactoryName).newInstance();
        } catch (ClassNotFoundException cnfe) {
            throw new
IOException(cnfe.getMessage());//ClassNotFoundException(cnfe.getMessage());
        } catch (IllegalAccessException iae) {
            throw new
IOException(iae.getMessage());//IllegalAccessException(iae.getMessage());
        } catch (InstantiationException ie) {
            throw new
IOException(ie.getMessage());//InstantiationException(ie.getMessage());
        }
        
	if(context!=null)
	    return;

	try {
	    String keyStoreFile=null;
	    if(keyStoreFile==null)
keyStoreFile=pureTLSCertificateFactory.getKeyStoreFile();
            InputStream keyStoreStream =
pureTLSCertificateFactory.getKeyStoreStream();
	    
	    String keyPass=null;
	    if(keyPass==null)
keyPass=pureTLSCertificateFactory.getKeyPassword();
	    
	    String rootFile=null;
	    if(rootFile==null)
rootFile=pureTLSCertificateFactory.getRootFile();
            InputStream rootStream =
pureTLSCertificateFactory.getRootStream();

	    String randomFile=null;
	    if(randomFile==null)
randomFile=pureTLSCertificateFactory.getRandomFile();
	    
	    String protocol=defaultProtocol;

	    SSLContext tmpContext=new SSLContext();
	    if(clientAuth){
                if (rootStream == null)
		    tmpContext.loadRootCertificates(rootFile);
                else
                    tmpContext.loadRootCertificates(rootStream);
	    }
            if (keyStoreStream == null)
	        tmpContext.loadEAYKeyFile(keyStoreFile,keyPass);
            else
                tmpContext.loadEAYKeyFile(keyStoreStream,keyPass);
	    tmpContext.useRandomnessFile(randomFile,keyPass);
            
            if (rootStream!=null) rootStream.close();
            if (keyStoreStream!=null) keyStoreStream.close();
	    
	    SSLPolicyInt policy=new SSLPolicyInt();
	    policy.requireClientAuth(clientAuth);
	    policy.handshakeOnConnect(false);
	    policy.waitOnClose(false);
	    tmpContext.setPolicy(policy);
	    context=tmpContext;
	} catch (Exception e){
	    throw new IOException(e.getMessage());
	}
    }

    public void handshake(Socket sock)
	 throws IOException
    {
	((SSLSocket)sock).handshake();
    }
    
}

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message