tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From na...@apache.org
Subject cvs commit: jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/puretls PureTLSImplementation.java PureTLSSocket.java PureTLSSocketFactory.java PureTLSSupport.java
Date Fri, 04 Oct 2002 20:03:11 GMT
nacho       2002/10/04 13:03:11

  Modified:    util/java/org/apache/tomcat/util/net SSLImplementation.java
                        SSLSupport.java
  Added:       util/java/org/apache/tomcat/util/net/jsse
                        JSSEImplementation.java JSSESocketFactory.java
                        JSSESupport.java
               util/java/org/apache/tomcat/util/net/puretls
                        PureTLSImplementation.java PureTLSSocket.java
                        PureTLSSocketFactory.java PureTLSSupport.java
  Removed:     util/java/org/apache/tomcat/util/net JSSEImplementation.java
                        JSSESocketFactory.java JSSESupport.java
                        PureTLSImplementation.java PureTLSSocket.java
                        PureTLSSocketFactory.java PureTLSSupport.java
  Log:
  Refactoring the SSL classes to his own packages, this should not harm anything and makes
easy for tools to manage the depencies..
  
  Revision  Changes    Path
  1.1                  jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java
  
  Index: JSSEImplementation.java
  ===================================================================
  /*
   * ====================================================================
   *
   * The Apache Software License, Version 1.1
   *
   * Copyright (c) 1999 The Apache Software Foundation.  All rights 
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer. 
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution, if
   *    any, must include the following acknowlegement:  
   *       "This product includes software developed by the 
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowlegement may appear in the software itself,
   *    if and wherever such third-party acknowlegements normally appear.
   *
   * 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
   *    Foundation" must not be used to endorse or promote products derived
   *    from this software without prior written permission. For written 
   *    permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache"
   *    nor may "Apache" appear in their names without prior written
   *    permission of the Apache Group.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   *
   * [Additional notices, if required by prior licensing conditions]
   *
   */ 
  
  package org.apache.tomcat.util.net.jsse;
  
  import org.apache.tomcat.util.net.SSLImplementation;
  import org.apache.tomcat.util.net.SSLSupport;
  import org.apache.tomcat.util.net.ServerSocketFactory;
  import java.io.*;
  import java.net.*;
  import javax.net.ssl.SSLSocket;
  
  /* JSSEImplementation:
  
     Concrete implementation class for JSSE
  
     @author EKR
  */
  	
  public class JSSEImplementation extends SSLImplementation
  {
      public JSSEImplementation() throws ClassNotFoundException {
  	// Check to see if JSSE is floating around somewhere
  	Class.forName("javax.net.ssl.SSLServerSocketFactory");
      }
  
  
      public String getImplementationName(){
        return "JSSE";
      }
        
      public ServerSocketFactory getServerSocketFactory()
      {
  	return new JSSESocketFactory();
      } 
  
      public SSLSupport getSSLSupport(Socket s)
      {
  	return new JSSESupport((SSLSocket)s);
      }
  
  
  
  }
  
  
  
  1.1                  jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
  
  Index: JSSESocketFactory.java
  ===================================================================
  /*
   * ====================================================================
   *
   * The Apache Software License, Version 1.1
   *
   * Copyright (c) 1999 The Apache Software Foundation.  All rights 
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer. 
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution, if
   *    any, must include the following acknowlegement:  
   *       "This product includes software developed by the 
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowlegement may appear in the software itself,
   *    if and wherever such third-party acknowlegements normally appear.
   *
   * 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
   *    Foundation" must not be used to endorse or promote products derived
   *    from this software without prior written permission. For written 
   *    permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache"
   *    nor may "Apache" appear in their names without prior written
   *    permission of the Apache Group.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   *
   * [Additional notices, if required by prior licensing conditions]
   *
   */ 
  package org.apache.tomcat.util.net.jsse;
  
  import java.io.*;
  import java.net.*;
  
  import java.security.KeyStore;
  
  import java.security.Security;
  import javax.net.ServerSocketFactory;
  import javax.net.ssl.SSLServerSocket;
  import javax.net.ssl.SSLSocket;
  import javax.net.ssl.SSLException;
  import javax.net.ssl.SSLServerSocketFactory;
  import javax.net.ssl.HandshakeCompletedListener;
  import javax.net.ssl.HandshakeCompletedEvent;
  
  /*
    1. Make the JSSE's jars available, either as an installed
       extension (copy them into jre/lib/ext) or by adding
       them to the Tomcat classpath.
    2. keytool -genkey -alias tomcat -keyalg RSA
       Use "changeit" as password ( this is the default we use )
   */
  
  /**
   * SSL server socket factory. It _requires_ a valid RSA key and
   * JSSE. 
   *
   * @author Harish Prabandham
   * @author Costin Manolache
   * @author Stefan Freyr Stefansson
   * @author EKR -- renamed to JSSESocketFactory
   */
  public class JSSESocketFactory
      extends org.apache.tomcat.util.net.ServerSocketFactory
  {
      private String keystoreType;
  
      static String defaultKeystoreType = "JKS";
      static String defaultProtocol = "TLS";
      static String defaultAlgorithm = "SunX509";
      static boolean defaultClientAuth = false;
  
      private boolean clientAuth = false;
      private SSLServerSocketFactory sslProxy = null;
      
      // defaults
      static String defaultKeystoreFile=System.getProperty("user.home") +
  	"/.keystore";
      static String defaultKeyPass="changeit";
  
      
      public JSSESocketFactory () {
      }
  
      public ServerSocket createSocket (int port)
  	throws IOException
      {
  	if( sslProxy == null ) initProxy();
  	ServerSocket socket = 
  	    sslProxy.createServerSocket(port);
  	initServerSocket(socket);
  	return socket;
      }
      
      public ServerSocket createSocket (int port, int backlog)
  	throws IOException
      {
  	if( sslProxy == null ) initProxy();
  	ServerSocket socket = 
  	    sslProxy.createServerSocket(port, backlog);
  	initServerSocket(socket);
  	return socket;
      }
      
      public ServerSocket createSocket (int port, int backlog,
  				      InetAddress ifAddress)
  	throws IOException
      {	
  	if( sslProxy == null ) initProxy();
  	ServerSocket socket = 
  	    sslProxy.createServerSocket(port, backlog, ifAddress);
  	initServerSocket(socket);
  	return socket;
      }
      
      
      // -------------------- Internal methods
      /** Read the keystore, init the SSL socket factory
       */
      private void initProxy() throws IOException {
  	try {
  	    Security.addProvider (new sun.security.provider.Sun());
  	    Security.addProvider (new com.sun.net.ssl.internal.ssl.Provider());
  
  	    // Please don't change the name of the attribute - other
  	    // software may depend on it ( j2ee for sure )
  	    String keystoreFile=(String)attributes.get("keystore");
  	    if( keystoreFile==null) keystoreFile=defaultKeystoreFile;
  
  	    keystoreType=(String)attributes.get("keystoreType");
  	    if( keystoreType==null) keystoreType=defaultKeystoreType;
  
  	    //determine whether we want client authentication
  	    // the presence of the attribute enables client auth
  	    String clientAuthStr=(String)attributes.get("clientauth");
  	    if(clientAuthStr != null){
  		if(clientAuthStr.equals("true")){
  		    clientAuth=true;
  		} else if(clientAuthStr.equals("false")) {
  		    clientAuth=false;
  		} else {
  		    throw new IOException("Invalid value '" +
  					  clientAuthStr + 
  					  "' for 'clientauth' parameter:");
  		}
  	    }
  
  	    String keyPass=(String)attributes.get("keypass");
  	    if( keyPass==null) keyPass=defaultKeyPass;
  
  	    String keystorePass=(String)attributes.get("keystorePass");
  	    if( keystorePass==null) keystorePass=keyPass;
  
  	    //protocol for the SSL ie - TLS, SSL v3 etc.
  	    String protocol = (String)attributes.get("protocol");
  	    if(protocol == null) protocol = defaultProtocol;
  	    
  	    //Algorithm used to encode the certificate ie - SunX509
  	    String algorithm = (String)attributes.get("algorithm");
  	    if(algorithm == null) algorithm = defaultAlgorithm;
  	    
  	    // You can't use ssl without a server certificate.
  	    // Create a KeyStore ( to get server certs )
  	    KeyStore kstore = initKeyStore( keystoreFile, keystorePass );
  	    
  	    // Create a SSLContext ( to create the ssl factory )
  	    // This is the only way to use server sockets with JSSE 1.0.1
  	    com.sun.net.ssl.SSLContext context = 
  		com.sun.net.ssl.SSLContext.getInstance(protocol); //SSL
  
  	    // Key manager will extract the server key
  	    com.sun.net.ssl.KeyManagerFactory kmf = 
  		com.sun.net.ssl.KeyManagerFactory.getInstance(algorithm);
  	    kmf.init( kstore, keyPass.toCharArray());
  
  	    //  set up TrustManager
  	    com.sun.net.ssl.TrustManager[] tm = null;
  	    String trustStoreFile = System.getProperty("javax.net.ssl.trustStore");
  	    String trustStorePassword =
  	        System.getProperty("javax.net.ssl.trustStorePassword");
  	    if ( trustStoreFile != null && trustStorePassword != null ){
              KeyStore trustStore = initKeyStore( trustStoreFile, trustStorePassword);
              
              com.sun.net.ssl.TrustManagerFactory tmf =
                  com.sun.net.ssl.TrustManagerFactory.getInstance("SunX509");
  
              tmf.init(trustStore);
              tm = tmf.getTrustManagers();
          }
  
  	    // init context with the key managers
  	    context.init(kmf.getKeyManagers(), tm, 
  			 new java.security.SecureRandom());
  
  	    // create proxy
  	    sslProxy = context.getServerSocketFactory();
  
  	    return;
  	} catch(Exception e) {
  	    if( e instanceof IOException )
  		throw (IOException)e;
  	    throw new IOException(e.getMessage());
  	}
      }
  
      public Socket acceptSocket(ServerSocket socket)
  	throws IOException
      {
  	SSLSocket asock = null;
  	try {
  	     asock = (SSLSocket)socket.accept();
  	     asock.setNeedClientAuth(clientAuth);
  	} catch (SSLException e){
  	  throw new SocketException("SSL handshake error" + e.toString());
  	}
  	return asock;
      }
       
      /** Set server socket properties ( accepted cipher suites, etc)
       */
      private void initServerSocket(ServerSocket ssocket) {
  	SSLServerSocket socket=(SSLServerSocket)ssocket;
  
  	// We enable all cipher suites when the socket is
  	// connected - XXX make this configurable 
  	String cipherSuites[] = socket.getSupportedCipherSuites();
  	socket.setEnabledCipherSuites(cipherSuites);
  
  	// we don't know if client auth is needed -
  	// after parsing the request we may re-handshake
  	socket.setNeedClientAuth(clientAuth);
      }
  
      private KeyStore initKeyStore( String keystoreFile,
  				   String keyPass)
  	throws IOException
      {
  	InputStream istream = null;
  	try {
  	    KeyStore kstore=KeyStore.getInstance( keystoreType );
  	    istream = new FileInputStream(keystoreFile);
  	    kstore.load(istream, keyPass.toCharArray());
  	    return kstore;
  	}
  	catch (FileNotFoundException fnfe) {
  	    throw fnfe;
  	}
  	catch (IOException ioe) {
  	    throw ioe;	    
  	}
  	catch(Exception ex) {
  	    ex.printStackTrace();
  	    throw new IOException( "Exception trying to load keystore " +
  				   keystoreFile + ": " + ex.getMessage() );
  	}
      }
  
      public void handshake(Socket sock)
  	 throws IOException
      {
  	((SSLSocket)sock).startHandshake();
      }
  }
  
  
  
  1.1                  jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
  
  Index: JSSESupport.java
  ===================================================================
  /*
   * ====================================================================
   *
   * The Apache Software License, Version 1.1
   *
   * Copyright (c) 1999 The Apache Software Foundation.  All rights 
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer. 
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution, if
   *    any, must include the following acknowlegement:  
   *       "This product includes software developed by the 
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowlegement may appear in the software itself,
   *    if and wherever such third-party acknowlegements normally appear.
   *
   * 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
   *    Foundation" must not be used to endorse or promote products derived
   *    from this software without prior written permission. For written 
   *    permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache"
   *    nor may "Apache" appear in their names without prior written
   *    permission of the Apache Group.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   *
   * [Additional notices, if required by prior licensing conditions]
   *
   */ 
  
  package org.apache.tomcat.util.net.jsse;
  
  import org.apache.tomcat.util.net.SSLSupport;
  import java.io.*;
  import java.net.*;
  import java.util.Vector;
  import java.security.cert.CertificateFactory;
  import javax.net.ssl.SSLSession;
  import javax.net.ssl.SSLSocket;
  import java.security.cert.CertificateFactory;
  import javax.security.cert.X509Certificate;
  
  /* JSSESupport
  
     Concrete implementation class for JSSE
     Support classes.
  
     This will only work with JDK 1.2 and up since it
     depends on JDK 1.2's certificate support
  
     @author EKR
     @author Craig R. McClanahan
     Parts cribbed from JSSECertCompat       
     Parts cribbed from CertificatesValve
  */
  
  class JSSESupport implements SSLSupport {
  
      private SSLSocket ssl;
  
  
      JSSESupport(SSLSocket sock){
          ssl=sock;
      }
  
      public String getCipherSuite() throws IOException {
          // Look up the current SSLSession
          SSLSession session = ssl.getSession();
          if (session == null)
              return null;
          return session.getCipherSuite();
      }
  
      public Object[] getPeerCertificateChain() 
  	throws IOException {
  	return getPeerCertificateChain(false);
      }
  
      public Object[] getPeerCertificateChain(boolean force)
  	throws IOException {
          // Look up the current SSLSession
          SSLSession session = ssl.getSession();
          if (session == null)
              return null;
  
          // Convert JSSE's certificate format to the ones we need
          X509Certificate jsseCerts[] = null;
          java.security.cert.X509Certificate x509Certs[] = null;
          try {
  	    try {
  		jsseCerts = session.getPeerCertificateChain();
  	    } catch(Exception bex) {
  		// ignore.
  	    }
              if (jsseCerts == null)
                  jsseCerts = new X509Certificate[0];
  	    if(jsseCerts.length <= 0 && force) {
  		session.invalidate();
  		ssl.setNeedClientAuth(true);
  		ssl.startHandshake();
  		session = ssl.getSession();
  		jsseCerts = session.getPeerCertificateChain();
  		if(jsseCerts == null)
  		    jsseCerts = new X509Certificate[0];
  	    }
              x509Certs =
                new java.security.cert.X509Certificate[jsseCerts.length];
              for (int i = 0; i < x509Certs.length; i++) {
                  byte buffer[] = jsseCerts[i].getEncoded();
                  CertificateFactory cf =
                    CertificateFactory.getInstance("X.509");
                  ByteArrayInputStream stream =
                    new ByteArrayInputStream(buffer);
                  x509Certs[i] = (java.security.cert.X509Certificate)
                    cf.generateCertificate(stream);
              }
  	} catch (Throwable t) {
  	    return null;
          }
  
          if ((x509Certs == null) || (x509Certs.length < 1))
              return null;
  
          return x509Certs;
      }
  
      /**
       * Copied from <code>org.apache.catalina.valves.CertificateValve</code>
       */
      public Integer getKeySize() 
          throws IOException {
          // Look up the current SSLSession
          SSLSession session = ssl.getSession();
          SSLSupport.CipherData c_aux[]=ciphers;
          if (session == null)
              return null;
          Integer keySize = (Integer) session.getValue(KEY_SIZE_KEY);
          if (keySize == null) {
              int size = 0;
              String cipherSuite = session.getCipherSuite();
              for (int i = 0; i < c_aux.length; i++) {
                  if (cipherSuite.indexOf(c_aux[i].phrase) >= 0) {
                      size = c_aux[i].keySize;
                      break;
                  }
              }
              keySize = new Integer(size);
              session.putValue(KEY_SIZE_KEY, keySize);
          }
          return keySize;
      }
  
      public String getSessionId()
          throws IOException {
          // Look up the current SSLSession
          SSLSession session = ssl.getSession();
          if (session == null)
              return null;
          // Expose ssl_session (getId)
          byte [] ssl_session = session.getId();
          if ( ssl_session == null) 
              return null;
          StringBuffer buf=new StringBuffer("");
          for(int x=0; x<ssl_session.length; x++) {
              String digit=Integer.toHexString((int)ssl_session[x]);
              if (digit.length()<2) buf.append('0');
              if (digit.length()>2) digit=digit.substring(digit.length()-2);
              buf.append(digit);
          }
          return buf.toString();
      }
  }
  
  
  
  
  1.2       +3 -3      jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/SSLImplementation.java
  
  Index: SSLImplementation.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/SSLImplementation.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- SSLImplementation.java	5 Apr 2002 17:43:33 -0000	1.1
  +++ SSLImplementation.java	4 Oct 2002 20:03:10 -0000	1.2
  @@ -71,9 +71,9 @@
   abstract public class SSLImplementation {
       // The default implementations in our search path
       private static final String PureTLSImplementationClass=
  -	"org.apache.tomcat.util.net.PureTLSImplementation";
  +	"org.apache.tomcat.util.net.puretls.PureTLSImplementation";
       private static final String JSSEImplementationClass=
  -	"org.apache.tomcat.util.net.JSSEImplementation";
  +	"org.apache.tomcat.util.net.jsse.JSSEImplementation";
       
       private static final String[] implementations=
       {
  @@ -89,7 +89,7 @@
   		    getInstance(implementations[i]);
   		return impl;
   	    } catch (Exception e) {
  -		// Ignore 
  +		//e.printStackTrace();
   	    }
   	}
   
  
  
  
  1.5       +19 -20    jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/SSLSupport.java
  
  Index: SSLSupport.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/SSLSupport.java,v
  retrieving revision 1.4
  retrieving revision 1.5
  diff -u -r1.4 -r1.5
  --- SSLSupport.java	21 Sep 2002 04:39:33 -0000	1.4
  +++ SSLSupport.java	4 Oct 2002 20:03:10 -0000	1.5
  @@ -148,25 +148,24 @@
        */
       public String getSessionId()
           throws IOException;
  -}
  -// ------------------------------------------------------------ Private Classes
  -
  -
  -/**
  - * Simple data class that represents the cipher being used, along with the
  - * corresponding effective key size.  The specified phrase must appear in the
  - * name of the cipher suite to be recognized.
  - */
  -
  -final class CipherData {
  -
  -    String phrase = null;
  -
  -    int keySize = 0;
  -
  -    public CipherData(String phrase, int keySize) {
  -        this.phrase = phrase;
  -        this.keySize = keySize;
  +    /**
  +     * Simple data class that represents the cipher being used, along with the
  +     * corresponding effective key size.  The specified phrase must appear in the
  +     * name of the cipher suite to be recognized.
  +     */
  +    
  +    final class CipherData {
  +    
  +        public String phrase = null;
  +    
  +        public int keySize = 0;
  +    
  +        public CipherData(String phrase, int keySize) {
  +            this.phrase = phrase;
  +            this.keySize = keySize;
  +        }
  +    
       }
  -
  +    
   }
  +
  
  
  
  1.1                  jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/puretls/PureTLSImplementation.java
  
  Index: PureTLSImplementation.java
  ===================================================================
  /*
   * ====================================================================
   *
   * The Apache Software License, Version 1.1
   *
   * Copyright (c) 1999 The Apache Software Foundation.  All rights 
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer. 
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution, if
   *    any, must include the following acknowlegement:  
   *       "This product includes software developed by the 
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowlegement may appear in the software itself,
   *    if and wherever such third-party acknowlegements normally appear.
   *
   * 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
   *    Foundation" must not be used to endorse or promote products derived
   *    from this software without prior written permission. For written 
   *    permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache"
   *    nor may "Apache" appear in their names without prior written
   *    permission of the Apache Group.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   *
   * [Additional notices, if required by prior licensing conditions]
   *
   */ 
  
  package org.apache.tomcat.util.net.puretls;
  
  import org.apache.tomcat.util.net.SSLImplementation;
  import org.apache.tomcat.util.net.SSLSupport;
  import org.apache.tomcat.util.net.ServerSocketFactory;
  import java.io.*;
  import java.net.*;
  
  import COM.claymoresystems.sslg.*;
  import COM.claymoresystems.ptls.*;
  import COM.claymoresystems.cert.*;
  
  /* PureTLSImplementation:
  
     Concrete implementation class for PureTLS
  
     @author EKR
  */
  
  public class PureTLSImplementation extends SSLImplementation
  {
      public PureTLSImplementation() throws ClassNotFoundException {
  	// Check to see if PureTLS is floating around somewhere
  	Class.forName("COM.claymoresystems.ptls.SSLContext");
      }
  
      public String getImplementationName(){
        return "PureTLS";
      }
        
      public ServerSocketFactory getServerSocketFactory()
      {
  	return new PureTLSSocketFactory();
      } 
  
      public SSLSupport getSSLSupport(Socket s)
      {
  	return new PureTLSSupport((SSLSocket)s);
      }
  
  
  
  }
  
  
  
  1.1                  jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/puretls/PureTLSSocket.java
  
  Index: PureTLSSocket.java
  ===================================================================
  /*
   * ====================================================================
   *
   * The Apache Software License, Version 1.1
   *
   * Copyright (c) 1999 The Apache Software Foundation.  All rights 
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer. 
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution, if
   *    any, must include the following acknowlegement:  
   *       "This product includes software developed by the 
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowlegement may appear in the software itself,
   *    if and wherever such third-party acknowlegements normally appear.
   *
   * 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
   *    Foundation" must not be used to endorse or promote products derived
   *    from this software without prior written permission. For written 
   *    permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache"
   *    nor may "Apache" appear in their names without prior written
   *    permission of the Apache Group.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   *
   * [Additional notices, if required by prior licensing conditions]
   *
   */
  
  package org.apache.tomcat.util.net.puretls;
  
  import java.io.*;
  import java.net.*;
  
  import COM.claymoresystems.ptls.*;
  import COM.claymoresystems.cert.*;
  import COM.claymoresystems.sslg.*;
  
  /*
   * PureTLSSocket.java
   *
   * Wraps COM.claymoresystems.ptls.SSLSocket
   *
   * This class translates PureTLS's interfaces into those
   * expected by Tomcat
   *
   * @author Eric Rescorla
   *
   */
  
  public class PureTLSSocket extends COM.claymoresystems.ptls.SSLSocket
  {
      // The only constructor we need here is the no-arg
      // constructor since this class is only used with
      // implAccept
      public PureTLSSocket() throws IOException {
  	super();
      }
  }
   
  
  
  
  1.1                  jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/puretls/PureTLSSocketFactory.java
  
  Index: PureTLSSocketFactory.java
  ===================================================================
  /*
   * ====================================================================
   *
   * The Apache Software License, Version 1.1
   *
   * Copyright (c) 1999 The Apache Software Foundation.  All rights 
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer. 
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution, if
   *    any, must include the following acknowlegement:  
   *       "This product includes software developed by the 
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowlegement may appear in the software itself,
   *    if and wherever such third-party acknowlegements normally appear.
   *
   * 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
   *    Foundation" must not be used to endorse or promote products derived
   *    from this software without prior written permission. For written 
   *    permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache"
   *    nor may "Apache" appear in their names without prior written
   *    permission of the Apache Group.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   *
   * [Additional notices, if required by prior licensing conditions]
   *
   */
  
  package org.apache.tomcat.util.net.puretls;
  
  import java.io.*;
  import java.net.*;
  
  import COM.claymoresystems.ptls.*;
  import COM.claymoresystems.cert.*;
  import COM.claymoresystems.sslg.*;
  
  /**
   * SSL server socket factory--wraps PureTLS
   *
   * @author Eric Rescorla
   *
   * some sections of this file cribbed from SSLSocketFactory
   * (the JSSE socket factory)
   *
   */
   
  public class PureTLSSocketFactory
      extends org.apache.tomcat.util.net.ServerSocketFactory
  {
      static String defaultProtocol = "TLS";
      static boolean defaultClientAuth = false;
      static String defaultKeyStoreFile = "server.pem";
      static String defaultKeyPass = "password";    
      static String defaultRootFile = "root.pem";
      static String defaultRandomFile = "random.pem";
      
      private COM.claymoresystems.ptls.SSLContext context=null;
      
      public PureTLSSocketFactory() {
      }
  
      public ServerSocket createSocket(int port)
  	throws IOException
      {
  	init();
  	return new SSLServerSocket(context,port);
      }
  
      public ServerSocket createSocket(int port, int backlog)
  	throws IOException
      {
  	init();
  	ServerSocket tmp;
  	
  	try {
  	    tmp=new SSLServerSocket(context,port,backlog);
  	}
  	catch (IOException e){
  	    throw e;
  	}
  	return tmp;
      }
  
      public ServerSocket createSocket(int port, int backlog,
  				     InetAddress ifAddress)
  	throws IOException
      {
  	init();
  	return new SSLServerSocket(context,port,backlog,ifAddress);
      }
  
      private void init()
  	throws IOException
      {
  	if(context!=null)
  	    return;
  	
  	boolean clientAuth=defaultClientAuth;
  
  	try {
  	    String keyStoreFile=(String)attributes.get("keystore");
  	    if(keyStoreFile==null) keyStoreFile=defaultKeyStoreFile;
  	    
  	    String keyPass=(String)attributes.get("keypass");
  	    if(keyPass==null) keyPass=defaultKeyPass;
  	    
  	    String rootFile=(String)attributes.get("rootfile");
  	    if(rootFile==null) rootFile=defaultRootFile;
  
  	    String randomFile=(String)attributes.get("randomfile");
  	    if(randomFile==null) randomFile=defaultRandomFile;
  	    
  	    String protocol=(String)attributes.get("protocol");
  	    if(protocol==null) protocol=defaultProtocol;
  
  	    String clientAuthStr=(String)attributes.get("clientauth");
  	    if(clientAuthStr != null){
  		if(clientAuthStr.equals("true")){
  		    clientAuth=true;
  		} else if(clientAuthStr.equals("false")) {
  		    clientAuth=false;
  		} else {
  		    throw new IOException("Invalid value '" +
  					  clientAuthStr + 
  					  "' for 'clientauth' parameter:");
  		}
  	    }
  
  	    SSLContext tmpContext=new SSLContext();
  	    if(clientAuth){
  		tmpContext.loadRootCertificates(rootFile);
  	    }
  	    tmpContext.loadEAYKeyFile(keyStoreFile,keyPass);
  	    tmpContext.useRandomnessFile(randomFile,keyPass);
  	    
  	    SSLPolicyInt policy=new SSLPolicyInt();
  	    policy.requireClientAuth(clientAuth);
  	    policy.handshakeOnConnect(false);
  	    policy.waitOnClose(false);
  	    tmpContext.setPolicy(policy);
  	    context=tmpContext;
  	} catch (Exception e){
  	    throw new IOException(e.getMessage());
  	}
      }
  
      public Socket acceptSocket(ServerSocket socket)
  	throws IOException
      {
  	try {
  	    Socket sock=socket.accept();
  	    return sock;
  	} catch (SSLException e){
              throw new SocketException("SSL handshake error" + e.toString());
  	}
      }
  
      public void handshake(Socket sock)
  	 throws IOException
      {
  	((SSLSocket)sock).handshake();
      }
  }
  
      
      
  
  
  
  
  
  1.1                  jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/puretls/PureTLSSupport.java
  
  Index: PureTLSSupport.java
  ===================================================================
  /*
   * ====================================================================
   *
   * The Apache Software License, Version 1.1
   *
   * Copyright (c) 1999 The Apache Software Foundation.  All rights 
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer. 
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution, if
   *    any, must include the following acknowlegement:  
   *       "This product includes software developed by the 
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowlegement may appear in the software itself,
   *    if and wherever such third-party acknowlegements normally appear.
   *
   * 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
   *    Foundation" must not be used to endorse or promote products derived
   *    from this software without prior written permission. For written 
   *    permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache"
   *    nor may "Apache" appear in their names without prior written
   *    permission of the Apache Group.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   *
   * [Additional notices, if required by prior licensing conditions]
   *
   */ 
  
  package org.apache.tomcat.util.net.puretls;
  
  import org.apache.tomcat.util.net.SSLSupport;
  import java.io.*;
  import java.net.*;
  import java.util.Vector;
  import java.security.cert.CertificateFactory;
  import org.apache.tomcat.util.buf.HexUtils;
  
  import COM.claymoresystems.sslg.*;
  import COM.claymoresystems.ptls.*;
  import COM.claymoresystems.cert.*;
  
  
  /* PureTLSSupport
  
     Concrete implementation class for PureTLS
     Support classes.
  
     This will only work with JDK 1.2 and up since it
     depends on JDK 1.2's certificate support
  
     @author EKR
  */
  
  class PureTLSSupport implements SSLSupport {
      private COM.claymoresystems.ptls.SSLSocket ssl;
  
      PureTLSSupport(SSLSocket sock){
          ssl=sock;
      }
  
      public String getCipherSuite() throws IOException {
          int cs=ssl.getCipherSuite();
          return SSLPolicyInt.getCipherSuiteName(cs);
      }
  
      public Object[] getPeerCertificateChain()
          throws IOException {
  	return getPeerCertificateChain(false);
      }
  
      public Object[] getPeerCertificateChain(boolean force)
          throws IOException {
          Vector v=ssl.getCertificateChain();
  
  	if(v == null && force) {
  	    SSLPolicyInt policy=new SSLPolicyInt();
  	    policy.requireClientAuth(true);
  	    policy.handshakeOnConnect(false);
  	    policy.waitOnClose(false);
  	    ssl.renegotiate(policy);
  	    v = ssl.getCertificateChain();
  	}
  
          if(v==null)
              return null;
          
          java.security.cert.X509Certificate[] chain=
              new java.security.cert.X509Certificate[v.size()];
  
          try {
            for(int i=1;i<=v.size();i++){
              // PureTLS provides cert chains with the peer
              // cert last but the Servlet 2.3 spec (S 4.7) requires
              // the opposite order so we reverse the chain as we go
              byte buffer[]=((X509Cert)v.elementAt(
                   v.size()-i)).getDER();
              
              CertificateFactory cf =
                CertificateFactory.getInstance("X.509");
              ByteArrayInputStream stream =
                new ByteArrayInputStream(buffer);
              
              chain[i]=(java.security.cert.X509Certificate)
                cf.generateCertificate(stream);
            }
          } catch (java.security.cert.CertificateException e) {
              throw new IOException("JDK's broken cert handling can't parse this certificate
(which PureTLS likes");
          }
          return chain;
      }
  
      /**
       * Lookup the symmetric key size.
       */
      public Integer getKeySize() 
          throws IOException {
  
          int cs=ssl.getCipherSuite();
          String cipherSuite = SSLPolicyInt.getCipherSuiteName(cs);
          int size = 0;
          for (int i = 0; i < ciphers.length; i++) {
              if (cipherSuite.indexOf(ciphers[i].phrase) >= 0) {
                  size = ciphers[i].keySize;
                  break;
              }
          }
          Integer keySize = new Integer(size);
          return keySize;
      }
  
      public String getSessionId()
          throws IOException {
          byte [] ssl_session = ssl.getSessionID();
          if(ssl_session == null)
              return null;
          return HexUtils.convert(ssl_session);
      }
  
  }
  
  
  
  
  
  

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message