|
What this is
Other links
The source code/* * Copyright 1999-2004 The Apache Software Foundation * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.apache.tomcat.util.net.puretls; import java.io.ByteArrayInputStream; import java.io.IOException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.util.Vector; import org.apache.tomcat.util.buf.HexUtils; import org.apache.tomcat.util.net.SSLSupport; import COM.claymoresystems.cert.X509Cert; import COM.claymoresystems.ptls.SSLSocket; import COM.claymoresystems.sslg.SSLPolicyInt; /* PureTLSSupport Concrete implementation class for PureTLS Support classes. This will only work with JDK 1.2 and up since it depends on JDK 1.2's certificate support @author EKR */ class PureTLSSupport implements SSLSupport { static org.apache.commons.logging.Log logger = org.apache.commons.logging.LogFactory.getLog(PureTLSSupport.class); private COM.claymoresystems.ptls.SSLSocket ssl; PureTLSSupport(SSLSocket sock){ ssl=sock; } public String getCipherSuite() throws IOException { int cs=ssl.getCipherSuite(); return SSLPolicyInt.getCipherSuiteName(cs); } public Object[] getPeerCertificateChain() throws IOException { return getPeerCertificateChain(false); } public Object[] getPeerCertificateChain(boolean force) throws IOException { Vector v=ssl.getCertificateChain(); if(v == null && force) { SSLPolicyInt policy=new SSLPolicyInt(); policy.requireClientAuth(true); policy.handshakeOnConnect(false); policy.waitOnClose(false); ssl.renegotiate(policy); v = ssl.getCertificateChain(); } if(v==null) return null; java.security.cert.X509Certificate[] chain= new java.security.cert.X509Certificate[v.size()]; try { for(int i=1;i<=v.size();i++){ // PureTLS provides cert chains with the peer // cert last but the Servlet 2.3 spec (S 4.7) requires // the opposite order so we reverse the chain as we go byte buffer[]=((X509Cert)v.elementAt( v.size()-i)).getDER(); CertificateFactory cf = CertificateFactory.getInstance("X.509"); ByteArrayInputStream stream = new ByteArrayInputStream(buffer); X509Certificate xCert = (X509Certificate)cf.generateCertificate(stream); chain[i-1]= xCert; if(logger.isTraceEnabled()) { logger.trace("Cert # " + i + " = " + xCert); } } } catch (java.security.cert.CertificateException e) { logger.info("JDK's broken cert handling can't parse this certificate (which PureTLS likes)",e); throw new IOException("JDK's broken cert handling can't parse this certificate (which PureTLS likes)"); } return chain; } /** * Lookup the symmetric key size. */ public Integer getKeySize() throws IOException { int cs=ssl.getCipherSuite(); String cipherSuite = SSLPolicyInt.getCipherSuiteName(cs); int size = 0; for (int i = 0; i < ciphers.length; i++) { if (cipherSuite.indexOf(ciphers[i].phrase) >= 0) { size = ciphers[i].keySize; break; } } Integer keySize = new Integer(size); return keySize; } public String getSessionId() throws IOException { byte [] ssl_session = ssl.getSessionID(); if(ssl_session == null) return null; return HexUtils.convert(ssl_session); } } |
... this post is sponsored by my books ... | |
#1 New Release! |
FP Best Seller |
Copyright 1998-2021 Alvin Alexander, alvinalexander.com
All Rights Reserved.
A percentage of advertising revenue from
pages under the /java/jwarehouse
URI on this website is
paid back to open source projects.