|
What this is
Other links
The source code/* * Copyright 1999-2004 The Apache Software Foundation * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.apache.tomcat.util.net.puretls; import java.io.IOException; import java.net.InetAddress; import java.net.ServerSocket; import java.net.Socket; import java.net.SocketException; import java.util.Vector; import COM.claymoresystems.ptls.SSLContext; import COM.claymoresystems.ptls.SSLException; import COM.claymoresystems.ptls.SSLServerSocket; import COM.claymoresystems.ptls.SSLSocket; import COM.claymoresystems.sslg.SSLPolicyInt; /** * SSL server socket factory--wraps PureTLS * * @author Eric Rescorla * * some sections of this file cribbed from SSLSocketFactory * (the JSSE socket factory) * */ public class PureTLSSocketFactory extends org.apache.tomcat.util.net.ServerSocketFactory { static org.apache.commons.logging.Log logger = org.apache.commons.logging.LogFactory.getLog(PureTLSSocketFactory.class); static String defaultProtocol = "TLS"; static boolean defaultClientAuth = false; static String defaultKeyStoreFile = "server.pem"; static String defaultKeyPass = "password"; static String defaultRootFile = "root.pem"; static String defaultRandomFile = "random.pem"; private COM.claymoresystems.ptls.SSLContext context=null; public PureTLSSocketFactory() { } public ServerSocket createSocket(int port) throws IOException { init(); return new SSLServerSocket(context,port); } public ServerSocket createSocket(int port, int backlog) throws IOException { init(); ServerSocket tmp; try { tmp=new SSLServerSocket(context,port,backlog); } catch (IOException e){ throw e; } return tmp; } public ServerSocket createSocket(int port, int backlog, InetAddress ifAddress) throws IOException { init(); return new SSLServerSocket(context,port,backlog,ifAddress); } private void init() throws IOException { if(context!=null) return; boolean clientAuth=defaultClientAuth; try { String keyStoreFile=(String)attributes.get("keystore"); if(keyStoreFile==null) keyStoreFile=defaultKeyStoreFile; String keyPass=(String)attributes.get("keypass"); if(keyPass==null) keyPass=defaultKeyPass; String rootFile=(String)attributes.get("rootfile"); if(rootFile==null) rootFile=defaultRootFile; String randomFile=(String)attributes.get("randomfile"); if(randomFile==null) randomFile=defaultRandomFile; String protocol=(String)attributes.get("protocol"); if(protocol==null) protocol=defaultProtocol; String clientAuthStr=(String)attributes.get("clientauth"); if(clientAuthStr != null){ if(clientAuthStr.equals("true")){ clientAuth=true; } else if(clientAuthStr.equals("false")) { clientAuth=false; } else { throw new IOException("Invalid value '" + clientAuthStr + "' for 'clientauth' parameter:"); } } SSLContext tmpContext=new SSLContext(); try { tmpContext.loadRootCertificates(rootFile); } catch(IOException iex) { if(logger.isDebugEnabled()) logger.debug("Error loading Client Root Store: " + rootFile,iex); } tmpContext.loadEAYKeyFile(keyStoreFile,keyPass); tmpContext.useRandomnessFile(randomFile,keyPass); SSLPolicyInt policy=new SSLPolicyInt(); policy.requireClientAuth(clientAuth); policy.handshakeOnConnect(false); policy.waitOnClose(false); short [] enabledCiphers = getEnabledCiphers(policy.getCipherSuites()); if( enabledCiphers != null ) { policy.setCipherSuites(enabledCiphers); } tmpContext.setPolicy(policy); context=tmpContext; } catch (Exception e){ logger.info("Error initializing SocketFactory",e); throw new IOException(e.getMessage()); } } /* * Determines the SSL cipher suites to be enabled. * * @return Array of SSL cipher suites to be enabled, or null if the * cipherSuites property was not specified (meaning that all supported * cipher suites are to be enabled) */ private short [] getEnabledCiphers(short [] supportedCiphers) { short [] enabledCiphers = null; String attrValue = (String)attributes.get("ciphers"); if (attrValue != null) { Vector vec = null; int fromIndex = 0; int index = attrValue.indexOf(',', fromIndex); while (index != -1) { String cipher = attrValue.substring(fromIndex, index).trim(); int cipherValue = SSLPolicyInt.getCipherSuiteNumber(cipher); /* * Check to see if the requested cipher is among the supported * ciphers, i.e., may be enabled */ if( cipherValue >= 0) { for (int i=0; supportedCiphers != null && i |
... this post is sponsored by my books ... | |
![]() #1 New Release! |
![]() FP Best Seller |
Copyright 1998-2024 Alvin Alexander, alvinalexander.com
All Rights Reserved.
A percentage of advertising revenue from
pages under the /java/jwarehouse
URI on this website is
paid back to open source projects.