| career | drupal | java | mac | mysql | perl | scala | uml | unix  

What this is

This file is included in the "Java Source Code Warehouse" project. The intent of this project is to help you "Learn Java by Example" TM.

Other links

The source code

 *  Copyright 1999-2004 The Apache Software Foundation
 *  Licensed under the Apache License, Version 2.0 (the "License");
 *  you may not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.


import java.util.Vector;

import org.apache.tomcat.util.buf.HexUtils;

import COM.claymoresystems.cert.X509Cert;
import COM.claymoresystems.ptls.SSLSocket;
import COM.claymoresystems.sslg.SSLPolicyInt;

/* PureTLSSupport

   Concrete implementation class for PureTLS
   Support classes.

   This will only work with JDK 1.2 and up since it
   depends on JDK 1.2's certificate support

   @author EKR

class PureTLSSupport implements SSLSupport {
    static org.apache.commons.logging.Log logger =

    private COM.claymoresystems.ptls.SSLSocket ssl;

    PureTLSSupport(SSLSocket sock){

    public String getCipherSuite() throws IOException {
        int cs=ssl.getCipherSuite();
        return SSLPolicyInt.getCipherSuiteName(cs);

    public Object[] getPeerCertificateChain()
        throws IOException {
	return getPeerCertificateChain(false);

    public Object[] getPeerCertificateChain(boolean force)
        throws IOException {
        Vector v=ssl.getCertificateChain();

	if(v == null && force) {
	    SSLPolicyInt policy=new SSLPolicyInt();
	    v = ssl.getCertificateChain();

            return null;
       [] chain=

        try {
          for(int i=1;i<=v.size();i++){
            // PureTLS provides cert chains with the peer
            // cert last but the Servlet 2.3 spec (S 4.7) requires
            // the opposite order so we reverse the chain as we go
            byte buffer[]=((X509Cert)v.elementAt(
            CertificateFactory cf =
            ByteArrayInputStream stream =
              new ByteArrayInputStream(buffer);

            X509Certificate xCert = (X509Certificate)cf.generateCertificate(stream);
            chain[i-1]= xCert;
            if(logger.isTraceEnabled()) {
		logger.trace("Cert # " + i + " = " + xCert);
        } catch ( e) {"JDK's broken cert handling can't parse this certificate (which PureTLS likes)",e);
            throw new IOException("JDK's broken cert handling can't parse this certificate (which PureTLS likes)");
        return chain;

     * Lookup the symmetric key size.
    public Integer getKeySize() 
        throws IOException {

        int cs=ssl.getCipherSuite();
        String cipherSuite = SSLPolicyInt.getCipherSuiteName(cs);
        int size = 0;
        for (int i = 0; i < ciphers.length; i++) {
            if (cipherSuite.indexOf(ciphers[i].phrase) >= 0) {
                size = ciphers[i].keySize;
        Integer keySize = new Integer(size);
        return keySize;

    public String getSessionId()
        throws IOException {
        byte [] ssl_session = ssl.getSessionID();
        if(ssl_session == null)
            return null;
        return HexUtils.convert(ssl_session);


... this post is sponsored by my books ...

#1 New Release!

FP Best Seller


new blog posts


Copyright 1998-2021 Alvin Alexander,
All Rights Reserved.

A percentage of advertising revenue from
pages under the /java/jwarehouse URI on this website is
paid back to open source projects.