001 /* 002 * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.11/src/java/org/apache/commons/ssl/Java14.java $ 003 * $Revision: 155 $ 004 * $Date: 2009-09-17 14:00:58 -0700 (Thu, 17 Sep 2009) $ 005 * 006 * ==================================================================== 007 * Licensed to the Apache Software Foundation (ASF) under one 008 * or more contributor license agreements. See the NOTICE file 009 * distributed with this work for additional information 010 * regarding copyright ownership. The ASF licenses this file 011 * to you under the Apache License, Version 2.0 (the 012 * "License"); you may not use this file except in compliance 013 * with the License. You may obtain a copy of the License at 014 * 015 * http://www.apache.org/licenses/LICENSE-2.0 016 * 017 * Unless required by applicable law or agreed to in writing, 018 * software distributed under the License is distributed on an 019 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 020 * KIND, either express or implied. See the License for the 021 * specific language governing permissions and limitations 022 * under the License. 023 * ==================================================================== 024 * 025 * This software consists of voluntary contributions made by many 026 * individuals on behalf of the Apache Software Foundation. For more 027 * information on the Apache Software Foundation, please see 028 * <http://www.apache.org/>. 029 * 030 */ 031 032 package org.apache.commons.ssl; 033 034 import javax.net.SocketFactory; 035 import javax.net.ssl.KeyManager; 036 import javax.net.ssl.KeyManagerFactory; 037 import javax.net.ssl.SSLContext; 038 import javax.net.ssl.SSLPeerUnverifiedException; 039 import javax.net.ssl.SSLServerSocket; 040 import javax.net.ssl.SSLServerSocketFactory; 041 import javax.net.ssl.SSLSession; 042 import javax.net.ssl.SSLSocket; 043 import javax.net.ssl.SSLSocketFactory; 044 import javax.net.ssl.TrustManager; 045 import javax.net.ssl.TrustManagerFactory; 046 import javax.net.ssl.X509KeyManager; 047 import javax.net.ssl.X509TrustManager; 048 import java.io.IOException; 049 import java.net.InetAddress; 050 import java.net.InetSocketAddress; 051 import java.net.ServerSocket; 052 import java.net.Socket; 053 import java.security.KeyManagementException; 054 import java.security.KeyStore; 055 import java.security.KeyStoreException; 056 import java.security.NoSuchAlgorithmException; 057 import java.security.UnrecoverableKeyException; 058 import java.security.cert.Certificate; 059 import java.security.cert.CertificateException; 060 import java.security.cert.X509Certificate; 061 062 063 /** 064 * @author Credit Union Central of British Columbia 065 * @author <a href="http://www.cucbc.com/">www.cucbc.com</a> 066 * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a> 067 * @since 30-Jun-2006 068 */ 069 public final class Java14 extends JavaImpl { 070 private static Java14 instance = new Java14(); 071 072 private Java14() { 073 try { 074 SSLSocketFactory.getDefault().createSocket(); 075 } 076 catch (IOException ioe) { 077 ioe.hashCode(); 078 } 079 } 080 081 public static Java14 getInstance() { 082 return instance; 083 } 084 085 public final String getVersion() { 086 return "Java14"; 087 } 088 089 protected final String retrieveSubjectX500(X509Certificate cert) { 090 return cert.getSubjectX500Principal().toString(); 091 } 092 093 protected final String retrieveIssuerX500(X509Certificate cert) { 094 return cert.getIssuerX500Principal().toString(); 095 } 096 097 protected final Certificate[] retrievePeerCerts(SSLSession sslSession) 098 throws SSLPeerUnverifiedException { 099 return sslSession.getPeerCertificates(); 100 } 101 102 protected final Object buildKeyManagerFactory(KeyStore ks, char[] password) 103 throws NoSuchAlgorithmException, KeyStoreException, 104 UnrecoverableKeyException { 105 String alg = KeyManagerFactory.getDefaultAlgorithm(); 106 KeyManagerFactory kmf = KeyManagerFactory.getInstance(alg); 107 kmf.init(ks, password); 108 return kmf; 109 } 110 111 protected final Object buildTrustManagerFactory(KeyStore ks) 112 throws NoSuchAlgorithmException, KeyStoreException { 113 String alg = TrustManagerFactory.getDefaultAlgorithm(); 114 TrustManagerFactory tmf = TrustManagerFactory.getInstance(alg); 115 tmf.init(ks); 116 return tmf; 117 } 118 119 protected final Object[] retrieveKeyManagers(Object keyManagerFactory) { 120 KeyManagerFactory kmf = (KeyManagerFactory) keyManagerFactory; 121 return kmf.getKeyManagers(); 122 } 123 124 protected final Object[] retrieveTrustManagers(Object trustManagerFactory) { 125 TrustManagerFactory tmf = (TrustManagerFactory) trustManagerFactory; 126 return tmf.getTrustManagers(); 127 } 128 129 protected final SSLSocketFactory buildSSLSocketFactory(Object ssl) { 130 return ((SSLContext) ssl).getSocketFactory(); 131 } 132 133 protected final SSLServerSocketFactory buildSSLServerSocketFactory(Object ssl) { 134 return ((SSLContext) ssl).getServerSocketFactory(); 135 } 136 137 protected final RuntimeException buildRuntimeException(Exception cause) { 138 return new RuntimeException(cause); 139 } 140 141 protected final SSLSocket buildSocket(SSL ssl) throws IOException { 142 SSLSocketFactory sf = ssl.getSSLSocketFactory(); 143 SSLSocket s = (SSLSocket) sf.createSocket(); 144 ssl.doPreConnectSocketStuff(s); 145 return s; 146 } 147 148 protected final SSLSocket buildSocket(SSL ssl, String remoteHost, 149 int remotePort, InetAddress localHost, 150 int localPort, int timeout) 151 throws IOException { 152 SSLSocket s = buildSocket(ssl); 153 s = (SSLSocket) connectSocket(s, null, remoteHost, remotePort, 154 localHost, localPort, timeout, ssl); 155 ssl.doPostConnectSocketStuff(s, remoteHost); 156 return s; 157 } 158 159 160 protected final Socket buildPlainSocket( 161 SSL ssl, String remoteHost, int remotePort, InetAddress localHost, int localPort, int timeout 162 ) throws IOException { 163 Socket s = SocketFactory.getDefault().createSocket(); 164 ssl.doPreConnectSocketStuff(s); 165 s = connectSocket( 166 s, null, remoteHost, remotePort, localHost, localPort, timeout, ssl 167 ); 168 ssl.doPostConnectSocketStuff(s, remoteHost); 169 return s; 170 } 171 172 protected final Socket connectSocket(Socket s, SocketFactory sf, 173 String remoteHost, int remotePort, 174 InetAddress localHost, int localPort, 175 int timeout, SSL ssl) 176 throws IOException { 177 if (s == null) { 178 if (sf == null) { 179 s = new Socket(); 180 } else { 181 s = sf.createSocket(); 182 } 183 } 184 185 String orig = remoteHost; 186 remoteHost = ssl.dnsOverride(remoteHost); 187 InetSocketAddress dest = new InetSocketAddress(remoteHost, remotePort); 188 InetSocketAddress src = new InetSocketAddress(localHost, localPort); 189 s.bind(src); 190 s.connect(dest, timeout); 191 return s; 192 } 193 194 protected final SSLServerSocket buildServerSocket(SSL ssl) 195 throws IOException { 196 ServerSocket s = ssl.getSSLServerSocketFactory().createServerSocket(); 197 SSLServerSocket ss = (SSLServerSocket) s; 198 ssl.doPreConnectServerSocketStuff(ss); 199 return ss; 200 } 201 202 protected final void wantClientAuth(Object o, boolean wantClientAuth) { 203 SSLSocket s; 204 SSLServerSocket ss; 205 if (o instanceof SSLSocket) { 206 s = (SSLSocket) o; 207 s.setWantClientAuth(wantClientAuth); 208 } else if (o instanceof SSLServerSocket) { 209 ss = (SSLServerSocket) o; 210 ss.setWantClientAuth(wantClientAuth); 211 } else { 212 throw new ClassCastException("need SSLSocket or SSLServerSocket"); 213 } 214 } 215 216 protected final void enabledProtocols(Object o, String[] enabledProtocols) { 217 SSLSocket s; 218 SSLServerSocket ss; 219 if (o instanceof SSLSocket) { 220 s = (SSLSocket) o; 221 s.setEnabledProtocols(enabledProtocols); 222 } else if (o instanceof SSLServerSocket) { 223 ss = (SSLServerSocket) o; 224 ss.setEnabledProtocols(enabledProtocols); 225 } else { 226 throw new ClassCastException("need SSLSocket or SSLServerSocket"); 227 } 228 } 229 230 protected void checkTrusted(Object trustManager, X509Certificate[] chain, 231 String authType) 232 throws CertificateException { 233 X509TrustManager tm = (X509TrustManager) trustManager; 234 tm.checkServerTrusted(chain, authType); 235 } 236 237 protected final Object initSSL(SSL ssl, TrustChain tc, KeyMaterial k) 238 throws NoSuchAlgorithmException, KeyStoreException, 239 CertificateException, KeyManagementException, IOException { 240 SSLContext context = SSLContext.getInstance(ssl.getDefaultProtocol()); 241 TrustManager[] trustManagers = null; 242 KeyManager[] keyManagers = null; 243 if (tc != null) { 244 trustManagers = (TrustManager[]) tc.getTrustManagers(); 245 } 246 if (k != null) { 247 keyManagers = (KeyManager[]) k.getKeyManagers(); 248 } 249 if (keyManagers != null) { 250 for (int i = 0; i < keyManagers.length; i++) { 251 if (keyManagers[i] instanceof X509KeyManager) { 252 X509KeyManager km = (X509KeyManager) keyManagers[i]; 253 keyManagers[i] = new Java14KeyManagerWrapper(km, k, ssl); 254 } 255 } 256 } 257 if (trustManagers != null) { 258 for (int i = 0; i < trustManagers.length; i++) { 259 if (trustManagers[i] instanceof X509TrustManager) { 260 X509TrustManager tm = (X509TrustManager) trustManagers[i]; 261 trustManagers[i] = new Java14TrustManagerWrapper(tm, tc, ssl); 262 } 263 } 264 } 265 context.init(keyManagers, trustManagers, null); 266 return context; 267 } 268 269 270 }