001 /* 002 * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.11/src/java/org/apache/commons/ssl/SSLServer.java $ 003 * $Revision: 155 $ 004 * $Date: 2009-09-17 14:00:58 -0700 (Thu, 17 Sep 2009) $ 005 * 006 * ==================================================================== 007 * Licensed to the Apache Software Foundation (ASF) under one 008 * or more contributor license agreements. See the NOTICE file 009 * distributed with this work for additional information 010 * regarding copyright ownership. The ASF licenses this file 011 * to you under the Apache License, Version 2.0 (the 012 * "License"); you may not use this file except in compliance 013 * with the License. You may obtain a copy of the License at 014 * 015 * http://www.apache.org/licenses/LICENSE-2.0 016 * 017 * Unless required by applicable law or agreed to in writing, 018 * software distributed under the License is distributed on an 019 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 020 * KIND, either express or implied. See the License for the 021 * specific language governing permissions and limitations 022 * under the License. 023 * ==================================================================== 024 * 025 * This software consists of voluntary contributions made by many 026 * individuals on behalf of the Apache Software Foundation. For more 027 * information on the Apache Software Foundation, please see 028 * <http://www.apache.org/>. 029 * 030 */ 031 032 package org.apache.commons.ssl; 033 034 import javax.net.ssl.SSLContext; 035 import javax.net.ssl.SSLServerSocketFactory; 036 import java.io.File; 037 import java.io.IOException; 038 import java.net.InetAddress; 039 import java.net.ServerSocket; 040 import java.security.GeneralSecurityException; 041 import java.security.KeyManagementException; 042 import java.security.KeyStoreException; 043 import java.security.NoSuchAlgorithmException; 044 import java.security.cert.CertificateException; 045 import java.security.cert.X509Certificate; 046 import java.util.Map; 047 import java.util.Properties; 048 049 /** 050 * @author Credit Union Central of British Columbia 051 * @author <a href="http://www.cucbc.com/">www.cucbc.com</a> 052 * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a> 053 * @since May 1, 2006 054 */ 055 public class SSLServer extends SSLServerSocketFactory { 056 protected final SSL ssl; 057 058 public SSLServer() 059 throws GeneralSecurityException, IOException { 060 this.ssl = new SSL(); 061 // client certs aren't usually tied down to a single host (and who knows 062 // if the DNS reverse-lookup will work!). 063 setCheckHostname(false); 064 065 // If "javax.net.ssl.keyStore" is set, then we won't bother with this 066 // silly SSLServer default behaviour. 067 if (!ssl.usingSystemProperties) { 068 // commons-ssl default KeyMaterial will be 069 // ~/.keystore with a password of "changeit". 070 useDefaultKeyMaterial(); 071 } 072 } 073 074 /** 075 * Tries to extract the TrustMaterial and KeyMaterial being used by a Tomcat 076 * SSL server (usually on 8443) by analyzing Tomcat's "server.xml" file. If 077 * the extraction is successful, the TrustMaterial and KeyMaterial are 078 * applied to this SSLServer. 079 * 080 * @return true if the operation was successful. 081 * @throws GeneralSecurityException setKeyMaterial() failed 082 * @throws IOException setKeyMaterial() failed 083 */ 084 public boolean useTomcatSSLMaterial() 085 throws GeneralSecurityException, IOException { 086 // If running inside Tomcat, let's try to re-use Tomcat's SSL 087 // certificate for our own stuff (e.g. RMI-SSL). 088 Integer p8443 = new Integer(8443); 089 KeyMaterial km; 090 TrustMaterial tm; 091 km = (KeyMaterial) TomcatServerXML.KEY_MATERIAL_BY_PORT.get(p8443); 092 tm = (TrustMaterial) TomcatServerXML.TRUST_MATERIAL_BY_PORT.get(p8443); 093 094 // If 8443 isn't set, let's take lowest secure port. 095 km = km == null ? TomcatServerXML.KEY_MATERIAL : km; 096 tm = tm == null ? TomcatServerXML.TRUST_MATERIAL : tm; 097 boolean success = false; 098 if (km != null) { 099 setKeyMaterial(km); 100 success = true; 101 if (tm != null && !TrustMaterial.DEFAULT.equals(tm)) { 102 setTrustMaterial(tm); 103 } 104 } 105 return success; 106 } 107 108 private boolean useDefaultKeyMaterial() 109 throws GeneralSecurityException, IOException { 110 // If we're not able to re-use Tomcat's SSLServerSocket configuration, 111 // commons-ssl default KeyMaterial will be ~/.keystore with a password 112 // of "changeit". 113 Properties props = System.getProperties(); 114 boolean pwdSet = props.containsKey("javax.net.ssl.keyStorePassword"); 115 String pwd = props.getProperty("javax.net.ssl.keyStorePassword"); 116 pwd = pwdSet ? pwd : "changeit"; 117 118 String userHome = System.getProperty("user.home"); 119 String path = userHome + "/.keystore"; 120 File f = new File(path); 121 boolean success = false; 122 if (f.exists()) { 123 KeyMaterial km = null; 124 try { 125 km = new KeyMaterial(path, pwd.toCharArray()); 126 } 127 catch (Exception e) { 128 // Don't want to blowup just because this silly default 129 // behaviour didn't work out. 130 if (pwdSet) { 131 // Buf if the user has specified a non-standard password for 132 // "javax.net.ssl.keyStorePassword", then we will warn them 133 // that things didn't work out. 134 System.err.println("commons-ssl automatic loading of [" + path + "] failed. "); 135 System.err.println(e); 136 } 137 } 138 if (km != null) { 139 setKeyMaterial(km); 140 success = true; 141 } 142 } 143 return success; 144 } 145 146 public void setDnsOverride(Map m) { ssl.setDnsOverride(m); } 147 148 public void addTrustMaterial(TrustChain trustChain) 149 throws NoSuchAlgorithmException, KeyStoreException, 150 KeyManagementException, IOException, CertificateException { 151 ssl.addTrustMaterial(trustChain); 152 } 153 154 public void setTrustMaterial(TrustChain trustChain) 155 throws NoSuchAlgorithmException, KeyStoreException, 156 KeyManagementException, IOException, CertificateException { 157 ssl.setTrustMaterial(trustChain); 158 } 159 160 public void setKeyMaterial(KeyMaterial keyMaterial) 161 throws NoSuchAlgorithmException, KeyStoreException, 162 KeyManagementException, IOException, CertificateException { 163 ssl.setKeyMaterial(keyMaterial); 164 } 165 166 public void setCheckCRL(boolean b) { ssl.setCheckCRL(b); } 167 168 public void setCheckExpiry(boolean b) { ssl.setCheckExpiry(b); } 169 170 public void setCheckHostname(boolean b) { ssl.setCheckHostname(b); } 171 172 public void setConnectTimeout(int i) { ssl.setConnectTimeout(i); } 173 174 public void setDefaultProtocol(String s) { ssl.setDefaultProtocol(s); } 175 176 public void useDefaultJavaCiphers() { ssl.useDefaultJavaCiphers(); } 177 178 public void useStrongCiphers() { ssl.useStrongCiphers(); } 179 180 public void setEnabledCiphers(String[] ciphers) { 181 ssl.setEnabledCiphers(ciphers); 182 } 183 184 public void setEnabledProtocols(String[] protocols) { 185 ssl.setEnabledProtocols(protocols); 186 } 187 188 public void setHostnameVerifier(HostnameVerifier verifier) { 189 ssl.setHostnameVerifier(verifier); 190 } 191 192 public void setSoTimeout(int soTimeout) { ssl.setSoTimeout(soTimeout); } 193 194 public void setSSLWrapperFactory(SSLWrapperFactory wf) { 195 ssl.setSSLWrapperFactory(wf); 196 } 197 198 public void setNeedClientAuth(boolean b) { ssl.setNeedClientAuth(b); } 199 200 public void setWantClientAuth(boolean b) { ssl.setWantClientAuth(b); } 201 202 public void setUseClientMode(boolean b) { ssl.setUseClientMode(b); } 203 204 public X509Certificate[] getAssociatedCertificateChain() { 205 return ssl.getAssociatedCertificateChain(); 206 } 207 208 public boolean getCheckCRL() { return ssl.getCheckCRL(); } 209 210 public boolean getCheckExpiry() { return ssl.getCheckExpiry(); } 211 212 public boolean getCheckHostname() { return ssl.getCheckHostname(); } 213 214 public int getConnectTimeout() { return ssl.getConnectTimeout(); } 215 216 public String getDefaultProtocol() { return ssl.getDefaultProtocol(); } 217 218 public String[] getEnabledCiphers() { return ssl.getEnabledCiphers(); } 219 220 public String[] getEnabledProtocols() { return ssl.getEnabledProtocols(); } 221 222 public HostnameVerifier getHostnameVerifier() { 223 return ssl.getHostnameVerifier(); 224 } 225 226 public int getSoTimeout() { return ssl.getSoTimeout(); } 227 228 public SSLWrapperFactory getSSLWrapperFactory() { 229 return ssl.getSSLWrapperFactory(); 230 } 231 232 public boolean getNeedClientAuth() { return ssl.getNeedClientAuth(); } 233 234 public boolean getWantClientAuth() { return ssl.getWantClientAuth(); } 235 236 public boolean getUseClientMode() { /* SSLServer's default is false. */ 237 return !ssl.getUseClientModeDefault() && ssl.getUseClientMode(); 238 } 239 240 public SSLContext getSSLContext() throws GeneralSecurityException, IOException { 241 return ssl.getSSLContext(); 242 } 243 244 public TrustChain getTrustChain() { return ssl.getTrustChain(); } 245 246 public X509Certificate[] getCurrentClientChain() { 247 return ssl.getCurrentClientChain(); 248 } 249 250 public String[] getDefaultCipherSuites() { 251 return ssl.getDefaultCipherSuites(); 252 } 253 254 public String[] getSupportedCipherSuites() { 255 return ssl.getSupportedCipherSuites(); 256 } 257 258 public ServerSocket createServerSocket() throws IOException { 259 return ssl.createServerSocket(); 260 } 261 262 public ServerSocket createServerSocket(int port) 263 throws IOException { 264 return createServerSocket(port, 50); 265 } 266 267 public ServerSocket createServerSocket(int port, int backlog) 268 throws IOException { 269 return createServerSocket(port, backlog, null); 270 } 271 272 /** 273 * Attempts to get a new socket connection to the given host within the 274 * given time limit. 275 * 276 * @param localHost the local host name/IP to bind against (null == ANY) 277 * @param port the port to listen on 278 * @param backlog number of connections allowed to queue up for accept(). 279 * @return SSLServerSocket a new server socket 280 * @throws IOException if an I/O error occurs while creating thesocket 281 */ 282 public ServerSocket createServerSocket(int port, int backlog, 283 InetAddress localHost) 284 throws IOException { 285 return ssl.createServerSocket(port, backlog, localHost); 286 } 287 288 }