| Methods Summary |
|---|
| protected void | addCertToKeyStore(java.lang.String alias, java.security.Key public_key, java.security.cert.Certificate[] certChain)
try{
this_mon.enter();
KeyStore key_store = loadKeyStore();
if( key_store.containsAlias( alias )){
key_store.deleteEntry( alias );
}
key_store.setKeyEntry( alias, public_key, SESecurityManager.SSL_PASSWORD.toCharArray(), certChain );
FileOutputStream out = null;
try{
out = new FileOutputStream(keystore_name);
key_store.store(out, SESecurityManager.SSL_PASSWORD.toCharArray());
}catch( Throwable e ){
Debug.printStackTrace( e );
}finally{
if ( out != null ){
out.close();
}
}
}finally{
this_mon.exit();
}
|
| protected javax.net.ssl.SSLSocketFactory | addCertToTrustStore(java.lang.String alias, java.security.cert.Certificate cert, boolean update_https_factory)
try{
this_mon.enter();
KeyStore keystore = getTrustStore();
if ( cert != null ){
if ( keystore.containsAlias( alias )){
keystore.deleteEntry( alias );
}
keystore.setCertificateEntry(alias, cert);
FileOutputStream out = null;
try{
out = new FileOutputStream(truststore_name);
keystore.store(out, SESecurityManager.SSL_PASSWORD.toCharArray());
}finally{
if ( out != null ){
out.close();
}
}
}
// pick up the changed trust store
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keystore);
SSLContext ctx = SSLContext.getInstance("SSL");
ctx.init(null, tmf.getTrustManagers(), null);
SSLSocketFactory factory = ctx.getSocketFactory();
if ( update_https_factory ){
HttpsURLConnection.setDefaultSSLSocketFactory( factory );
}
return( factory );
}finally{
this_mon.exit();
}
|
| public void | addCertificateListener(SECertificateListener l)
try{
this_mon.enter();
certificate_listeners.add(l);
}finally{
this_mon.exit();
}
|
| public void | addPasswordListener(SEPasswordListener l)
try{
this_mon.enter();
password_listeners.add(l);
}finally{
this_mon.exit();
}
|
| protected boolean | checkKeyStoreHasEntry()
File f = new File(keystore_name);
if ( !f.exists()){
Logger.logTextResource(new LogAlert(LogAlert.UNREPEATABLE,
LogAlert.AT_ERROR, "Security.keystore.empty"),
new String[] { keystore_name });
return( false );
}
try{
KeyStore key_store = loadKeyStore();
Enumeration enumx = key_store.aliases();
if ( !enumx.hasMoreElements()){
Logger.logTextResource(new LogAlert(LogAlert.UNREPEATABLE,
LogAlert.AT_ERROR, "Security.keystore.empty"),
new String[] { keystore_name });
return( false );
}
}catch( Throwable e ){
Logger.logTextResource(new LogAlert(LogAlert.UNREPEATABLE,
LogAlert.AT_ERROR, "Security.keystore.corrupt"),
new String[] { keystore_name });
return( false );
}
return( true );
|
| public void | clearPasswords()
SEPasswordListener thread_listener = (SEPasswordListener)tls.get();
if ( thread_listener != null ){
thread_listener.clearPasswords();
}
Iterator it = password_listeners.iterator();
while( it.hasNext()){
try{
((SEPasswordListener)it.next()).clearPasswords();
}catch( Throwable e ){
Debug.printStackTrace(e);
}
}
|
| public java.security.cert.Certificate | createSelfSignedCertificate(java.lang.String alias, java.lang.String cert_dn, int strength)
return( SESecurityManagerBC.createSelfSignedCertificate( this, alias, cert_dn, strength ));
|
| protected boolean | ensureStoreExists(java.lang.String name)
try{
this_mon.enter();
KeyStore keystore = KeyStore.getInstance( KEYSTORE_TYPE );
if ( !new File(name).exists()){
keystore.load(null,null);
FileOutputStream out = null;
try{
out = new FileOutputStream(name);
keystore.store(out, SESecurityManager.SSL_PASSWORD.toCharArray());
}finally{
if ( out != null ){
out.close();
}
}
return( true );
}else{
return( false );
}
}catch( Throwable e ){
Debug.printStackTrace(e);
return( false );
}finally{
this_mon.exit();
}
|
| public void | exitVM(int status)
try{
exit_vm_permitted = true;
try{
System.exit( status );
}
catch( Throwable t ){}
}finally{
exit_vm_permitted = false;
}
|
| public java.net.PasswordAuthentication | getAuthentication(java.lang.String realm, java.lang.String protocol, java.lang.String host, int port)
// special case for socks auth when user is explicitly "<none>" as some servers seem to cause
// a password prompt when no auth defined and java doesn't cache a successful blank response
// thus causing repetitive prompts
if ( protocol.toLowerCase().startsWith( "socks" )){
String socks_user = COConfigurationManager.getStringParameter( "Proxy.Username" ).trim();
String socks_pw = COConfigurationManager.getStringParameter( "Proxy.Password" ).trim();
if ( socks_user.equalsIgnoreCase( "<none>" )){
return( new PasswordAuthentication( "", "".toCharArray()));
}
// actually getting all sorts of problems with Java not caching socks passwords
// properly so I've abandoned prompting for them and always use the defined
// password
if ( socks_user.length() == 0 ){
Logger.log(
new LogAlert(false, LogAlert.AT_WARNING, "Socks server is requesting authentication, please setup user and password in config" ));
}
return( new PasswordAuthentication( socks_user, socks_pw.toCharArray()));
}
try{
URL tracker_url = new URL( protocol + "://" + host + ":" + port + "/" );
return( getPasswordAuthentication( realm, tracker_url ));
}catch( MalformedURLException e ){
Debug.printStackTrace( e );
return( null );
}
|
| public SEKeyDetails | getKeyDetails(java.lang.String alias)
// Create the key manager factory used to extract the server key
KeyStore key_store = loadKeyStore();
final Key key = key_store.getKey( alias, SESecurityManager.SSL_PASSWORD.toCharArray());
if ( key == null ){
return( null );
}
java.security.cert.Certificate[] chain = key_store.getCertificateChain( alias );
final X509Certificate[] res = new X509Certificate[chain.length];
for (int i=0;i<chain.length;i++){
if ( !( chain[i] instanceof X509Certificate )){
throw( new Exception( "Certificate chain must be comprised of X509Certificate entries"));
}
res[i] = (X509Certificate)chain[i];
}
return( new SEKeyDetails()
{
public Key
getKey()
{
return( key );
}
public X509Certificate[]
getCertificateChain()
{
return( res );
}
});
|
| public java.security.KeyStore | getKeyStore()
return( loadKeyStore());
|
| public java.lang.String | getKeystoreName()
return( keystore_name );
|
| public java.lang.String | getKeystorePassword()
return( SESecurityManager.SSL_PASSWORD );
|
| public java.net.PasswordAuthentication | getPasswordAuthentication(java.lang.String realm, java.net.URL tracker)
SEPasswordListener thread_listener = (SEPasswordListener)tls.get();
if ( thread_listener != null ){
return( thread_listener.getAuthentication( realm, tracker));
}
Object[] handler = (Object[])password_handlers.get(tracker.toString());
if ( handler != null ){
try{
return(((SEPasswordListener)handler[0]).getAuthentication( realm, (URL)handler[1] ));
}catch( Throwable e ){
Debug.printStackTrace(e);
}
}
Iterator it = password_listeners.iterator();
while( it.hasNext()){
try{
PasswordAuthentication res = ((SEPasswordListener)it.next()).getAuthentication( realm, tracker );
if ( res != null ){
return( res );
}
}catch( Throwable e ){
Debug.printStackTrace(e);
}
}
return( null );
|
| public javax.net.ssl.SSLServerSocketFactory | getSSLServerSocketFactory()
if ( !checkKeyStoreHasEntry()){
return( null );
}
SSLContext context = SSLContext.getInstance( "SSL" );
// Create the key manager factory used to extract the server key
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
loadKeyStore(keyManagerFactory);
// Initialize the context with the key managers
context.init(
keyManagerFactory.getKeyManagers(),
null,
new java.security.SecureRandom());
SSLServerSocketFactory factory = context.getServerSocketFactory();
return( factory );
|
| public javax.net.ssl.SSLSocketFactory | getSSLSocketFactory()
try{
this_mon.enter();
KeyStore keystore = getTrustStore();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keystore);
SSLContext ctx = SSLContext.getInstance("SSL");
ctx.init(null, tmf.getTrustManagers(), null);
SSLSocketFactory factory = ctx.getSocketFactory();
return( factory );
}catch( Throwable e ){
Debug.printStackTrace( e );
return((SSLSocketFactory)SSLSocketFactory.getDefault());
}finally{
this_mon.exit();
}
|
| public static org.gudy.azureus2.core3.security.impl.SESecurityManagerImpl | getSingleton()
return( singleton );
|
| public java.security.KeyStore | getTrustStore()
KeyStore keystore = KeyStore.getInstance( KEYSTORE_TYPE );
if ( !new File(truststore_name).exists()){
keystore.load(null,null);
}else{
FileInputStream in = null;
try{
in = new FileInputStream(truststore_name);
keystore.load(in, SESecurityManager.SSL_PASSWORD.toCharArray());
}finally{
if ( in != null ){
in.close();
}
}
}
return( keystore );
|
| public void | initialise()
// keytool -genkey -keystore %home%\.keystore -keypass changeit -storepass changeit -keyalg rsa -alias azureus
// keytool -export -keystore %home%\.keystore -keypass changeit -storepass changeit -alias azureus -file azureus.cer
// keytool -import -keystore %home%\.certs -alias azureus -file azureus.cer
// debug SSL with -Djavax.net.debug=ssl
keystore_name = FileUtil.getUserFile(SESecurityManager.SSL_KEYS).getAbsolutePath();
truststore_name = FileUtil.getUserFile(SESecurityManager.SSL_CERTS).getAbsolutePath();
System.setProperty( "javax.net.ssl.trustStore", truststore_name );
System.setProperty( "javax.net.ssl.trustStorePassword", SESecurityManager.SSL_PASSWORD );
installAuthenticator();
String[] providers = { "com.sun.net.ssl.internal.ssl.Provider", "org.metastatic.jessie.provider.Jessie" };
String provider = null;
for (int i=0;i<providers.length;i++){
try{
Class.forName(providers[i]).newInstance();
provider = providers[i];
break;
}catch( Throwable e ){
}
}
if ( provider == null ){
Debug.out( "No SSL provider available" );
}
try{
SESecurityManagerBC.initialise();
}catch( Throwable e ){
Logger.log(new LogEvent(LOGID, LogEvent.LT_ERROR,
"Bouncy Castle not available"));
}
installSecurityManager();
ensureStoreExists( keystore_name );
ensureStoreExists( truststore_name );
/*
try{
Certificate c = createSelfSignedCertificate( "Dummy", "CN=fred,OU=wap,O=wip,L=here,ST=there,C=GB", 512 );
addCertToTrustStore( "SomeAlias", c);
addCertToTrustStore( null, null );
}catch( Throwable e ){
Debug.printStackTrace(e);
}
/*
try{
Certificate c = createSelfSignedCertificate( "SomeAlias", "CN=fred,OU=wap,O=wip,L=here,ST=there,C=GB", 1000 );
addCertToTrustStore( "SomeAlias", c);
}catch( Throwable e ){
Debug.printStackTrace(e);
}
}
*/
|
| public void | installAuthenticator()
Authenticator.setDefault(
new Authenticator()
{
protected AEMonitor auth_mon = new AEMonitor( "SESecurityManager:auth");
protected PasswordAuthentication
getPasswordAuthentication()
{
try{
auth_mon.enter();
PasswordAuthentication res =
getAuthentication(
getRequestingPrompt(),
getRequestingProtocol(),
getRequestingHost(),
getRequestingPort());
/*
System.out.println( "Authenticator:getPasswordAuth: res = " + res );
if ( res != null ){
System.out.println( " user = '" + res.getUserName() + "', pw = '" + new String(res.getPassword()) + "'" );
}
*/
return( res );
}finally{
auth_mon.exit();
}
}
});
|
| protected void | installSecurityManager()
String prop = System.getProperty( "azureus.security.manager.install", "1" );
if ( prop.equals( "0" )){
Debug.outNoStack( "Not installing security manager - disabled by system property" );
return;
}
try{
final SecurityManager old_sec_man = System.getSecurityManager();
System.setSecurityManager(
new SecurityManager()
{
public void
checkExit(int status)
{
if ( old_sec_man != null ){
old_sec_man.checkExit( status );
}
if ( !exit_vm_permitted ){
throw( new SecurityException( "VM exit operation prohibited"));
}
}
public void
checkPermission(Permission perm)
{
if ( perm instanceof RuntimePermission && perm.getName().equals( "stopThread")){
throw( new SecurityException( "Thread.stop operation prohibited"));
}
if ( old_sec_man != null ){
old_sec_man.checkPermission( perm );
}
}
public void
checkPermission(
Permission perm,
Object context)
{
if ( perm instanceof RuntimePermission && perm.getName().equals( "stopThread")){
throw( new SecurityException( "Thread.stop operation prohibited"));
}
if ( old_sec_man != null ){
old_sec_man.checkPermission( perm, context );
}
}
});
}catch( Throwable e ){
Debug.printStackTrace(e);
}
|
| public javax.net.ssl.SSLSocketFactory | installServerCertificates(java.net.URL https_url)
try{
this_mon.enter();
String host = https_url.getHost();
int port = https_url.getPort();
if ( port == -1 ){
port = 443;
}
SSLSocket socket = null;
try{
// to get the server certs we have to use an "all trusting" trust manager
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
}
};
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
SSLSocketFactory factory = sc.getSocketFactory();
socket = (SSLSocket)factory.createSocket(host, port);
socket.startHandshake();
java.security.cert.Certificate[] serverCerts = socket.getSession().getPeerCertificates();
if ( serverCerts.length == 0 ){
return( null );
}
java.security.cert.Certificate cert = serverCerts[0];
java.security.cert.X509Certificate x509_cert;
if ( cert instanceof java.security.cert.X509Certificate ){
x509_cert = (java.security.cert.X509Certificate)cert;
}else{
java.security.cert.CertificateFactory cf = java.security.cert.CertificateFactory.getInstance("X.509");
x509_cert = (java.security.cert.X509Certificate)cf.generateCertificate(new ByteArrayInputStream(cert.getEncoded()));
}
String resource = https_url.toString();
int param_pos = resource.indexOf("?");
if ( param_pos != -1 ){
resource = resource.substring(0,param_pos);
}
// recalc - don't use port above as it may have been changed
String url_s = https_url.getProtocol() + "://" + https_url.getHost() + ":" + https_url.getPort() + "/";
Object[] handler = (Object[])certificate_handlers.get( url_s );
if ( handler != null ){
if (((SECertificateListener)handler[0]).trustCertificate( resource, x509_cert )){
String alias = host.concat(":").concat(String.valueOf(port));
return( addCertToTrustStore( alias, cert, true ));
}
}
for (int i=0;i<certificate_listeners.size();i++){
if (((SECertificateListener)certificate_listeners.get(i)).trustCertificate( resource, x509_cert )){
String alias = host.concat(":").concat(String.valueOf(port));
return( addCertToTrustStore( alias, cert, true ));
}
}
return( null );
}catch( Throwable e ){
Debug.printStackTrace( e );
return( null );
}finally{
if ( socket != null ){
try{
socket.close();
}catch( Throwable e ){
Debug.printStackTrace( e );
}
}
}
}finally{
this_mon.exit();
}
|
| public javax.net.ssl.SSLSocketFactory | installServerCertificates(java.lang.String alias, java.lang.String host, int port)
try{
this_mon.enter();
SSLSocket socket = null;
try{
// to get the server certs we have to use an "all trusting" trust manager
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
}
};
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
SSLSocketFactory factory = sc.getSocketFactory();
socket = (SSLSocket)factory.createSocket(host, port);
socket.startHandshake();
java.security.cert.Certificate[] serverCerts = socket.getSession().getPeerCertificates();
if ( serverCerts.length == 0 ){
return( null );
}
java.security.cert.Certificate cert = serverCerts[0];
java.security.cert.X509Certificate x509_cert;
if ( cert instanceof java.security.cert.X509Certificate ){
x509_cert = (java.security.cert.X509Certificate)cert;
}else{
java.security.cert.CertificateFactory cf = java.security.cert.CertificateFactory.getInstance("X.509");
x509_cert = (java.security.cert.X509Certificate)cf.generateCertificate(new ByteArrayInputStream(cert.getEncoded()));
}
return( addCertToTrustStore( alias, cert, false ));
}catch( Throwable e ){
Debug.printStackTrace( e );
return( null );
}finally{
if ( socket != null ){
try{
socket.close();
}catch( Throwable e ){
Debug.printStackTrace( e );
}
}
}
}finally{
this_mon.exit();
}
|
| protected java.security.KeyStore | loadKeyStore()
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
return( loadKeyStore( keyManagerFactory ));
|
| protected java.security.KeyStore | loadKeyStore(javax.net.ssl.KeyManagerFactory keyManagerFactory)
KeyStore key_store = KeyStore.getInstance( KEYSTORE_TYPE );
if ( !new File(keystore_name).exists()){
key_store.load(null,null);
}else{
InputStream kis = null;
try{
kis = new FileInputStream(keystore_name);
key_store.load(kis, SESecurityManager.SSL_PASSWORD.toCharArray());
}finally{
if ( kis != null ){
kis.close();
}
}
}
keyManagerFactory.init(key_store, SESecurityManager.SSL_PASSWORD.toCharArray());
return( key_store );
|
| public static void | main(java.lang.String[] args)
SESecurityManagerImpl man = SESecurityManagerImpl.getSingleton();
man.initialise();
try{
man.createSelfSignedCertificate( "SomeAlias", "CN=fred,OU=wap,O=wip,L=here,ST=there,C=GB", 1000 );
}catch( Throwable e ){
Debug.printStackTrace( e );
}
|
| public void | removeCertificateListener(SECertificateListener l)
try{
this_mon.enter();
certificate_listeners.remove(l);
}finally{
this_mon.exit();
}
|
| public void | removePasswordListener(SEPasswordListener l)
try{
this_mon.enter();
password_listeners.remove(l);
}finally{
this_mon.exit();
}
|
| public void | setCertificateHandler(java.net.URL url, SECertificateListener l)
String url_s = url.getProtocol() + "://" + url.getHost() + ":" + url.getPort() + "/";
if ( l == null ){
certificate_handlers.remove( url_s );
}else{
certificate_handlers.put( url_s, new Object[]{ l, url });
}
|
| public void | setPasswordAuthenticationOutcome(java.lang.String realm, java.net.URL tracker, boolean success)
SEPasswordListener thread_listener = (SEPasswordListener)tls.get();
if ( thread_listener != null ){
thread_listener.setAuthenticationOutcome(realm, tracker, success);
}
Iterator it = password_listeners.iterator();
while( it.hasNext()){
((SEPasswordListener)it.next()).setAuthenticationOutcome( realm, tracker, success );
}
|
| public void | setPasswordHandler(java.net.URL url, SEPasswordListener l)
String url_s = url.getProtocol() + "://" + url.getHost() + ":" + url.getPort() + "/";
if ( l == null ){
password_handlers.remove( url_s );
}else{
password_handlers.put( url_s, new Object[]{ l, url });
}
|
| public void | setThreadPasswordHandler(SEPasswordListener l)
tls.set( l );
|
| public void | unsetThreadPasswordHandler()
tls.set( null );
|
