File Doc Category Size Date Package
JSSE14SocketFactory.java API Doc Glassfish v2 API 14895 Fri May 04 22:33:16 BST 2007 org.apache.tomcat.util.net.jsse

JSSE14SocketFactory

java.lang.Object
- JSSESocketFactory

public class JSSE14SocketFactory extends JSSESocketFactory

SSL server socket factory. It _requires_ a valid RSA key and JSSE.

author: Harish Prabandham
author: Costin Manolache
author: Stefan Freyr Stefansson
author: EKR -- renamed to JSSESocketFactory
author: Jan Luehe

Fields Summary
private static org.apache.tomcat.util.res.StringManager
sm
Constructors Summary
public JSSE14SocketFactory()
Methods Summary
private void configureSSLSessionContext(javax.net.ssl.SSLSessionContext sslSessionCtxt)
String attrValue = (String) attributes.get("sslSessionTimeout"); if (attrValue != null) { sslSessionCtxt.setSessionTimeout( Integer.valueOf(attrValue).intValue()); } attrValue = (String) attributes.get("ssl3SessionTimeout"); if (attrValue != null) { sslSessionCtxt.setSessionTimeout( Integer.valueOf(attrValue).intValue()); } attrValue = (String) attributes.get("sslSessionCacheSize"); if (attrValue != null) { sslSessionCtxt.setSessionCacheSize( Integer.valueOf(attrValue).intValue()); }
protected java.util.Collection getCRLs(java.lang.String crlf)
Load the collection of CRLs.
File crlFile = new File(crlf); if (!crlFile.isAbsolute()) { crlFile = new File(System.getProperty("catalina.base"), crlf); } Collection<? extends CRL> crls = null; InputStream is = null; try { CertificateFactory cf = CertificateFactory.getInstance("X.509"); is = new FileInputStream(crlFile); crls = cf.generateCRLs(is); } catch(IOException iex) { throw iex; } catch(CRLException crle) { throw crle; } catch(CertificateException ce) { throw ce; } finally { if (is != null) { try { is.close(); } catch (Exception ex) { } } } return crls;
protected java.lang.String[] getEnabledProtocols(javax.net.ssl.SSLServerSocket socket, java.lang.String requestedProtocols)
String[] supportedProtocols = socket.getSupportedProtocols(); String[] enabledProtocols = null; if (requestedProtocols != null) { Vector vec = null; String protocol = requestedProtocols; int index = requestedProtocols.indexOf(',"); if (index != -1) { int fromIndex = 0; while (index != -1) { protocol = requestedProtocols.substring(fromIndex, index).trim(); if (protocol.length() > 0) { /* * Check to see if the requested protocol is among the * supported protocols, i.e., may be enabled */ for (int i=0; supportedProtocols != null && i<supportedProtocols.length; i++) { if (supportedProtocols[i].equals(protocol)) { if (vec == null) { vec = new Vector(); } vec.addElement(protocol); break; } } } fromIndex = index+1; index = requestedProtocols.indexOf(',", fromIndex); } // while protocol = requestedProtocols.substring(fromIndex); } if (protocol != null) { protocol = protocol.trim(); if (protocol.length() > 0) { /* * Check to see if the requested protocol is among the * supported protocols, i.e., may be enabled */ for (int i=0; supportedProtocols != null && i<supportedProtocols.length; i++) { if (supportedProtocols[i].equals(protocol)) { if (vec == null) { vec = new Vector(); } vec.addElement(protocol); break; } } } } if (vec != null) { enabledProtocols = new String[vec.size()]; vec.copyInto(enabledProtocols); } } return enabledProtocols;
protected javax.net.ssl.KeyManager[] getKeyManagers(java.lang.String algorithm, java.lang.String keyAlias)
Gets the initialized key managers.
KeyManager[] kms = null; String keystorePass = getKeystorePassword(); KeyStore ks = getKeystore(keystorePass); if (keyAlias != null && !ks.isKeyEntry(keyAlias)) { throw new IOException(sm.getString("jsse.alias_no_key_entry", keyAlias)); } KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm); kmf.init(ks, keystorePass.toCharArray()); kms = kmf.getKeyManagers(); if (keyAlias != null) { // START SJSAS 6266949 /* if (JSSESocketFactory.defaultKeystoreType.equals(keystoreType)) { keyAlias = keyAlias.toLowerCase(); } */ //END SJSAS 6266949 for(int i=0; i<kms.length; i++) { kms[i] = new JSSEKeyManager((X509KeyManager)kms[i], keyAlias); } } return kms;
protected java.security.cert.CertPathParameters getParameters(java.lang.String algorithm, java.lang.String crlf, java.security.KeyStore trustStore)
Return the initialization parameters for the TrustManager. Currently, only the default PKIX is supported.
param
algorithm The algorithm to get parameters for.
param
crlf The path to the CRL file.
param
trustStore The configured TrustStore.
return
The parameters including the CRLs and TrustStore.
CertPathParameters params = null; if ("PKIX".equalsIgnoreCase(algorithm)) { PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore, new X509CertSelector()); Collection crls = getCRLs(crlf); CertStoreParameters csp = new CollectionCertStoreParameters(crls); CertStore store = CertStore.getInstance("Collection", csp); xparams.addCertStore(store); xparams.setRevocationEnabled(true); String trustLength = (String)attributes.get("trustMaxCertLength"); if (trustLength != null) { try { xparams.setMaxPathLength(Integer.parseInt(trustLength)); } catch(Exception ex) { log.warn("Bad maxCertLength: " + trustLength); } } params = xparams; } else { throw new CRLException("CRLs not supported for type: " + algorithm); } return params;
protected javax.net.ssl.TrustManager[] getTrustManagers(java.lang.String algorithm)
Gets the intialized trust managers.
String crlf = (String) attributes.get("crlFile"); TrustManager[] tms = null; KeyStore trustStore = getTrustStore(); if (trustStore != null) { if (crlf == null) { TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm); tmf.init(trustStore); tms = tmf.getTrustManagers(); } else { TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm); CertPathParameters params = getParameters(algorithm, crlf, trustStore); ManagerFactoryParameters mfp = new CertPathTrustManagerParameters(params); tmf.init(mfp); tms = tmf.getTrustManagers(); } } return tms;
public void init()
Reads the keystore and initializes the SSL socket factory.
// END SJSAS 6439313 try { String clientAuthStr = (String) attributes.get("clientauth"); if (clientAuthStr != null){ clientAuth = Boolean.valueOf(clientAuthStr).booleanValue(); } // SSL protocol variant (e.g., TLS, SSL v3, etc.) String protocol = (String) attributes.get("protocol"); if (protocol == null) { protocol = defaultProtocol; } // Certificate encoding algorithm (e.g., SunX509) String algorithm = (String) attributes.get("algorithm"); if (algorithm == null) { algorithm = defaultAlgorithm; } // Create and init SSLContext /* SJSAS 6439313 SSLContext context = SSLContext.getInstance(protocol); */ // START SJSAS 6439313 context = SSLContext.getInstance(protocol); // END SJSAS 6439313 // Configure SSL session timeout and cache size configureSSLSessionContext(context.getServerSessionContext()); String trustAlgorithm = (String)attributes.get("truststoreAlgorithm"); if (trustAlgorithm == null) { trustAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); } context.init(getKeyManagers(algorithm, (String) attributes.get("keyAlias")), getTrustManagers(trustAlgorithm), new SecureRandom()); // create proxy sslProxy = context.getServerSocketFactory(); // Determine which cipher suites to enable String requestedCiphers = (String)attributes.get("ciphers"); if (requestedCiphers != null) { enabledCiphers = getEnabledCiphers(requestedCiphers, sslProxy.getSupportedCipherSuites()); } } catch(Exception e) { if( e instanceof IOException ) throw (IOException)e; throw new IOException(e.getMessage()); }
protected void setEnabledProtocols(javax.net.ssl.SSLServerSocket socket, java.lang.String[] protocols)
if (protocols != null) { socket.setEnabledProtocols(protocols); }