FileDocCategorySizeDatePackage
PureTLSSocketFactory.javaAPI DocApache Tomcat 6.0.147373Fri Jul 20 04:20:32 BST 2007org.apache.tomcat.util.net.puretls

PureTLSSocketFactory

public class PureTLSSocketFactory extends org.apache.tomcat.util.net.ServerSocketFactory
SSL server socket factory--wraps PureTLS
author
Eric Rescorla some sections of this file cribbed from SSLSocketFactory (the JSSE socket factory)

Fields Summary
static Log
logger
static String
defaultProtocol
static boolean
defaultClientAuth
static String
defaultKeyStoreFile
static String
defaultKeyPass
static String
defaultRootFile
static String
defaultRandomFile
private COM.claymoresystems.ptls.SSLContext
context
Constructors Summary
public PureTLSSocketFactory()

    
      
    
Methods Summary
public java.net.SocketacceptSocket(java.net.ServerSocket socket)

	try {
	    Socket sock=socket.accept();
	    return sock;
	} catch (SSLException e){
            logger.debug("SSL handshake error",e);
            throw new SocketException("SSL handshake error" + e.toString());
	}
    
public java.net.ServerSocketcreateSocket(int port)

	init();
	return new SSLServerSocket(context,port);
    
public java.net.ServerSocketcreateSocket(int port, int backlog)

	init();
	ServerSocket tmp;
	
	try {
	    tmp=new SSLServerSocket(context,port,backlog);
	}
	catch (IOException e){
	    throw e;
	}
	return tmp;
    
public java.net.ServerSocketcreateSocket(int port, int backlog, java.net.InetAddress ifAddress)

	init();
	return new SSLServerSocket(context,port,backlog,ifAddress);
    
private short[]getEnabledCiphers(short[] supportedCiphers)


        short [] enabledCiphers = null;

        String attrValue = (String)attributes.get("ciphers");
        if (attrValue != null) {
            Vector vec = null;
            int fromIndex = 0;
            int index = attrValue.indexOf(',", fromIndex);
            while (index != -1) {
                String cipher = attrValue.substring(fromIndex, index).trim();
                int cipherValue = SSLPolicyInt.getCipherSuiteNumber(cipher);                
                /*
                 * Check to see if the requested cipher is among the supported
                 * ciphers, i.e., may be enabled
                 */
                if( cipherValue >= 0) {
                    for (int i=0; supportedCiphers != null
                             && i<supportedCiphers.length; i++) {

                        if (cipherValue == supportedCiphers[i]) {
                            if (vec == null) {
                                vec = new Vector();
                            }
                            vec.addElement(new Integer(cipherValue));
                            break;
                        }
                    }
                }
                fromIndex = index+1;
                index = attrValue.indexOf(',", fromIndex);
            }

            if (vec != null) {
                int nCipher = vec.size();
                enabledCiphers = new short[nCipher];
                for(int i=0; i < nCipher; i++) {
                    Integer value = (Integer)vec.elementAt(i);
                    enabledCiphers[i] = value.shortValue();
                }
            }
        }

        return enabledCiphers;

    
public voidhandshake(java.net.Socket sock)

	((SSLSocket)sock).handshake();
    
private voidinit()

	if(context!=null)
	    return;
	
	boolean clientAuth=defaultClientAuth;

	try {
	    String keyStoreFile=(String)attributes.get("keystore");
	    if(keyStoreFile==null) keyStoreFile=defaultKeyStoreFile;
	    
	    String keyPass=(String)attributes.get("keypass");
	    if(keyPass==null) keyPass=defaultKeyPass;
	    
	    String rootFile=(String)attributes.get("rootfile");
	    if(rootFile==null) rootFile=defaultRootFile;

	    String randomFile=(String)attributes.get("randomfile");
	    if(randomFile==null) randomFile=defaultRandomFile;
	    
	    String protocol=(String)attributes.get("protocol");
	    if(protocol==null) protocol=defaultProtocol;

	    String clientAuthStr=(String)attributes.get("clientauth");
	    if(clientAuthStr != null){
		if(clientAuthStr.equals("true")){
		    clientAuth=true;
		} else if(clientAuthStr.equals("false")) {
		    clientAuth=false;
		} else {
		    throw new IOException("Invalid value '" +
					  clientAuthStr + 
					  "' for 'clientauth' parameter:");
		}
	    }

            SSLContext tmpContext=new SSLContext();
            try {
                tmpContext.loadRootCertificates(rootFile);
            } catch(IOException iex) {
                if(logger.isDebugEnabled())
                    logger.debug("Error loading Client Root Store: " + 
                                 rootFile,iex);
            }
            tmpContext.loadEAYKeyFile(keyStoreFile,keyPass);
	    tmpContext.useRandomnessFile(randomFile,keyPass);
	    
	    SSLPolicyInt policy=new SSLPolicyInt();
	    policy.requireClientAuth(clientAuth);
            policy.handshakeOnConnect(false);
            policy.waitOnClose(false);
            short [] enabledCiphers = getEnabledCiphers(policy.getCipherSuites());
            if( enabledCiphers != null ) {
                policy.setCipherSuites(enabledCiphers);
            }
            tmpContext.setPolicy(policy);
	    context=tmpContext;
	} catch (Exception e){
	    logger.info("Error initializing SocketFactory",e);
	    throw new IOException(e.getMessage());
	}