File Doc Category Size Date Package
JSSESupport.java API Doc Glassfish v2 API 7878 Fri May 04 22:33:16 BST 2007 org.apache.tomcat.util.net.jsse

JSSESupport

java.lang.Object

public class JSSESupport extends Object implements org.apache.tomcat.util.net.SSLSupport

Fields Summary
private static com.sun.org.apache.commons.logging.Log
log
protected SSLSocket
ssl
protected SSLEngine
sslEngine
The SSLEngine used to support SSL over NIO.
protected SSLSession
session
The SSLSession contains SSL information.
Constructors Summary
JSSESupport(SSLSocket sock)
// END SJSAS 6439313 ssl=sock; // START SJSAS 6439313 session = ssl.getSession(); // END SJSAS 6439313
JSSESupport(SSLEngine sslEngine)
this.sslEngine = sslEngine; session = sslEngine.getSession();
Methods Summary
public java.lang.String getCipherSuite()
// Look up the current SSLSession /* SJSAS 6439313 SSLSession session = ssl.getSession(); */ if (session == null) return null; return session.getCipherSuite();
public java.lang.Integer getKeySize()
Copied from org.apache.catalina.valves.CertificateValve
// Look up the current SSLSession /* SJSAS 6439313 SSLSession session = ssl.getSession(); */ SSLSupport.CipherData c_aux[]=ciphers; if (session == null) return null; Integer keySize = (Integer) session.getValue(KEY_SIZE_KEY); if (keySize == null) { int size = 0; String cipherSuite = session.getCipherSuite(); for (int i = 0; i < c_aux.length; i++) { if (cipherSuite.indexOf(c_aux[i].phrase) >= 0) { size = c_aux[i].keySize; break; } } keySize = Integer.valueOf(size); session.putValue(KEY_SIZE_KEY, keySize); } return keySize;
public java.lang.Object[] getPeerCertificateChain()
return getPeerCertificateChain(false);
public java.lang.Object[] getPeerCertificateChain(boolean force)
// Look up the current SSLSession /* SJSAS 6439313 SSLSession session = ssl.getSession(); */ if (session == null) return null; // Convert JSSE's certificate format to the ones we need X509Certificate [] jsseCerts = null; try { jsseCerts = session.getPeerCertificateChain(); } catch(Exception bex) { // ignore. } if (jsseCerts == null) jsseCerts = new X509Certificate[0]; if(jsseCerts.length <= 0 && force) { session.invalidate(); handShake(); /* SJSAS 6439313 session = ssl.getSession(); */ // START SJSAS 6439313 if ( ssl == null) session = sslEngine.getSession(); else session = ssl.getSession(); // END SJSAS 6439313 } return getX509Certificates(session);
public java.lang.String getSessionId()
// Look up the current SSLSession /* SJSAS 6439313 SSLSession session = ssl.getSession(); */ if (session == null) return null; // Expose ssl_session (getId) byte [] ssl_session = session.getId(); if ( ssl_session == null) return null; StringBuffer buf=new StringBuffer(""); for(int x=0; x<ssl_session.length; x++) { String digit=Integer.toHexString((int)ssl_session[x]); if (digit.length()<2) buf.append('0"); if (digit.length()>2) digit=digit.substring(digit.length()-2); buf.append(digit); } return buf.toString();
protected java.security.cert.X509Certificate[] getX509Certificates(javax.net.ssl.SSLSession session)
X509Certificate jsseCerts[] = null; try{ jsseCerts = session.getPeerCertificateChain(); } catch (Throwable ex){ // Get rid of the warning in the logs when no Client-Cert is // available } if(jsseCerts == null) jsseCerts = new X509Certificate[0]; java.security.cert.X509Certificate [] x509Certs = new java.security.cert.X509Certificate[jsseCerts.length]; for (int i = 0; i < x509Certs.length; i++) { try { byte buffer[] = jsseCerts[i].getEncoded(); CertificateFactory cf = CertificateFactory.getInstance("X.509"); ByteArrayInputStream stream = new ByteArrayInputStream(buffer); x509Certs[i] = (java.security.cert.X509Certificate) cf.generateCertificate(stream); if(log.isTraceEnabled()) log.trace("Cert #" + i + " = " + x509Certs[i]); } catch(Exception ex) { log.info("Error translating " + jsseCerts[i], ex); return null; } } if ( x509Certs.length < 1 ) return null; return x509Certs;
protected void handShake()
ssl.setNeedClientAuth(true); ssl.startHandshake();