FileDocCategorySizeDatePackage
JSSESupport.javaAPI DocApache Tomcat 6.0.147955Fri Jul 20 04:20:36 BST 2007org.apache.tomcat.util.net.jsse

JSSESupport

public class JSSESupport extends Object implements org.apache.tomcat.util.net.SSLSupport
JSSESupport Concrete implementation class for JSSE Support classes. This will only work with JDK 1.2 and up since it depends on JDK 1.2's certificate support
author
EKR
author
Craig R. McClanahan
author
Filip Hanik Parts cribbed from JSSECertCompat Parts cribbed from CertificatesValve

Fields Summary
private static org.apache.juli.logging.Log
log
protected SSLSocket
ssl
protected SSLSession
session
Listener
listener
Constructors Summary
JSSESupport(SSLSocket sock)


     
        ssl=sock;
        session = sock.getSession();
        sock.addHandshakeCompletedListener(listener);
JSSESupport(SSLSession session)

        this.session = session;
Methods Summary
public java.lang.StringgetCipherSuite()

        // Look up the current SSLSession
        if (session == null)
            return null;
        return session.getCipherSuite();
public java.lang.IntegergetKeySize()
Copied from org.apache.catalina.valves.CertificateValve

        // Look up the current SSLSession
        SSLSupport.CipherData c_aux[]=ciphers;
        if (session == null)
            return null;
        Integer keySize = (Integer) session.getValue(KEY_SIZE_KEY);
        if (keySize == null) {
            int size = 0;
            String cipherSuite = session.getCipherSuite();
            for (int i = 0; i < c_aux.length; i++) {
                if (cipherSuite.indexOf(c_aux[i].phrase) >= 0) {
                    size = c_aux[i].keySize;
                    break;
                }
            }
            keySize = new Integer(size);
            session.putValue(KEY_SIZE_KEY, keySize);
        }
        return keySize;
public java.lang.Object[]getPeerCertificateChain()

        return getPeerCertificateChain(false);
public java.lang.Object[]getPeerCertificateChain(boolean force)

        // Look up the current SSLSession
        if (session == null)
            return null;

        // Convert JSSE's certificate format to the ones we need
	X509Certificate [] jsseCerts = null;
	try {
	    jsseCerts = session.getPeerCertificateChain();
	} catch(Exception bex) {
	    // ignore.
	}
	if (jsseCerts == null)
	    jsseCerts = new X509Certificate[0];
	if(jsseCerts.length <= 0 && force) {
	    session.invalidate();
	    handShake();
	    session = ssl.getSession();
	}
        return getX509Certificates(session);
public java.lang.StringgetSessionId()

        // Look up the current SSLSession
        if (session == null)
            return null;
        // Expose ssl_session (getId)
        byte [] ssl_session = session.getId();
        if ( ssl_session == null) 
            return null;
        StringBuffer buf=new StringBuffer("");
        for(int x=0; x<ssl_session.length; x++) {
            String digit=Integer.toHexString((int)ssl_session[x]);
            if (digit.length()<2) buf.append('0");
            if (digit.length()>2) digit=digit.substring(digit.length()-2);
            buf.append(digit);
        }
        return buf.toString();
protected java.security.cert.X509Certificate[]getX509Certificates(javax.net.ssl.SSLSession session)

        Certificate [] certs=null;
        try {
            certs = session.getPeerCertificates();
        } catch( Throwable t ) {
            log.debug("Error getting client certs",t);
            return null;
        }
        if( certs==null ) return null;
        
        java.security.cert.X509Certificate [] x509Certs = 
            new java.security.cert.X509Certificate[certs.length];
        for(int i=0; i < certs.length; i++) {
            if (certs[i] instanceof java.security.cert.X509Certificate ) {
                // always currently true with the JSSE 1.1.x
                x509Certs[i] = (java.security.cert.X509Certificate) certs[i];
            } else {
                try {
                    byte [] buffer = certs[i].getEncoded();
                    CertificateFactory cf =
                        CertificateFactory.getInstance("X.509");
                    ByteArrayInputStream stream =
                        new ByteArrayInputStream(buffer);
                    x509Certs[i] = (java.security.cert.X509Certificate) cf.generateCertificate(stream);
                } catch(Exception ex) { 
                    log.info("Error translating cert " + certs[i], ex);
                    return null;
                }
            }
            if(log.isTraceEnabled())
                log.trace("Cert #" + i + " = " + x509Certs[i]);
        }
        if(x509Certs.length < 1)
            return null;
        return x509Certs;
protected voidhandShake()

        if( ssl.getWantClientAuth() ) {
            log.debug("No client cert sent for want");
        } else {
            ssl.setNeedClientAuth(true);
        }

        InputStream in = ssl.getInputStream();
        int oldTimeout = ssl.getSoTimeout();
        ssl.setSoTimeout(1000);
        byte[] b = new byte[0];
        listener.reset();
        ssl.startHandshake();
        int maxTries = 60; // 60 * 1000 = example 1 minute time out
        for (int i = 0; i < maxTries; i++) {
        if(log.isTraceEnabled())
            log.trace("Reading for try #" +i);
            try {
                int x = in.read(b);
            } catch(SSLException sslex) {
                log.info("SSL Error getting client Certs",sslex);
                throw sslex;
            } catch (IOException e) {
                // ignore - presumably the timeout
            }
            if (listener.completed) {
                break;
            }
        }
        ssl.setSoTimeout(oldTimeout);
        if (listener.completed == false) {
            throw new SocketException("SSL Cert handshake timeout");
        }