excludes="**/CVS/**,**/.svn/**">
<!-- Comment this in to show unchecked warnings: <compilerarg value="-Xlint:unchecked"/> -->
<classpath refid="tomcat.classpath" />
- <exclude name="org/apache/tomcat/util/net/puretls/**" />
<exclude name="org/apache/naming/factory/webservices/**" />
</javac>
<tstamp>
org.apache.juli.logging.LogFactory.getLog(SSLImplementation.class);
// The default implementations in our search path
- private static final String PureTLSImplementationClass=
- "org.apache.tomcat.util.net.puretls.PureTLSImplementation";
private static final String JSSEImplementationClass=
"org.apache.tomcat.util.net.jsse.JSSEImplementation";
private static final String[] implementations=
{
- PureTLSImplementationClass,
JSSEImplementationClass
};
+++ /dev/null
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.tomcat.util.net.puretls;
-
-import java.net.Socket;
-
-import org.apache.tomcat.util.net.SSLImplementation;
-import org.apache.tomcat.util.net.SSLSupport;
-import org.apache.tomcat.util.net.ServerSocketFactory;
-
-import COM.claymoresystems.ptls.SSLSocket;
-
-/* PureTLSImplementation:
-
- Concrete implementation class for PureTLS
-
- @author EKR
-*/
-
-public class PureTLSImplementation extends SSLImplementation
-{
- public PureTLSImplementation() throws ClassNotFoundException {
- // Check to see if PureTLS is floating around somewhere
- Class.forName("COM.claymoresystems.ptls.SSLContext");
- }
-
- public String getImplementationName(){
- return "PureTLS";
- }
-
- public ServerSocketFactory getServerSocketFactory()
- {
- return new PureTLSSocketFactory();
- }
-
- public SSLSupport getSSLSupport(Socket s)
- {
- return new PureTLSSupport((SSLSocket)s);
- }
-
-
-
-}
+++ /dev/null
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.tomcat.util.net.puretls;
-
-import java.io.IOException;
-
-/*
- * PureTLSSocket.java
- *
- * Wraps COM.claymoresystems.ptls.SSLSocket
- *
- * This class translates PureTLS's interfaces into those
- * expected by Tomcat
- *
- * @author Eric Rescorla
- *
- */
-
-public class PureTLSSocket extends COM.claymoresystems.ptls.SSLSocket
-{
- // The only constructor we need here is the no-arg
- // constructor since this class is only used with
- // implAccept
- public PureTLSSocket() throws IOException {
- super();
- }
-}
-
+++ /dev/null
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.tomcat.util.net.puretls;
-
-import java.io.IOException;
-import java.net.InetAddress;
-import java.net.ServerSocket;
-import java.net.Socket;
-import java.net.SocketException;
-import java.util.Vector;
-
-import COM.claymoresystems.ptls.SSLContext;
-import COM.claymoresystems.ptls.SSLException;
-import COM.claymoresystems.ptls.SSLServerSocket;
-import COM.claymoresystems.ptls.SSLSocket;
-import COM.claymoresystems.sslg.SSLPolicyInt;
-
-/**
- * SSL server socket factory--wraps PureTLS
- *
- * @author Eric Rescorla
- *
- * some sections of this file cribbed from SSLSocketFactory
- * (the JSSE socket factory)
- *
- */
-
-public class PureTLSSocketFactory
- extends org.apache.tomcat.util.net.ServerSocketFactory
-{
- static org.apache.commons.logging.Log logger =
- org.apache.commons.logging.LogFactory.getLog(PureTLSSocketFactory.class);
- static String defaultProtocol = "TLS";
- static boolean defaultClientAuth = false;
- static String defaultKeyStoreFile = "server.pem";
- static String defaultKeyPass = "password";
- static String defaultRootFile = "root.pem";
- static String defaultRandomFile = "random.pem";
-
- private COM.claymoresystems.ptls.SSLContext context=null;
-
- public PureTLSSocketFactory() {
- }
-
- public ServerSocket createSocket(int port)
- throws IOException
- {
- init();
- return new SSLServerSocket(context,port);
- }
-
- public ServerSocket createSocket(int port, int backlog)
- throws IOException
- {
- init();
- ServerSocket tmp;
-
- try {
- tmp=new SSLServerSocket(context,port,backlog);
- }
- catch (IOException e){
- throw e;
- }
- return tmp;
- }
-
- public ServerSocket createSocket(int port, int backlog,
- InetAddress ifAddress)
- throws IOException
- {
- init();
- return new SSLServerSocket(context,port,backlog,ifAddress);
- }
-
- private void init()
- throws IOException
- {
- if(context!=null)
- return;
-
- boolean clientAuth=defaultClientAuth;
-
- try {
- String keyStoreFile=(String)attributes.get("keystore");
- if(keyStoreFile==null) keyStoreFile=defaultKeyStoreFile;
-
- String keyPass=(String)attributes.get("keypass");
- if(keyPass==null) keyPass=defaultKeyPass;
-
- String rootFile=(String)attributes.get("rootfile");
- if(rootFile==null) rootFile=defaultRootFile;
-
- String randomFile=(String)attributes.get("randomfile");
- if(randomFile==null) randomFile=defaultRandomFile;
-
- String protocol=(String)attributes.get("protocol");
- if(protocol==null) protocol=defaultProtocol;
-
- String clientAuthStr=(String)attributes.get("clientauth");
- if(clientAuthStr != null){
- if(clientAuthStr.equals("true")){
- clientAuth=true;
- } else if(clientAuthStr.equals("false")) {
- clientAuth=false;
- } else {
- throw new IOException("Invalid value '" +
- clientAuthStr +
- "' for 'clientauth' parameter:");
- }
- }
-
- SSLContext tmpContext=new SSLContext();
- try {
- tmpContext.loadRootCertificates(rootFile);
- } catch(IOException iex) {
- if(logger.isDebugEnabled())
- logger.debug("Error loading Client Root Store: " +
- rootFile,iex);
- }
- tmpContext.loadEAYKeyFile(keyStoreFile,keyPass);
- tmpContext.useRandomnessFile(randomFile,keyPass);
-
- SSLPolicyInt policy=new SSLPolicyInt();
- policy.requireClientAuth(clientAuth);
- policy.handshakeOnConnect(false);
- policy.waitOnClose(false);
- short [] enabledCiphers = getEnabledCiphers(policy.getCipherSuites());
- if( enabledCiphers != null ) {
- policy.setCipherSuites(enabledCiphers);
- }
- tmpContext.setPolicy(policy);
- context=tmpContext;
- } catch (Exception e){
- logger.info("Error initializing SocketFactory",e);
- throw new IOException(e.getMessage());
- }
- }
-
- /*
- * Determines the SSL cipher suites to be enabled.
- *
- * @return Array of SSL cipher suites to be enabled, or null if the
- * cipherSuites property was not specified (meaning that all supported
- * cipher suites are to be enabled)
- */
- private short [] getEnabledCiphers(short [] supportedCiphers) {
-
- short [] enabledCiphers = null;
-
- String attrValue = (String)attributes.get("ciphers");
- if (attrValue != null) {
- Vector vec = null;
- int fromIndex = 0;
- int index = attrValue.indexOf(',', fromIndex);
- while (index != -1) {
- String cipher = attrValue.substring(fromIndex, index).trim();
- int cipherValue = SSLPolicyInt.getCipherSuiteNumber(cipher);
- /*
- * Check to see if the requested cipher is among the supported
- * ciphers, i.e., may be enabled
- */
- if( cipherValue >= 0) {
- for (int i=0; supportedCiphers != null
- && i<supportedCiphers.length; i++) {
-
- if (cipherValue == supportedCiphers[i]) {
- if (vec == null) {
- vec = new Vector();
- }
- vec.addElement(new Integer(cipherValue));
- break;
- }
- }
- }
- fromIndex = index+1;
- index = attrValue.indexOf(',', fromIndex);
- }
-
- if (vec != null) {
- int nCipher = vec.size();
- enabledCiphers = new short[nCipher];
- for(int i=0; i < nCipher; i++) {
- Integer value = (Integer)vec.elementAt(i);
- enabledCiphers[i] = value.shortValue();
- }
- }
- }
-
- return enabledCiphers;
-
- }
-
- public Socket acceptSocket(ServerSocket socket)
- throws IOException
- {
- try {
- Socket sock=socket.accept();
- return sock;
- } catch (SSLException e){
- logger.debug("SSL handshake error",e);
- throw new SocketException("SSL handshake error" + e.toString());
- }
- }
-
- public void handshake(Socket sock)
- throws IOException
- {
- ((SSLSocket)sock).handshake();
- }
-}
-
-
-
-
-
+++ /dev/null
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.tomcat.util.net.puretls;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.util.Vector;
-
-import org.apache.tomcat.util.buf.HexUtils;
-import org.apache.tomcat.util.net.SSLSupport;
-
-import COM.claymoresystems.cert.X509Cert;
-import COM.claymoresystems.ptls.SSLSocket;
-import COM.claymoresystems.sslg.SSLPolicyInt;
-
-
-/* PureTLSSupport
-
- Concrete implementation class for PureTLS
- Support classes.
-
- This will only work with JDK 1.2 and up since it
- depends on JDK 1.2's certificate support
-
- @author EKR
-*/
-
-class PureTLSSupport implements SSLSupport {
- static org.apache.commons.logging.Log logger =
- org.apache.commons.logging.LogFactory.getLog(PureTLSSupport.class);
-
- private COM.claymoresystems.ptls.SSLSocket ssl;
-
- PureTLSSupport(SSLSocket sock){
- ssl=sock;
- }
-
- public String getCipherSuite() throws IOException {
- int cs=ssl.getCipherSuite();
- return SSLPolicyInt.getCipherSuiteName(cs);
- }
-
- public Object[] getPeerCertificateChain()
- throws IOException {
- return getPeerCertificateChain(false);
- }
-
- public Object[] getPeerCertificateChain(boolean force)
- throws IOException {
- Vector v=ssl.getCertificateChain();
-
- if(v == null && force) {
- SSLPolicyInt policy=new SSLPolicyInt();
- policy.requireClientAuth(true);
- policy.handshakeOnConnect(false);
- policy.waitOnClose(false);
- ssl.renegotiate(policy);
- v = ssl.getCertificateChain();
- }
-
- if(v==null)
- return null;
-
- java.security.cert.X509Certificate[] chain=
- new java.security.cert.X509Certificate[v.size()];
-
- try {
- for(int i=1;i<=v.size();i++){
- // PureTLS provides cert chains with the peer
- // cert last but the Servlet 2.3 spec (S 4.7) requires
- // the opposite order so we reverse the chain as we go
- byte buffer[]=((X509Cert)v.elementAt(
- v.size()-i)).getDER();
-
- CertificateFactory cf =
- CertificateFactory.getInstance("X.509");
- ByteArrayInputStream stream =
- new ByteArrayInputStream(buffer);
-
- X509Certificate xCert = (X509Certificate)cf.generateCertificate(stream);
- chain[i-1]= xCert;
- if(logger.isTraceEnabled()) {
- logger.trace("Cert # " + i + " = " + xCert);
- }
- }
- } catch (java.security.cert.CertificateException e) {
- logger.info("JDK's broken cert handling can't parse this certificate (which PureTLS likes)",e);
- throw new IOException("JDK's broken cert handling can't parse this certificate (which PureTLS likes)");
- }
- return chain;
- }
-
- /**
- * Lookup the symmetric key size.
- */
- public Integer getKeySize()
- throws IOException {
-
- int cs=ssl.getCipherSuite();
- String cipherSuite = SSLPolicyInt.getCipherSuiteName(cs);
- int size = 0;
- for (int i = 0; i < ciphers.length; i++) {
- if (cipherSuite.indexOf(ciphers[i].phrase) >= 0) {
- size = ciphers[i].keySize;
- break;
- }
- }
- Integer keySize = new Integer(size);
- return keySize;
- }
-
- public String getSessionId()
- throws IOException {
- byte [] ssl_session = ssl.getSessionID();
- if(ssl_session == null)
- return null;
- return HexUtils.convert(ssl_session);
- }
-
-}
-
-
-
-
-
-
-
projects / tomcat7.0 / commitdiff