axis-rt-core/src/main/java/org/apache/axis/components/net/SunJSSESocketFactory.java - axis-axis1-java - Git at Google

 /*
  * Copyright 2001-2004 The Apache Software Foundation.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.axis.components.net;

 import java.io.FileInputStream;
 import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.io.InputStream;
 import java.security.KeyStore;
 import java.security.Security;
 import java.util.Hashtable;

 import com.sun.net.ssl.SSLContext;

 /**
  * SSL socket factory. It _requires_ a valid RSA key and
  * JSSE. (borrowed code from tomcat)
  *
  * @author Davanum Srinivas (dims@yahoo.com)
  */
 public class SunJSSESocketFactory extends JSSESocketFactory implements SecureSocketFactory {

     /** Field keystoreType           */
     private String keystoreType;

     /** Field defaultKeystoreType           */
     static String defaultKeystoreType = "JKS";

     /** Field defaultProtocol           */
     static String defaultProtocol = "TLS";

     /** Field defaultAlgorithm           */
     static String defaultAlgorithm = "SunX509";

     /** Field defaultClientAuth           */
     static boolean defaultClientAuth = false;

     /** Field clientAuth           */
     private boolean clientAuth = false;

     /** Field defaultKeystoreFile           */
     static String defaultKeystoreFile =
         System.getProperty("user.home") + "/.keystore";

     /** Field defaultKeyPass           */
     static String defaultKeyPass = "changeit";

     /**
      * Constructor JSSESocketFactory
      *
      * @param attributes
      */
     public SunJSSESocketFactory(Hashtable attributes) {
         super(attributes);
     }

     /**
      * Read the keystore, init the SSL socket factory
      *
      * @throws IOException
      */
     protected void initFactory() throws IOException {

         try {
             Security.addProvider(new sun.security.provider.Sun());
             Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());

             //Configuration specified in wsdd.
             SSLContext context = getContext();
             sslFactory = context.getSocketFactory();
         } catch (Exception e) {
             if (e instanceof IOException) {
                 throw (IOException) e;
             }
             throw new IOException(e.getMessage());
         }
     }

     /**
      * gets a SSL Context
      *
      * @return SSLContext
      * @throws Exception
      */
     protected SSLContext getContext() throws Exception {

         if(attributes == null) {
             SSLContext context =
                     com.sun.net.ssl.SSLContext.getInstance("SSL");    // SSL
             // init context with the key managers
             context.init(null, null, null);
             return context;
         }

         // Please don't change the name of the attribute - other
         // software may depend on it ( j2ee for sure )
         String keystoreFile = (String) attributes.get("keystore");
         if (keystoreFile == null) {
             keystoreFile = defaultKeystoreFile;
         }

         keystoreType = (String) attributes.get("keystoreType");
         if (keystoreType == null) {
             keystoreType = defaultKeystoreType;
         }

         // determine whether we want client authentication
         // the presence of the attribute enables client auth
         clientAuth = null != (String) attributes.get("clientauth");
         String keyPass = (String) attributes.get("keypass");
         if (keyPass == null) {
             keyPass = defaultKeyPass;
         }

         String keystorePass = (String) attributes.get("keystorePass");
         if (keystorePass == null) {
             keystorePass = keyPass;
         }

         // protocol for the SSL ie - TLS, SSL v3 etc.
         String protocol = (String) attributes.get("protocol");
         if (protocol == null) {
             protocol = defaultProtocol;
         }

         // Algorithm used to encode the certificate ie - SunX509
         String algorithm = (String) attributes.get("algorithm");
         if (algorithm == null) {
             algorithm = defaultAlgorithm;
         }

         // You can't use ssl without a server certificate.
         // Create a KeyStore ( to get server certs )
         KeyStore kstore = initKeyStore(keystoreFile, keystorePass);

         // Key manager will extract the server key
         com.sun.net.ssl.KeyManagerFactory kmf =
                 com.sun.net.ssl.KeyManagerFactory.getInstance(algorithm);

         kmf.init(kstore, keyPass.toCharArray());

         // If client authentication is needed, set up TrustManager
         com.sun.net.ssl.TrustManager[] tm = null;

         if (clientAuth) {
             com.sun.net.ssl.TrustManagerFactory tmf =
                     com.sun.net.ssl.TrustManagerFactory.getInstance("SunX509");

             tmf.init(kstore);
             tm = tmf.getTrustManagers();
         }

         // Create a SSLContext ( to create the ssl factory )
         // This is the only way to use server sockets with JSSE 1.0.1
         SSLContext context =
                 com.sun.net.ssl.SSLContext.getInstance(protocol);    // SSL

         // init context with the key managers
         context.init(kmf.getKeyManagers(), tm,
                 new java.security.SecureRandom());
         return context;
     }

     /**
      * intializes a keystore.
      *
      * @param keystoreFile
      * @param keyPass
      *
      * @return keystore
      * @throws IOException
      */
     private KeyStore initKeyStore(String keystoreFile, String keyPass)
             throws IOException {
         try {
             KeyStore kstore = KeyStore.getInstance(keystoreType);

             InputStream istream = new FileInputStream(keystoreFile);
             kstore.load(istream, keyPass.toCharArray());
             return kstore;
         } catch (FileNotFoundException fnfe) {
             throw fnfe;
         } catch (IOException ioe) {
             throw ioe;
         } catch (Exception ex) {
             ex.printStackTrace();
             throw new IOException("Exception trying to load keystore "
                     + keystoreFile + ": " + ex.getMessage());
         }
     }
 }
	/*
	* Copyright 2001-2004 The Apache Software Foundation.
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.axis.components.net;

	import java.io.FileInputStream;
	import java.io.FileNotFoundException;
	import java.io.IOException;
	import java.io.InputStream;
	import java.security.KeyStore;
	import java.security.Security;
	import java.util.Hashtable;

	import com.sun.net.ssl.SSLContext;

	/**
	* SSL socket factory. It _requires_ a valid RSA key and
	* JSSE. (borrowed code from tomcat)
	*
	* @author Davanum Srinivas (dims@yahoo.com)
	*/
	public class SunJSSESocketFactory extends JSSESocketFactory implements SecureSocketFactory {

	/** Field keystoreType */
	private String keystoreType;

	/** Field defaultKeystoreType */
	static String defaultKeystoreType = "JKS";

	/** Field defaultProtocol */
	static String defaultProtocol = "TLS";

	/** Field defaultAlgorithm */
	static String defaultAlgorithm = "SunX509";

	/** Field defaultClientAuth */
	static boolean defaultClientAuth = false;

	/** Field clientAuth */
	private boolean clientAuth = false;

	/** Field defaultKeystoreFile */
	static String defaultKeystoreFile =
	System.getProperty("user.home") + "/.keystore";

	/** Field defaultKeyPass */
	static String defaultKeyPass = "changeit";

	/**
	* Constructor JSSESocketFactory
	*
	* @param attributes
	*/
	public SunJSSESocketFactory(Hashtable attributes) {
	super(attributes);
	}

	/**
	* Read the keystore, init the SSL socket factory
	*
	* @throws IOException
	*/
	protected void initFactory() throws IOException {

	try {
	Security.addProvider(new sun.security.provider.Sun());
	Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());

	//Configuration specified in wsdd.
	SSLContext context = getContext();
	sslFactory = context.getSocketFactory();
	} catch (Exception e) {
	if (e instanceof IOException) {
	throw (IOException) e;
	}
	throw new IOException(e.getMessage());
	}
	}

	/**
	* gets a SSL Context
	*
	* @return SSLContext
	* @throws Exception
	*/
	protected SSLContext getContext() throws Exception {

	if(attributes == null) {
	SSLContext context =
	com.sun.net.ssl.SSLContext.getInstance("SSL"); // SSL
	// init context with the key managers
	context.init(null, null, null);
	return context;
	}

	// Please don't change the name of the attribute - other
	// software may depend on it ( j2ee for sure )
	String keystoreFile = (String) attributes.get("keystore");
	if (keystoreFile == null) {
	keystoreFile = defaultKeystoreFile;
	}

	keystoreType = (String) attributes.get("keystoreType");
	if (keystoreType == null) {
	keystoreType = defaultKeystoreType;
	}

	// determine whether we want client authentication
	// the presence of the attribute enables client auth
	clientAuth = null != (String) attributes.get("clientauth");
	String keyPass = (String) attributes.get("keypass");
	if (keyPass == null) {
	keyPass = defaultKeyPass;
	}

	String keystorePass = (String) attributes.get("keystorePass");
	if (keystorePass == null) {
	keystorePass = keyPass;
	}

	// protocol for the SSL ie - TLS, SSL v3 etc.
	String protocol = (String) attributes.get("protocol");
	if (protocol == null) {
	protocol = defaultProtocol;
	}

	// Algorithm used to encode the certificate ie - SunX509
	String algorithm = (String) attributes.get("algorithm");
	if (algorithm == null) {
	algorithm = defaultAlgorithm;
	}

	// You can't use ssl without a server certificate.
	// Create a KeyStore ( to get server certs )
	KeyStore kstore = initKeyStore(keystoreFile, keystorePass);

	// Key manager will extract the server key
	com.sun.net.ssl.KeyManagerFactory kmf =
	com.sun.net.ssl.KeyManagerFactory.getInstance(algorithm);

	kmf.init(kstore, keyPass.toCharArray());

	// If client authentication is needed, set up TrustManager
	com.sun.net.ssl.TrustManager[] tm = null;

	if (clientAuth) {
	com.sun.net.ssl.TrustManagerFactory tmf =
	com.sun.net.ssl.TrustManagerFactory.getInstance("SunX509");

	tmf.init(kstore);
	tm = tmf.getTrustManagers();
	}

	// Create a SSLContext ( to create the ssl factory )
	// This is the only way to use server sockets with JSSE 1.0.1
	SSLContext context =
	com.sun.net.ssl.SSLContext.getInstance(protocol); // SSL

	// init context with the key managers
	context.init(kmf.getKeyManagers(), tm,
	new java.security.SecureRandom());
	return context;
	}

	/**
	* intializes a keystore.
	*
	* @param keystoreFile
	* @param keyPass
	*
	* @return keystore
	* @throws IOException
	*/
	private KeyStore initKeyStore(String keystoreFile, String keyPass)
	throws IOException {
	try {
	KeyStore kstore = KeyStore.getInstance(keystoreType);

	InputStream istream = new FileInputStream(keystoreFile);
	kstore.load(istream, keyPass.toCharArray());
	return kstore;
	} catch (FileNotFoundException fnfe) {
	throw fnfe;
	} catch (IOException ioe) {
	throw ioe;
	} catch (Exception ex) {
	ex.printStackTrace();
	throw new IOException("Exception trying to load keystore "
	+ keystoreFile + ": " + ex.getMessage());
	}
	}
	}