httpasyncclient/src/main/java-deprecated/org/apache/http/nio/conn/ssl/SSLLayeringStrategy.java - httpasyncclient - Git at Google

 /*
  * ====================================================================
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  * ====================================================================
  *
  * This software consists of voluntary contributions made by many
  * individuals on behalf of the Apache Software Foundation.  For more
  * information on the Apache Software Foundation, please see
  * <http://www.apache.org/>.
  *
  */

 package org.apache.http.nio.conn.ssl;

 import java.net.InetSocketAddress;
 import java.security.KeyManagementException;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.security.UnrecoverableKeyException;
 import java.security.cert.Certificate;
 import java.security.cert.X509Certificate;

 import javax.net.ssl.KeyManager;
 import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLException;
 import javax.net.ssl.SSLSession;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.TrustManagerFactory;
 import javax.net.ssl.X509TrustManager;

 import org.apache.http.conn.ssl.BrowserCompatHostnameVerifier;
 import org.apache.http.conn.ssl.SSLContexts;
 import org.apache.http.conn.ssl.TrustStrategy;
 import org.apache.http.conn.ssl.X509HostnameVerifier;
 import org.apache.http.nio.conn.scheme.LayeringStrategy;
 import org.apache.http.nio.reactor.IOSession;
 import org.apache.http.nio.reactor.ssl.SSLIOSession;
 import org.apache.http.nio.reactor.ssl.SSLMode;
 import org.apache.http.nio.reactor.ssl.SSLSetupHandler;

 @Deprecated
 public class SSLLayeringStrategy implements LayeringStrategy {

     public static final String TLS   = "TLS";
     public static final String SSL   = "SSL";
     public static final String SSLV2 = "SSLv2";

     public static SSLLayeringStrategy getDefaultStrategy() {
         return new SSLLayeringStrategy(SSLContexts.createDefault());
     }

     public static SSLLayeringStrategy getSystemDefaultStrategy() {
         return new SSLLayeringStrategy(SSLContexts.createSystemDefault());
     }

     private final SSLContext sslContext;
     private final X509HostnameVerifier hostnameVerifier;

     private static SSLContext createSSLContext(
             final String algorithm,
             final KeyStore keystore,
             final String keystorePassword,
             final KeyStore truststore,
             final SecureRandom random,
             final TrustStrategy trustStrategy)
                 throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException, KeyManagementException {
         final String algo = algorithm != null ? algorithm : TLS;
         final KeyManagerFactory kmfactory = KeyManagerFactory.getInstance(
                 KeyManagerFactory.getDefaultAlgorithm());
         kmfactory.init(keystore, keystorePassword != null ? keystorePassword.toCharArray(): null);
         final KeyManager[] keymanagers =  kmfactory.getKeyManagers();
         final TrustManagerFactory tmfactory = TrustManagerFactory.getInstance(
                 TrustManagerFactory.getDefaultAlgorithm());
         tmfactory.init(truststore);
         final TrustManager[] trustmanagers = tmfactory.getTrustManagers();
         if (trustmanagers != null && trustStrategy != null) {
             for (int i = 0; i < trustmanagers.length; i++) {
                 final TrustManager tm = trustmanagers[i];
                 if (tm instanceof X509TrustManager) {
                     trustmanagers[i] = new TrustManagerDecorator(
                             (X509TrustManager) tm, trustStrategy);
                 }
             }
         }
         final SSLContext sslcontext = SSLContext.getInstance(algo);
         sslcontext.init(keymanagers, trustmanagers, random);
         return sslcontext;
     }

     public SSLLayeringStrategy(
             final String algorithm,
             final KeyStore keystore,
             final String keystorePassword,
             final KeyStore truststore,
             final SecureRandom random,
             final X509HostnameVerifier hostnameVerifier)
                 throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
         this(createSSLContext(
                 algorithm, keystore, keystorePassword, truststore, random, null),
                 hostnameVerifier);
     }

     public SSLLayeringStrategy(
             final String algorithm,
             final KeyStore keystore,
             final String keystorePassword,
             final KeyStore truststore,
             final SecureRandom random,
             final TrustStrategy trustStrategy,
             final X509HostnameVerifier hostnameVerifier)
                 throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
         this(createSSLContext(
                 algorithm, keystore, keystorePassword, truststore, random, trustStrategy),
                 hostnameVerifier);
     }

     public SSLLayeringStrategy(
             final KeyStore keystore,
             final String keystorePassword,
             final KeyStore truststore)
                 throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
         this(TLS, keystore, keystorePassword, truststore, null, null, new BrowserCompatHostnameVerifier());
     }

     public SSLLayeringStrategy(
             final KeyStore keystore,
             final String keystorePassword)
                 throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException{
         this(TLS, keystore, keystorePassword, null, null, null, new BrowserCompatHostnameVerifier());
     }

     public SSLLayeringStrategy(
             final KeyStore truststore)
                 throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
         this(TLS, null, null, truststore, null, null, new BrowserCompatHostnameVerifier());
     }

     public SSLLayeringStrategy(
             final TrustStrategy trustStrategy,
             final X509HostnameVerifier hostnameVerifier)
                 throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
         this(TLS, null, null, null, null, trustStrategy, hostnameVerifier);
     }

     public SSLLayeringStrategy(
             final TrustStrategy trustStrategy)
                 throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
         this(TLS, null, null, null, null, trustStrategy, new BrowserCompatHostnameVerifier());
     }

     public SSLLayeringStrategy(
             final SSLContext sslContext, final X509HostnameVerifier hostnameVerifier) {
         super();
         this.sslContext = sslContext;
         this.hostnameVerifier = hostnameVerifier;
     }

     public SSLLayeringStrategy(final SSLContext sslContext) {
         this(sslContext, new BrowserCompatHostnameVerifier());
     }

     @Override
     public boolean isSecure() {
         return true;
     }

     @Override
     public SSLIOSession layer(final IOSession iosession) {
         final SSLIOSession ssliosession = new SSLIOSession(
             iosession,
             SSLMode.CLIENT,
             this.sslContext,
             new SSLSetupHandler() {

                 @Override
                 public void initalize(
                         final SSLEngine sslengine) throws SSLException {
                     initializeEngine(sslengine);
                 }

                 @Override
                 public void verify(
                         final IOSession iosession,
                         final SSLSession sslsession) throws SSLException {
                     verifySession(iosession, sslsession);
                 }

         });
         iosession.setAttribute(SSLIOSession.SESSION_KEY, ssliosession);
         return ssliosession;
     }

     protected void initializeEngine(final SSLEngine engine) {
     }

     protected void verifySession(
             final IOSession iosession,
             final SSLSession sslsession) throws SSLException {
         final InetSocketAddress address = (InetSocketAddress) iosession.getRemoteAddress();

         final Certificate[] certs = sslsession.getPeerCertificates();
         final X509Certificate x509 = (X509Certificate) certs[0];
         this.hostnameVerifier.verify(address.getHostName(), x509);
     }

 }
	/*
	* ====================================================================
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	* ====================================================================
	*
	* This software consists of voluntary contributions made by many
	* individuals on behalf of the Apache Software Foundation. For more
	* information on the Apache Software Foundation, please see
	* <http://www.apache.org/>.
	*
	*/

	package org.apache.http.nio.conn.ssl;

	import java.net.InetSocketAddress;
	import java.security.KeyManagementException;
	import java.security.KeyStore;
	import java.security.KeyStoreException;
	import java.security.NoSuchAlgorithmException;
	import java.security.SecureRandom;
	import java.security.UnrecoverableKeyException;
	import java.security.cert.Certificate;
	import java.security.cert.X509Certificate;

	import javax.net.ssl.KeyManager;
	import javax.net.ssl.KeyManagerFactory;
	import javax.net.ssl.SSLContext;
	import javax.net.ssl.SSLEngine;
	import javax.net.ssl.SSLException;
	import javax.net.ssl.SSLSession;
	import javax.net.ssl.TrustManager;
	import javax.net.ssl.TrustManagerFactory;
	import javax.net.ssl.X509TrustManager;

	import org.apache.http.conn.ssl.BrowserCompatHostnameVerifier;
	import org.apache.http.conn.ssl.SSLContexts;
	import org.apache.http.conn.ssl.TrustStrategy;
	import org.apache.http.conn.ssl.X509HostnameVerifier;
	import org.apache.http.nio.conn.scheme.LayeringStrategy;
	import org.apache.http.nio.reactor.IOSession;
	import org.apache.http.nio.reactor.ssl.SSLIOSession;
	import org.apache.http.nio.reactor.ssl.SSLMode;
	import org.apache.http.nio.reactor.ssl.SSLSetupHandler;

	@Deprecated
	public class SSLLayeringStrategy implements LayeringStrategy {

	public static final String TLS = "TLS";
	public static final String SSL = "SSL";
	public static final String SSLV2 = "SSLv2";

	public static SSLLayeringStrategy getDefaultStrategy() {
	return new SSLLayeringStrategy(SSLContexts.createDefault());
	}

	public static SSLLayeringStrategy getSystemDefaultStrategy() {
	return new SSLLayeringStrategy(SSLContexts.createSystemDefault());
	}

	private final SSLContext sslContext;
	private final X509HostnameVerifier hostnameVerifier;

	private static SSLContext createSSLContext(
	final String algorithm,
	final KeyStore keystore,
	final String keystorePassword,
	final KeyStore truststore,
	final SecureRandom random,
	final TrustStrategy trustStrategy)
	throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException, KeyManagementException {
	final String algo = algorithm != null ? algorithm : TLS;
	final KeyManagerFactory kmfactory = KeyManagerFactory.getInstance(
	KeyManagerFactory.getDefaultAlgorithm());
	kmfactory.init(keystore, keystorePassword != null ? keystorePassword.toCharArray(): null);
	final KeyManager[] keymanagers = kmfactory.getKeyManagers();
	final TrustManagerFactory tmfactory = TrustManagerFactory.getInstance(
	TrustManagerFactory.getDefaultAlgorithm());
	tmfactory.init(truststore);
	final TrustManager[] trustmanagers = tmfactory.getTrustManagers();
	if (trustmanagers != null && trustStrategy != null) {
	for (int i = 0; i < trustmanagers.length; i++) {
	final TrustManager tm = trustmanagers[i];
	if (tm instanceof X509TrustManager) {
	trustmanagers[i] = new TrustManagerDecorator(
	(X509TrustManager) tm, trustStrategy);
	}
	}
	}
	final SSLContext sslcontext = SSLContext.getInstance(algo);
	sslcontext.init(keymanagers, trustmanagers, random);
	return sslcontext;
	}

	public SSLLayeringStrategy(
	final String algorithm,
	final KeyStore keystore,
	final String keystorePassword,
	final KeyStore truststore,
	final SecureRandom random,
	final X509HostnameVerifier hostnameVerifier)
	throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
	this(createSSLContext(
	algorithm, keystore, keystorePassword, truststore, random, null),
	hostnameVerifier);
	}

	public SSLLayeringStrategy(
	final String algorithm,
	final KeyStore keystore,
	final String keystorePassword,
	final KeyStore truststore,
	final SecureRandom random,
	final TrustStrategy trustStrategy,
	final X509HostnameVerifier hostnameVerifier)
	throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
	this(createSSLContext(
	algorithm, keystore, keystorePassword, truststore, random, trustStrategy),
	hostnameVerifier);
	}

	public SSLLayeringStrategy(
	final KeyStore keystore,
	final String keystorePassword,
	final KeyStore truststore)
	throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
	this(TLS, keystore, keystorePassword, truststore, null, null, new BrowserCompatHostnameVerifier());
	}

	public SSLLayeringStrategy(
	final KeyStore keystore,
	final String keystorePassword)
	throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException{
	this(TLS, keystore, keystorePassword, null, null, null, new BrowserCompatHostnameVerifier());
	}

	public SSLLayeringStrategy(
	final KeyStore truststore)
	throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
	this(TLS, null, null, truststore, null, null, new BrowserCompatHostnameVerifier());
	}

	public SSLLayeringStrategy(
	final TrustStrategy trustStrategy,
	final X509HostnameVerifier hostnameVerifier)
	throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
	this(TLS, null, null, null, null, trustStrategy, hostnameVerifier);
	}

	public SSLLayeringStrategy(
	final TrustStrategy trustStrategy)
	throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
	this(TLS, null, null, null, null, trustStrategy, new BrowserCompatHostnameVerifier());
	}

	public SSLLayeringStrategy(
	final SSLContext sslContext, final X509HostnameVerifier hostnameVerifier) {
	super();
	this.sslContext = sslContext;
	this.hostnameVerifier = hostnameVerifier;
	}

	public SSLLayeringStrategy(final SSLContext sslContext) {
	this(sslContext, new BrowserCompatHostnameVerifier());
	}

	@Override
	public boolean isSecure() {
	return true;
	}

	@Override
	public SSLIOSession layer(final IOSession iosession) {
	final SSLIOSession ssliosession = new SSLIOSession(
	iosession,
	SSLMode.CLIENT,
	this.sslContext,
	new SSLSetupHandler() {

	@Override
	public void initalize(
	final SSLEngine sslengine) throws SSLException {
	initializeEngine(sslengine);
	}

	@Override
	public void verify(
	final IOSession iosession,
	final SSLSession sslsession) throws SSLException {
	verifySession(iosession, sslsession);
	}

	});
	iosession.setAttribute(SSLIOSession.SESSION_KEY, ssliosession);
	return ssliosession;
	}

	protected void initializeEngine(final SSLEngine engine) {
	}

	protected void verifySession(
	final IOSession iosession,
	final SSLSession sslsession) throws SSLException {
	final InetSocketAddress address = (InetSocketAddress) iosession.getRemoteAddress();

	final Certificate[] certs = sslsession.getPeerCertificates();
	final X509Certificate x509 = (X509Certificate) certs[0];
	this.hostnameVerifier.verify(address.getHostName(), x509);
	}

	}