| /* |
| * ==================================================================== |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| * ==================================================================== |
| * |
| * This software consists of voluntary contributions made by many |
| * individuals on behalf of the Apache Software Foundation. For more |
| * information on the Apache Software Foundation, please see |
| * <http://www.apache.org/>. |
| * |
| */ |
| |
| package org.apache.http.nio.conn.ssl; |
| |
| import java.net.InetSocketAddress; |
| import java.security.KeyManagementException; |
| import java.security.KeyStore; |
| import java.security.KeyStoreException; |
| import java.security.NoSuchAlgorithmException; |
| import java.security.SecureRandom; |
| import java.security.UnrecoverableKeyException; |
| import java.security.cert.Certificate; |
| import java.security.cert.X509Certificate; |
| |
| import javax.net.ssl.KeyManager; |
| import javax.net.ssl.KeyManagerFactory; |
| import javax.net.ssl.SSLContext; |
| import javax.net.ssl.SSLEngine; |
| import javax.net.ssl.SSLException; |
| import javax.net.ssl.SSLSession; |
| import javax.net.ssl.TrustManager; |
| import javax.net.ssl.TrustManagerFactory; |
| import javax.net.ssl.X509TrustManager; |
| |
| import org.apache.http.conn.ssl.BrowserCompatHostnameVerifier; |
| import org.apache.http.conn.ssl.SSLContexts; |
| import org.apache.http.conn.ssl.TrustStrategy; |
| import org.apache.http.conn.ssl.X509HostnameVerifier; |
| import org.apache.http.nio.conn.scheme.LayeringStrategy; |
| import org.apache.http.nio.reactor.IOSession; |
| import org.apache.http.nio.reactor.ssl.SSLIOSession; |
| import org.apache.http.nio.reactor.ssl.SSLMode; |
| import org.apache.http.nio.reactor.ssl.SSLSetupHandler; |
| |
| @Deprecated |
| public class SSLLayeringStrategy implements LayeringStrategy { |
| |
| public static final String TLS = "TLS"; |
| public static final String SSL = "SSL"; |
| public static final String SSLV2 = "SSLv2"; |
| |
| public static SSLLayeringStrategy getDefaultStrategy() { |
| return new SSLLayeringStrategy(SSLContexts.createDefault()); |
| } |
| |
| public static SSLLayeringStrategy getSystemDefaultStrategy() { |
| return new SSLLayeringStrategy(SSLContexts.createSystemDefault()); |
| } |
| |
| private final SSLContext sslContext; |
| private final X509HostnameVerifier hostnameVerifier; |
| |
| private static SSLContext createSSLContext( |
| final String algorithm, |
| final KeyStore keystore, |
| final String keystorePassword, |
| final KeyStore truststore, |
| final SecureRandom random, |
| final TrustStrategy trustStrategy) |
| throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException, KeyManagementException { |
| final String algo = algorithm != null ? algorithm : TLS; |
| final KeyManagerFactory kmfactory = KeyManagerFactory.getInstance( |
| KeyManagerFactory.getDefaultAlgorithm()); |
| kmfactory.init(keystore, keystorePassword != null ? keystorePassword.toCharArray(): null); |
| final KeyManager[] keymanagers = kmfactory.getKeyManagers(); |
| final TrustManagerFactory tmfactory = TrustManagerFactory.getInstance( |
| TrustManagerFactory.getDefaultAlgorithm()); |
| tmfactory.init(truststore); |
| final TrustManager[] trustmanagers = tmfactory.getTrustManagers(); |
| if (trustmanagers != null && trustStrategy != null) { |
| for (int i = 0; i < trustmanagers.length; i++) { |
| final TrustManager tm = trustmanagers[i]; |
| if (tm instanceof X509TrustManager) { |
| trustmanagers[i] = new TrustManagerDecorator( |
| (X509TrustManager) tm, trustStrategy); |
| } |
| } |
| } |
| final SSLContext sslcontext = SSLContext.getInstance(algo); |
| sslcontext.init(keymanagers, trustmanagers, random); |
| return sslcontext; |
| } |
| |
| public SSLLayeringStrategy( |
| final String algorithm, |
| final KeyStore keystore, |
| final String keystorePassword, |
| final KeyStore truststore, |
| final SecureRandom random, |
| final X509HostnameVerifier hostnameVerifier) |
| throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException { |
| this(createSSLContext( |
| algorithm, keystore, keystorePassword, truststore, random, null), |
| hostnameVerifier); |
| } |
| |
| public SSLLayeringStrategy( |
| final String algorithm, |
| final KeyStore keystore, |
| final String keystorePassword, |
| final KeyStore truststore, |
| final SecureRandom random, |
| final TrustStrategy trustStrategy, |
| final X509HostnameVerifier hostnameVerifier) |
| throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException { |
| this(createSSLContext( |
| algorithm, keystore, keystorePassword, truststore, random, trustStrategy), |
| hostnameVerifier); |
| } |
| |
| public SSLLayeringStrategy( |
| final KeyStore keystore, |
| final String keystorePassword, |
| final KeyStore truststore) |
| throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException { |
| this(TLS, keystore, keystorePassword, truststore, null, null, new BrowserCompatHostnameVerifier()); |
| } |
| |
| public SSLLayeringStrategy( |
| final KeyStore keystore, |
| final String keystorePassword) |
| throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException{ |
| this(TLS, keystore, keystorePassword, null, null, null, new BrowserCompatHostnameVerifier()); |
| } |
| |
| public SSLLayeringStrategy( |
| final KeyStore truststore) |
| throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException { |
| this(TLS, null, null, truststore, null, null, new BrowserCompatHostnameVerifier()); |
| } |
| |
| public SSLLayeringStrategy( |
| final TrustStrategy trustStrategy, |
| final X509HostnameVerifier hostnameVerifier) |
| throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException { |
| this(TLS, null, null, null, null, trustStrategy, hostnameVerifier); |
| } |
| |
| public SSLLayeringStrategy( |
| final TrustStrategy trustStrategy) |
| throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException { |
| this(TLS, null, null, null, null, trustStrategy, new BrowserCompatHostnameVerifier()); |
| } |
| |
| public SSLLayeringStrategy( |
| final SSLContext sslContext, final X509HostnameVerifier hostnameVerifier) { |
| super(); |
| this.sslContext = sslContext; |
| this.hostnameVerifier = hostnameVerifier; |
| } |
| |
| public SSLLayeringStrategy(final SSLContext sslContext) { |
| this(sslContext, new BrowserCompatHostnameVerifier()); |
| } |
| |
| @Override |
| public boolean isSecure() { |
| return true; |
| } |
| |
| @Override |
| public SSLIOSession layer(final IOSession iosession) { |
| final SSLIOSession ssliosession = new SSLIOSession( |
| iosession, |
| SSLMode.CLIENT, |
| this.sslContext, |
| new SSLSetupHandler() { |
| |
| @Override |
| public void initalize( |
| final SSLEngine sslengine) throws SSLException { |
| initializeEngine(sslengine); |
| } |
| |
| @Override |
| public void verify( |
| final IOSession iosession, |
| final SSLSession sslsession) throws SSLException { |
| verifySession(iosession, sslsession); |
| } |
| |
| }); |
| iosession.setAttribute(SSLIOSession.SESSION_KEY, ssliosession); |
| return ssliosession; |
| } |
| |
| protected void initializeEngine(final SSLEngine engine) { |
| } |
| |
| protected void verifySession( |
| final IOSession iosession, |
| final SSLSession sslsession) throws SSLException { |
| final InetSocketAddress address = (InetSocketAddress) iosession.getRemoteAddress(); |
| |
| final Certificate[] certs = sslsession.getPeerCertificates(); |
| final X509Certificate x509 = (X509Certificate) certs[0]; |
| this.hostnameVerifier.verify(address.getHostName(), x509); |
| } |
| |
| } |