All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.foundationdb.sql.jdbc.ssl.jdbc4.LibPQFactory Maven / Gradle / Ivy

There is a newer version: 2.1-0-jdbc41
Show newest version
package com.foundationdb.sql.jdbc.ssl.jdbc4;

import java.io.Console;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.Properties;

import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.x500.X500Principal;

import com.foundationdb.sql.jdbc.ssl.WrappedFactory;
import com.foundationdb.sql.jdbc.ssl.NonValidatingFactory.NonValidatingTM;
import com.foundationdb.sql.jdbc.util.GT;
import com.foundationdb.sql.jdbc.util.PSQLException;
import com.foundationdb.sql.jdbc.util.PSQLState;

/**
 * Provide an SSLSocketFactory that is compatible with the libpq
 * behaviour.
 */
public class LibPQFactory extends WrappedFactory implements HostnameVerifier {

    LazyKeyManager km = null;
    String sslmode; 
    /**
     * 
     * @param info the connection parameters
     * The following parameters are used:
     * sslmode,sslcert,sslkey,sslrootcert,sslhostnameverifier,sslpasswordcallback,sslpassword
     * @throws GeneralSecurityException
     * @throws IOException 
     * @throws UnsupportedCallbackException 
     */
    public LibPQFactory(Properties info) throws PSQLException {
      try
      {
        sslmode = info.getProperty("sslmode");
        SSLContext ctx = SSLContext.getInstance("TLS"); // or "SSL" ?
        
        //Determinig the default file location
        String pathsep = System.getProperty("file.separator");
        String defaultdir;
        boolean defaultfile = false;
        if (System.getProperty("os.name").toLowerCase().indexOf("windows") > -1)
        { //It is Windows
          defaultdir = System.getenv("APPDATA")+pathsep+"postgresql"+pathsep;
        } else {
          defaultdir = System.getProperty("user.home")+pathsep+".postgresql"+pathsep;
        }
        
        //Load the client's certificate and key
        String sslcertfile = info.getProperty("sslcert");
        if (sslcertfile == null)
        { //Fall back to default
          defaultfile = true;
          sslcertfile = defaultdir + "postgresql.crt";
        }
        String sslkeyfile = info.getProperty("sslkey");
        if (sslkeyfile == null)
        { //Fall back to default
          defaultfile = true;
          sslkeyfile = defaultdir + "postgresql.pk8";
        }
        
        //Determine the callback handler
        CallbackHandler cbh;
        String sslpasswordcallback = info.getProperty("sslpasswordcallback");
        if (sslpasswordcallback != null)
        {
          try
          {
            cbh = (CallbackHandler)AbstractJdbc4MakeSSL.instantiate(sslpasswordcallback, info, false, null);
          }
          catch (Exception e)
          {
              throw new PSQLException(GT.tr("The password callback class provided {0} could not be instantiated.", sslpasswordcallback), PSQLState.CONNECTION_FAILURE, e);
          }
        } else {
          cbh = new ConsoleCallbackHandler(info.getProperty("sslpassword"));
        }
         
        //If the properies are empty, give null to prevent client key selection
        km = new LazyKeyManager(("".equals(sslcertfile) ? null : sslcertfile), ("".equals(sslkeyfile) ? null : sslkeyfile), cbh, defaultfile);
        
        TrustManager[] tm;    
        if("verify-ca".equals(sslmode) || "verify-full".equals(sslmode))
        {
          //Load the server certificate
          
          TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");
          KeyStore ks;
          try
          {
            ks = KeyStore.getInstance("jks");
          } catch (KeyStoreException e)
          {
            throw new NoSuchAlgorithmException("jks KeyStore not available"); //this should never happen
          }
          String sslrootcertfile = info.getProperty("sslrootcert");
          if (sslrootcertfile == null)
          { //Fall back to default
            sslrootcertfile = defaultdir + "root.crt";
          }
          FileInputStream fis;
          try
          {
            fis = new FileInputStream(sslrootcertfile);
          } catch (FileNotFoundException ex)
          {
            throw new PSQLException(GT.tr("Could not open SSL root certificate file {0}.", new Object[]{sslrootcertfile}), PSQLState.CONNECTION_FAILURE, ex);
          }
          try
          {
            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            //Certificate[] certs = cf.generateCertificates(fis).toArray(new Certificate[]{}); //Does not work in java 1.4
            Object[] certs = cf.generateCertificates(fis).toArray(new Certificate[]{});
            fis.close();
            ks.load(null, null);
            for(int i=0; i




© 2015 - 2024 Weber Informatics LLC | Privacy Policy