org.apache.commons.ssl.Java14 Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of not-going-to-be-commons-ssl Show documentation
Show all versions of not-going-to-be-commons-ssl Show documentation
A Java 9+ compliant fork of Not-Yet-Commons-SSL
/*
* $HeadURL: file:///opt/dev/not-yet-commons-ssl-SVN-repo/tags/commons-ssl-0.3.17/src/java/org/apache/commons/ssl/Java14.java $
* $Revision: 187 $
* $Date: 2015-03-16 14:27:25 -0700 (Mon, 16 Mar 2015) $
*
* ====================================================================
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* .
*
*/
package org.apache.commons.ssl;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.SocketFactory;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
/**
* @author Credit Union Central of British Columbia
* @author www.cucbc.com
* @author [email protected]
* @since 30-Jun-2006
*/
public final class Java14 extends JavaImpl {
private static Java14 instance = new Java14();
private Java14() {
try {
SSLSocketFactory.getDefault().createSocket();
}
catch (IOException ioe) {
ioe.hashCode();
}
}
public static Java14 getInstance() {
return instance;
}
public final String getVersion() {
return "Java14";
}
protected final String retrieveSubjectX500(X509Certificate cert) {
return cert.getSubjectX500Principal().toString();
}
protected final String retrieveIssuerX500(X509Certificate cert) {
return cert.getIssuerX500Principal().toString();
}
protected final Certificate[] retrievePeerCerts(SSLSession sslSession)
throws SSLPeerUnverifiedException {
return sslSession.getPeerCertificates();
}
protected final Object buildKeyManagerFactory(KeyStore ks, char[] password)
throws NoSuchAlgorithmException, KeyStoreException,
UnrecoverableKeyException {
String alg = KeyManagerFactory.getDefaultAlgorithm();
KeyManagerFactory kmf = KeyManagerFactory.getInstance(alg);
kmf.init(ks, password);
return kmf;
}
protected final Object buildTrustManagerFactory(KeyStore ks)
throws NoSuchAlgorithmException, KeyStoreException {
String alg = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(alg);
tmf.init(ks);
return tmf;
}
protected final Object[] retrieveKeyManagers(Object keyManagerFactory) {
KeyManagerFactory kmf = (KeyManagerFactory) keyManagerFactory;
return kmf.getKeyManagers();
}
protected final Object[] retrieveTrustManagers(Object trustManagerFactory) {
TrustManagerFactory tmf = (TrustManagerFactory) trustManagerFactory;
return tmf.getTrustManagers();
}
protected final SSLSocketFactory buildSSLSocketFactory(Object ssl) {
return ((SSLContext) ssl).getSocketFactory();
}
protected final SSLServerSocketFactory buildSSLServerSocketFactory(Object ssl) {
return ((SSLContext) ssl).getServerSocketFactory();
}
protected final RuntimeException buildRuntimeException(Exception cause) {
return new RuntimeException(cause);
}
protected final SSLSocket buildSocket(SSL ssl) throws IOException {
SSLSocketFactory sf = ssl.getSSLSocketFactory();
SSLSocket s = (SSLSocket) sf.createSocket();
ssl.doPreConnectSocketStuff(s);
return s;
}
protected final SSLSocket buildSocket(SSL ssl, String remoteHost,
int remotePort, InetAddress localHost,
int localPort, int timeout)
throws IOException {
SSLSocket s = buildSocket(ssl);
s = (SSLSocket) connectSocket(s, null, remoteHost, remotePort,
localHost, localPort, timeout, ssl);
ssl.doPostConnectSocketStuff(s, remoteHost);
return s;
}
protected final Socket buildPlainSocket(
SSL ssl, String remoteHost, int remotePort, InetAddress localHost, int localPort, int timeout
) throws IOException {
Socket s = SocketFactory.getDefault().createSocket();
ssl.doPreConnectSocketStuff(s);
s = connectSocket(
s, null, remoteHost, remotePort, localHost, localPort, timeout, ssl
);
ssl.doPostConnectSocketStuff(s, remoteHost);
return s;
}
protected final Socket connectSocket(Socket s, SocketFactory sf,
String host, int remotePort,
InetAddress localHost, int localPort,
int timeout, SSL ssl)
throws IOException {
if (s == null) {
if (sf == null) {
s = new Socket();
} else {
s = sf.createSocket();
}
}
host = ssl.dnsOverride(host);
InetAddress remoteHost = Util.toInetAddress(host);
InetSocketAddress dest = new InetSocketAddress(remoteHost, remotePort);
InetSocketAddress src = new InetSocketAddress(localHost, localPort);
if (s instanceof SSLSocket) {
setHostForSNI((SSLSocket) s, host);
}
s.bind(src);
s.connect(dest, timeout);
return s;
}
private static boolean returnsVoidTakesOneString(Method m) {
Class>[] params = m.getParameterTypes();
return Void.TYPE.equals(m.getReturnType())
&& params != null && params.length == 1 && String.class.equals(params[0]);
}
public static void setHostForSNI(SSLSocket s, String host) throws IOException {
// Tries to call a "setHost()" method on the supplied SSLSocket via reflection if one exists.
Method[] methods = s.getClass().getMethods();
for (int i = 0; i < methods.length; i++) {
Method m = methods[i];
if (returnsVoidTakesOneString(m) && "setHost".equals(m.getName())) {
try {
m.invoke(s, host);
return;
} catch (IllegalAccessException iae) {
// oh well, nevermind
} catch (InvocationTargetException ite) {
Throwable t = ite.getCause();
if (t instanceof IOException) {
throw (IOException) t;
} else if (t instanceof RuntimeException) {
throw (RuntimeException) t;
} else if (t instanceof Error) {
throw (Error) t;
} else {
throw new IOException("setHost() via reflection failed: " + t);
}
}
}
}
}
protected final SSLServerSocket buildServerSocket(SSL ssl)
throws IOException {
ServerSocket s = ssl.getSSLServerSocketFactory().createServerSocket();
SSLServerSocket ss = (SSLServerSocket) s;
ssl.doPreConnectServerSocketStuff(ss);
return ss;
}
protected final void wantClientAuth(Object o, boolean wantClientAuth) {
SSLSocket s;
SSLServerSocket ss;
if (o instanceof SSLSocket) {
s = (SSLSocket) o;
s.setWantClientAuth(wantClientAuth);
} else if (o instanceof SSLServerSocket) {
ss = (SSLServerSocket) o;
ss.setWantClientAuth(wantClientAuth);
} else {
throw new ClassCastException("need SSLSocket or SSLServerSocket");
}
}
protected final void enabledProtocols(Object o, String[] enabledProtocols) {
SSLSocket s;
SSLServerSocket ss;
if (o instanceof SSLSocket) {
s = (SSLSocket) o;
s.setEnabledProtocols(enabledProtocols);
} else if (o instanceof SSLServerSocket) {
ss = (SSLServerSocket) o;
ss.setEnabledProtocols(enabledProtocols);
} else {
throw new ClassCastException("need SSLSocket or SSLServerSocket");
}
}
protected void checkTrusted(Object trustManager, X509Certificate[] chain,
String authType)
throws CertificateException {
X509TrustManager tm = (X509TrustManager) trustManager;
tm.checkServerTrusted(chain, authType);
}
protected final Object initSSL(SSL ssl, TrustChain tc, KeyMaterial k)
throws NoSuchAlgorithmException, KeyStoreException,
CertificateException, KeyManagementException, IOException {
SSLContext context = SSLContext.getInstance(ssl.getDefaultProtocol());
TrustManager[] trustManagers = null;
KeyManager[] keyManagers = null;
if (tc != null) {
trustManagers = (TrustManager[]) tc.getTrustManagers();
}
if (k != null) {
keyManagers = (KeyManager[]) k.getKeyManagers();
}
if (keyManagers != null) {
for (int i = 0; i < keyManagers.length; i++) {
if (keyManagers[i] instanceof X509KeyManager) {
X509KeyManager km = (X509KeyManager) keyManagers[i];
keyManagers[i] = new Java14KeyManagerWrapper(km, k, ssl);
}
}
}
if (trustManagers != null) {
for (int i = 0; i < trustManagers.length; i++) {
if (trustManagers[i] instanceof X509TrustManager) {
X509TrustManager tm = (X509TrustManager) trustManagers[i];
trustManagers[i] = new Java14TrustManagerWrapper(tm, tc, ssl);
}
}
}
context.init(keyManagers, trustManagers, null);
return context;
}
}