All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.sun.mail.util.MailSSLSocketFactory Maven / Gradle / Ivy

The newest version!
/*
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
 *
 * Copyright (c) 1997-2017 Oracle and/or its affiliates. All rights reserved.
 *
 * The contents of this file are subject to the terms of either the GNU
 * General Public License Version 2 only ("GPL") or the Common Development
 * and Distribution License("CDDL") (collectively, the "License").  You
 * may not use this file except in compliance with the License.  You can
 * obtain a copy of the License at
 * https://oss.oracle.com/licenses/CDDL+GPL-1.1
 * or LICENSE.txt.  See the License for the specific
 * language governing permissions and limitations under the License.
 *
 * When distributing the software, include this License Header Notice in each
 * file and include the License file at LICENSE.txt.
 *
 * GPL Classpath Exception:
 * Oracle designates this particular file as subject to the "Classpath"
 * exception as provided by Oracle in the GPL Version 2 section of the License
 * file that accompanied this code.
 *
 * Modifications:
 * If applicable, add the following below the License Header, with the fields
 * enclosed by brackets [] replaced by your own identifying information:
 * "Portions Copyright [year] [name of copyright owner]"
 *
 * Contributor(s):
 * If you wish your version of this file to be governed by only the CDDL or
 * only the GPL Version 2, indicate your decision by adding "[Contributor]
 * elects to include this software in this distribution under the [CDDL or GPL
 * Version 2] license."  If you don't indicate a single choice of license, a
 * recipient has the option to distribute your version of this file under
 * either the CDDL, the GPL Version 2 or to extend the choice of license to
 * its licensees as provided above.  However, if you add GPL Version 2 code
 * and therefore, elected the GPL Version 2 license, then the option applies
 * only if the new code is made subject to such option by the copyright
 * holder.
 */

package com.sun.mail.util;

import java.io.*;
import java.net.*;
import java.security.*;
import java.security.cert.*;
import java.util.*;

import javax.net.ssl.*;

/**
 * An SSL socket factory that makes it easier to specify trust.
 * This socket factory can be configured to trust all hosts or
 * trust a specific set of hosts, in which case the server's
 * certificate isn't verified.  Alternatively, a custom TrustManager
 * can be supplied. 

* * An instance of this factory can be set as the value of the * mail.<protocol>.ssl.socketFactory property. * * @since JavaMail 1.4.2 * @author Stephan Sann * @author Bill Shannon */ public class MailSSLSocketFactory extends SSLSocketFactory { /** Should all hosts be trusted? */ private boolean trustAllHosts; /** String-array of trusted hosts */ private String[] trustedHosts = null; /** Holds a SSLContext to get SSLSocketFactories from */ private SSLContext sslcontext; /** Holds the KeyManager array to use */ private KeyManager[] keyManagers; /** Holds the TrustManager array to use */ private TrustManager[] trustManagers; /** Holds the SecureRandom to use */ private SecureRandom secureRandom; /** Holds a SSLSocketFactory to pass all API-method-calls to */ private SSLSocketFactory adapteeFactory = null; /** * Initializes a new MailSSLSocketFactory. * * @throws GeneralSecurityException for security errors */ public MailSSLSocketFactory() throws GeneralSecurityException { this("TLS"); } /** * Initializes a new MailSSLSocketFactory with a given protocol. * Normally the protocol will be specified as "TLS". * * @param protocol The protocol to use * @throws NoSuchAlgorithmException if given protocol is not supported * @throws GeneralSecurityException for security errors */ public MailSSLSocketFactory(String protocol) throws GeneralSecurityException { // By default we do NOT trust all hosts. trustAllHosts = false; // Get an instance of an SSLContext. sslcontext = SSLContext.getInstance(protocol); // Default properties to init the SSLContext keyManagers = null; trustManagers = new TrustManager[] { new MailTrustManager() }; secureRandom = null; // Assemble a default SSLSocketFactory to delegate all API-calls to. newAdapteeFactory(); } /** * Gets an SSLSocketFactory based on the given (or default) * KeyManager array, TrustManager array and SecureRandom and * sets it to the instance var adapteeFactory. * * @throws KeyManagementException for key manager errors */ private synchronized void newAdapteeFactory() throws KeyManagementException { sslcontext.init(keyManagers, trustManagers, secureRandom); // Get SocketFactory and save it in our instance var adapteeFactory = sslcontext.getSocketFactory(); } /** * @return the keyManagers */ public synchronized KeyManager[] getKeyManagers() { return keyManagers.clone(); } /** * @param keyManagers the keyManagers to set * @throws GeneralSecurityException for security errors */ public synchronized void setKeyManagers(KeyManager[] keyManagers) throws GeneralSecurityException { this.keyManagers = keyManagers.clone(); newAdapteeFactory(); } /** * @return the secureRandom */ public synchronized SecureRandom getSecureRandom() { return secureRandom; } /** * @param secureRandom the secureRandom to set * @throws GeneralSecurityException for security errors */ public synchronized void setSecureRandom(SecureRandom secureRandom) throws GeneralSecurityException { this.secureRandom = secureRandom; newAdapteeFactory(); } /** * @return the trustManagers */ public synchronized TrustManager[] getTrustManagers() { return trustManagers; } /** * @param trustManagers the trustManagers to set * @throws GeneralSecurityException for security errors */ public synchronized void setTrustManagers(TrustManager[] trustManagers) throws GeneralSecurityException { this.trustManagers = trustManagers; newAdapteeFactory(); } /** * @return true if all hosts should be trusted */ public synchronized boolean isTrustAllHosts() { return trustAllHosts; } /** * @param trustAllHosts should all hosts be trusted? */ public synchronized void setTrustAllHosts(boolean trustAllHosts) { this.trustAllHosts = trustAllHosts; } /** * @return the trusted hosts */ public synchronized String[] getTrustedHosts() { if (trustedHosts == null) return null; else return trustedHosts.clone(); } /** * @param trustedHosts the hosts to trust */ public synchronized void setTrustedHosts(String[] trustedHosts) { if (trustedHosts == null) this.trustedHosts = null; else this.trustedHosts = trustedHosts.clone(); } /** * After a successful conection to the server, this method is * called to ensure that the server should be trusted. * * @param server name of the server we connected to * @param sslSocket SSLSocket connected to the server * @return true if "trustAllHosts" is set to true OR the server * is contained in the "trustedHosts" array; */ public synchronized boolean isServerTrusted(String server, SSLSocket sslSocket) { //System.out.println("DEBUG: isServerTrusted host " + server); // If "trustAllHosts" is set to true, we return true if (trustAllHosts) return true; // If the socket host is contained in the "trustedHosts" array, // we return true if (trustedHosts != null) return Arrays.asList(trustedHosts).contains(server); // ignore case? // If we get here, trust of the server was verified by the trust manager return true; } // SocketFactory methods /* (non-Javadoc) * @see javax.net.ssl.SSLSocketFactory#createSocket(java.net.Socket, * java.lang.String, int, boolean) */ @Override public synchronized Socket createSocket(Socket socket, String s, int i, boolean flag) throws IOException { return adapteeFactory.createSocket(socket, s, i, flag); } /* (non-Javadoc) * @see javax.net.ssl.SSLSocketFactory#getDefaultCipherSuites() */ @Override public synchronized String[] getDefaultCipherSuites() { return adapteeFactory.getDefaultCipherSuites(); } /* (non-Javadoc) * @see javax.net.ssl.SSLSocketFactory#getSupportedCipherSuites() */ @Override public synchronized String[] getSupportedCipherSuites() { return adapteeFactory.getSupportedCipherSuites(); } /* (non-Javadoc) * @see javax.net.SocketFactory#createSocket() */ @Override public synchronized Socket createSocket() throws IOException { return adapteeFactory.createSocket(); } /* (non-Javadoc) * @see javax.net.SocketFactory#createSocket(java.net.InetAddress, int, * java.net.InetAddress, int) */ @Override public synchronized Socket createSocket(InetAddress inetaddress, int i, InetAddress inetaddress1, int j) throws IOException { return adapteeFactory.createSocket(inetaddress, i, inetaddress1, j); } /* (non-Javadoc) * @see javax.net.SocketFactory#createSocket(java.net.InetAddress, int) */ @Override public synchronized Socket createSocket(InetAddress inetaddress, int i) throws IOException { return adapteeFactory.createSocket(inetaddress, i); } /* (non-Javadoc) * @see javax.net.SocketFactory#createSocket(java.lang.String, int, * java.net.InetAddress, int) */ @Override public synchronized Socket createSocket(String s, int i, InetAddress inetaddress, int j) throws IOException, UnknownHostException { return adapteeFactory.createSocket(s, i, inetaddress, j); } /* (non-Javadoc) * @see javax.net.SocketFactory#createSocket(java.lang.String, int) */ @Override public synchronized Socket createSocket(String s, int i) throws IOException, UnknownHostException { return adapteeFactory.createSocket(s, i); } // inner classes /** * A default Trustmanager. * * @author Stephan Sann */ private class MailTrustManager implements X509TrustManager { /** A TrustManager to pass method calls to */ private X509TrustManager adapteeTrustManager = null; /** * Initializes a new TrustManager instance. */ private MailTrustManager() throws GeneralSecurityException { TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509"); tmf.init((KeyStore)null); adapteeTrustManager = (X509TrustManager)tmf.getTrustManagers()[0]; } /* (non-Javadoc) * @see javax.net.ssl.X509TrustManager#checkClientTrusted( * java.security.cert.X509Certificate[], java.lang.String) */ @Override public void checkClientTrusted(X509Certificate[] certs, String authType) throws CertificateException { if (!(isTrustAllHosts() || getTrustedHosts() != null)) adapteeTrustManager.checkClientTrusted(certs, authType); } /* (non-Javadoc) * @see javax.net.ssl.X509TrustManager#checkServerTrusted( * java.security.cert.X509Certificate[], java.lang.String) */ @Override public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException { if (!(isTrustAllHosts() || getTrustedHosts() != null)) adapteeTrustManager.checkServerTrusted(certs, authType); } /* (non-Javadoc) * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers() */ @Override public X509Certificate[] getAcceptedIssuers() { return adapteeTrustManager.getAcceptedIssuers(); } } }





© 2015 - 2024 Weber Informatics LLC | Privacy Policy