/*
* Tigase Jabber/XMPP Server
* Copyright (C) 2004-2012 "Artur Hefczyc" <artur.hefczyc@tigase.org>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. Look for COPYING file in the top folder.
* If not, see http://www.gnu.org/licenses/.
*
* $Rev$
* Last modified by $Author$
* $Date$
*/
package tigase.io;
//~--- JDK imports ------------------------------------------------------------
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
//~--- classes ----------------------------------------------------------------
/**
* Describe class SSLContextContainerOLD here.
*
*
* Created: Mon Jan 23 14:47:55 2006
*
* @author <a href="mailto:artur.hefczyc@tigase.org">Artur Hefczyc</a>
* @version $Rev$
*/
public class SSLContextContainerOLD implements SSLContextContainerIfc {
private static final Logger log = Logger.getLogger(SSLContextContainerOLD.class.getName());
//~--- fields ---------------------------------------------------------------
private String def_cert_alias = null;
private SecureRandom secureRandom = null;
private Map<String, SSLContext> sslContexts = new HashMap<String, SSLContext>(10);
private Map<String, KeyManagerFactory> kmfs = new HashMap<String, KeyManagerFactory>(10);
//private KeyManagerFactory kmf = null;
private TrustManagerFactory tmf = null;
//~--- constructors ---------------------------------------------------------
/**
* Constructs ...
*
*/
public SSLContextContainerOLD() {
// log.config("Initializing SSL library (trust all certs mode)...");
// init(null, null, null, null);
}
//~--- methods --------------------------------------------------------------
/**
* Method description
*
*
* @param params
*/
@Override
public void addCertificates(Map<String, String> params) {
// Do nothing, not supported yet
}
//~--- get methods ----------------------------------------------------------
/**
* Method description
*
*
* @param protocol
* @param hostname
*
* @return
*/
@Override
public SSLContext getSSLContext(final String protocol, String hostname) {
if (hostname == null) {
hostname = def_cert_alias;
} // end of if (hostname == null)
String map_key = hostname + protocol;
SSLContext sslContext = sslContexts.get(map_key);
if (sslContext == null) {
try {
sslContext = SSLContext.getInstance(protocol);
KeyManagerFactory kmf = kmfs.get(hostname);
if (kmf == null) {
kmf = kmfs.get(def_cert_alias);
} // end of if (kmf == null)
if ((kmf != null) && (tmf != null)) {
// sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(),
// secureRandom);
sslContext.init(kmf.getKeyManagers(), new X509TrustManager[] { new FakeTrustManager() },
secureRandom);
} else {
if (kmf == null) {
log.warning("No certificate found for host: " + hostname);
} // end of if (kmf == null)
sslContext.init((kmf != null) ? kmf.getKeyManagers() : null,
new X509TrustManager[] { new FakeTrustManager() }, secureRandom);
} // end of if (kmf != null && tmf != null) else
sslContexts.put(map_key, sslContext);
log.config("Created SSL context for: " + sslContext.getProtocol());
} // end of try
catch (Exception e) {
log.log(Level.SEVERE, "Can not initialize SSLContext", e);
sslContext = null;
} // end of try-catch
} // end of if (sslContext == null)
return sslContext;
}
/**
* Method description
*
*
* @return
*/
@Override
public KeyStore getTrustStore() {
KeyStore trustKeyStore = null;
try {
trustKeyStore = KeyStore.getInstance("JKS");
trustKeyStore.load(null, new char[0]);
} catch (Exception ex) {
trustKeyStore = null;
}
return trustKeyStore;
}
//~--- methods --------------------------------------------------------------
//public SSLContextContainerOLD(String k_store, String k_passwd,
// // String def_cert_alias) {
// // log.config("Initializing SSL library (trust all certs mode)...");
// // this.def_cert_alias = def_cert_alias;
// // init(k_store, k_passwd, null, null);
//}
//public SSLContextContainerOLD(String k_store, String k_passwd,
// String t_store, String t_passwd, String def_cert_alias) {
// log.config("Initializing SSL library...");
// this.def_cert_alias = def_cert_alias;
// init(k_store, k_passwd, t_store, t_passwd);
//}
/**
* Method description
*
*
* @param params
*/
@Override
public void init(Map<String, Object> params) {
String k_store = (String) params.get(JKS_KEYSTORE_FILE_KEY);
String k_passwd = (String) params.get(JKS_KEYSTORE_PWD_KEY);
String t_store = (String) params.get(TRUSTSTORE_FILE_KEY);
String t_passwd = (String) params.get(TRUSTSTORE_PWD_KEY);
init(k_store, k_passwd, t_store, t_passwd);
}
private void init(String k_store, String k_passwd, String t_store, String t_passwd) {
try {
if ((k_store != null) && (k_passwd != null)) {
final KeyStore keys = KeyStore.getInstance("JKS");
final char[] keys_password = k_passwd.toCharArray();
keys.load(new FileInputStream(k_store), keys_password);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(keys, keys_password);
kmfs.put(null, kmf);
Enumeration<String> aliases = keys.aliases();
ArrayList<String> certlist = null;
if (aliases != null) {
certlist = new ArrayList<String>();
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
if (keys.isCertificateEntry(alias)) {
certlist.add(alias);
} // end of if (keys.isCertificateEntry(alias))
}
}
aliases = keys.aliases();
KeyStore.PasswordProtection pass_param = new KeyStore.PasswordProtection(keys_password);
if (aliases != null) {
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
if (keys.isKeyEntry(alias)) {
KeyStore.Entry entry = keys.getEntry(alias, pass_param);
// KeyStore.Entry entry = keys.getEntry(alias, null);
KeyStore alias_keys = KeyStore.getInstance("JKS");
alias_keys.load(null, keys_password);
if (certlist != null) {
for (String certal : certlist) {
alias_keys.setCertificateEntry(certal, keys.getCertificate(certal));
} // end of for (String certal: certlist)
} // end of if (root != null)
alias_keys.setEntry(alias, entry, pass_param);
// alias_keys.setEntry(alias, entry, null);
kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(alias_keys, keys_password);
kmfs.put(alias, kmf);
} // end of if (!alias.equals("root"))
} // end of while (aliases.hasMoreElements())
} // end of if (aliases != null)
} // end of if (k_store != null && k_passwd != null)
if ((t_store != null) && (t_passwd != null)) {
final KeyStore trusts = KeyStore.getInstance("JKS");
final char[] trusts_password = t_passwd.toCharArray();
trusts.load(new FileInputStream(t_store), trusts_password);
tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(trusts);
} // end of if (t_store != null && t_passwd != null)
secureRandom = new SecureRandom();
secureRandom.nextInt();
} // end of try
catch (Exception e) {
log.log(Level.SEVERE, "Can not initialize SSL library", e);
} // end of try-catch
}
//~--- inner classes --------------------------------------------------------
private static class FakeTrustManager implements X509TrustManager {
private X509Certificate[] acceptedIssuers = null;
//~--- constructors -------------------------------------------------------
/**
* Constructs ...
*
*/
public FakeTrustManager() {}
/**
* Constructs ...
*
*
* @param ai
*/
public FakeTrustManager(X509Certificate[] ai) {
acceptedIssuers = ai;
}
//~--- methods ------------------------------------------------------------
// Implementation of javax.net.ssl.X509TrustManager
/**
* Method description
*
*
* @param x509CertificateArray
* @param string
*
* @throws CertificateException
*/
@Override
public void checkClientTrusted(final X509Certificate[] x509CertificateArray,
final String string)
throws CertificateException {}
/**
* Method description
*
*
* @param x509CertificateArray
* @param string
*
* @throws CertificateException
*/
@Override
public void checkServerTrusted(final X509Certificate[] x509CertificateArray,
final String string)
throws CertificateException {}
//~--- get methods --------------------------------------------------------
/**
* Method description
*
*
* @return
*/
@Override
public X509Certificate[] getAcceptedIssuers() {
return acceptedIssuers;
}
}
} // SSLContextContainerOLD
//~ Formatted in Sun Code Convention
//~ Formatted by Jindent --- http://www.jindent.com