LegacySSLSocketFactory.java

/*
 * JBoss, Home of Professional Open Source.
 * Copyright 2016, Red Hat, Inc., and individual contributors
 * as indicated by the @author tags. See the copyright.txt file in the
 * distribution for a full listing of individual contributors.
 *
 * This is free software; you can redistribute it and/or modify it
 * under the terms of the GNU Lesser General Public License as
 * published by the Free Software Foundation; either version 2.1 of
 * the License, or (at your option) any later version.
 *
 * This software is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this software; if not, write to the Free
 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
 * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
 */

package org.wildfly.iiop.openjdk.security;

import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.ServerSocket;
import java.net.Socket;

import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;

import org.jboss.security.JSSESecurityDomain;
import org.jboss.security.SecurityConstants;
import org.wildfly.iiop.openjdk.Constants;
import org.wildfly.iiop.openjdk.logging.IIOPLogger;

import com.sun.corba.se.spi.orb.ORB;

/**
 * <p>
 *  This class is responsible for creating Sockets used by IIOP subsystem.
 * <p>
 *
 * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
 * @author <a href="mailto:tadamski@redhat.com">Tomasz Adamski</a>
 */

public class LegacySSLSocketFactory extends SocketFactoryBase {

    private static String securityDomain = null;

    public static void setSecurityDomain(final String securityDomain) {
        LegacySSLSocketFactory.securityDomain = securityDomain;
    }

    private ORB orb;

    private SSLContext sslContext = null;

    private JSSESecurityDomain jsseSecurityDomain = null;

    private boolean request_mutual_auth = false;

    private boolean require_mutual_auth = false;

    @Override
    public void setORB(ORB orb) {
        super.setORB(orb);
        this.orb = orb;

        try {
            InitialContext context = new InitialContext();
            jsseSecurityDomain = (JSSESecurityDomain) context.lookup(SecurityConstants.JAAS_CONTEXT_ROOT + securityDomain
                    + "/jsse");
            IIOPLogger.ROOT_LOGGER.debugf("Obtained JSSE security domain with name %s", securityDomain);
        } catch (NamingException ne) {
            IIOPLogger.ROOT_LOGGER.failedToObtainJSSEDomain(securityDomain);
        }
        if (jsseSecurityDomain == null)
            throw new RuntimeException(IIOPLogger.ROOT_LOGGER.failedToLookupJSSEDomain());
    }

    @Override
    public ServerSocket createServerSocket(String type, InetSocketAddress inetSocketAddress) throws IOException {
        if (type.equals(Constants.SSL_SOCKET_TYPE)) {
            return createSSLServerSocket(inetSocketAddress.getPort(), 1000,
                    InetAddress.getByName(inetSocketAddress.getHostName()));
        } else {
            return super.createServerSocket(type, inetSocketAddress);
        }
    }

    @Override
    public Socket createSocket(String type, InetSocketAddress inetSocketAddress) throws IOException {
        if (type.contains(Constants.SSL_SOCKET_TYPE)){
            return createSSLSocket(inetSocketAddress.getHostName(), inetSocketAddress.getPort());
        } else {
            return super.createSocket(type, inetSocketAddress);
        }
    }

    public Socket createSSLSocket(String host, int port) throws IOException {
        this.initSSLContext();
        InetAddress address = InetAddress.getByName(host);

        javax.net.ssl.SSLSocketFactory socketFactory = this.sslContext.getSocketFactory();
        SSLSocket socket = (SSLSocket) socketFactory.createSocket(address, port);
        if (this.jsseSecurityDomain.getProtocols() != null){
            socket.setEnabledProtocols(this.jsseSecurityDomain.getProtocols());
        }
        if (this.jsseSecurityDomain.getCipherSuites() != null) {
            socket.setEnabledCipherSuites(this.jsseSecurityDomain.getCipherSuites());
        }
        socket.setNeedClientAuth(this.jsseSecurityDomain.isClientAuth());
        return socket;
    }

    public ServerSocket createSSLServerSocket(int port, int backlog, InetAddress inetAddress) throws IOException {
        this.initSSLContext();
        SSLServerSocketFactory serverSocketFactory = this.sslContext.getServerSocketFactory();
        SSLServerSocket serverSocket = (SSLServerSocket) serverSocketFactory.createServerSocket(port, backlog, inetAddress);
        if (this.jsseSecurityDomain.getProtocols() != null){
            serverSocket.setEnabledProtocols(this.jsseSecurityDomain.getProtocols());
        }
        if (this.jsseSecurityDomain.getCipherSuites() != null){
            serverSocket.setEnabledCipherSuites(this.jsseSecurityDomain.getCipherSuites());
        }
        if (this.jsseSecurityDomain.isClientAuth() || this.require_mutual_auth){
            serverSocket.setNeedClientAuth(true);
        } else {
            serverSocket.setWantClientAuth(this.request_mutual_auth);
        }
        return serverSocket;
    }

    private void initSSLContext() throws IOException {
        if (this.sslContext != null) {
            return;
        }
        this.sslContext = Util.forDomain(this.jsseSecurityDomain);
    }
}