1 /*
2 * Copyright 1999-2004 The Apache Software Foundation
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 package org.apache.tomcat.util.net.jsse;
18
19 import java.io.IOException;
20 import java.security.KeyStore;
21 import java.security.SecureRandom;
22 import java.security.Security;
23 import java.security.Provider;
24
25 import javax.net.ssl.SSLServerSocket;
26 import javax.net.ssl.SSLSocket;
27
28 /*
29 1. Make the JSSE's jars available, either as an installed
30 extension (copy them into jre/lib/ext) or by adding
31 them to the Tomcat classpath.
32 2. keytool -genkey -alias tomcat -keyalg RSA
33 Use "changeit" as password ( this is the default we use )
34 */
35
36 /**
37 * SSL server socket factory. It _requires_ a valid RSA key and
38 * JSSE.
39 *
40 * @author Harish Prabandham
41 * @author Costin Manolache
42 * @author Stefan Freyr Stefansson
43 * @author EKR -- renamed to JSSESocketFactory
44 * @author Bill Barker
45 */
46 public class JSSE13SocketFactory extends JSSESocketFactory
47 {
48 /**
49 * Flag for client authentication
50 */
51 protected boolean clientAuth = false;
52
53 public JSSE13SocketFactory () {
54 super();
55 }
56
57 /**
58 * Reads the keystore and initializes the SSL socket factory.
59 *
60 * NOTE: This method is identical in functionality to the method of the
61 * same name in JSSE14SocketFactory, except that this method is used with
62 * JSSE 1.0.x (which is an extension to the 1.3 JVM), whereas the other is
63 * used with JSSE 1.1.x (which ships with the 1.4 JVM). Therefore, this
64 * method uses classes in com.sun.net.ssl, which have since moved to
65 * javax.net.ssl, and explicitly registers the required security providers,
66 * which come standard in a 1.4 JVM.
67 */
68 void init() throws IOException {
69 try {
70 try {
71 Class ssps = Class.forName("sun.security.provider.Sun");
72 Security.addProvider ((Provider)ssps.newInstance());
73 }catch(Exception cnfe) {
74 //Ignore, since this is a non-Sun JVM
75 }
76 Security.addProvider (new com.sun.net.ssl.internal.ssl.Provider());
77
78 String clientAuthStr = (String)attributes.get("clientauth");
79 if("true".equalsIgnoreCase(clientAuthStr) ||
80 "yes".equalsIgnoreCase(clientAuthStr) ||
81 "want".equalsIgnoreCase(clientAuthStr)) {
82 clientAuth = true;
83 }
84
85 // SSL protocol variant (e.g., TLS, SSL v3, etc.)
86 String protocol = (String)attributes.get("protocol");
87 if (protocol == null) protocol = defaultProtocol;
88
89 // Certificate encoding algorithm (e.g., SunX509)
90 String algorithm = (String)attributes.get("algorithm");
91 if (algorithm == null) algorithm = defaultAlgorithm;
92
93 // Set up KeyManager, which will extract server key
94 com.sun.net.ssl.KeyManagerFactory kmf =
95 com.sun.net.ssl.KeyManagerFactory.getInstance(algorithm);
96 String keystoreType = (String)attributes.get("keystoreType");
97 if (keystoreType == null) {
98 keystoreType = defaultKeystoreType;
99 }
100 String keystorePass = getKeystorePassword();
101 kmf.init(getKeystore(keystoreType, keystorePass),
102 keystorePass.toCharArray());
103
104 // Set up TrustManager
105 com.sun.net.ssl.TrustManager[] tm = null;
106 String truststoreType = (String)attributes.get("truststoreType");
107 if(truststoreType == null) {
108 truststoreType = keystoreType;
109 }
110 KeyStore trustStore = getTrustStore(truststoreType);
111 if (trustStore != null) {
112 com.sun.net.ssl.TrustManagerFactory tmf =
113 com.sun.net.ssl.TrustManagerFactory.getInstance("SunX509");
114 tmf.init(trustStore);
115 tm = tmf.getTrustManagers();
116 }
117
118 // Create and init SSLContext
119 com.sun.net.ssl.SSLContext context =
120 com.sun.net.ssl.SSLContext.getInstance(protocol);
121 context.init(kmf.getKeyManagers(), tm, new SecureRandom());
122
123 // Create proxy
124 sslProxy = context.getServerSocketFactory();
125
126 // Determine which cipher suites to enable
127 String requestedCiphers = (String)attributes.get("ciphers");
128 enabledCiphers = getEnabledCiphers(requestedCiphers,
129 sslProxy.getSupportedCipherSuites());
130
131 } catch(Exception e) {
132 if( e instanceof IOException )
133 throw (IOException)e;
134 throw new IOException(e.getMessage());
135 }
136 }
137 protected String[] getEnabledProtocols(SSLServerSocket socket,
138 String requestedProtocols){
139 return null;
140 }
141 protected void setEnabledProtocols(SSLServerSocket socket,
142 String [] protocols){
143 }
144
145 protected void configureClientAuth(SSLServerSocket socket){
146 socket.setNeedClientAuth(clientAuth);
147 }
148
149 protected void configureClientAuth(SSLSocket socket){
150 // In JSSE 1.0.2 docs it does not explicitly
151 // state whether SSLSockets returned from
152 // SSLServerSocket.accept() inherit this setting.
153 socket.setNeedClientAuth(clientAuth);
154 }
155
156 }