|
3
|
1 package org.tn5250j.framework.transport.SSL;
|
|
|
2
|
|
|
3 /*
|
|
|
4 * @(#)SSLImplementation.java
|
|
|
5 * @author Stephen M. Kennedy
|
|
|
6 *
|
|
|
7 * Copyright: Copyright (c) 2001
|
|
|
8 *
|
|
|
9 * This program is free software; you can redistribute it and/or modify
|
|
|
10 * it under the terms of the GNU General Public License as published by
|
|
|
11 * the Free Software Foundation; either version 2, or (at your option)
|
|
|
12 * any later version.
|
|
|
13 *
|
|
|
14 * This program is distributed in the hope that it will be useful,
|
|
|
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
17 * GNU General Public License for more details.
|
|
|
18 *
|
|
|
19 * You should have received a copy of the GNU General Public License
|
|
|
20 * along with this software; see the file COPYING. If not, write to
|
|
|
21 * the Free Software Foundation, Inc., 59 Temple Place, Suite 330,
|
|
|
22 * Boston, MA 02111-1307 USA
|
|
|
23 *
|
|
|
24 */
|
|
|
25
|
|
|
26 import java.io.File;
|
|
|
27 import java.io.FileInputStream;
|
|
|
28 import java.io.FileOutputStream;
|
|
|
29 import java.net.Socket;
|
|
|
30 import java.security.KeyStore;
|
|
|
31 import java.security.cert.CertificateException;
|
|
|
32 import java.security.cert.X509Certificate;
|
|
|
33
|
|
|
34 import javax.net.ssl.KeyManagerFactory;
|
|
|
35 import javax.net.ssl.SSLContext;
|
|
|
36 import javax.net.ssl.SSLSocket;
|
|
|
37 import javax.net.ssl.TrustManager;
|
|
|
38 import javax.net.ssl.TrustManagerFactory;
|
|
|
39 import javax.net.ssl.X509TrustManager;
|
|
|
40 import javax.swing.JOptionPane;
|
|
|
41
|
|
|
42 import org.tn5250j.GlobalConfigure;
|
|
|
43 import org.tn5250j.framework.transport.SSLInterface;
|
|
|
44 import org.tn5250j.tools.logging.TN5250jLogFactory;
|
|
|
45 import org.tn5250j.tools.logging.TN5250jLogger;
|
|
|
46
|
|
|
47 /**
|
|
|
48 * <p>
|
|
|
49 * This class implements the SSLInterface and is used to create SSL socket
|
|
|
50 * instances.
|
|
|
51 * </p>
|
|
|
52 *
|
|
|
53 * @author Stephen M. Kennedy <skennedy@tenthpowertech.com>
|
|
|
54 *
|
|
|
55 */
|
|
|
56 public class SSLImplementation implements SSLInterface, X509TrustManager {
|
|
|
57
|
|
|
58 SSLContext sslContext = null;
|
|
|
59
|
|
|
60 KeyStore userks = null;
|
|
|
61 private String userKsPath;
|
|
|
62 private char[] userksPassword = "changeit".toCharArray();
|
|
|
63
|
|
|
64 KeyManagerFactory userkmf = null;
|
|
|
65
|
|
|
66 TrustManagerFactory usertmf = null;
|
|
|
67
|
|
|
68 TrustManager[] userTrustManagers = null;
|
|
|
69
|
|
|
70 X509Certificate[] acceptedIssuers;
|
|
|
71
|
|
|
72 TN5250jLogger logger;
|
|
|
73
|
|
|
74 public SSLImplementation() {
|
|
|
75 logger = TN5250jLogFactory.getLogger(getClass());
|
|
|
76 }
|
|
|
77
|
|
|
78 public void init(String sslType) {
|
|
|
79 try {
|
|
|
80 logger.debug("Initializing User KeyStore");
|
|
|
81 userKsPath = System.getProperty("user.home") + File.separator
|
|
|
82 + GlobalConfigure.TN5250J_FOLDER + File.separator + "keystore";
|
|
|
83 File userKsFile = new File(userKsPath);
|
|
|
84 userks = KeyStore.getInstance(KeyStore.getDefaultType());
|
|
|
85 userks.load(userKsFile.exists() ? new FileInputStream(userKsFile)
|
|
|
86 : null, userksPassword);
|
|
|
87 logger.debug("Initializing User Key Manager Factory");
|
|
|
88 userkmf = KeyManagerFactory.getInstance(KeyManagerFactory
|
|
|
89 .getDefaultAlgorithm());
|
|
|
90 userkmf.init(userks, userksPassword);
|
|
|
91 logger.debug("Initializing User Trust Manager Factory");
|
|
|
92 usertmf = TrustManagerFactory.getInstance(TrustManagerFactory
|
|
|
93 .getDefaultAlgorithm());
|
|
|
94 usertmf.init(userks);
|
|
|
95 userTrustManagers = usertmf.getTrustManagers();
|
|
|
96 logger.debug("Initializing SSL Context");
|
|
|
97 sslContext = SSLContext.getInstance(sslType);
|
|
|
98 sslContext.init(userkmf.getKeyManagers(), new TrustManager[] {this}, null);
|
|
|
99 } catch (Exception ex) {
|
|
|
100 logger.error("Error initializing SSL [" + ex.getMessage() + "]");
|
|
|
101 }
|
|
|
102
|
|
|
103 }
|
|
|
104
|
|
|
105 public Socket createSSLSocket(String destination, int port) {
|
|
|
106 if (sslContext == null)
|
|
|
107 throw new IllegalStateException("SSL Context Not Initialized");
|
|
|
108 SSLSocket socket = null;
|
|
|
109 try {
|
|
|
110 socket = (SSLSocket) sslContext.getSocketFactory().createSocket(
|
|
|
111 destination, port);
|
|
|
112 } catch (Exception e) {
|
|
|
113 logger.error("Error creating ssl socket [" + e.getMessage() + "]");
|
|
|
114 }
|
|
|
115 return socket;
|
|
|
116 }
|
|
|
117
|
|
|
118 // X509TrustManager Methods
|
|
|
119
|
|
|
120 /*
|
|
|
121 * (non-Javadoc)
|
|
|
122 *
|
|
|
123 * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers()
|
|
|
124 */
|
|
|
125 public X509Certificate[] getAcceptedIssuers() {
|
|
|
126 return acceptedIssuers;
|
|
|
127 }
|
|
|
128
|
|
|
129 /*
|
|
|
130 * (non-Javadoc)
|
|
|
131 *
|
|
|
132 * @see
|
|
|
133 * javax.net.ssl.X509TrustManager#checkClientTrusted(java.security.cert.
|
|
|
134 * X509Certificate[], java.lang.String)
|
|
|
135 */
|
|
|
136 public void checkClientTrusted(X509Certificate[] arg0, String arg1)
|
|
|
137 throws CertificateException {
|
|
|
138 throw new SecurityException("checkClientTrusted unsupported");
|
|
|
139
|
|
|
140 }
|
|
|
141
|
|
|
142 /*
|
|
|
143 * (non-Javadoc)
|
|
|
144 *
|
|
|
145 * @see
|
|
|
146 * javax.net.ssl.X509TrustManager#checkServerTrusted(java.security.cert.
|
|
|
147 * X509Certificate[], java.lang.String)
|
|
|
148 */
|
|
|
149 public void checkServerTrusted(X509Certificate[] chain, String type)
|
|
|
150 throws CertificateException {
|
|
|
151 try {
|
|
|
152 for (int i = 0; i < userTrustManagers.length; i++) {
|
|
|
153 if (userTrustManagers[i] instanceof X509TrustManager) {
|
|
|
154 X509TrustManager trustManager = (X509TrustManager) userTrustManagers[i];
|
|
|
155 X509Certificate[] calist = trustManager
|
|
|
156 .getAcceptedIssuers();
|
|
|
157 if (calist.length > 0) {
|
|
|
158 trustManager.checkServerTrusted(chain, type);
|
|
|
159 } else {
|
|
|
160 throw new CertificateException(
|
|
|
161 "Empty list of accepted issuers (a.k.a. root CA list).");
|
|
|
162 }
|
|
|
163 }
|
|
|
164 }
|
|
|
165 return;
|
|
|
166 } catch (CertificateException ce) {
|
|
|
167 X509Certificate cert = chain[0];
|
|
|
168 String certInfo = "Version: " + cert.getVersion() + "\n";
|
|
|
169 certInfo = certInfo.concat("Serial Number: "
|
|
|
170 + cert.getSerialNumber() + "\n");
|
|
|
171 certInfo = certInfo.concat("Signature Algorithm: "
|
|
|
172 + cert.getSigAlgName() + "\n");
|
|
|
173 certInfo = certInfo.concat("Issuer: "
|
|
|
174 + cert.getIssuerDN().getName() + "\n");
|
|
|
175 certInfo = certInfo.concat("Valid From: " + cert.getNotBefore()
|
|
|
176 + "\n");
|
|
|
177 certInfo = certInfo
|
|
|
178 .concat("Valid To: " + cert.getNotAfter() + "\n");
|
|
|
179 certInfo = certInfo.concat("Subject DN: "
|
|
|
180 + cert.getSubjectDN().getName() + "\n");
|
|
|
181 certInfo = certInfo.concat("Public Key: "
|
|
|
182 + cert.getPublicKey().getFormat() + "\n");
|
|
|
183
|
|
|
184 int accept = JOptionPane
|
|
|
185 .showConfirmDialog(null, certInfo, "Unknown Certificate - Do you accept it?",
|
|
|
186 javax.swing.JOptionPane.YES_NO_OPTION);
|
|
|
187 if (accept != JOptionPane.YES_OPTION) {
|
|
|
188 throw new java.security.cert.CertificateException(
|
|
|
189 "Certificate Rejected");
|
|
|
190 }
|
|
|
191
|
|
|
192 int save = JOptionPane.showConfirmDialog(null,
|
|
|
193 "Remember this certificate?", "Save Certificate",
|
|
|
194 javax.swing.JOptionPane.YES_NO_OPTION);
|
|
|
195
|
|
|
196 if (save == JOptionPane.YES_OPTION) {
|
|
|
197 try {
|
|
|
198 userks.setCertificateEntry(cert.getSubjectDN().getName(),
|
|
|
199 cert);
|
|
|
200 userks.store(new FileOutputStream(userKsPath),
|
|
|
201 userksPassword);
|
|
|
202 } catch (Exception e) {
|
|
|
203 logger.error("Error saving certificate [" + e.getMessage()
|
|
|
204 + "]");
|
|
|
205 e.printStackTrace();
|
|
|
206 }
|
|
|
207 }
|
|
|
208 }
|
|
|
209
|
|
|
210 }
|
|
|
211 } |
