Mercurial > 510Connectbot
annotate src/org/tn5250j/framework/transport/SSL/SSLImplementation.java @ 25:5949eb469a79 tn5250
adding tn5250 files, native android logging
author | Carl Byington <carl@five-ten-sg.com> |
---|---|
date | Tue, 03 Jun 2014 12:10:21 -0700 |
parents | b39bcf616a6f |
children | 9ae1c889a64c |
rev | line source |
---|---|
3 | 1 package org.tn5250j.framework.transport.SSL; |
2 | |
3 /* | |
4 * @(#)SSLImplementation.java | |
5 * @author Stephen M. Kennedy | |
6 * | |
7 * Copyright: Copyright (c) 2001 | |
8 * | |
9 * This program is free software; you can redistribute it and/or modify | |
10 * it under the terms of the GNU General Public License as published by | |
11 * the Free Software Foundation; either version 2, or (at your option) | |
12 * any later version. | |
13 * | |
14 * This program is distributed in the hope that it will be useful, | |
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
17 * GNU General Public License for more details. | |
18 * | |
19 * You should have received a copy of the GNU General Public License | |
20 * along with this software; see the file COPYING. If not, write to | |
21 * the Free Software Foundation, Inc., 59 Temple Place, Suite 330, | |
22 * Boston, MA 02111-1307 USA | |
23 * | |
24 */ | |
25 | |
26 import java.io.File; | |
27 import java.io.FileInputStream; | |
28 import java.io.FileOutputStream; | |
29 import java.net.Socket; | |
30 import java.security.KeyStore; | |
31 import java.security.cert.CertificateException; | |
32 import java.security.cert.X509Certificate; | |
33 | |
34 import javax.net.ssl.KeyManagerFactory; | |
35 import javax.net.ssl.SSLContext; | |
36 import javax.net.ssl.SSLSocket; | |
37 import javax.net.ssl.TrustManager; | |
38 import javax.net.ssl.TrustManagerFactory; | |
39 import javax.net.ssl.X509TrustManager; | |
8 | 40 |
13 | 41 import com.five_ten_sg.connectbot.R; |
8 | 42 import com.five_ten_sg.connectbot.service.TerminalBridge; |
43 import com.five_ten_sg.connectbot.service.TerminalManager; | |
3 | 44 |
45 import org.tn5250j.GlobalConfigure; | |
46 import org.tn5250j.framework.transport.SSLInterface; | |
25
5949eb469a79
adding tn5250 files, native android logging
Carl Byington <carl@five-ten-sg.com>
parents:
13
diff
changeset
|
47 import android.util.Log; |
5949eb469a79
adding tn5250 files, native android logging
Carl Byington <carl@five-ten-sg.com>
parents:
13
diff
changeset
|
48 |
3 | 49 |
50 /** | |
51 * <p> | |
52 * This class implements the SSLInterface and is used to create SSL socket | |
53 * instances. | |
54 * </p> | |
8 | 55 * |
3 | 56 * @author Stephen M. Kennedy <skennedy@tenthpowertech.com> |
8 | 57 * |
3 | 58 */ |
59 public class SSLImplementation implements SSLInterface, X509TrustManager { | |
60 | |
61 SSLContext sslContext = null; | |
62 | |
63 KeyStore userks = null; | |
64 private String userKsPath; | |
65 private char[] userksPassword = "changeit".toCharArray(); | |
66 | |
8 | 67 TerminalBridge bridge = null; |
68 TerminalManager manager = null; | |
69 String target = null; // destination:port | |
70 | |
3 | 71 KeyManagerFactory userkmf = null; |
72 | |
73 TrustManagerFactory usertmf = null; | |
74 | |
75 TrustManager[] userTrustManagers = null; | |
76 | |
77 X509Certificate[] acceptedIssuers; | |
78 | |
79 TN5250jLogger logger; | |
80 | |
8 | 81 public SSLImplementation(TerminalBridge bridge, TerminalManager manager) { |
82 this.bridge = bridge; | |
83 this.manager = manager; | |
25
5949eb469a79
adding tn5250 files, native android logging
Carl Byington <carl@five-ten-sg.com>
parents:
13
diff
changeset
|
84 |
3 | 85 } |
86 | |
87 public void init(String sslType) { | |
88 try { | |
89 logger.debug("Initializing User KeyStore"); | |
90 userKsPath = System.getProperty("user.home") + File.separator | |
91 + GlobalConfigure.TN5250J_FOLDER + File.separator + "keystore"; | |
92 File userKsFile = new File(userKsPath); | |
93 userks = KeyStore.getInstance(KeyStore.getDefaultType()); | |
94 userks.load(userKsFile.exists() ? new FileInputStream(userKsFile) | |
95 : null, userksPassword); | |
96 logger.debug("Initializing User Key Manager Factory"); | |
97 userkmf = KeyManagerFactory.getInstance(KeyManagerFactory | |
98 .getDefaultAlgorithm()); | |
99 userkmf.init(userks, userksPassword); | |
100 logger.debug("Initializing User Trust Manager Factory"); | |
101 usertmf = TrustManagerFactory.getInstance(TrustManagerFactory | |
102 .getDefaultAlgorithm()); | |
103 usertmf.init(userks); | |
104 userTrustManagers = usertmf.getTrustManagers(); | |
105 logger.debug("Initializing SSL Context"); | |
106 sslContext = SSLContext.getInstance(sslType); | |
107 sslContext.init(userkmf.getKeyManagers(), new TrustManager[] {this}, null); | |
108 } catch (Exception ex) { | |
109 logger.error("Error initializing SSL [" + ex.getMessage() + "]"); | |
110 } | |
111 | |
112 } | |
113 | |
114 public Socket createSSLSocket(String destination, int port) { | |
115 if (sslContext == null) | |
116 throw new IllegalStateException("SSL Context Not Initialized"); | |
117 SSLSocket socket = null; | |
118 try { | |
8 | 119 target = destination + ":" + String.valueOf(port); |
3 | 120 socket = (SSLSocket) sslContext.getSocketFactory().createSocket( |
121 destination, port); | |
122 } catch (Exception e) { | |
123 logger.error("Error creating ssl socket [" + e.getMessage() + "]"); | |
124 } | |
125 return socket; | |
126 } | |
127 | |
128 // X509TrustManager Methods | |
129 | |
130 /* | |
131 * (non-Javadoc) | |
8 | 132 * |
3 | 133 * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers() |
134 */ | |
135 public X509Certificate[] getAcceptedIssuers() { | |
136 return acceptedIssuers; | |
137 } | |
138 | |
139 /* | |
140 * (non-Javadoc) | |
8 | 141 * |
3 | 142 * @see |
143 * javax.net.ssl.X509TrustManager#checkClientTrusted(java.security.cert. | |
144 * X509Certificate[], java.lang.String) | |
145 */ | |
146 public void checkClientTrusted(X509Certificate[] arg0, String arg1) | |
147 throws CertificateException { | |
148 throw new SecurityException("checkClientTrusted unsupported"); | |
149 | |
150 } | |
151 | |
152 /* | |
153 * (non-Javadoc) | |
8 | 154 * |
3 | 155 * @see |
156 * javax.net.ssl.X509TrustManager#checkServerTrusted(java.security.cert. | |
157 * X509Certificate[], java.lang.String) | |
158 */ | |
159 public void checkServerTrusted(X509Certificate[] chain, String type) | |
160 throws CertificateException { | |
161 try { | |
162 for (int i = 0; i < userTrustManagers.length; i++) { | |
163 if (userTrustManagers[i] instanceof X509TrustManager) { | |
164 X509TrustManager trustManager = (X509TrustManager) userTrustManagers[i]; | |
165 X509Certificate[] calist = trustManager | |
166 .getAcceptedIssuers(); | |
167 if (calist.length > 0) { | |
168 trustManager.checkServerTrusted(chain, type); | |
169 } else { | |
170 throw new CertificateException( | |
171 "Empty list of accepted issuers (a.k.a. root CA list)."); | |
172 } | |
173 } | |
174 } | |
175 return; | |
176 } catch (CertificateException ce) { | |
177 X509Certificate cert = chain[0]; | |
178 String certInfo = "Version: " + cert.getVersion() + "\n"; | |
179 certInfo = certInfo.concat("Serial Number: " | |
180 + cert.getSerialNumber() + "\n"); | |
181 certInfo = certInfo.concat("Signature Algorithm: " | |
182 + cert.getSigAlgName() + "\n"); | |
183 certInfo = certInfo.concat("Issuer: " | |
184 + cert.getIssuerDN().getName() + "\n"); | |
185 certInfo = certInfo.concat("Valid From: " + cert.getNotBefore() | |
186 + "\n"); | |
187 certInfo = certInfo | |
188 .concat("Valid To: " + cert.getNotAfter() + "\n"); | |
189 certInfo = certInfo.concat("Subject DN: " | |
190 + cert.getSubjectDN().getName() + "\n"); | |
191 certInfo = certInfo.concat("Public Key: " | |
192 + cert.getPublicKey().getFormat() + "\n"); | |
193 | |
8 | 194 bridge.outputLine(manager.res.getString(R.string.host_authenticity_warning, target)); |
195 bridge.outputLine(manager.res.getString(R.string.host_certificate, certInfo)); | |
196 Boolean result = bridge.promptHelper.requestBooleanPrompt(null, manager.res.getString(R.string.prompt_accept_certificate)); | |
9 | 197 if ((result == null) || (!result.booleanValue())) { |
3 | 198 throw new java.security.cert.CertificateException( |
199 "Certificate Rejected"); | |
200 } | |
201 | |
8 | 202 result = bridge.promptHelper.requestBooleanPrompt(null, manager.res.getString(R.string.prompt_save_certificate)); |
9 | 203 if ((result != null) && (result.booleanValue())) { |
3 | 204 try { |
205 userks.setCertificateEntry(cert.getSubjectDN().getName(), | |
206 cert); | |
207 userks.store(new FileOutputStream(userKsPath), | |
208 userksPassword); | |
209 } catch (Exception e) { | |
210 logger.error("Error saving certificate [" + e.getMessage() | |
211 + "]"); | |
212 e.printStackTrace(); | |
213 } | |
214 } | |
215 } | |
216 } | |
217 } |