Mercurial > 510Connectbot

comparison src/org/tn5250j/framework/transport/SSL/SSLImplementation.java @ 79:01d939969b10

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
merge tn5250 branch into default
author Carl Byington <carl@five-ten-sg.com>
date Mon, 16 Jun 2014 08:24:00 -0700
parents 011462bddcf1
children 8f23b05a51f7
comparison
equal deleted inserted replaced
19:b3d0d806cbe2 79:01d939969b10
1 package org.tn5250j.framework.transport.SSL;
2
3 /*
4 * @(#)SSLImplementation.java
5 * @author Stephen M. Kennedy
6 *
7 * Copyright: Copyright (c) 2001
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2, or (at your option)
12 * any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this software; see the file COPYING. If not, write to
21 * the Free Software Foundation, Inc., 59 Temple Place, Suite 330,
22 * Boston, MA 02111-1307 USA
23 *
24 */
25
26 import java.io.File;
27 import java.io.FileInputStream;
28 import java.io.FileOutputStream;
29 import java.net.Socket;
30 import java.security.KeyStore;
31 import java.security.cert.CertificateException;
32 import java.security.cert.X509Certificate;
33
34 import javax.net.ssl.KeyManagerFactory;
35 import javax.net.ssl.SSLContext;
36 import javax.net.ssl.SSLSocket;
37 import javax.net.ssl.TrustManager;
38 import javax.net.ssl.TrustManagerFactory;
39 import javax.net.ssl.X509TrustManager;
40
41 import com.five_ten_sg.connectbot.R;
42 import com.five_ten_sg.connectbot.service.TerminalBridge;
43 import com.five_ten_sg.connectbot.service.TerminalManager;
44
45 import org.tn5250j.GlobalConfigure;
46 import org.tn5250j.framework.transport.SSLInterface;
47 import android.util.Log;
48
49
50 /**
51 * <p>
52 * This class implements the SSLInterface and is used to create SSL socket
53 * instances.
54 * </p>
55 *
56 * @author Stephen M. Kennedy <skennedy@tenthpowertech.com>
57 *
58 */
59 public class SSLImplementation implements SSLInterface, X509TrustManager {
60 private static final String TAG = "SSLImplementation";
61 SSLContext sslContext = null;
62 KeyStore userks = null;
63 private String userKsPath;
64 private char[] userksPassword = "changeit".toCharArray();
65
66 TerminalBridge bridge = null;
67 TerminalManager manager = null;
68 String target = null; // destination:port
69
70 KeyManagerFactory userkmf = null;
71
72 TrustManagerFactory usertmf = null;
73
74 TrustManager[] userTrustManagers = null;
75
76 X509Certificate[] acceptedIssuers;
77
78 public SSLImplementation(TerminalBridge bridge, TerminalManager manager) {
79 this.bridge = bridge;
80 this.manager = manager;
81
82 }
83
84 public void init(String sslType) {
85 try {
86 Log.d(TAG,"Initializing User KeyStore");
87 userKsPath = System.getProperty("user.home") + File.separator
88 + GlobalConfigure.TN5250J_FOLDER + File.separator + "keystore";
89 File userKsFile = new File(userKsPath);
90 userks = KeyStore.getInstance(KeyStore.getDefaultType());
91 userks.load(userKsFile.exists() ? new FileInputStream(userKsFile)
92 : null, userksPassword);
93 Log.d(TAG,"Initializing User Key Manager Factory");
94 userkmf = KeyManagerFactory.getInstance(KeyManagerFactory
95 .getDefaultAlgorithm());
96 userkmf.init(userks, userksPassword);
97 Log.d(TAG,"Initializing User Trust Manager Factory");
98 usertmf = TrustManagerFactory.getInstance(TrustManagerFactory
99 .getDefaultAlgorithm());
100 usertmf.init(userks);
101 userTrustManagers = usertmf.getTrustManagers();
102 Log.d(TAG,"Initializing SSL Context");
103 sslContext = SSLContext.getInstance(sslType);
104 sslContext.init(userkmf.getKeyManagers(), new TrustManager[] {this}, null);
105 } catch (Exception ex) {
106 Log.e(TAG,"Error initializing SSL [" + ex.getMessage() + "]");
107 }
108
109 }
110
111 public Socket createSSLSocket(String destination, int port) {
112 if (sslContext == null)
113 throw new IllegalStateException("SSL Context Not Initialized");
114 SSLSocket socket = null;
115 try {
116 target = destination + ":" + String.valueOf(port);
117 socket = (SSLSocket) sslContext.getSocketFactory().createSocket(
118 destination, port);
119 } catch (Exception e) {
120 Log.e(TAG,"Error creating ssl socket [" + e.getMessage() + "]");
121 }
122 return socket;
123 }
124
125 // X509TrustManager Methods
126
127 /*
128 * (non-Javadoc)
129 *
130 * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers()
131 */
132 public X509Certificate[] getAcceptedIssuers() {
133 return acceptedIssuers;
134 }
135
136 /*
137 * (non-Javadoc)
138 *
139 * @see
140 * javax.net.ssl.X509TrustManager#checkClientTrusted(java.security.cert.
141 * X509Certificate[], java.lang.String)
142 */
143 public void checkClientTrusted(X509Certificate[] arg0, String arg1)
144 throws CertificateException {
145 throw new SecurityException("checkClientTrusted unsupported");
146
147 }
148
149 /*
150 * (non-Javadoc)
151 *
152 * @see
153 * javax.net.ssl.X509TrustManager#checkServerTrusted(java.security.cert.
154 * X509Certificate[], java.lang.String)
155 */
156 public void checkServerTrusted(X509Certificate[] chain, String type)
157 throws CertificateException {
158 try {
159 for (int i = 0; i < userTrustManagers.length; i++) {
160 if (userTrustManagers[i] instanceof X509TrustManager) {
161 X509TrustManager trustManager = (X509TrustManager) userTrustManagers[i];
162 X509Certificate[] calist = trustManager
163 .getAcceptedIssuers();
164 if (calist.length > 0) {
165 trustManager.checkServerTrusted(chain, type);
166 } else {
167 throw new CertificateException(
168 "Empty list of accepted issuers (a.k.a. root CA list).");
169 }
170 }
171 }
172 return;
173 } catch (CertificateException ce) {
174 X509Certificate cert = chain[0];
175 String certInfo = manager.res.getString(R.string.host_cert_version) + cert.getVersion() + "\r\n";
176 certInfo = certInfo.concat(manager.res.getString(R.string.host_cert_serial) + cert.getSerialNumber() + "\r\n");
177 certInfo = certInfo.concat(manager.res.getString(R.string.host_cert_algorithm) + cert.getSigAlgName() + "\r\n");
178 certInfo = certInfo.concat(manager.res.getString(R.string.host_cert_issuer) + cert.getIssuerDN().getName() + "\r\n");
179 certInfo = certInfo.concat(manager.res.getString(R.string.host_cert_from) + cert.getNotBefore() + "\r\n");
180 certInfo = certInfo.concat(manager.res.getString(R.string.host_cert_to) + cert.getNotAfter() + "\r\n");
181 certInfo = certInfo.concat(manager.res.getString(R.string.host_cert_dn) + cert.getSubjectDN().getName() + "\r\n");
182 certInfo = certInfo.concat(manager.res.getString(R.string.host_cert_publickey) + cert.getPublicKey().getFormat() + "\r\n");
183
184 bridge.outputLine(manager.res.getString(R.string.host_authenticity_warning, target));
185 bridge.outputLine(manager.res.getString(R.string.host_certificate, certInfo));
186 Boolean result = bridge.promptHelper.requestBooleanPrompt(null, manager.res.getString(R.string.prompt_accept_certificate));
187 if ((result == null) || (!result.booleanValue())) {
188 throw new java.security.cert.CertificateException(
189 "Certificate Rejected");
190 }
191
192 result = bridge.promptHelper.requestBooleanPrompt(null, manager.res.getString(R.string.prompt_save_certificate));
193 if ((result != null) && (result.booleanValue())) {
194 try {
195 userks.setCertificateEntry(cert.getSubjectDN().getName(),
196 cert);
197 userks.store(new FileOutputStream(userKsPath),
198 userksPassword);
199 } catch (Exception e) {
200 Log.e(TAG,"Error saving certificate [" + e.getMessage()
201 + "]");
202 e.printStackTrace();
203 }
204 }
205 }
206 }
207 }