Mercurial > 510Connectbot

comparison src/org/tn5250j/framework/transport/SSL/SSLImplementation.java @ 3:e8d2a24e85c6 tn5250

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
adding tn5250 files
author Carl Byington <carl@five-ten-sg.com>
date Thu, 22 May 2014 12:11:10 -0700
parents
children 3b760b39962a
comparison
equal deleted inserted replaced
2:a01665cb683d 3:e8d2a24e85c6
1 package org.tn5250j.framework.transport.SSL;
2
3 /*
4 * @(#)SSLImplementation.java
5 * @author Stephen M. Kennedy
6 *
7 * Copyright: Copyright (c) 2001
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2, or (at your option)
12 * any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this software; see the file COPYING. If not, write to
21 * the Free Software Foundation, Inc., 59 Temple Place, Suite 330,
22 * Boston, MA 02111-1307 USA
23 *
24 */
25
26 import java.io.File;
27 import java.io.FileInputStream;
28 import java.io.FileOutputStream;
29 import java.net.Socket;
30 import java.security.KeyStore;
31 import java.security.cert.CertificateException;
32 import java.security.cert.X509Certificate;
33
34 import javax.net.ssl.KeyManagerFactory;
35 import javax.net.ssl.SSLContext;
36 import javax.net.ssl.SSLSocket;
37 import javax.net.ssl.TrustManager;
38 import javax.net.ssl.TrustManagerFactory;
39 import javax.net.ssl.X509TrustManager;
40 import javax.swing.JOptionPane;
41
42 import org.tn5250j.GlobalConfigure;
43 import org.tn5250j.framework.transport.SSLInterface;
44 import org.tn5250j.tools.logging.TN5250jLogFactory;
45 import org.tn5250j.tools.logging.TN5250jLogger;
46
47 /**
48 * <p>
49 * This class implements the SSLInterface and is used to create SSL socket
50 * instances.
51 * </p>
52 *
53 * @author Stephen M. Kennedy <skennedy@tenthpowertech.com>
54 *
55 */
56 public class SSLImplementation implements SSLInterface, X509TrustManager {
57
58 SSLContext sslContext = null;
59
60 KeyStore userks = null;
61 private String userKsPath;
62 private char[] userksPassword = "changeit".toCharArray();
63
64 KeyManagerFactory userkmf = null;
65
66 TrustManagerFactory usertmf = null;
67
68 TrustManager[] userTrustManagers = null;
69
70 X509Certificate[] acceptedIssuers;
71
72 TN5250jLogger logger;
73
74 public SSLImplementation() {
75 logger = TN5250jLogFactory.getLogger(getClass());
76 }
77
78 public void init(String sslType) {
79 try {
80 logger.debug("Initializing User KeyStore");
81 userKsPath = System.getProperty("user.home") + File.separator
82 + GlobalConfigure.TN5250J_FOLDER + File.separator + "keystore";
83 File userKsFile = new File(userKsPath);
84 userks = KeyStore.getInstance(KeyStore.getDefaultType());
85 userks.load(userKsFile.exists() ? new FileInputStream(userKsFile)
86 : null, userksPassword);
87 logger.debug("Initializing User Key Manager Factory");
88 userkmf = KeyManagerFactory.getInstance(KeyManagerFactory
89 .getDefaultAlgorithm());
90 userkmf.init(userks, userksPassword);
91 logger.debug("Initializing User Trust Manager Factory");
92 usertmf = TrustManagerFactory.getInstance(TrustManagerFactory
93 .getDefaultAlgorithm());
94 usertmf.init(userks);
95 userTrustManagers = usertmf.getTrustManagers();
96 logger.debug("Initializing SSL Context");
97 sslContext = SSLContext.getInstance(sslType);
98 sslContext.init(userkmf.getKeyManagers(), new TrustManager[] {this}, null);
99 } catch (Exception ex) {
100 logger.error("Error initializing SSL [" + ex.getMessage() + "]");
101 }
102
103 }
104
105 public Socket createSSLSocket(String destination, int port) {
106 if (sslContext == null)
107 throw new IllegalStateException("SSL Context Not Initialized");
108 SSLSocket socket = null;
109 try {
110 socket = (SSLSocket) sslContext.getSocketFactory().createSocket(
111 destination, port);
112 } catch (Exception e) {
113 logger.error("Error creating ssl socket [" + e.getMessage() + "]");
114 }
115 return socket;
116 }
117
118 // X509TrustManager Methods
119
120 /*
121 * (non-Javadoc)
122 *
123 * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers()
124 */
125 public X509Certificate[] getAcceptedIssuers() {
126 return acceptedIssuers;
127 }
128
129 /*
130 * (non-Javadoc)
131 *
132 * @see
133 * javax.net.ssl.X509TrustManager#checkClientTrusted(java.security.cert.
134 * X509Certificate[], java.lang.String)
135 */
136 public void checkClientTrusted(X509Certificate[] arg0, String arg1)
137 throws CertificateException {
138 throw new SecurityException("checkClientTrusted unsupported");
139
140 }
141
142 /*
143 * (non-Javadoc)
144 *
145 * @see
146 * javax.net.ssl.X509TrustManager#checkServerTrusted(java.security.cert.
147 * X509Certificate[], java.lang.String)
148 */
149 public void checkServerTrusted(X509Certificate[] chain, String type)
150 throws CertificateException {
151 try {
152 for (int i = 0; i < userTrustManagers.length; i++) {
153 if (userTrustManagers[i] instanceof X509TrustManager) {
154 X509TrustManager trustManager = (X509TrustManager) userTrustManagers[i];
155 X509Certificate[] calist = trustManager
156 .getAcceptedIssuers();
157 if (calist.length > 0) {
158 trustManager.checkServerTrusted(chain, type);
159 } else {
160 throw new CertificateException(
161 "Empty list of accepted issuers (a.k.a. root CA list).");
162 }
163 }
164 }
165 return;
166 } catch (CertificateException ce) {
167 X509Certificate cert = chain[0];
168 String certInfo = "Version: " + cert.getVersion() + "\n";
169 certInfo = certInfo.concat("Serial Number: "
170 + cert.getSerialNumber() + "\n");
171 certInfo = certInfo.concat("Signature Algorithm: "
172 + cert.getSigAlgName() + "\n");
173 certInfo = certInfo.concat("Issuer: "
174 + cert.getIssuerDN().getName() + "\n");
175 certInfo = certInfo.concat("Valid From: " + cert.getNotBefore()
176 + "\n");
177 certInfo = certInfo
178 .concat("Valid To: " + cert.getNotAfter() + "\n");
179 certInfo = certInfo.concat("Subject DN: "
180 + cert.getSubjectDN().getName() + "\n");
181 certInfo = certInfo.concat("Public Key: "
182 + cert.getPublicKey().getFormat() + "\n");
183
184 int accept = JOptionPane
185 .showConfirmDialog(null, certInfo, "Unknown Certificate - Do you accept it?",
186 javax.swing.JOptionPane.YES_NO_OPTION);
187 if (accept != JOptionPane.YES_OPTION) {
188 throw new java.security.cert.CertificateException(
189 "Certificate Rejected");
190 }
191
192 int save = JOptionPane.showConfirmDialog(null,
193 "Remember this certificate?", "Save Certificate",
194 javax.swing.JOptionPane.YES_NO_OPTION);
195
196 if (save == JOptionPane.YES_OPTION) {
197 try {
198 userks.setCertificateEntry(cert.getSubjectDN().getName(),
199 cert);
200 userks.store(new FileOutputStream(userKsPath),
201 userksPassword);
202 } catch (Exception e) {
203 logger.error("Error saving certificate [" + e.getMessage()
204 + "]");
205 e.printStackTrace();
206 }
207 }
208 }
209
210 }
211 }