Mercurial > 510Connectbot
comparison src/org/tn5250j/framework/transport/SSL/SSLImplementation.java @ 3:e8d2a24e85c6 tn5250
adding tn5250 files
author | Carl Byington <carl@five-ten-sg.com> |
---|---|
date | Thu, 22 May 2014 12:11:10 -0700 |
parents | |
children | 3b760b39962a |
comparison
equal
deleted
inserted
replaced
2:a01665cb683d | 3:e8d2a24e85c6 |
---|---|
1 package org.tn5250j.framework.transport.SSL; | |
2 | |
3 /* | |
4 * @(#)SSLImplementation.java | |
5 * @author Stephen M. Kennedy | |
6 * | |
7 * Copyright: Copyright (c) 2001 | |
8 * | |
9 * This program is free software; you can redistribute it and/or modify | |
10 * it under the terms of the GNU General Public License as published by | |
11 * the Free Software Foundation; either version 2, or (at your option) | |
12 * any later version. | |
13 * | |
14 * This program is distributed in the hope that it will be useful, | |
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
17 * GNU General Public License for more details. | |
18 * | |
19 * You should have received a copy of the GNU General Public License | |
20 * along with this software; see the file COPYING. If not, write to | |
21 * the Free Software Foundation, Inc., 59 Temple Place, Suite 330, | |
22 * Boston, MA 02111-1307 USA | |
23 * | |
24 */ | |
25 | |
26 import java.io.File; | |
27 import java.io.FileInputStream; | |
28 import java.io.FileOutputStream; | |
29 import java.net.Socket; | |
30 import java.security.KeyStore; | |
31 import java.security.cert.CertificateException; | |
32 import java.security.cert.X509Certificate; | |
33 | |
34 import javax.net.ssl.KeyManagerFactory; | |
35 import javax.net.ssl.SSLContext; | |
36 import javax.net.ssl.SSLSocket; | |
37 import javax.net.ssl.TrustManager; | |
38 import javax.net.ssl.TrustManagerFactory; | |
39 import javax.net.ssl.X509TrustManager; | |
40 import javax.swing.JOptionPane; | |
41 | |
42 import org.tn5250j.GlobalConfigure; | |
43 import org.tn5250j.framework.transport.SSLInterface; | |
44 import org.tn5250j.tools.logging.TN5250jLogFactory; | |
45 import org.tn5250j.tools.logging.TN5250jLogger; | |
46 | |
47 /** | |
48 * <p> | |
49 * This class implements the SSLInterface and is used to create SSL socket | |
50 * instances. | |
51 * </p> | |
52 * | |
53 * @author Stephen M. Kennedy <skennedy@tenthpowertech.com> | |
54 * | |
55 */ | |
56 public class SSLImplementation implements SSLInterface, X509TrustManager { | |
57 | |
58 SSLContext sslContext = null; | |
59 | |
60 KeyStore userks = null; | |
61 private String userKsPath; | |
62 private char[] userksPassword = "changeit".toCharArray(); | |
63 | |
64 KeyManagerFactory userkmf = null; | |
65 | |
66 TrustManagerFactory usertmf = null; | |
67 | |
68 TrustManager[] userTrustManagers = null; | |
69 | |
70 X509Certificate[] acceptedIssuers; | |
71 | |
72 TN5250jLogger logger; | |
73 | |
74 public SSLImplementation() { | |
75 logger = TN5250jLogFactory.getLogger(getClass()); | |
76 } | |
77 | |
78 public void init(String sslType) { | |
79 try { | |
80 logger.debug("Initializing User KeyStore"); | |
81 userKsPath = System.getProperty("user.home") + File.separator | |
82 + GlobalConfigure.TN5250J_FOLDER + File.separator + "keystore"; | |
83 File userKsFile = new File(userKsPath); | |
84 userks = KeyStore.getInstance(KeyStore.getDefaultType()); | |
85 userks.load(userKsFile.exists() ? new FileInputStream(userKsFile) | |
86 : null, userksPassword); | |
87 logger.debug("Initializing User Key Manager Factory"); | |
88 userkmf = KeyManagerFactory.getInstance(KeyManagerFactory | |
89 .getDefaultAlgorithm()); | |
90 userkmf.init(userks, userksPassword); | |
91 logger.debug("Initializing User Trust Manager Factory"); | |
92 usertmf = TrustManagerFactory.getInstance(TrustManagerFactory | |
93 .getDefaultAlgorithm()); | |
94 usertmf.init(userks); | |
95 userTrustManagers = usertmf.getTrustManagers(); | |
96 logger.debug("Initializing SSL Context"); | |
97 sslContext = SSLContext.getInstance(sslType); | |
98 sslContext.init(userkmf.getKeyManagers(), new TrustManager[] {this}, null); | |
99 } catch (Exception ex) { | |
100 logger.error("Error initializing SSL [" + ex.getMessage() + "]"); | |
101 } | |
102 | |
103 } | |
104 | |
105 public Socket createSSLSocket(String destination, int port) { | |
106 if (sslContext == null) | |
107 throw new IllegalStateException("SSL Context Not Initialized"); | |
108 SSLSocket socket = null; | |
109 try { | |
110 socket = (SSLSocket) sslContext.getSocketFactory().createSocket( | |
111 destination, port); | |
112 } catch (Exception e) { | |
113 logger.error("Error creating ssl socket [" + e.getMessage() + "]"); | |
114 } | |
115 return socket; | |
116 } | |
117 | |
118 // X509TrustManager Methods | |
119 | |
120 /* | |
121 * (non-Javadoc) | |
122 * | |
123 * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers() | |
124 */ | |
125 public X509Certificate[] getAcceptedIssuers() { | |
126 return acceptedIssuers; | |
127 } | |
128 | |
129 /* | |
130 * (non-Javadoc) | |
131 * | |
132 * @see | |
133 * javax.net.ssl.X509TrustManager#checkClientTrusted(java.security.cert. | |
134 * X509Certificate[], java.lang.String) | |
135 */ | |
136 public void checkClientTrusted(X509Certificate[] arg0, String arg1) | |
137 throws CertificateException { | |
138 throw new SecurityException("checkClientTrusted unsupported"); | |
139 | |
140 } | |
141 | |
142 /* | |
143 * (non-Javadoc) | |
144 * | |
145 * @see | |
146 * javax.net.ssl.X509TrustManager#checkServerTrusted(java.security.cert. | |
147 * X509Certificate[], java.lang.String) | |
148 */ | |
149 public void checkServerTrusted(X509Certificate[] chain, String type) | |
150 throws CertificateException { | |
151 try { | |
152 for (int i = 0; i < userTrustManagers.length; i++) { | |
153 if (userTrustManagers[i] instanceof X509TrustManager) { | |
154 X509TrustManager trustManager = (X509TrustManager) userTrustManagers[i]; | |
155 X509Certificate[] calist = trustManager | |
156 .getAcceptedIssuers(); | |
157 if (calist.length > 0) { | |
158 trustManager.checkServerTrusted(chain, type); | |
159 } else { | |
160 throw new CertificateException( | |
161 "Empty list of accepted issuers (a.k.a. root CA list)."); | |
162 } | |
163 } | |
164 } | |
165 return; | |
166 } catch (CertificateException ce) { | |
167 X509Certificate cert = chain[0]; | |
168 String certInfo = "Version: " + cert.getVersion() + "\n"; | |
169 certInfo = certInfo.concat("Serial Number: " | |
170 + cert.getSerialNumber() + "\n"); | |
171 certInfo = certInfo.concat("Signature Algorithm: " | |
172 + cert.getSigAlgName() + "\n"); | |
173 certInfo = certInfo.concat("Issuer: " | |
174 + cert.getIssuerDN().getName() + "\n"); | |
175 certInfo = certInfo.concat("Valid From: " + cert.getNotBefore() | |
176 + "\n"); | |
177 certInfo = certInfo | |
178 .concat("Valid To: " + cert.getNotAfter() + "\n"); | |
179 certInfo = certInfo.concat("Subject DN: " | |
180 + cert.getSubjectDN().getName() + "\n"); | |
181 certInfo = certInfo.concat("Public Key: " | |
182 + cert.getPublicKey().getFormat() + "\n"); | |
183 | |
184 int accept = JOptionPane | |
185 .showConfirmDialog(null, certInfo, "Unknown Certificate - Do you accept it?", | |
186 javax.swing.JOptionPane.YES_NO_OPTION); | |
187 if (accept != JOptionPane.YES_OPTION) { | |
188 throw new java.security.cert.CertificateException( | |
189 "Certificate Rejected"); | |
190 } | |
191 | |
192 int save = JOptionPane.showConfirmDialog(null, | |
193 "Remember this certificate?", "Save Certificate", | |
194 javax.swing.JOptionPane.YES_NO_OPTION); | |
195 | |
196 if (save == JOptionPane.YES_OPTION) { | |
197 try { | |
198 userks.setCertificateEntry(cert.getSubjectDN().getName(), | |
199 cert); | |
200 userks.store(new FileOutputStream(userKsPath), | |
201 userksPassword); | |
202 } catch (Exception e) { | |
203 logger.error("Error saving certificate [" + e.getMessage() | |
204 + "]"); | |
205 e.printStackTrace(); | |
206 } | |
207 } | |
208 } | |
209 | |
210 } | |
211 } |