Mercurial > 510Connectbot
view src/org/tn5250j/framework/transport/SSL/SSLImplementation.java @ 8:3b760b39962a tn5250
adding tn5250 files
author | Carl Byington <carl@five-ten-sg.com> |
---|---|
date | Thu, 22 May 2014 15:41:35 -0700 |
parents | e8d2a24e85c6 |
children | 731e70088af0 |
line wrap: on
line source
package org.tn5250j.framework.transport.SSL; /* * @(#)SSLImplementation.java * @author Stephen M. Kennedy * * Copyright: Copyright (c) 2001 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this software; see the file COPYING. If not, write to * the Free Software Foundation, Inc., 59 Temple Place, Suite 330, * Boston, MA 02111-1307 USA * */ import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; import java.net.Socket; import java.security.KeyStore; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocket; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.X509TrustManager; import com.five_ten_sg.connectbot.service.TerminalBridge; import com.five_ten_sg.connectbot.service.TerminalManager; import org.tn5250j.GlobalConfigure; import org.tn5250j.framework.transport.SSLInterface; import org.tn5250j.tools.logging.TN5250jLogFactory; import org.tn5250j.tools.logging.TN5250jLogger; /** * <p> * This class implements the SSLInterface and is used to create SSL socket * instances. * </p> * * @author Stephen M. Kennedy <skennedy@tenthpowertech.com> * */ public class SSLImplementation implements SSLInterface, X509TrustManager { SSLContext sslContext = null; KeyStore userks = null; private String userKsPath; private char[] userksPassword = "changeit".toCharArray(); TerminalBridge bridge = null; TerminalManager manager = null; String target = null; // destination:port KeyManagerFactory userkmf = null; TrustManagerFactory usertmf = null; TrustManager[] userTrustManagers = null; X509Certificate[] acceptedIssuers; TN5250jLogger logger; public SSLImplementation(TerminalBridge bridge, TerminalManager manager) { this.bridge = bridge; this.manager = manager; logger = TN5250jLogFactory.getLogger(getClass()); } public void init(String sslType) { try { logger.debug("Initializing User KeyStore"); userKsPath = System.getProperty("user.home") + File.separator + GlobalConfigure.TN5250J_FOLDER + File.separator + "keystore"; File userKsFile = new File(userKsPath); userks = KeyStore.getInstance(KeyStore.getDefaultType()); userks.load(userKsFile.exists() ? new FileInputStream(userKsFile) : null, userksPassword); logger.debug("Initializing User Key Manager Factory"); userkmf = KeyManagerFactory.getInstance(KeyManagerFactory .getDefaultAlgorithm()); userkmf.init(userks, userksPassword); logger.debug("Initializing User Trust Manager Factory"); usertmf = TrustManagerFactory.getInstance(TrustManagerFactory .getDefaultAlgorithm()); usertmf.init(userks); userTrustManagers = usertmf.getTrustManagers(); logger.debug("Initializing SSL Context"); sslContext = SSLContext.getInstance(sslType); sslContext.init(userkmf.getKeyManagers(), new TrustManager[] {this}, null); } catch (Exception ex) { logger.error("Error initializing SSL [" + ex.getMessage() + "]"); } } public Socket createSSLSocket(String destination, int port) { if (sslContext == null) throw new IllegalStateException("SSL Context Not Initialized"); SSLSocket socket = null; try { target = destination + ":" + String.valueOf(port); socket = (SSLSocket) sslContext.getSocketFactory().createSocket( destination, port); } catch (Exception e) { logger.error("Error creating ssl socket [" + e.getMessage() + "]"); } return socket; } // X509TrustManager Methods /* * (non-Javadoc) * * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers() */ public X509Certificate[] getAcceptedIssuers() { return acceptedIssuers; } /* * (non-Javadoc) * * @see * javax.net.ssl.X509TrustManager#checkClientTrusted(java.security.cert. * X509Certificate[], java.lang.String) */ public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException { throw new SecurityException("checkClientTrusted unsupported"); } /* * (non-Javadoc) * * @see * javax.net.ssl.X509TrustManager#checkServerTrusted(java.security.cert. * X509Certificate[], java.lang.String) */ public void checkServerTrusted(X509Certificate[] chain, String type) throws CertificateException { try { for (int i = 0; i < userTrustManagers.length; i++) { if (userTrustManagers[i] instanceof X509TrustManager) { X509TrustManager trustManager = (X509TrustManager) userTrustManagers[i]; X509Certificate[] calist = trustManager .getAcceptedIssuers(); if (calist.length > 0) { trustManager.checkServerTrusted(chain, type); } else { throw new CertificateException( "Empty list of accepted issuers (a.k.a. root CA list)."); } } } return; } catch (CertificateException ce) { X509Certificate cert = chain[0]; String certInfo = "Version: " + cert.getVersion() + "\n"; certInfo = certInfo.concat("Serial Number: " + cert.getSerialNumber() + "\n"); certInfo = certInfo.concat("Signature Algorithm: " + cert.getSigAlgName() + "\n"); certInfo = certInfo.concat("Issuer: " + cert.getIssuerDN().getName() + "\n"); certInfo = certInfo.concat("Valid From: " + cert.getNotBefore() + "\n"); certInfo = certInfo .concat("Valid To: " + cert.getNotAfter() + "\n"); certInfo = certInfo.concat("Subject DN: " + cert.getSubjectDN().getName() + "\n"); certInfo = certInfo.concat("Public Key: " + cert.getPublicKey().getFormat() + "\n"); bridge.outputLine(manager.res.getString(R.string.host_authenticity_warning, target)); bridge.outputLine(manager.res.getString(R.string.host_certificate, certInfo)); Boolean result = bridge.promptHelper.requestBooleanPrompt(null, manager.res.getString(R.string.prompt_accept_certificate)); if ((result == null) || (!result.booleanValue()) { throw new java.security.cert.CertificateException( "Certificate Rejected"); } result = bridge.promptHelper.requestBooleanPrompt(null, manager.res.getString(R.string.prompt_save_certificate)); if ((result != null) && (result.booleanValue()) { try { userks.setCertificateEntry(cert.getSubjectDN().getName(), cert); userks.store(new FileOutputStream(userKsPath), userksPassword); } catch (Exception e) { logger.error("Error saving certificate [" + e.getMessage() + "]"); e.printStackTrace(); } } } } }