Mercurial > 510Connectbot

comparison src/org/tn5250j/framework/transport/SSL/SSLImplementation.java @ 112:77ac18bc1b2f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
cleanup java formatting
author Carl Byington <carl@five-ten-sg.com>
date Wed, 18 Jun 2014 13:03:01 -0700
parents 33eb63352be5
children
comparison
equal deleted inserted replaced
111:6a0ad4d384ea 112:77ac18bc1b2f
55 * @author Stephen M. Kennedy <skennedy@tenthpowertech.com> 55 * @author Stephen M. Kennedy <skennedy@tenthpowertech.com>
56 * 56 *
57 */ 57 */
58 public class SSLImplementation implements SSLInterface, X509TrustManager { 58 public class SSLImplementation implements SSLInterface, X509TrustManager {
59 private static final String TAG = "SSLImplementation"; 59 private static final String TAG = "SSLImplementation";
60 SSLContext sslContext = null; 60 SSLContext sslContext = null;
61 KeyStore userks = null; 61 KeyStore userks = null;
62 private String userKsPath; 62 private String userKsPath;
63 private char[] userksPassword = "changeit".toCharArray(); 63 private char[] userksPassword = "changeit".toCharArray();
64 64
65 TerminalBridge bridge = null; 65 TerminalBridge bridge = null;
66 TerminalManager manager = null; 66 TerminalManager manager = null;
67 String target = null; // destination:port 67 String target = null; // destination:port
68 68
69 KeyManagerFactory userkmf = null; 69 KeyManagerFactory userkmf = null;
70 70
71 TrustManagerFactory usertmf = null; 71 TrustManagerFactory usertmf = null;
72 72
73 TrustManager[] userTrustManagers = null; 73 TrustManager[] userTrustManagers = null;
74 74
75 X509Certificate[] acceptedIssuers; 75 X509Certificate[] acceptedIssuers;
76 76
77 public SSLImplementation(TerminalBridge bridge, TerminalManager manager) { 77 public SSLImplementation(TerminalBridge bridge, TerminalManager manager) {
78 this.bridge = bridge; 78 this.bridge = bridge;
79 this.manager = manager; 79 this.manager = manager;
80 80 }
81 } 81
82 82 public void init(String sslType, String homeDirectory) {
83 public void init(String sslType, String homeDirectory) { 83 try {
84 try { 84 Log.d(TAG, "Initializing User KeyStore");
85 Log.d(TAG,"Initializing User KeyStore"); 85 userKsPath = homeDirectory + File.separator + "keystore";
86 userKsPath = homeDirectory + File.separator + "keystore"; 86 File userKsFile = new File(userKsPath);
87 File userKsFile = new File(userKsPath); 87 userks = KeyStore.getInstance(KeyStore.getDefaultType());
88 userks = KeyStore.getInstance(KeyStore.getDefaultType()); 88 userks.load(userKsFile.exists() ? new FileInputStream(userKsFile)
89 userks.load(userKsFile.exists() ? new FileInputStream(userKsFile) 89 : null, userksPassword);
90 : null, userksPassword); 90 Log.d(TAG, "Initializing User Key Manager Factory");
91 Log.d(TAG,"Initializing User Key Manager Factory"); 91 userkmf = KeyManagerFactory.getInstance(KeyManagerFactory
92 userkmf = KeyManagerFactory.getInstance(KeyManagerFactory 92 .getDefaultAlgorithm());
93 .getDefaultAlgorithm()); 93 userkmf.init(userks, userksPassword);
94 userkmf.init(userks, userksPassword); 94 Log.d(TAG, "Initializing User Trust Manager Factory");
95 Log.d(TAG,"Initializing User Trust Manager Factory"); 95 usertmf = TrustManagerFactory.getInstance(TrustManagerFactory
96 usertmf = TrustManagerFactory.getInstance(TrustManagerFactory 96 .getDefaultAlgorithm());
97 .getDefaultAlgorithm()); 97 usertmf.init(userks);
98 usertmf.init(userks); 98 userTrustManagers = usertmf.getTrustManagers();
99 userTrustManagers = usertmf.getTrustManagers(); 99 Log.d(TAG, "Initializing SSL Context");
100 Log.d(TAG,"Initializing SSL Context"); 100 sslContext = SSLContext.getInstance(sslType);
101 sslContext = SSLContext.getInstance(sslType); 101 sslContext.init(userkmf.getKeyManagers(), new TrustManager[] {this}, null);
102 sslContext.init(userkmf.getKeyManagers(), new TrustManager[] {this}, null); 102 }
103 } catch (Exception ex) { 103 catch (Exception ex) {
104 Log.e(TAG,"Error initializing SSL [" + ex.getMessage() + "]"); 104 Log.e(TAG, "Error initializing SSL [" + ex.getMessage() + "]");
105 } 105 }
106 106 }
107 } 107
108 108 public Socket createSSLSocket(String destination, int port) {
109 public Socket createSSLSocket(String destination, int port) { 109 if (sslContext == null)
110 if (sslContext == null) 110 throw new IllegalStateException("SSL Context Not Initialized");
111 throw new IllegalStateException("SSL Context Not Initialized"); 111
112 SSLSocket socket = null; 112 SSLSocket socket = null;
113 try { 113
114 try {
114 target = destination + ":" + String.valueOf(port); 115 target = destination + ":" + String.valueOf(port);
115 socket = (SSLSocket) sslContext.getSocketFactory().createSocket( 116 socket = (SSLSocket) sslContext.getSocketFactory().createSocket(
116 destination, port); 117 destination, port);
117 } catch (Exception e) { 118 }
118 Log.e(TAG,"Error creating ssl socket [" + e.getMessage() + "]"); 119 catch (Exception e) {
119 } 120 Log.e(TAG, "Error creating ssl socket [" + e.getMessage() + "]");
120 return socket; 121 }
121 } 122
122 123 return socket;
123 // X509TrustManager Methods 124 }
124 125
125 /* 126 // X509TrustManager Methods
126 * (non-Javadoc) 127
127 * 128 /*
128 * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers() 129 * (non-Javadoc)
129 */ 130 *
130 public X509Certificate[] getAcceptedIssuers() { 131 * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers()
131 return acceptedIssuers; 132 */
132 } 133 public X509Certificate[] getAcceptedIssuers() {
133 134 return acceptedIssuers;
134 /* 135 }
135 * (non-Javadoc) 136
136 * 137 /*
137 * @see 138 * (non-Javadoc)
138 * javax.net.ssl.X509TrustManager#checkClientTrusted(java.security.cert. 139 *
139 * X509Certificate[], java.lang.String) 140 * @see
140 */ 141 * javax.net.ssl.X509TrustManager#checkClientTrusted(java.security.cert.
141 public void checkClientTrusted(X509Certificate[] arg0, String arg1) 142 * X509Certificate[], java.lang.String)
142 throws CertificateException { 143 */
143 throw new SecurityException("checkClientTrusted unsupported"); 144 public void checkClientTrusted(X509Certificate[] arg0, String arg1)
144 145 throws CertificateException {
145 } 146 throw new SecurityException("checkClientTrusted unsupported");
146 147 }
147 /* 148
148 * (non-Javadoc) 149 /*
149 * 150 * (non-Javadoc)
150 * @see 151 *
151 * javax.net.ssl.X509TrustManager#checkServerTrusted(java.security.cert. 152 * @see
152 * X509Certificate[], java.lang.String) 153 * javax.net.ssl.X509TrustManager#checkServerTrusted(java.security.cert.
153 */ 154 * X509Certificate[], java.lang.String)
154 public void checkServerTrusted(X509Certificate[] chain, String type) 155 */
155 throws CertificateException { 156 public void checkServerTrusted(X509Certificate[] chain, String type)
156 try { 157 throws CertificateException {
157 for (int i = 0; i < userTrustManagers.length; i++) { 158 try {
158 if (userTrustManagers[i] instanceof X509TrustManager) { 159 for (int i = 0; i < userTrustManagers.length; i++) {
159 X509TrustManager trustManager = (X509TrustManager) userTrustManagers[i]; 160 if (userTrustManagers[i] instanceof X509TrustManager) {
160 X509Certificate[] calist = trustManager 161 X509TrustManager trustManager = (X509TrustManager) userTrustManagers[i];
161 .getAcceptedIssuers(); 162 X509Certificate[] calist = trustManager
162 if (calist.length > 0) { 163 .getAcceptedIssuers();
163 trustManager.checkServerTrusted(chain, type); 164
164 } else { 165 if (calist.length > 0) {
165 throw new CertificateException( 166 trustManager.checkServerTrusted(chain, type);
166 "Empty list of accepted issuers (a.k.a. root CA list)."); 167 }
167 } 168 else {
168 } 169 throw new CertificateException(
169 } 170 "Empty list of accepted issuers (a.k.a. root CA list).");
170 return; 171 }
171 } catch (CertificateException ce) { 172 }
172 X509Certificate cert = chain[0]; 173 }
173 String certInfo = manager.res.getString(R.string.host_cert_version) + cert.getVersion() + "\r\n"; 174
174 certInfo = certInfo.concat(manager.res.getString(R.string.host_cert_serial) + cert.getSerialNumber() + "\r\n"); 175 return;
175 certInfo = certInfo.concat(manager.res.getString(R.string.host_cert_algorithm) + cert.getSigAlgName() + "\r\n"); 176 }
176 certInfo = certInfo.concat(manager.res.getString(R.string.host_cert_issuer) + cert.getIssuerDN().getName() + "\r\n"); 177 catch (CertificateException ce) {
177 certInfo = certInfo.concat(manager.res.getString(R.string.host_cert_from) + cert.getNotBefore() + "\r\n"); 178 X509Certificate cert = chain[0];
178 certInfo = certInfo.concat(manager.res.getString(R.string.host_cert_to) + cert.getNotAfter() + "\r\n"); 179 String certInfo = manager.res.getString(R.string.host_cert_version) + cert.getVersion() + "\r\n";
179 certInfo = certInfo.concat(manager.res.getString(R.string.host_cert_dn) + cert.getSubjectDN().getName() + "\r\n"); 180 certInfo = certInfo.concat(manager.res.getString(R.string.host_cert_serial) + cert.getSerialNumber() + "\r\n");
180 certInfo = certInfo.concat(manager.res.getString(R.string.host_cert_publickey) + cert.getPublicKey().getFormat() + "\r\n"); 181 certInfo = certInfo.concat(manager.res.getString(R.string.host_cert_algorithm) + cert.getSigAlgName() + "\r\n");
181 182 certInfo = certInfo.concat(manager.res.getString(R.string.host_cert_issuer) + cert.getIssuerDN().getName() + "\r\n");
183 certInfo = certInfo.concat(manager.res.getString(R.string.host_cert_from) + cert.getNotBefore() + "\r\n");
184 certInfo = certInfo.concat(manager.res.getString(R.string.host_cert_to) + cert.getNotAfter() + "\r\n");
185 certInfo = certInfo.concat(manager.res.getString(R.string.host_cert_dn) + cert.getSubjectDN().getName() + "\r\n");
186 certInfo = certInfo.concat(manager.res.getString(R.string.host_cert_publickey) + cert.getPublicKey().getFormat() + "\r\n");
182 bridge.outputLine(manager.res.getString(R.string.host_authenticity_warning, target)); 187 bridge.outputLine(manager.res.getString(R.string.host_authenticity_warning, target));
183 bridge.outputLine(manager.res.getString(R.string.host_certificate, certInfo)); 188 bridge.outputLine(manager.res.getString(R.string.host_certificate, certInfo));
184 Boolean result = bridge.promptHelper.requestBooleanPrompt(null, manager.res.getString(R.string.prompt_accept_certificate)); 189 Boolean result = bridge.promptHelper.requestBooleanPrompt(null, manager.res.getString(R.string.prompt_accept_certificate));
190
185 if ((result == null) || (!result.booleanValue())) { 191 if ((result == null) || (!result.booleanValue())) {
186 throw new java.security.cert.CertificateException( 192 throw new java.security.cert.CertificateException(
187 "Certificate Rejected"); 193 "Certificate Rejected");
188 } 194 }
189 195
190 result = bridge.promptHelper.requestBooleanPrompt(null, manager.res.getString(R.string.prompt_save_certificate)); 196 result = bridge.promptHelper.requestBooleanPrompt(null, manager.res.getString(R.string.prompt_save_certificate));
197
191 if ((result != null) && (result.booleanValue())) { 198 if ((result != null) && (result.booleanValue())) {
192 try { 199 try {
193 userks.setCertificateEntry(cert.getSubjectDN().getName(), 200 userks.setCertificateEntry(cert.getSubjectDN().getName(),
194 cert); 201 cert);
195 userks.store(new FileOutputStream(userKsPath), 202 userks.store(new FileOutputStream(userKsPath),
196 userksPassword); 203 userksPassword);
197 } catch (Exception e) { 204 }
198 Log.e(TAG,"Error saving certificate [" + e.getMessage() 205 catch (Exception e) {
199 + "]"); 206 Log.e(TAG, "Error saving certificate [" + e.getMessage()
200 e.printStackTrace(); 207 + "]");
201 } 208 e.printStackTrace();
202 } 209 }
203 } 210 }
204 } 211 }
212 }
205 } 213 }