Initial checkin of ssl fragment contribution from bug 224196

8 files changed, 334 insertions, 0 deletions

diff --git a/framework/bundles/org.eclipse.ecf.ssl/.classpath b/framework/bundles/org.eclipse.ecf.ssl/.classpath
new file mode 100644
index 000000000..2fbb7a23e
--- /dev/null
+++ b/framework/bundles/org.eclipse.ecf.ssl/.classpath
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.4"/>
+	<classpathentry kind="con" path="org.eclipse.pde.core.requiredPlugins"/>
+	<classpathentry kind="src" path="src"/>
+	<classpathentry kind="output" path="bin"/>
+</classpath>
diff --git a/framework/bundles/org.eclipse.ecf.ssl/.project b/framework/bundles/org.eclipse.ecf.ssl/.project
new file mode 100644
index 000000000..5f8839938
--- /dev/null
+++ b/framework/bundles/org.eclipse.ecf.ssl/.project
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>org.eclipse.ecf.ssl</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>org.eclipse.jdt.core.javabuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.pde.ManifestBuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.pde.SchemaBuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>org.eclipse.pde.PluginNature</nature>
+		<nature>org.eclipse.jdt.core.javanature</nature>
+	</natures>
+</projectDescription>
diff --git a/framework/bundles/org.eclipse.ecf.ssl/.settings/org.eclipse.jdt.core.prefs b/framework/bundles/org.eclipse.ecf.ssl/.settings/org.eclipse.jdt.core.prefs
new file mode 100644
index 000000000..674621276
--- /dev/null
+++ b/framework/bundles/org.eclipse.ecf.ssl/.settings/org.eclipse.jdt.core.prefs
@@ -0,0 +1,7 @@
+#Thu Mar 27 10:07:30 CDT 2008
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.2
+org.eclipse.jdt.core.compiler.compliance=1.4
+org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
+org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
+org.eclipse.jdt.core.compiler.source=1.3
diff --git a/framework/bundles/org.eclipse.ecf.ssl/META-INF/MANIFEST.MF b/framework/bundles/org.eclipse.ecf.ssl/META-INF/MANIFEST.MF
new file mode 100644
index 000000000..ca43ed081
--- /dev/null
+++ b/framework/bundles/org.eclipse.ecf.ssl/META-INF/MANIFEST.MF
@@ -0,0 +1,10 @@
+Manifest-Version: 1.0
+Bundle-ManifestVersion: 2
+Bundle-Name: ECF SSL Fragment
+Bundle-SymbolicName: org.eclipse.ecf.ssl
+Bundle-Version: 1.0.0
+Fragment-Host: org.eclipse.ecf;bundle-version="2.0.0.qualifier"
+Bundle-RequiredExecutionEnvironment: J2SE-1.4
+Import-Package: org.eclipse.osgi.service.security;version="1.0.0",
+ javax.net.ssl
+Export-Package: org.eclipse.ecf.internal.ssl;x-internal:=true
diff --git a/framework/bundles/org.eclipse.ecf.ssl/build.properties b/framework/bundles/org.eclipse.ecf.ssl/build.properties
new file mode 100644
index 000000000..34d2e4d2d
--- /dev/null
+++ b/framework/bundles/org.eclipse.ecf.ssl/build.properties
@@ -0,0 +1,4 @@
+source.. = src/
+output.. = bin/
+bin.includes = META-INF/,\
+               .
diff --git a/framework/bundles/org.eclipse.ecf.ssl/src/org/eclipse/ecf/internal/ssl/ECFSSLSocket.java b/framework/bundles/org.eclipse.ecf.ssl/src/org/eclipse/ecf/internal/ssl/ECFSSLSocket.java
new file mode 100644
index 000000000..8d652c0d7
--- /dev/null
+++ b/framework/bundles/org.eclipse.ecf.ssl/src/org/eclipse/ecf/internal/ssl/ECFSSLSocket.java
@@ -0,0 +1,101 @@
+/*******************************************************************************
+ * Copyright (c)2008 IBM Corporation and others.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ * 
+ * Contributors:
+ *     IBM Corporation - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.ecf.internal.ssl;
+
+import java.io.IOException;
+import java.net.Socket;
+
+import javax.net.ssl.HandshakeCompletedListener;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.SSLSocket;
+
+public class ECFSSLSocket extends SSLSocket {
+	
+	private SSLSocket sslSocket;
+	
+	public ECFSSLSocket(Socket socket) {
+		this.sslSocket = (SSLSocket) socket;
+	}
+	
+	public void addHandshakeCompletedListener(HandshakeCompletedListener arg0) {
+		sslSocket.addHandshakeCompletedListener(arg0);
+	}
+
+	public boolean getEnableSessionCreation() {
+		return sslSocket.getEnableSessionCreation();
+	}
+
+	public String[] getEnabledCipherSuites() {
+		return sslSocket.getEnabledCipherSuites();
+	}
+
+	public String[] getEnabledProtocols() {
+		return sslSocket.getEnabledProtocols();
+	}
+
+	public boolean getNeedClientAuth() {
+		return sslSocket.getNeedClientAuth();
+	}
+
+	public SSLSession getSession() {
+		return sslSocket.getSession();
+	}
+
+	public String[] getSupportedCipherSuites() {
+		return sslSocket.getSupportedCipherSuites();
+	}
+
+	public String[] getSupportedProtocols() {
+		return sslSocket.getSupportedProtocols();
+	}
+
+	public boolean getUseClientMode() {
+		return sslSocket.getUseClientMode();
+	}
+
+	public boolean getWantClientAuth() {
+		return sslSocket.getWantClientAuth();
+	}
+
+	public void removeHandshakeCompletedListener(HandshakeCompletedListener arg0) {
+		sslSocket.removeHandshakeCompletedListener(arg0);
+	}
+
+	public void setEnableSessionCreation(boolean arg0) {
+		sslSocket.setEnableSessionCreation(arg0);
+	}
+
+	public void setEnabledCipherSuites(String[] arg0) {
+		sslSocket.setEnabledCipherSuites(arg0);
+	}
+
+	public void setEnabledProtocols(String[] arg0) {
+		sslSocket.setEnabledProtocols(arg0);
+	}
+
+	public void setNeedClientAuth(boolean arg0) {
+		sslSocket.setNeedClientAuth(arg0);
+	}
+
+	public void setUseClientMode(boolean arg0) {
+		sslSocket.setUseClientMode(arg0);
+	}
+
+	public void setWantClientAuth(boolean arg0) {
+		sslSocket.setWantClientAuth(arg0);
+	}
+
+	public void startHandshake() throws IOException {
+		sslSocket.startHandshake();		
+		// could catch the CertificateException here...
+	}
+
+}
\ No newline at end of file
diff --git a/framework/bundles/org.eclipse.ecf.ssl/src/org/eclipse/ecf/internal/ssl/ECFSSLSocketFactory.java b/framework/bundles/org.eclipse.ecf.ssl/src/org/eclipse/ecf/internal/ssl/ECFSSLSocketFactory.java
new file mode 100644
index 000000000..c1356ab79
--- /dev/null
+++ b/framework/bundles/org.eclipse.ecf.ssl/src/org/eclipse/ecf/internal/ssl/ECFSSLSocketFactory.java
@@ -0,0 +1,72 @@
+/*******************************************************************************
+ * Copyright (c)2008 IBM Corporation and others.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ * 
+ * Contributors:
+ *     IBM Corporation - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.ecf.internal.ssl;
+
+import java.io.IOException;
+import java.net.*;
+import java.security.SecureRandom;
+import javax.net.ssl.*;
+
+public class ECFSSLSocketFactory extends SSLSocketFactory {
+
+	private SSLContext sslContext = null;
+
+	private SSLSocketFactory getSSLSocketFactory() throws IOException {
+		if (null == sslContext) {
+			try {
+				sslContext = SSLContext.getInstance("SSL"); //$NON-NLS-1$
+				sslContext.init(null, new TrustManager[] {new ECFTrustManager()}, new SecureRandom());
+			} catch (Exception e) {
+				IOException ioe = new IOException();
+				ioe.initCause(e);
+				throw ioe;
+			}
+		}
+		return sslContext.getSocketFactory();
+	}
+
+	public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException {
+		return new ECFSSLSocket(getSSLSocketFactory().createSocket(socket, host, port, autoClose));
+	}
+
+	public String[] getDefaultCipherSuites() {
+		try {
+			return getSSLSocketFactory().getDefaultCipherSuites();
+		} catch (IOException e) {
+			return new String[] {};
+		}
+	}
+
+	public String[] getSupportedCipherSuites() {
+		try {
+			return getSSLSocketFactory().getSupportedCipherSuites();
+		} catch (IOException e) {
+			return new String[] {};
+		}
+	}
+
+	public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
+		return getSSLSocketFactory().createSocket(host, port);
+	}
+
+	public Socket createSocket(InetAddress address, int port) throws IOException {
+		return getSSLSocketFactory().createSocket(address, port);
+	}
+
+	public Socket createSocket(InetAddress address, int port, InetAddress arg2, int arg3) throws IOException {
+		return getSSLSocketFactory().createSocket(address, port);
+	}
+
+	public Socket createSocket(String host, int port, InetAddress address, int localPort) throws IOException, UnknownHostException {
+		return getSSLSocketFactory().createSocket(host, port, address, localPort);
+	}
+
+}
diff --git a/framework/bundles/org.eclipse.ecf.ssl/src/org/eclipse/ecf/internal/ssl/ECFTrustManager.java b/framework/bundles/org.eclipse.ecf.ssl/src/org/eclipse/ecf/internal/ssl/ECFTrustManager.java
new file mode 100644
index 000000000..2d8295a5f
--- /dev/null
+++ b/framework/bundles/org.eclipse.ecf.ssl/src/org/eclipse/ecf/internal/ssl/ECFTrustManager.java
@@ -0,0 +1,105 @@
+/*******************************************************************************
+ * Copyright (c)2008 IBM Corporation and others.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ * 
+ * Contributors:
+ *     IBM Corporation - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.ecf.internal.ssl;
+
+import java.io.IOException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.X509TrustManager;
+
+import org.eclipse.osgi.service.security.TrustEngine;
+import org.osgi.framework.BundleActivator;
+import org.osgi.framework.BundleContext;
+import org.osgi.util.tracker.ServiceTracker;
+
+public class ECFTrustManager implements X509TrustManager, BundleActivator {
+
+	private static volatile BundleContext context;
+	private volatile ServiceTracker trustEngineTracker = null;
+
+	public void checkServerTrusted(X509Certificate[] certs, String arg1) throws CertificateException {
+		// verify the cert chain
+		verify(certs);
+
+		final TrustEngine[] engines = getTrustEngines();
+		Certificate foundCert = null;
+		for (int i = 0; i < engines.length; i++) {
+			try {
+				foundCert = engines[i].findTrustAnchor(certs);
+				if (null != foundCert)
+					return; // cert chain is trust
+			} catch (final IOException e) {
+				final CertificateException ce = new CertificateException();
+				ce.initCause(ce);
+				throw ce;
+			}
+		}
+		if (null == foundCert)
+			throw new CertificateException("Not a trust certificate found!"); //$NON-NLS-1$
+	}
+
+	private void verify(X509Certificate[] certs) throws CertificateException {
+		final int len = certs.length;
+		for (int i = 0; i < len; i++) {
+			final X509Certificate currentX509Cert = certs[i];
+			try {
+				if (i == len - 1) {
+					if (currentX509Cert.getSubjectDN().equals(currentX509Cert.getIssuerDN()))
+						currentX509Cert.verify(currentX509Cert.getPublicKey());
+				} else {
+					final X509Certificate nextX509Cert = certs[i + 1];
+					currentX509Cert.verify(nextX509Cert.getPublicKey());
+				}
+			} catch (final Exception e) {
+				final CertificateException ce = new CertificateException();
+				ce.initCause(e);
+				throw ce;
+			}
+		}
+	}
+
+	public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
+		// only for client authentication
+		throw new UnsupportedOperationException("Not implemented yet"); //$NON-NLS-1$
+	}
+
+	public X509Certificate[] getAcceptedIssuers() {
+		// only for client authentication
+		return null;
+	}
+
+	public void start(BundleContext context) throws Exception {
+		ECFTrustManager.context = context;
+		context.registerService(SSLSocketFactory.class.getName(), new ECFSSLSocketFactory(), null);
+	}
+
+	public void stop(BundleContext context) throws Exception {
+		if (trustEngineTracker != null) {
+			trustEngineTracker.close();
+			trustEngineTracker = null;
+		}
+		ECFTrustManager.context = null;
+	}
+
+	private TrustEngine[] getTrustEngines() {
+		if (trustEngineTracker == null) {
+			trustEngineTracker = new ServiceTracker(context, TrustEngine.class.getName(), null);
+			trustEngineTracker.open();
+		}
+		final Object objs[] = trustEngineTracker.getServices();
+		final TrustEngine[] result = new TrustEngine[objs.length];
+		System.arraycopy(objs, 0, result, 0, objs.length);
+		return result;
+	}
+}
\ No newline at end of file