diff options
author | slewis | 2008-04-02 18:10:47 +0000 |
---|---|---|
committer | slewis | 2008-04-02 18:10:47 +0000 |
commit | db424fc71cd36b34a8350a34be028404c7c8855e (patch) | |
tree | ac306c40dfedbf3123e45d149a12c5ec1b5a7f4f | |
parent | 68e4219ceb8960488e11be009ebb92ebdf38db6f (diff) | |
download | org.eclipse.ecf-db424fc71cd36b34a8350a34be028404c7c8855e.tar.gz org.eclipse.ecf-db424fc71cd36b34a8350a34be028404c7c8855e.tar.xz org.eclipse.ecf-db424fc71cd36b34a8350a34be028404c7c8855e.zip |
Initial checkin of ssl fragment contribution from bug 224196
8 files changed, 334 insertions, 0 deletions
diff --git a/framework/bundles/org.eclipse.ecf.ssl/.classpath b/framework/bundles/org.eclipse.ecf.ssl/.classpath new file mode 100644 index 000000000..2fbb7a23e --- /dev/null +++ b/framework/bundles/org.eclipse.ecf.ssl/.classpath @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="UTF-8"?> +<classpath> + <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.4"/> + <classpathentry kind="con" path="org.eclipse.pde.core.requiredPlugins"/> + <classpathentry kind="src" path="src"/> + <classpathentry kind="output" path="bin"/> +</classpath> diff --git a/framework/bundles/org.eclipse.ecf.ssl/.project b/framework/bundles/org.eclipse.ecf.ssl/.project new file mode 100644 index 000000000..5f8839938 --- /dev/null +++ b/framework/bundles/org.eclipse.ecf.ssl/.project @@ -0,0 +1,28 @@ +<?xml version="1.0" encoding="UTF-8"?> +<projectDescription> + <name>org.eclipse.ecf.ssl</name> + <comment></comment> + <projects> + </projects> + <buildSpec> + <buildCommand> + <name>org.eclipse.jdt.core.javabuilder</name> + <arguments> + </arguments> + </buildCommand> + <buildCommand> + <name>org.eclipse.pde.ManifestBuilder</name> + <arguments> + </arguments> + </buildCommand> + <buildCommand> + <name>org.eclipse.pde.SchemaBuilder</name> + <arguments> + </arguments> + </buildCommand> + </buildSpec> + <natures> + <nature>org.eclipse.pde.PluginNature</nature> + <nature>org.eclipse.jdt.core.javanature</nature> + </natures> +</projectDescription> diff --git a/framework/bundles/org.eclipse.ecf.ssl/.settings/org.eclipse.jdt.core.prefs b/framework/bundles/org.eclipse.ecf.ssl/.settings/org.eclipse.jdt.core.prefs new file mode 100644 index 000000000..674621276 --- /dev/null +++ b/framework/bundles/org.eclipse.ecf.ssl/.settings/org.eclipse.jdt.core.prefs @@ -0,0 +1,7 @@ +#Thu Mar 27 10:07:30 CDT 2008 +eclipse.preferences.version=1 +org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.2 +org.eclipse.jdt.core.compiler.compliance=1.4 +org.eclipse.jdt.core.compiler.problem.assertIdentifier=error +org.eclipse.jdt.core.compiler.problem.enumIdentifier=error +org.eclipse.jdt.core.compiler.source=1.3 diff --git a/framework/bundles/org.eclipse.ecf.ssl/META-INF/MANIFEST.MF b/framework/bundles/org.eclipse.ecf.ssl/META-INF/MANIFEST.MF new file mode 100644 index 000000000..ca43ed081 --- /dev/null +++ b/framework/bundles/org.eclipse.ecf.ssl/META-INF/MANIFEST.MF @@ -0,0 +1,10 @@ +Manifest-Version: 1.0 +Bundle-ManifestVersion: 2 +Bundle-Name: ECF SSL Fragment +Bundle-SymbolicName: org.eclipse.ecf.ssl +Bundle-Version: 1.0.0 +Fragment-Host: org.eclipse.ecf;bundle-version="2.0.0.qualifier" +Bundle-RequiredExecutionEnvironment: J2SE-1.4 +Import-Package: org.eclipse.osgi.service.security;version="1.0.0", + javax.net.ssl +Export-Package: org.eclipse.ecf.internal.ssl;x-internal:=true diff --git a/framework/bundles/org.eclipse.ecf.ssl/build.properties b/framework/bundles/org.eclipse.ecf.ssl/build.properties new file mode 100644 index 000000000..34d2e4d2d --- /dev/null +++ b/framework/bundles/org.eclipse.ecf.ssl/build.properties @@ -0,0 +1,4 @@ +source.. = src/ +output.. = bin/ +bin.includes = META-INF/,\ + . diff --git a/framework/bundles/org.eclipse.ecf.ssl/src/org/eclipse/ecf/internal/ssl/ECFSSLSocket.java b/framework/bundles/org.eclipse.ecf.ssl/src/org/eclipse/ecf/internal/ssl/ECFSSLSocket.java new file mode 100644 index 000000000..8d652c0d7 --- /dev/null +++ b/framework/bundles/org.eclipse.ecf.ssl/src/org/eclipse/ecf/internal/ssl/ECFSSLSocket.java @@ -0,0 +1,101 @@ +/******************************************************************************* + * Copyright (c)2008 IBM Corporation and others. + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * + * Contributors: + * IBM Corporation - initial API and implementation + *******************************************************************************/ +package org.eclipse.ecf.internal.ssl; + +import java.io.IOException; +import java.net.Socket; + +import javax.net.ssl.HandshakeCompletedListener; +import javax.net.ssl.SSLSession; +import javax.net.ssl.SSLSocket; + +public class ECFSSLSocket extends SSLSocket { + + private SSLSocket sslSocket; + + public ECFSSLSocket(Socket socket) { + this.sslSocket = (SSLSocket) socket; + } + + public void addHandshakeCompletedListener(HandshakeCompletedListener arg0) { + sslSocket.addHandshakeCompletedListener(arg0); + } + + public boolean getEnableSessionCreation() { + return sslSocket.getEnableSessionCreation(); + } + + public String[] getEnabledCipherSuites() { + return sslSocket.getEnabledCipherSuites(); + } + + public String[] getEnabledProtocols() { + return sslSocket.getEnabledProtocols(); + } + + public boolean getNeedClientAuth() { + return sslSocket.getNeedClientAuth(); + } + + public SSLSession getSession() { + return sslSocket.getSession(); + } + + public String[] getSupportedCipherSuites() { + return sslSocket.getSupportedCipherSuites(); + } + + public String[] getSupportedProtocols() { + return sslSocket.getSupportedProtocols(); + } + + public boolean getUseClientMode() { + return sslSocket.getUseClientMode(); + } + + public boolean getWantClientAuth() { + return sslSocket.getWantClientAuth(); + } + + public void removeHandshakeCompletedListener(HandshakeCompletedListener arg0) { + sslSocket.removeHandshakeCompletedListener(arg0); + } + + public void setEnableSessionCreation(boolean arg0) { + sslSocket.setEnableSessionCreation(arg0); + } + + public void setEnabledCipherSuites(String[] arg0) { + sslSocket.setEnabledCipherSuites(arg0); + } + + public void setEnabledProtocols(String[] arg0) { + sslSocket.setEnabledProtocols(arg0); + } + + public void setNeedClientAuth(boolean arg0) { + sslSocket.setNeedClientAuth(arg0); + } + + public void setUseClientMode(boolean arg0) { + sslSocket.setUseClientMode(arg0); + } + + public void setWantClientAuth(boolean arg0) { + sslSocket.setWantClientAuth(arg0); + } + + public void startHandshake() throws IOException { + sslSocket.startHandshake(); + // could catch the CertificateException here... + } + +}
\ No newline at end of file diff --git a/framework/bundles/org.eclipse.ecf.ssl/src/org/eclipse/ecf/internal/ssl/ECFSSLSocketFactory.java b/framework/bundles/org.eclipse.ecf.ssl/src/org/eclipse/ecf/internal/ssl/ECFSSLSocketFactory.java new file mode 100644 index 000000000..c1356ab79 --- /dev/null +++ b/framework/bundles/org.eclipse.ecf.ssl/src/org/eclipse/ecf/internal/ssl/ECFSSLSocketFactory.java @@ -0,0 +1,72 @@ +/******************************************************************************* + * Copyright (c)2008 IBM Corporation and others. + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * + * Contributors: + * IBM Corporation - initial API and implementation + *******************************************************************************/ +package org.eclipse.ecf.internal.ssl; + +import java.io.IOException; +import java.net.*; +import java.security.SecureRandom; +import javax.net.ssl.*; + +public class ECFSSLSocketFactory extends SSLSocketFactory { + + private SSLContext sslContext = null; + + private SSLSocketFactory getSSLSocketFactory() throws IOException { + if (null == sslContext) { + try { + sslContext = SSLContext.getInstance("SSL"); //$NON-NLS-1$ + sslContext.init(null, new TrustManager[] {new ECFTrustManager()}, new SecureRandom()); + } catch (Exception e) { + IOException ioe = new IOException(); + ioe.initCause(e); + throw ioe; + } + } + return sslContext.getSocketFactory(); + } + + public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException { + return new ECFSSLSocket(getSSLSocketFactory().createSocket(socket, host, port, autoClose)); + } + + public String[] getDefaultCipherSuites() { + try { + return getSSLSocketFactory().getDefaultCipherSuites(); + } catch (IOException e) { + return new String[] {}; + } + } + + public String[] getSupportedCipherSuites() { + try { + return getSSLSocketFactory().getSupportedCipherSuites(); + } catch (IOException e) { + return new String[] {}; + } + } + + public Socket createSocket(String host, int port) throws IOException, UnknownHostException { + return getSSLSocketFactory().createSocket(host, port); + } + + public Socket createSocket(InetAddress address, int port) throws IOException { + return getSSLSocketFactory().createSocket(address, port); + } + + public Socket createSocket(InetAddress address, int port, InetAddress arg2, int arg3) throws IOException { + return getSSLSocketFactory().createSocket(address, port); + } + + public Socket createSocket(String host, int port, InetAddress address, int localPort) throws IOException, UnknownHostException { + return getSSLSocketFactory().createSocket(host, port, address, localPort); + } + +} diff --git a/framework/bundles/org.eclipse.ecf.ssl/src/org/eclipse/ecf/internal/ssl/ECFTrustManager.java b/framework/bundles/org.eclipse.ecf.ssl/src/org/eclipse/ecf/internal/ssl/ECFTrustManager.java new file mode 100644 index 000000000..2d8295a5f --- /dev/null +++ b/framework/bundles/org.eclipse.ecf.ssl/src/org/eclipse/ecf/internal/ssl/ECFTrustManager.java @@ -0,0 +1,105 @@ +/******************************************************************************* + * Copyright (c)2008 IBM Corporation and others. + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * + * Contributors: + * IBM Corporation - initial API and implementation + *******************************************************************************/ +package org.eclipse.ecf.internal.ssl; + +import java.io.IOException; +import java.security.cert.Certificate; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; + +import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.X509TrustManager; + +import org.eclipse.osgi.service.security.TrustEngine; +import org.osgi.framework.BundleActivator; +import org.osgi.framework.BundleContext; +import org.osgi.util.tracker.ServiceTracker; + +public class ECFTrustManager implements X509TrustManager, BundleActivator { + + private static volatile BundleContext context; + private volatile ServiceTracker trustEngineTracker = null; + + public void checkServerTrusted(X509Certificate[] certs, String arg1) throws CertificateException { + // verify the cert chain + verify(certs); + + final TrustEngine[] engines = getTrustEngines(); + Certificate foundCert = null; + for (int i = 0; i < engines.length; i++) { + try { + foundCert = engines[i].findTrustAnchor(certs); + if (null != foundCert) + return; // cert chain is trust + } catch (final IOException e) { + final CertificateException ce = new CertificateException(); + ce.initCause(ce); + throw ce; + } + } + if (null == foundCert) + throw new CertificateException("Not a trust certificate found!"); //$NON-NLS-1$ + } + + private void verify(X509Certificate[] certs) throws CertificateException { + final int len = certs.length; + for (int i = 0; i < len; i++) { + final X509Certificate currentX509Cert = certs[i]; + try { + if (i == len - 1) { + if (currentX509Cert.getSubjectDN().equals(currentX509Cert.getIssuerDN())) + currentX509Cert.verify(currentX509Cert.getPublicKey()); + } else { + final X509Certificate nextX509Cert = certs[i + 1]; + currentX509Cert.verify(nextX509Cert.getPublicKey()); + } + } catch (final Exception e) { + final CertificateException ce = new CertificateException(); + ce.initCause(e); + throw ce; + } + } + } + + public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException { + // only for client authentication + throw new UnsupportedOperationException("Not implemented yet"); //$NON-NLS-1$ + } + + public X509Certificate[] getAcceptedIssuers() { + // only for client authentication + return null; + } + + public void start(BundleContext context) throws Exception { + ECFTrustManager.context = context; + context.registerService(SSLSocketFactory.class.getName(), new ECFSSLSocketFactory(), null); + } + + public void stop(BundleContext context) throws Exception { + if (trustEngineTracker != null) { + trustEngineTracker.close(); + trustEngineTracker = null; + } + ECFTrustManager.context = null; + } + + private TrustEngine[] getTrustEngines() { + if (trustEngineTracker == null) { + trustEngineTracker = new ServiceTracker(context, TrustEngine.class.getName(), null); + trustEngineTracker.open(); + } + final Object objs[] = trustEngineTracker.getServices(); + final TrustEngine[] result = new TrustEngine[objs.length]; + System.arraycopy(objs, 0, result, 0, objs.length); + return result; + } +}
\ No newline at end of file |