Additions to support work on bug

https://bugs.eclipse.org/bugs/show_bug.cgi?id=391677.  Specifically,
adds an SSLServerSocketFactory implementation as an OSGi service
(SSLServerSocketFactory is the service interface).  This server socket
factory uses the same trustengine/trustmanager that is defined for use
in the https provider implementations.

3 files changed, 132 insertions, 15 deletions

diff --git a/framework/bundles/org.eclipse.ecf.ssl/META-INF/MANIFEST.MF b/framework/bundles/org.eclipse.ecf.ssl/META-INF/MANIFEST.MF
index c58da91d9..0d74050c5 100644
--- a/framework/bundles/org.eclipse.ecf.ssl/META-INF/MANIFEST.MF
+++ b/framework/bundles/org.eclipse.ecf.ssl/META-INF/MANIFEST.MF
@@ -2,7 +2,7 @@ Manifest-Version: 1.0
 Bundle-ManifestVersion: 2
 Bundle-Name: %plugin.name
 Bundle-SymbolicName: org.eclipse.ecf.ssl
-Bundle-Version: 1.0.100.qualifier
+Bundle-Version: 1.1.0.qualifier
 Fragment-Host: org.eclipse.ecf
 Bundle-RequiredExecutionEnvironment: J2SE-1.4
 Import-Package: javax.net,
diff --git a/framework/bundles/org.eclipse.ecf.ssl/src/org/eclipse/ecf/internal/ssl/ECFSSLServerSocketFactory.java b/framework/bundles/org.eclipse.ecf.ssl/src/org/eclipse/ecf/internal/ssl/ECFSSLServerSocketFactory.java
new file mode 100644
index 000000000..be7686cb2
--- /dev/null
+++ b/framework/bundles/org.eclipse.ecf.ssl/src/org/eclipse/ecf/internal/ssl/ECFSSLServerSocketFactory.java
@@ -0,0 +1,94 @@
+/****************************************************************************
+ * Copyright (c) 2012 Composent, Inc. and others.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ *    Composent, Inc. - initial API and implementation
+ *****************************************************************************/
+package org.eclipse.ecf.internal.ssl;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.ServerSocket;
+import java.security.SecureRandom;
+import javax.net.ssl.*;
+
+public class ECFSSLServerSocketFactory extends SSLServerSocketFactory {
+
+	public static final String DEFAULT_SSL_PROTOCOL = "https.protocols"; //$NON-NLS-1$
+
+	private String defaultProtocolNames = System
+			.getProperty(DEFAULT_SSL_PROTOCOL);
+
+	private SSLContext sslContext = null;
+
+	private SSLServerSocketFactory getSSLServerSocketFactory()
+			throws IOException {
+		if (null == sslContext) {
+			try {
+				sslContext = getSSLContext(defaultProtocolNames);
+			} catch (Exception e) {
+				IOException ioe = new IOException();
+				ioe.initCause(e);
+				throw ioe;
+			}
+		}
+		return (sslContext == null) ? (SSLServerSocketFactory) SSLServerSocketFactory
+				.getDefault() : sslContext.getServerSocketFactory();
+	}
+
+	public SSLContext getSSLContext(String protocols) {
+		SSLContext rtvContext = null;
+
+		if (protocols != null) {
+			String protocolNames[] = protocols.split(","); //$NON-NLS-1$
+			for (int i = 0; i < protocolNames.length; i++) {
+				try {
+					rtvContext = SSLContext.getInstance(protocolNames[i]);
+					rtvContext.init(null,
+							new TrustManager[] { new ECFTrustManager() },
+							new SecureRandom());
+					break;
+				} catch (Exception e) {
+					// just continue to look for SSLContexts with the next
+					// protocolName
+				}
+			}
+		}
+		return rtvContext;
+	}
+
+	public String[] getDefaultCipherSuites() {
+		try {
+			return getSSLServerSocketFactory().getDefaultCipherSuites();
+		} catch (IOException e) {
+			return new String[] {};
+		}
+	}
+
+	public String[] getSupportedCipherSuites() {
+		try {
+			return getSSLServerSocketFactory().getSupportedCipherSuites();
+		} catch (IOException e) {
+			return new String[] {};
+		}
+	}
+
+	public ServerSocket createServerSocket(int arg0) throws IOException {
+		return getSSLServerSocketFactory().createServerSocket(arg0);
+	}
+
+	public ServerSocket createServerSocket(int arg0, int arg1)
+			throws IOException {
+		return getSSLServerSocketFactory().createServerSocket(arg0, arg1);
+	}
+
+	public ServerSocket createServerSocket(int arg0, int arg1, InetAddress arg2)
+			throws IOException {
+		return getSSLServerSocketFactory().createServerSocket(arg0, arg1, arg2);
+	}
+
+}
diff --git a/framework/bundles/org.eclipse.ecf.ssl/src/org/eclipse/ecf/internal/ssl/ECFTrustManager.java b/framework/bundles/org.eclipse.ecf.ssl/src/org/eclipse/ecf/internal/ssl/ECFTrustManager.java
index 3805c813d..953137c45 100644
--- a/framework/bundles/org.eclipse.ecf.ssl/src/org/eclipse/ecf/internal/ssl/ECFTrustManager.java
+++ b/framework/bundles/org.eclipse.ecf.ssl/src/org/eclipse/ecf/internal/ssl/ECFTrustManager.java
@@ -12,19 +12,20 @@ package org.eclipse.ecf.internal.ssl;
 
 import java.io.IOException;
 import java.security.cert.*;
-import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.X509TrustManager;
+import javax.net.ssl.*;
 import org.eclipse.osgi.service.security.TrustEngine;
-import org.osgi.framework.BundleActivator;
-import org.osgi.framework.BundleContext;
+import org.osgi.framework.*;
 import org.osgi.util.tracker.ServiceTracker;
 
 public class ECFTrustManager implements X509TrustManager, BundleActivator {
 
 	private static volatile BundleContext context;
 	private volatile ServiceTracker trustEngineTracker = null;
+	private ServiceRegistration socketFactoryRegistration;
+	private ServiceRegistration serverSocketFactoryRegistration;
 
-	public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException {
+	public void checkServerTrusted(X509Certificate[] certs, String authType)
+			throws CertificateException {
 		// verify the cert chain
 		verify(certs, authType);
 
@@ -36,29 +37,34 @@ public class ECFTrustManager implements X509TrustManager, BundleActivator {
 				if (null != foundCert)
 					return; // cert chain is trust
 			} catch (final IOException e) {
-				final CertificateException ce = new ECFCertificateException("Error occurs when finding trust anchor in the cert chain", certs, authType); //$NON-NLS-1$
+				final CertificateException ce = new ECFCertificateException(
+						"Error occurs when finding trust anchor in the cert chain", certs, authType); //$NON-NLS-1$
 				ce.initCause(ce);
 				throw ce;
 			}
 		}
 		if (null == foundCert)
-			throw new ECFCertificateException("Valid cert chain, but no trust certificate found!", certs, authType); //$NON-NLS-1$
+			throw new ECFCertificateException(
+					"Valid cert chain, but no trust certificate found!", certs, authType); //$NON-NLS-1$
 	}
 
-	private void verify(X509Certificate[] certs, String authType) throws CertificateException {
+	private void verify(X509Certificate[] certs, String authType)
+			throws CertificateException {
 		final int len = certs.length;
 		for (int i = 0; i < len; i++) {
 			final X509Certificate currentX509Cert = certs[i];
 			try {
 				if (i == len - 1) {
-					if (currentX509Cert.getSubjectDN().equals(currentX509Cert.getIssuerDN()))
+					if (currentX509Cert.getSubjectDN().equals(
+							currentX509Cert.getIssuerDN()))
 						currentX509Cert.verify(currentX509Cert.getPublicKey());
 				} else {
 					final X509Certificate nextX509Cert = certs[i + 1];
 					currentX509Cert.verify(nextX509Cert.getPublicKey());
 				}
 			} catch (final Exception e) {
-				final CertificateException ce = new ECFCertificateException("Certificate chain is not valid", certs, authType); //$NON-NLS-1$
+				final CertificateException ce = new ECFCertificateException(
+						"Certificate chain is not valid", certs, authType); //$NON-NLS-1$
 				ce.initCause(e);
 				throw ce;
 			}
@@ -66,9 +72,12 @@ public class ECFTrustManager implements X509TrustManager, BundleActivator {
 	}
 
 	/**
-	 * @throws CertificateException not actually thrown by method, since checkClientTrusted is unsupported. 
+	 * @throws CertificateException
+	 *             not actually thrown by method, since checkClientTrusted is
+	 *             unsupported.
 	 */
-	public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
+	public void checkClientTrusted(X509Certificate[] arg0, String arg1)
+			throws CertificateException {
 		// only for client authentication
 		throw new UnsupportedOperationException("Not implemented yet"); //$NON-NLS-1$
 	}
@@ -80,10 +89,23 @@ public class ECFTrustManager implements X509TrustManager, BundleActivator {
 
 	public void start(BundleContext context1) throws Exception {
 		ECFTrustManager.context = context1;
-		context1.registerService(SSLSocketFactory.class.getName(), new ECFSSLSocketFactory(), null);
+		socketFactoryRegistration = context1.registerService(
+				SSLSocketFactory.class.getName(), new ECFSSLSocketFactory(),
+				null);
+		serverSocketFactoryRegistration = context1.registerService(
+				SSLServerSocketFactory.class.getName(),
+				new ECFSSLServerSocketFactory(), null);
 	}
 
 	public void stop(BundleContext context1) throws Exception {
+		if (socketFactoryRegistration != null) {
+			socketFactoryRegistration.unregister();
+			socketFactoryRegistration = null;
+		}
+		if (serverSocketFactoryRegistration != null) {
+			serverSocketFactoryRegistration.unregister();
+			serverSocketFactoryRegistration = null;
+		}
 		if (trustEngineTracker != null) {
 			trustEngineTracker.close();
 			trustEngineTracker = null;
@@ -93,7 +115,8 @@ public class ECFTrustManager implements X509TrustManager, BundleActivator {
 
 	private TrustEngine[] getTrustEngines() {
 		if (trustEngineTracker == null) {
-			trustEngineTracker = new ServiceTracker(context, TrustEngine.class.getName(), null);
+			trustEngineTracker = new ServiceTracker(context,
+					TrustEngine.class.getName(), null);
 			trustEngineTracker.open();
 		}
 		final Object objs[] = trustEngineTracker.getServices();