diff options
author | slewis | 2012-12-29 22:51:31 +0000 |
---|---|---|
committer | slewis | 2012-12-29 22:51:31 +0000 |
commit | 491a69c9db95d0037a17c598d096af7ec9de4d94 (patch) | |
tree | 69419afd199e9fe981f50a186183c9c32f0b0870 /framework | |
parent | 4c244eec85ec4d0f32c848a13f9e66d96356dc0d (diff) | |
download | org.eclipse.ecf-491a69c9db95d0037a17c598d096af7ec9de4d94.tar.gz org.eclipse.ecf-491a69c9db95d0037a17c598d096af7ec9de4d94.tar.xz org.eclipse.ecf-491a69c9db95d0037a17c598d096af7ec9de4d94.zip |
Additions to support work on bug
https://bugs.eclipse.org/bugs/show_bug.cgi?id=391677. Specifically,
adds an SSLServerSocketFactory implementation as an OSGi service
(SSLServerSocketFactory is the service interface). This server socket
factory uses the same trustengine/trustmanager that is defined for use
in the https provider implementations.
Diffstat (limited to 'framework')
3 files changed, 132 insertions, 15 deletions
diff --git a/framework/bundles/org.eclipse.ecf.ssl/META-INF/MANIFEST.MF b/framework/bundles/org.eclipse.ecf.ssl/META-INF/MANIFEST.MF index c58da91d9..0d74050c5 100644 --- a/framework/bundles/org.eclipse.ecf.ssl/META-INF/MANIFEST.MF +++ b/framework/bundles/org.eclipse.ecf.ssl/META-INF/MANIFEST.MF @@ -2,7 +2,7 @@ Manifest-Version: 1.0 Bundle-ManifestVersion: 2 Bundle-Name: %plugin.name Bundle-SymbolicName: org.eclipse.ecf.ssl -Bundle-Version: 1.0.100.qualifier +Bundle-Version: 1.1.0.qualifier Fragment-Host: org.eclipse.ecf Bundle-RequiredExecutionEnvironment: J2SE-1.4 Import-Package: javax.net, diff --git a/framework/bundles/org.eclipse.ecf.ssl/src/org/eclipse/ecf/internal/ssl/ECFSSLServerSocketFactory.java b/framework/bundles/org.eclipse.ecf.ssl/src/org/eclipse/ecf/internal/ssl/ECFSSLServerSocketFactory.java new file mode 100644 index 000000000..be7686cb2 --- /dev/null +++ b/framework/bundles/org.eclipse.ecf.ssl/src/org/eclipse/ecf/internal/ssl/ECFSSLServerSocketFactory.java @@ -0,0 +1,94 @@ +/**************************************************************************** + * Copyright (c) 2012 Composent, Inc. and others. + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * + * Contributors: + * Composent, Inc. - initial API and implementation + *****************************************************************************/ +package org.eclipse.ecf.internal.ssl; + +import java.io.IOException; +import java.net.InetAddress; +import java.net.ServerSocket; +import java.security.SecureRandom; +import javax.net.ssl.*; + +public class ECFSSLServerSocketFactory extends SSLServerSocketFactory { + + public static final String DEFAULT_SSL_PROTOCOL = "https.protocols"; //$NON-NLS-1$ + + private String defaultProtocolNames = System + .getProperty(DEFAULT_SSL_PROTOCOL); + + private SSLContext sslContext = null; + + private SSLServerSocketFactory getSSLServerSocketFactory() + throws IOException { + if (null == sslContext) { + try { + sslContext = getSSLContext(defaultProtocolNames); + } catch (Exception e) { + IOException ioe = new IOException(); + ioe.initCause(e); + throw ioe; + } + } + return (sslContext == null) ? (SSLServerSocketFactory) SSLServerSocketFactory + .getDefault() : sslContext.getServerSocketFactory(); + } + + public SSLContext getSSLContext(String protocols) { + SSLContext rtvContext = null; + + if (protocols != null) { + String protocolNames[] = protocols.split(","); //$NON-NLS-1$ + for (int i = 0; i < protocolNames.length; i++) { + try { + rtvContext = SSLContext.getInstance(protocolNames[i]); + rtvContext.init(null, + new TrustManager[] { new ECFTrustManager() }, + new SecureRandom()); + break; + } catch (Exception e) { + // just continue to look for SSLContexts with the next + // protocolName + } + } + } + return rtvContext; + } + + public String[] getDefaultCipherSuites() { + try { + return getSSLServerSocketFactory().getDefaultCipherSuites(); + } catch (IOException e) { + return new String[] {}; + } + } + + public String[] getSupportedCipherSuites() { + try { + return getSSLServerSocketFactory().getSupportedCipherSuites(); + } catch (IOException e) { + return new String[] {}; + } + } + + public ServerSocket createServerSocket(int arg0) throws IOException { + return getSSLServerSocketFactory().createServerSocket(arg0); + } + + public ServerSocket createServerSocket(int arg0, int arg1) + throws IOException { + return getSSLServerSocketFactory().createServerSocket(arg0, arg1); + } + + public ServerSocket createServerSocket(int arg0, int arg1, InetAddress arg2) + throws IOException { + return getSSLServerSocketFactory().createServerSocket(arg0, arg1, arg2); + } + +} diff --git a/framework/bundles/org.eclipse.ecf.ssl/src/org/eclipse/ecf/internal/ssl/ECFTrustManager.java b/framework/bundles/org.eclipse.ecf.ssl/src/org/eclipse/ecf/internal/ssl/ECFTrustManager.java index 3805c813d..953137c45 100644 --- a/framework/bundles/org.eclipse.ecf.ssl/src/org/eclipse/ecf/internal/ssl/ECFTrustManager.java +++ b/framework/bundles/org.eclipse.ecf.ssl/src/org/eclipse/ecf/internal/ssl/ECFTrustManager.java @@ -12,19 +12,20 @@ package org.eclipse.ecf.internal.ssl; import java.io.IOException; import java.security.cert.*; -import javax.net.ssl.SSLSocketFactory; -import javax.net.ssl.X509TrustManager; +import javax.net.ssl.*; import org.eclipse.osgi.service.security.TrustEngine; -import org.osgi.framework.BundleActivator; -import org.osgi.framework.BundleContext; +import org.osgi.framework.*; import org.osgi.util.tracker.ServiceTracker; public class ECFTrustManager implements X509TrustManager, BundleActivator { private static volatile BundleContext context; private volatile ServiceTracker trustEngineTracker = null; + private ServiceRegistration socketFactoryRegistration; + private ServiceRegistration serverSocketFactoryRegistration; - public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException { + public void checkServerTrusted(X509Certificate[] certs, String authType) + throws CertificateException { // verify the cert chain verify(certs, authType); @@ -36,29 +37,34 @@ public class ECFTrustManager implements X509TrustManager, BundleActivator { if (null != foundCert) return; // cert chain is trust } catch (final IOException e) { - final CertificateException ce = new ECFCertificateException("Error occurs when finding trust anchor in the cert chain", certs, authType); //$NON-NLS-1$ + final CertificateException ce = new ECFCertificateException( + "Error occurs when finding trust anchor in the cert chain", certs, authType); //$NON-NLS-1$ ce.initCause(ce); throw ce; } } if (null == foundCert) - throw new ECFCertificateException("Valid cert chain, but no trust certificate found!", certs, authType); //$NON-NLS-1$ + throw new ECFCertificateException( + "Valid cert chain, but no trust certificate found!", certs, authType); //$NON-NLS-1$ } - private void verify(X509Certificate[] certs, String authType) throws CertificateException { + private void verify(X509Certificate[] certs, String authType) + throws CertificateException { final int len = certs.length; for (int i = 0; i < len; i++) { final X509Certificate currentX509Cert = certs[i]; try { if (i == len - 1) { - if (currentX509Cert.getSubjectDN().equals(currentX509Cert.getIssuerDN())) + if (currentX509Cert.getSubjectDN().equals( + currentX509Cert.getIssuerDN())) currentX509Cert.verify(currentX509Cert.getPublicKey()); } else { final X509Certificate nextX509Cert = certs[i + 1]; currentX509Cert.verify(nextX509Cert.getPublicKey()); } } catch (final Exception e) { - final CertificateException ce = new ECFCertificateException("Certificate chain is not valid", certs, authType); //$NON-NLS-1$ + final CertificateException ce = new ECFCertificateException( + "Certificate chain is not valid", certs, authType); //$NON-NLS-1$ ce.initCause(e); throw ce; } @@ -66,9 +72,12 @@ public class ECFTrustManager implements X509TrustManager, BundleActivator { } /** - * @throws CertificateException not actually thrown by method, since checkClientTrusted is unsupported. + * @throws CertificateException + * not actually thrown by method, since checkClientTrusted is + * unsupported. */ - public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException { + public void checkClientTrusted(X509Certificate[] arg0, String arg1) + throws CertificateException { // only for client authentication throw new UnsupportedOperationException("Not implemented yet"); //$NON-NLS-1$ } @@ -80,10 +89,23 @@ public class ECFTrustManager implements X509TrustManager, BundleActivator { public void start(BundleContext context1) throws Exception { ECFTrustManager.context = context1; - context1.registerService(SSLSocketFactory.class.getName(), new ECFSSLSocketFactory(), null); + socketFactoryRegistration = context1.registerService( + SSLSocketFactory.class.getName(), new ECFSSLSocketFactory(), + null); + serverSocketFactoryRegistration = context1.registerService( + SSLServerSocketFactory.class.getName(), + new ECFSSLServerSocketFactory(), null); } public void stop(BundleContext context1) throws Exception { + if (socketFactoryRegistration != null) { + socketFactoryRegistration.unregister(); + socketFactoryRegistration = null; + } + if (serverSocketFactoryRegistration != null) { + serverSocketFactoryRegistration.unregister(); + serverSocketFactoryRegistration = null; + } if (trustEngineTracker != null) { trustEngineTracker.close(); trustEngineTracker = null; @@ -93,7 +115,8 @@ public class ECFTrustManager implements X509TrustManager, BundleActivator { private TrustEngine[] getTrustEngines() { if (trustEngineTracker == null) { - trustEngineTracker = new ServiceTracker(context, TrustEngine.class.getName(), null); + trustEngineTracker = new ServiceTracker(context, + TrustEngine.class.getName(), null); trustEngineTracker.open(); } final Object objs[] = trustEngineTracker.getServices(); |