Produced by Araxis Merge on 12/5/2017 12:06:45 PM Central Standard Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
| # | Location | File | Last Modified |
|---|---|---|---|
| 1 | IV-eHMP_CIF.zip\IMAG_Source\VISA\Java\ImagingExchangeBaseWebProxy\main\src\java\gov\va\med\imaging\proxy\ssl | AuthSSLProtocolSocketFactory.java | Mon Dec 4 21:34:58 2017 UTC |
| 2 | IV-eHMP_CIF.zip\IMAG_Source\VISA\Java\ImagingExchangeBaseWebProxy\main\src\java\gov\va\med\imaging\proxy\ssl | AuthSSLProtocolSocketFactory.java | Tue Dec 5 13:20:59 2017 UTC |
| Description | Between Files 1 and 2 |
|
|---|---|---|
| Text Blocks | Lines | |
| Unchanged | 2 | 1176 |
| Changed | 1 | 2 |
| Inserted | 0 | 0 |
| Removed | 0 | 0 |
| Whitespace | |
|---|---|
| Character case | Differences in character case are significant |
| Line endings | Differences in line endings (CR and LF characters) are ignored |
| CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
| 1 | package go v.va.med.i maging.pro xy.ssl; | |
| 2 | ||
| 3 | /* | |
| 4 | * NOTE: t his class is almost a complete copy of t he Apache Common ver sion found at: | |
| 5 | * /httpcl ient/src/c ontrib/org /apache/co mmons/http client/con trib/ssl/A uthSSLProt ocolSocket Factory.ja va | |
| 6 | * with so me minor r ewrite to use log4J. | |
| 7 | * | |
| 8 | * $Header : /cvs/Ima gingExchan geBaseWebP roxy/main/ src/java/g ov/va/med/ imaging/pr oxy/ssl/Au thSSLProto colSocketF actory.jav a,v 1.2 20 10/11/18 1 5:46:24 vh aiswbeckec Exp $ | |
| 9 | * $Revisi on: 1.2 $ | |
| 10 | * $Date: 2010/11/18 15:46:24 $ | |
| 11 | * | |
| 12 | * ======= ========== ========== ========== ========== ========== ========== = | |
| 13 | * | |
| 14 | * Licens ed to the Apache Sof tware Foun dation (AS F) under o ne or more | |
| 15 | * contri butor lice nse agreem ents. See the NOTIC E file dis tributed w ith | |
| 16 | * this w ork for ad ditional i nformation regarding copyright ownership . | |
| 17 | * The AS F licenses this file to You un der the Ap ache Licen se, Versio n 2.0 | |
| 18 | * (the " License"); you may n ot use thi s file exc ept in com pliance wi th | |
| 19 | * the Li cense. Yo u may obta in a copy of the Lic ense at | |
| 20 | * | |
| 21 | * ht tp://www.a pache.org/ licenses/L ICENSE-2.0 | |
| 22 | * | |
| 23 | * Unless required by applica ble law or agreed to in writin g, softwar e | |
| 24 | * distri buted unde r the Lice nse is dis tributed o n an "AS I S" BASIS, | |
| 25 | * WITHOU T WARRANTI ES OR COND ITIONS OF ANY KIND, either exp ress or im plied. | |
| 26 | * See th e License for the sp ecific lan guage gove rning perm issions an d | |
| 27 | * limita tions unde r the Lice nse. | |
| 28 | * ======= ========== ========== ========== ========== ========== ========== = | |
| 29 | * | |
| 30 | * This so ftware con sists of v oluntary c ontributio ns made by many | |
| 31 | * individ uals on be half of th e Apache S oftware Fo undation. For more | |
| 32 | * informa tion on th e Apache S oftware Fo undation, please see | |
| 33 | * <http:/ /www.apach e.org/>. | |
| 34 | * | |
| 35 | */ | |
| 36 | ||
| 37 | import jav a.io.IOExc eption; | |
| 38 | import jav a.io.Input Stream; | |
| 39 | import jav a.net.Inet Address; | |
| 40 | import jav a.net.Inet SocketAddr ess; | |
| 41 | import jav a.net.Sock et; | |
| 42 | import jav a.net.Sock etAddress; | |
| 43 | import jav a.net.URL; | |
| 44 | import jav a.net.Unkn ownHostExc eption; | |
| 45 | import jav a.security .GeneralSe curityExce ption; | |
| 46 | import jav a.security .KeyStore; | |
| 47 | import jav a.security .KeyStoreE xception; | |
| 48 | import jav a.security .NoSuchAlg orithmExce ption; | |
| 49 | import jav a.security .Unrecover ableKeyExc eption; | |
| 50 | import jav a.security .cert.Cert ificate; | |
| 51 | import jav a.security .cert.Cert ificateExc eption; | |
| 52 | import jav a.security .cert.X509 Certificat e; | |
| 53 | import jav a.util.Enu meration; | |
| 54 | import jav a.util.Has hMap; | |
| 55 | import jav a.util.Map ; | |
| 56 | ||
| 57 | import org .apache.co mmons.http client.Con nectTimeou tException ; | |
| 58 | import org .apache.co mmons.http client.par ams.HttpCo nnectionPa rams; | |
| 59 | import org .apache.co mmons.http client.pro tocol.Secu reProtocol SocketFact ory; | |
| 60 | import org .apache.lo gging.log4 j.LogManag er; | |
| 61 | import org .apache.lo gging.log4 j.Logger; | |
| 62 | ||
| 63 | import jav ax.net.Soc ketFactory ; | |
| 64 | import jav ax.net.ssl .KeyManage r; | |
| 65 | import jav ax.net.ssl .KeyManage rFactory; | |
| 66 | import jav ax.net.ssl .SSLContex t; | |
| 67 | import jav ax.net.ssl .TrustMana ger; | |
| 68 | import jav ax.net.ssl .TrustMana gerFactory ; | |
| 69 | import jav ax.net.ssl .X509Trust Manager; | |
| 70 | ||
| 71 | /** | |
| 72 | * <p> | |
| 73 | * AuthSSL ProtocolSo cketFactor y can be u sed to val idate the identity o f the | |
| 74 | * HTTPS s erver agai nst a list of truste d certific ates and t o authenti cate to | |
| 75 | * the HTT PS server using a pr ivate key. | |
| 76 | * </p> | |
| 77 | * | |
| 78 | * <p> | |
| 79 | * AuthSSL ProtocolSo cketFactor y will ena ble server authentic ation when supplied | |
| 80 | * with a {@link Key Store trus tstore} fi le contain g one or s everal tru sted | |
| 81 | * certifi cates. The client se cure socke t will rej ect the co nnection d uring the | |
| 82 | * SSL ses sion hands hake if th e target H TTPS serve r attempts to authen ticate | |
| 83 | * itself with a non -trusted c ertificate . | |
| 84 | * </p> | |
| 85 | * | |
| 86 | * <p> | |
| 87 | * Use JDK keytool u tility to import a t rusted cer tificate a nd generat e a | |
| 88 | * trustst ore file: | |
| 89 | * | |
| 90 | * <pre> | |
| 91 | * key tool -impo rt -alias "my s erver cert " -fi le server. crt -keyst ore my.tru ststore | |
| 92 | * </pre> | |
| 93 | * | |
| 94 | * </p> | |
| 95 | * | |
| 96 | * <p> | |
| 97 | * AuthSSL ProtocolSo cketFactor y will ena ble client authentic ation when supplied | |
| 98 | * with a {@link Key Store keys tore} file containg a private key/public | |
| 99 | * certifi cate pair. The clien t secure s ocket will use the p rivate key to | |
| 100 | * authent icate itse lf to the target HTT PS server during the SSL sessi on | |
| 101 | * handsha ke if requ ested to d o so by th e server. The target HTTPS ser ver will | |
| 102 | * in its turn verif y the cert ificate pr esented by the clien t in order to | |
| 103 | * establi sh client' s authenti city | |
| 104 | * </p> | |
| 105 | * | |
| 106 | * <p> | |
| 107 | * Use the following sequence of actions to genera te a keyst ore file | |
| 108 | * </p> | |
| 109 | * <ul> | |
| 110 | * <li> | |
| 111 | * <p> | |
| 112 | * Use JDK keytool u tility to generate a new key | |
| 113 | * | |
| 114 | * <pre> | |
| 115 | * keytool -genkey - v -alias & quot;my cl ient key&q uot; -vali dity 365 - keystore m y.keystore | |
| 116 | * </pre> | |
| 117 | * | |
| 118 | * For sim plicity us e the same password for the ke y as that of the key store | |
| 119 | * </p> | |
| 120 | * </li> | |
| 121 | * <li> | |
| 122 | * <p> | |
| 123 | * Issue a certifica te signing request ( CSR) | |
| 124 | * | |
| 125 | * <pre> | |
| 126 | * keytool -certreq -alias &qu ot;my clie nt key&quo t; -file m ycertreq.c sr -keysto re my.keys tore | |
| 127 | * </pre> | |
| 128 | * | |
| 129 | * </p> | |
| 130 | * </li> | |
| 131 | * <li> | |
| 132 | * <p> | |
| 133 | * Send th e certific ate reques t to the t rusted Cer tificate A uthority f or | |
| 134 | * signatu re. One ma y choose t o act as h er own CA and sign t he certifi cate | |
| 135 | * request using a P KI tool, s uch as Ope nSSL. | |
| 136 | * </p> | |
| 137 | * </li> | |
| 138 | * <li> | |
| 139 | * <p> | |
| 140 | * Import the truste d CA root certificat e | |
| 141 | * | |
| 142 | * <pre> | |
| 143 | * keytool -import - alias &quo t;my trust ed ca" ; -file ca root.crt - keystore m y.keystore | |
| 144 | * </pre> | |
| 145 | * | |
| 146 | * </p> | |
| 147 | * </li> | |
| 148 | * <li> | |
| 149 | * <p> | |
| 150 | * Import the PKCS#7 file cont aing the c omplete ce rtificate chain | |
| 151 | * | |
| 152 | * <pre> | |
| 153 | * keytool -import - alias &quo t;my clien t key" ; -file my cert.p7 -k eystore my .keystore | |
| 154 | * </pre> | |
| 155 | * | |
| 156 | * </p> | |
| 157 | * </li> | |
| 158 | * <li> | |
| 159 | * <p> | |
| 160 | * Verify the conten t the resu ltant keys tore file | |
| 161 | * | |
| 162 | * <pre> | |
| 163 | * keytool -list -v -keystore my.keystor e | |
| 164 | * </pre> | |
| 165 | * | |
| 166 | * </p> | |
| 167 | * </li> | |
| 168 | * </ul> | |
| 169 | * <p> | |
| 170 | * Example of using custom pro tocol sock et factory for a spe cific host : | |
| 171 | * | |
| 172 | * <pre> | |
| 173 | * Protoco l authhttp s = new Pr otocol(&qu ot;https&q uot;, new AuthSSLPro tocolSocke tFactory(n ew URL(&qu ot;file:my .keystore& quot;), &q uot;mypass word" , | |
| 174 | * ne w URL(&quo t;file:my. truststore "), & quot;mypas sword" ;), 443); | |
| 175 | * | |
| 176 | * HttpCli ent client = new Htt pClient(); | |
| 177 | * client. getHostCon figuration ().setHost ("loc alhost&quo t;, 443, a uthhttps); | |
| 178 | * // use relative u rl only | |
| 179 | * GetMeth od httpget = new Get Method(&qu ot;/" ); | |
| 180 | * client. executeMet hod(httpge t); | |
| 181 | * </pre> | |
| 182 | * | |
| 183 | * </p> | |
| 184 | * <p> | |
| 185 | * Example of using custom pro tocol sock et factory per defau lt instead of the | |
| 186 | * standar d one: | |
| 187 | * | |
| 188 | * <pre> | |
| 189 | * Protoco l authhttp s = new Pr otocol(&qu ot;https&q uot;, new AuthSSLPro tocolSocke tFactory(n ew URL(&qu ot;file:my .keystore& quot;), | |
| 190 | "myp assword&qu ot;, | |
| 191 | * ne w URL(&quo t;file:my. truststore "), & quot;mypas sword" ;), 443); | |
| 192 | * Protoco l.register Protocol(& quot;https ", au thhttps); | |
| 193 | * | |
| 194 | * HttpCli ent client = new Htt pClient(); | |
| 195 | * GetMeth od httpget = new Get Method(&qu ot;https:/ /localhost /"); | |
| 196 | * client. executeMet hod(httpge t); | |
| 197 | * </pre> | |
| 198 | * | |
| 199 | * </p> | |
| 200 | * | |
| 201 | * @author <a href=" mailto:ole g -at- ura l.ru">Oleg Kalnichev ski</a> | |
| 202 | * | |
| 203 | * <p> | |
| 204 | * DISCLAIME R: HttpCli ent develo pers DO NO T actively support t his | |
| 205 | * component . The comp onent is p rovided as a referen ce materia l, which | |
| 206 | * may be in appropriat e for use without ad ditional c ustomizati on. | |
| 207 | * </p> | |
| 208 | */ | |
| 209 | ||
| 210 | public cla ss AuthSSL ProtocolSo cketFactor y | |
| 211 | im plements S ecureProto colSocketF actory | |
| 212 | { | |
| 213 | pr ivate Logg er log = L ogManager. getLogger( this.getCl ass()); | |
| 214 | ||
| 215 | pr ivate URL keystoreUr l; | |
| 216 | pr ivate Stri ng keystor ePassword; | |
| 217 | pr ivate URL truststore Url; | |
| 218 | pr ivate Stri ng trustst orePasswor d; | |
| 219 | pr ivate SSLC ontext ssl context = null; | |
| 220 | pr ivate fina l int defa ultFederat ionNioPort = PORT ; | |
| 221 | ||
| 222 | pr ivate stat ic Map<Str ing, AuthS SLRemoteHo stMap> hos tMap = new HashMap<S tring, Aut hSSLRemote HostMap>() ; | |
| 223 | /* * | |
| 224 | * Construct or for Aut hSSLProtoc olSocketFa ctory. Eit her a keys tore or | |
| 225 | * truststor e file mus t be given . Otherwis e SSL cont ext initia lization e rror | |
| 226 | * will resu lt. | |
| 227 | * | |
| 228 | * @param ke ystoreUrl | |
| 229 | * URL of t he keystor e file. Ma y be <tt>n ull</tt> i f HTTPS cl ient | |
| 230 | * authenti cation is not to be used. | |
| 231 | * @param ke ystorePass word | |
| 232 | * Password to unlock the keyst ore. IMPOR TANT: this | |
| 233 | * implemen tation ass umes that the same p assword is used to | |
| 234 | * protect the key an d the keys tore itsel f. | |
| 235 | * @param tr uststoreUr l | |
| 236 | * URL of t he trustst ore file. May be <tt >null</tt> if HTTPS | |
| 237 | * server a uthenticat ion is not to be use d. | |
| 238 | * @param tr uststorePa ssword | |
| 239 | * Password to unlock the trust store. | |
| 240 | * / | |
| 241 | pu blic AuthS SLProtocol SocketFact ory(final URL keysto reUrl, fin al String keystorePa ssword, fi nal URL tr uststoreUr l, | |
| 242 | fina l String t ruststoreP assword) | |
| 243 | { | |
| 244 | supe r(); | |
| 245 | this .keystoreU rl = keyst oreUrl; | |
| 246 | this .keystoreP assword = keystorePa ssword; | |
| 247 | this .truststor eUrl = tru ststoreUrl ; | |
| 248 | this .truststor ePassword = truststo rePassword ; | |
| 249 | } | |
| 250 | ||
| 251 | pu blic stati c synchron ized void AddCvixHos tMap(Strin g host, Au thSSLRemot eHostMap s slHostInfo ) | |
| 252 | { | |
| 253 | host Map.put(ho st, sslHos tInfo); | |
| 254 | } | |
| 255 | ||
| 256 | ||
| 257 | pr ivate stat ic KeyStor e createKe yStore(fin al URL url , final St ring passw ord) | |
| 258 | th rows KeySt oreExcepti on, NoSuch AlgorithmE xception, Certificat eException , IOExcept ion | |
| 259 | { | |
| 260 | if ( url == nul l) | |
| 261 | throw new Illega lArgumentE xception(" Keystore u rl may not be null") ; | |
| 262 | ||
| 263 | LogM anager.get Logger(Aut hSSLProtoc olSocketFa ctory.clas s).debug(" Initializi ng key sto re"); | |
| 264 | KeyS tore keyst ore = KeyS tore.getIn stance("jk s"); | |
| 265 | Inpu tStream is = null; | |
| 266 | try | |
| 267 | { | |
| 268 | is = u rl.openStr eam(); | |
| 269 | keysto re.load(is , password != null ? password. toCharArra y() : null ); | |
| 270 | } | |
| 271 | fina lly | |
| 272 | { | |
| 273 | if (is != null) | |
| 274 | is.close (); | |
| 275 | } | |
| 276 | retu rn keystor e; | |
| 277 | } | |
| 278 | ||
| 279 | pr ivate stat ic KeyMana ger[] crea teKeyManag ers(final KeyStore k eystore, f inal Strin g password ) | |
| 280 | thro ws KeyStor eException , NoSuchAl gorithmExc eption, Un recoverabl eKeyExcept ion | |
| 281 | { | |
| 282 | if ( keystore = = null) | |
| 283 | throw new Illega lArgumentE xception(" Keystore m ay not be null"); | |
| 284 | ||
| 285 | LogM anager.get Logger(Aut hSSLProtoc olSocketFa ctory.clas s).debug(" Initializi ng key man ager"); | |
| 286 | KeyM anagerFact ory kmfact ory = KeyM anagerFact ory.getIns tance(KeyM anagerFact ory.getDef aultAlgori thm()); | |
| 287 | kmfa ctory.init (keystore, password != null ? password.t oCharArray () : null) ; | |
| 288 | retu rn kmfacto ry.getKeyM anagers(); | |
| 289 | } | |
| 290 | ||
| 291 | pr ivate stat ic TrustMa nager[] cr eateTrustM anagers(fi nal KeySto re keystor e) throws KeyStoreEx ception, | |
| 292 | NoSu chAlgorith mException | |
| 293 | { | |
| 294 | if ( keystore = = null) | |
| 295 | throw new Illega lArgumentE xception(" Keystore m ay not be null"); | |
| 296 | ||
| 297 | LogM anager.get Logger(Aut hSSLProtoc olSocketFa ctory.clas s).debug(" Initializi ng trust m anager"); | |
| 298 | Trus tManagerFa ctory tmfa ctory = Tr ustManager Factory.ge tInstance( TrustManag erFactory. getDefault Algorithm( )); | |
| 299 | tmfa ctory.init (keystore) ; | |
| 300 | Trus tManager[] trustmana gers = tmf actory.get TrustManag ers(); | |
| 301 | for (int i = 0 ; i < trus tmanagers. length; i+ +) | |
| 302 | { | |
| 303 | if (tr ustmanager s[i] insta nceof X509 TrustManag er) | |
| 304 | { | |
| 305 | trustman agers[i] = new AuthS SLX509Trus tManager(( X509TrustM anager) tr ustmanager s[i]); | |
| 306 | } | |
| 307 | } | |
| 308 | retu rn trustma nagers; | |
| 309 | } | |
| 310 | ||
| 311 | pr ivate SSLC ontext cre ateSSLCont ext() | |
| 312 | { | |
| 313 | try | |
| 314 | { | |
| 315 | KeyMan ager[] key managers = null; | |
| 316 | TrustM anager[] t rustmanage rs = null; | |
| 317 | if (th is.keystor eUrl != nu ll) | |
| 318 | { | |
| 319 | KeyStore keystore = createKe yStore(thi s.keystore Url, this. keystorePa ssword); | |
| 320 | if (LogM anager.get Logger(Aut hSSLProtoc olSocketFa ctory.clas s).isDebug Enabled()) | |
| 321 | logKeystor eContents( "keystore" , keystore ); | |
| 322 | ||
| 323 | keymanag ers = crea teKeyManag ers(keysto re, this.k eystorePas sword); | |
| 324 | } | |
| 325 | if (th is.trustst oreUrl != null) | |
| 326 | { | |
| 327 | KeyStore truststor e = create KeyStore(t his.trusts toreUrl, t his.trusts torePasswo rd); | |
| 328 | if (LogM anager.get Logger(Aut hSSLProtoc olSocketFa ctory.clas s).isDebug Enabled()) | |
| 329 | logKeystor eContents( "truststor e", trusts tore); | |
| 330 | ||
| 331 | trustman agers = cr eateTrustM anagers(tr uststore); | |
| 332 | } | |
| 333 | SSLCon text sslco ntext = SS LContext.g etInstance ("SSL"); | |
| 334 | sslcon text.init( keymanager s, trustma nagers, nu ll); | |
| 335 | return sslcontex t; | |
| 336 | } | |
| 337 | catc h (NoSuchA lgorithmEx ception e) | |
| 338 | { | |
| 339 | LogMan ager.getLo gger(AuthS SLProtocol SocketFact ory.class) .error(e.g etMessage( ), e); | |
| 340 | throw new AuthSS LInitializ ationError ("Unsuppor ted algori thm except ion: " + e .getMessag e()); | |
| 341 | } | |
| 342 | catc h (KeyStor eException e) | |
| 343 | { | |
| 344 | LogMan ager.getLo gger(AuthS SLProtocol SocketFact ory.class) .error(e.g etMessage( ), e); | |
| 345 | throw new AuthSS LInitializ ationError ("Keystore exception : " + e.ge tMessage() ); | |
| 346 | } | |
| 347 | catc h (General SecurityEx ception e) | |
| 348 | { | |
| 349 | LogMan ager.getLo gger(AuthS SLProtocol SocketFact ory.class) .error(e.g etMessage( ), e); | |
| 350 | throw new AuthSS LInitializ ationError ("Key mana gement exc eption: " + e.getMes sage()); | |
| 351 | } | |
| 352 | catc h (IOExcep tion e) | |
| 353 | { | |
| 354 | LogMan ager.getLo gger(AuthS SLProtocol SocketFact ory.class) .error(e.g etMessage( ), e); | |
| 355 | throw new AuthSS LInitializ ationError ("I/O erro r reading keystore/t ruststore file: " + e.getMessa ge()); | |
| 356 | } | |
| 357 | } | |
| 358 | ||
| 359 | pr ivate SSLC ontext cre ateCvixSSL Context(St ring host) | |
| 360 | { | |
| 361 | try | |
| 362 | { | |
| 363 | URL cv ixKeystore Url = host Map.get(ho st).getKey storeUrl() ; | |
| 364 | URL cv ixTruststo reUrl = ho stMap.get( host).getT ruststoreU rl(); | |
| 365 | String cvixKeyst orePasswor d = hostMa p.get(host ).getKeyst orePasswor d(); | |
| 366 | String cvixTrust storePassw ord = host Map.get(ho st).getTru ststorePas sword(); | |
| 367 | ||
| 368 | KeyMan ager[] key managers = null; | |
| 369 | TrustM anager[] t rustmanage rs = null; | |
| 370 | if (cv ixKeystore Url != nul l) | |
| 371 | { | |
| 372 | KeyStore keystore = createKe yStore(cvi xKeystoreU rl, cvixKe ystorePass word); | |
| 373 | if (LogM anager.get Logger(Aut hSSLProtoc olSocketFa ctory.clas s).isDebug Enabled()) | |
| 374 | logKeystor eContents( "keystore" , keystore ); | |
| 375 | ||
| 376 | keymanag ers = crea teKeyManag ers(keysto re, cvixKe ystorePass word); | |
| 377 | } | |
| 378 | ||
| 379 | if (cv ixTruststo reUrl != n ull) | |
| 380 | { | |
| 381 | KeyStore truststor e = create KeyStore(c vixTrustst oreUrl, cv ixTruststo rePassword ); | |
| 382 | if (LogM anager.get Logger(Aut hSSLProtoc olSocketFa ctory.clas s).isDebug Enabled()) | |
| 383 | logKeystor eContents( "truststor e", trusts tore); | |
| 384 | ||
| 385 | trustman agers = cr eateTrustM anagers(tr uststore); | |
| 386 | } | |
| 387 | ||
| 388 | LogMan ager.getLo gger(AuthS SLProtocol SocketFact ory.class) .debug("Cr eate cvix SSL Contex t"); | |
| 389 | ||
| 390 | SSLCon text sslco ntext = SS LContext.g etInstance ("SSL"); | |
| 391 | sslcon text.init( keymanager s, trustma nagers, nu ll); | |
| 392 | return sslcontex t; | |
| 393 | } | |
| 394 | catc h (NoSuchA lgorithmEx ception e) | |
| 395 | { | |
| 396 | LogMan ager.getLo gger(AuthS SLProtocol SocketFact ory.class) .error(e.g etMessage( ), e); | |
| 397 | throw new AuthSS LInitializ ationError ("Unsuppor ted algori thm except ion: " + e .getMessag e()); | |
| 398 | } | |
| 399 | catc h (KeyStor eException e) | |
| 400 | { | |
| 401 | LogMan ager.getLo gger(AuthS SLProtocol SocketFact ory.class) .error(e.g etMessage( ), e); | |
| 402 | throw new AuthSS LInitializ ationError ("Keystore exception : " + e.ge tMessage() ); | |
| 403 | } | |
| 404 | catc h (General SecurityEx ception e) | |
| 405 | { | |
| 406 | LogMan ager.getLo gger(AuthS SLProtocol SocketFact ory.class) .error(e.g etMessage( ), e); | |
| 407 | throw new AuthSS LInitializ ationError ("Key mana gement exc eption: " + e.getMes sage()); | |
| 408 | } | |
| 409 | catc h (IOExcep tion e) | |
| 410 | { | |
| 411 | LogMan ager.getLo gger(AuthS SLProtocol SocketFact ory.class) .error(e.g etMessage( ), e); | |
| 412 | throw new AuthSS LInitializ ationError ("I/O erro r reading keystore/t ruststore file: " + e.getMessa ge()); | |
| 413 | } | |
| 414 | } | |
| 415 | ||
| 416 | /* * | |
| 417 | * | |
| 418 | * @param ke ystoreName | |
| 419 | * @param ke ystore | |
| 420 | * @throws K eyStoreExc eption | |
| 421 | * / | |
| 422 | pr ivate void logKeysto reContents (String ke ystoreName , KeyStore keystore) throws Ke yStoreExce ption | |
| 423 | { | |
| 424 | LogM anager.get Logger(Aut hSSLProtoc olSocketFa ctory.clas s).debug(" Keystore : '" + keys toreName + "':"); | |
| 425 | for (Enumerati on<String> aliases = keystore. aliases(); aliases.h asMoreElem ents();) | |
| 426 | { | |
| 427 | String alias = ( String) al iases.next Element(); | |
| 428 | Certif icate[] ce rts = keys tore.getCe rtificateC hain(alias ); | |
| 429 | if (ce rts != nul l) | |
| 430 | { | |
| 431 | LogManag er.getLogg er(AuthSSL ProtocolSo cketFactor y.class).d ebug("Cert ificate Ch ain '" + a lias + "': "); | |
| 432 | for (Cer tificate c ert : cert s) | |
| 433 | logCertifi cateConten ts(cert); | |
| 434 | } | |
| 435 | else | |
| 436 | { | |
| 437 | Certific ate cert = keystore. getCertifi cate(alias ); | |
| 438 | LogManag er.getLogg er(AuthSSL ProtocolSo cketFactor y.class).d ebug( | |
| 439 | "Trusted C ertificate Authority '" + alia s + "':"); | |
| 440 | logCerti ficateCont ents(cert) ; | |
| 441 | } | |
| 442 | } | |
| 443 | } | |
| 444 | ||
| 445 | pr ivate void logCertif icateConte nts(Certif icate cert ) | |
| 446 | { | |
| 447 | if ( cert insta nceof X509 Certificat e) | |
| 448 | { | |
| 449 | X509Ce rtificate x509Cert = (X509Cert ificate) c ert; | |
| 450 | LogMan ager.getLo gger(AuthS SLProtocol SocketFact ory.class) .debug(" X 509 Certif icate :"); | |
| 451 | LogMan ager.getLo gger(AuthS SLProtocol SocketFact ory.class) .debug(" Subject DN : " + x509 Cert.getSu bjectDN()) ; | |
| 452 | LogMan ager.getLo gger(AuthS SLProtocol SocketFact ory.class) .debug( | |
| 453 | " Signa ture Algor ithm: " + x509Cert.g etSigAlgNa me()); | |
| 454 | LogMan ager.getLo gger(AuthS SLProtocol SocketFact ory.class) .debug( | |
| 455 | " Signa ture: " + x509Cert.g etPublicKe y().toStri ng()); | |
| 456 | LogMan ager.getLo gger(AuthS SLProtocol SocketFact ory.class) .debug(" Valid from : " + x509 Cert.getNo tBefore()) ; | |
| 457 | LogMan ager.getLo gger(AuthS SLProtocol SocketFact ory.class) .debug(" Valid unti l: " + x50 9Cert.getN otAfter()) ; | |
| 458 | LogMan ager.getLo gger(AuthS SLProtocol SocketFact ory.class) .debug(" Issuer: " + x509Cert .getIssuer DN()); | |
| 459 | } | |
| 460 | else | |
| 461 | LogMan ager.getLo gger(AuthS SLProtocol SocketFact ory.class) .debug(" C ertificate :" + cert .getType() ); | |
| 462 | } | |
| 463 | ||
| 464 | pr ivate SSLC ontext get SSLContext (String ho st, int po rt) | |
| 465 | { | |
| 466 | if ( hostMap.ge t(host) != null) //C vix only | |
| 467 | { | |
| 468 | SSLCon text cvixS slContext = hostMap. get(host). getSslCont ext(); | |
| 469 | if (cv ixSslConte xt == null ) | |
| 470 | { | |
| 471 | cvixSslC ontext = c reateCvixS SLContext( host); | |
| 472 | hostMap. get(host). setSslCont ext(cvixSs lContext); | |
| 473 | } | |
| 474 | return cvixSslCo ntext; | |
| 475 | } | |
| 476 | ||
| 477 | if ( port == de faultFeder ationNioPo rt) //Non- Blocking I O protocol must crea te SSLCont ext everyt ime | |
| 478 | { | |
| 479 | this.s slcontext = createSS LContext() ; | |
| 480 | } | |
| 481 | else //Blockin g IO proto col | |
| 482 | { | |
| 483 | if (th is.sslcont ext == nul l) | |
| 484 | { | |
| 485 | this.ssl context = createSSLC ontext(); | |
| 486 | } | |
| 487 | } | |
| 488 | ||
| 489 | retu rn this.ss lcontext; | |
| 490 | } | |
| 491 | ||
| 492 | /* * | |
| 493 | * Attempts to get a n ew socket connection to the gi ven host w ithin the | |
| 494 | * given tim e limit. | |
| 495 | * <p> | |
| 496 | * To circum vent the l imitations of older JREs that do not sup port conne ct | |
| 497 | * timeout a controlle r thread i s executed . The cont roller thr ead attemp ts | |
| 498 | * to create a new soc ket within the given limit of time. If s ocket | |
| 499 | * construct or does no t return u ntil the t imeout exp ires, the controller | |
| 500 | * terminate s and thro ws an {@li nk Connect TimeoutExc eption} | |
| 501 | * </p> | |
| 502 | * | |
| 503 | * @param ho st | |
| 504 | * the host name/IP | |
| 505 | * @param po rt | |
| 506 | * the port on the ho st | |
| 507 | * @param cl ientHost | |
| 508 | * the loca l host nam e/IP to bi nd the soc ket to | |
| 509 | * @param cl ientPort | |
| 510 | * the port on the lo cal machin e | |
| 511 | * @param pa rams | |
| 512 | * {@link H ttpConnect ionParams Http conne ction para meters} | |
| 513 | * | |
| 514 | * @return S ocket a ne w socket | |
| 515 | * | |
| 516 | * @throws I OException | |
| 517 | * if an I /O error o ccurs whil e creating the socke t | |
| 518 | * @throws U nknownHost Exception | |
| 519 | * if the IP address of the ho st cannot be determi ned | |
| 520 | * / | |
| 521 | pu blic Socke t createSo cket( | |
| 522 | fina l String h ost, final int port, | |
| 523 | fina l InetAddr ess localA ddress, fi nal int lo calPort, | |
| 524 | fina l HttpConn ectionPara ms params) | |
| 525 | th rows IOExc eption, Un knownHostE xception, ConnectTim eoutExcept ion | |
| 526 | { | |
| 527 | if ( params == null) | |
| 528 | throw new Illega lArgumentE xception(" Parameters may not b e null"); | |
| 529 | ||
| 530 | int timeout = params.get Connection Timeout(); | |
| 531 | Sock etFactory socketfact ory = getS SLContext( host, port ).getSocke tFactory() ; | |
| 532 | ||
| 533 | int newPort = port; | |
| 534 | ||
| 535 | if ( hostMap.ge t(host) != null) | |
| 536 | { | |
| 537 | if (ho stMap.get( host).getR emoteHostP ort() != n ull) { | |
| 538 | newPort = hostMap. get(host). getRemoteH ostPort(); | |
| 539 | } | |
| 540 | if (ho stMap.get( host).getT imeout() ! = null) { | |
| 541 | timeout = hostMap. get(host). getTimeout (); | |
| 542 | } | |
| 543 | } | |
| 544 | ||
| 545 | LogM anager.get Logger(Aut hSSLProtoc olSocketFa ctory.clas s).debug(" CreateSock et- host: " + host + " Port=" + newPort + " timeou t=" + time out); | |
| 546 | ||
| 547 | if ( timeout == 0) | |
| 548 | { | |
| 549 | return socketfac tory.creat eSocket(ho st, newPor t, localAd dress, loc alPort); | |
| 550 | } | |
| 551 | else | |
| 552 | { | |
| 553 | Socket socket = socketfact ory.create Socket(); | |
| 554 | Socket Address lo caladdr = new InetSo cketAddres s(localAdd ress, loca lPort); | |
| 555 | Socket Address re moteaddr = new InetS ocketAddre ss(host, n ewPort); | |
| 556 | socket .bind(loca laddr); | |
| 557 | socket .connect(r emoteaddr, timeout); | |
| 558 | LogMan ager.getLo gger(AuthS SLProtocol SocketFact ory.class) .debug("So cket.conne ct to remo teaddr suc essfully") ; | |
| 559 | return socket; | |
| 560 | } | |
| 561 | } | |
| 562 | ||
| 563 | /* * | |
| 564 | * @see Secu reProtocol SocketFact ory#create Socket(jav a.lang.Str ing,int,ja va.net.Ine tAddress,i nt) | |
| 565 | * / | |
| 566 | pu blic Socke t createSo cket(Strin g host, in t port, In etAddress clientHost , int clie ntPort) | |
| 567 | th rows IOExc eption, Un knownHostE xception | |
| 568 | { | |
| 569 | retu rn getSSLC ontext(hos t, port).g etSocketFa ctory().cr eateSocket (host, por t, clientH ost, clien tPort); | |
| 570 | } | |
| 571 | ||
| 572 | /* * | |
| 573 | * @see Secu reProtocol SocketFact ory#create Socket(jav a.lang.Str ing,int) | |
| 574 | * / | |
| 575 | pu blic Socke t createSo cket(Strin g host, in t port) | |
| 576 | th rows IOExc eption, Un knownHostE xception | |
| 577 | { | |
| 578 | retu rn getSSLC ontext(hos t, port).g etSocketFa ctory().cr eateSocket (host, por t); | |
| 579 | } | |
| 580 | ||
| 581 | /* * | |
| 582 | * @see Secu reProtocol SocketFact ory#create Socket(jav a.net.Sock et,java.la ng.String, int,boolea n) | |
| 583 | * / | |
| 584 | pu blic Socke t createSo cket(Socke t socket, String hos t, int por t, boolean autoClose ) | |
| 585 | th rows IOExc eption, Un knownHostE xception | |
| 586 | { | |
| 587 | retu rn getSSLC ontext(hos t, port).g etSocketFa ctory().cr eateSocket (socket, h ost, port, autoClose ); | |
| 588 | } | |
| 589 | } |
Araxis Merge (but not the data content of this report) is Copyright © 1993-2016 Araxis Ltd (www.araxis.com). All rights reserved.