You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by jd...@apache.org on 2007/09/18 13:24:09 UTC
svn commit: r576849 -
/geronimo/sandbox/gshell/trunk/gshell-remote/gshell-remote-common/src/main/java/org/apache/geronimo/gshell/remote/ssl/
Author: jdillon
Date: Tue Sep 18 04:24:08 2007
New Revision: 576849
URL: http://svn.apache.org/viewvc?rev=576849&view=rev
Log:
Tidy up and components the ssl support classes we have right now, drop those we aren't using
Added:
geronimo/sandbox/gshell/trunk/gshell-remote/gshell-remote-common/src/main/java/org/apache/geronimo/gshell/remote/ssl/SSLContextFactory.java
Removed:
geronimo/sandbox/gshell/trunk/gshell-remote/gshell-remote-common/src/main/java/org/apache/geronimo/gshell/remote/ssl/BogusTrustManagerFactory.java
geronimo/sandbox/gshell/trunk/gshell-remote/gshell-remote-common/src/main/java/org/apache/geronimo/gshell/remote/ssl/SSLServerSocketFactory.java
geronimo/sandbox/gshell/trunk/gshell-remote/gshell-remote-common/src/main/java/org/apache/geronimo/gshell/remote/ssl/SSLSocketFactory.java
Modified:
geronimo/sandbox/gshell/trunk/gshell-remote/gshell-remote-common/src/main/java/org/apache/geronimo/gshell/remote/ssl/BogusSSLContextFactory.java
Modified: geronimo/sandbox/gshell/trunk/gshell-remote/gshell-remote-common/src/main/java/org/apache/geronimo/gshell/remote/ssl/BogusSSLContextFactory.java
URL: http://svn.apache.org/viewvc/geronimo/sandbox/gshell/trunk/gshell-remote/gshell-remote-common/src/main/java/org/apache/geronimo/gshell/remote/ssl/BogusSSLContextFactory.java?rev=576849&r1=576848&r2=576849&view=diff
==============================================================================
--- geronimo/sandbox/gshell/trunk/gshell-remote/gshell-remote-common/src/main/java/org/apache/geronimo/gshell/remote/ssl/BogusSSLContextFactory.java (original)
+++ geronimo/sandbox/gshell/trunk/gshell-remote/gshell-remote-common/src/main/java/org/apache/geronimo/gshell/remote/ssl/BogusSSLContextFactory.java Tue Sep 18 04:24:08 2007
@@ -18,7 +18,7 @@
*/
//
-// NOTE: Snatched from Apache Mina'a Examples
+// NOTE: Snatched and massaged from Apache Mina'a Examples
//
package org.apache.geronimo.gshell.remote.ssl;
@@ -26,116 +26,172 @@
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
+import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
+import java.security.KeyStoreException;
import java.security.Security;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.SSLContext;
-
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactorySpi;
+import javax.net.ssl.X509TrustManager;
+
+import org.codehaus.plexus.component.annotations.Component;
+import org.codehaus.plexus.personality.plexus.lifecycle.phase.Initializable;
+import org.codehaus.plexus.personality.plexus.lifecycle.phase.InitializationException;
import org.codehaus.plexus.util.IOUtil;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
/**
* Factory to create a bougus SSLContext.
*
- * @author The Apache MINA Project (dev@mina.apache.org)
- * @version $Rev$, $Date$
+ * @version $Rev$ $Date$
*/
+@Component(role=SSLContextFactory.class, hint="bogus")
public class BogusSSLContextFactory
+ implements SSLContextFactory, Initializable
{
private static final String PROTOCOL = "TLS";
+ private static final String DEFAULT_KEY_MANAGER_FACTORY_ALGORITHM = "SunX509";
+
private static final String KEY_MANAGER_FACTORY_ALGORITHM;
static {
String algorithm = Security.getProperty("ssl.KeyManagerFactory.algorithm");
if (algorithm == null) {
- algorithm = "SunX509";
+ algorithm = DEFAULT_KEY_MANAGER_FACTORY_ALGORITHM;
}
KEY_MANAGER_FACTORY_ALGORITHM = algorithm;
}
- /**
- * Bougus Server certificate keystore file name.
- */
- private static final String BOGUS_KEYSTORE = "bogus.cert";
-
+ //
// NOTE: The keystore was generated using keytool:
// keytool -genkey -alias bogus -keysize 512 -validity 3650
// -keyalg RSA -dname "CN=bogus.com, OU=XXX CA,
// O=Bogus Inc, L=Stockholm, S=Stockholm, C=SE"
// -keypass boguspw -storepass boguspw -keystore bogus.cert
- /**
- * Bougus keystore password.
- */
- private static final char[] BOGUS_PW = {'b', 'o', 'g', 'u', 's', 'p', 'w'};
-
- private static SSLContext serverInstance = null;
-
- private static SSLContext clientInstance = null;
-
- public static SSLContext getInstance(boolean server) throws GeneralSecurityException {
- SSLContext retInstance = null;
- if (server) {
- if (serverInstance == null) {
- synchronized (BogusSSLContextFactory.class) {
- if (serverInstance == null) {
- try {
- serverInstance = createBougusServerSSLContext();
- }
- catch (Exception e) {
- throw new GeneralSecurityException("Can't create Server SSLContext", e);
- }
- }
- }
- }
+ private Logger log = LoggerFactory.getLogger(getClass());
+
+ // @Configuration
+ private boolean preload = true;
+
+ // @Configuration
+ private String keystoreResource = "bogus.cert";
+
+ // @Configuration
+ private char[] keystorePassword = { 'b', 'o', 'g', 'u', 's', 'p', 'w' };
+
+ private SSLContext serverInstance;
- retInstance = serverInstance;
+ private SSLContext clientInstance;
+
+ public synchronized void initialize() throws InitializationException {
+ if (preload) {
+ log.debug("Preloading SSLContext instances");
+
+ try {
+ createServerContext();
+ createClientContext();
+ }
+ catch (GeneralSecurityException e) {
+ throw new InitializationException("Failed to setup SSLContext instances", e);
+ }
}
- else {
- if (clientInstance == null) {
- synchronized (BogusSSLContextFactory.class) {
- if (clientInstance == null) {
- clientInstance = createBougusClientSSLContext();
- }
+ }
+
+ //
+ // SSLContextFactory
+ //
+
+ public synchronized SSLContext createServerContext() throws GeneralSecurityException {
+ if (serverInstance == null) {
+ KeyStore keyStore;
+
+ try {
+ keyStore = KeyStore.getInstance("JKS");
+
+ InputStream in = getClass().getResourceAsStream(keystoreResource);
+ if (in == null) {
+ throw new GeneralSecurityException("Failed to load bogus keystore from resource: " + keystoreResource);
}
+
+ try {
+ keyStore.load(in, keystorePassword);
+ }
+ finally {
+ IOUtil.close(in);
+ }
+ }
+ catch (IOException e) {
+ throw new GeneralSecurityException("Failed to load bogus keystore", e);
}
- retInstance = clientInstance;
+ // Set up key manager factory to use our key store
+ KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KEY_MANAGER_FACTORY_ALGORITHM);
+ keyManagerFactory.init(keyStore, keystorePassword);
+
+ // Initialize the SSLContext to work with our key managers.
+ SSLContext context = SSLContext.getInstance(PROTOCOL);
+ context.init(keyManagerFactory.getKeyManagers(), BogusTrustManagerFactory.X509_MANAGERS, null);
+
+ serverInstance = context;
+
+ log.debug("Created server SSLContext: {}", serverInstance);
}
-
- return retInstance;
+
+ return serverInstance;
}
- private static SSLContext createBougusServerSSLContext() throws GeneralSecurityException, IOException {
- // Create keystore
- KeyStore ks = KeyStore.getInstance("JKS");
- InputStream in = null;
-
- try {
- in = BogusSSLContextFactory.class.getResourceAsStream(BOGUS_KEYSTORE);
- ks.load(in, BOGUS_PW);
- }
- finally {
- IOUtil.close(in);
- }
+ public synchronized SSLContext createClientContext() throws GeneralSecurityException {
+ if (clientInstance == null) {
+ SSLContext context = SSLContext.getInstance(PROTOCOL);
+ context.init(null, BogusTrustManagerFactory.X509_MANAGERS, null);
- // Set up key manager factory to use our key store
- KeyManagerFactory kmf = KeyManagerFactory.getInstance(KEY_MANAGER_FACTORY_ALGORITHM);
- kmf.init(ks, BOGUS_PW);
-
- // Initialize the SSLContext to work with our key managers.
- SSLContext sslContext = SSLContext.getInstance(PROTOCOL);
- sslContext.init(kmf.getKeyManagers(), BogusTrustManagerFactory.X509_MANAGERS, null);
+ clientInstance = context;
+
+ log.debug("Created client SSLContext: {}", clientInstance);
+ }
- return sslContext;
+ return clientInstance;
}
- private static SSLContext createBougusClientSSLContext() throws GeneralSecurityException {
- SSLContext context = SSLContext.getInstance(PROTOCOL);
- context.init(null, BogusTrustManagerFactory.X509_MANAGERS, null);
- return context;
+ //
+ // BogusTrustManagerFactory
+ //
+
+ private static class BogusTrustManagerFactory
+ extends TrustManagerFactorySpi
+ {
+ private static final X509TrustManager X509 = new X509TrustManager() {
+ public void checkClientTrusted(X509Certificate[] c, String s) throws CertificateException {}
+
+ public void checkServerTrusted(X509Certificate[] c, String s) throws CertificateException {}
+
+ public X509Certificate[] getAcceptedIssuers() {
+ return new X509Certificate[0];
+ }
+ };
+
+ private static final TrustManager[] X509_MANAGERS = { X509 };
+
+ @Override
+ protected TrustManager[] engineGetTrustManagers() {
+ return X509_MANAGERS;
+ }
+
+ @Override
+ protected void engineInit(KeyStore keystore) throws KeyStoreException {}
+
+ @Override
+ protected void engineInit(ManagerFactoryParameters managerFactoryParameters) throws InvalidAlgorithmParameterException {}
}
}
Added: geronimo/sandbox/gshell/trunk/gshell-remote/gshell-remote-common/src/main/java/org/apache/geronimo/gshell/remote/ssl/SSLContextFactory.java
URL: http://svn.apache.org/viewvc/geronimo/sandbox/gshell/trunk/gshell-remote/gshell-remote-common/src/main/java/org/apache/geronimo/gshell/remote/ssl/SSLContextFactory.java?rev=576849&view=auto
==============================================================================
--- geronimo/sandbox/gshell/trunk/gshell-remote/gshell-remote-common/src/main/java/org/apache/geronimo/gshell/remote/ssl/SSLContextFactory.java (added)
+++ geronimo/sandbox/gshell/trunk/gshell-remote/gshell-remote-common/src/main/java/org/apache/geronimo/gshell/remote/ssl/SSLContextFactory.java Tue Sep 18 04:24:08 2007
@@ -0,0 +1,46 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+//
+// NOTE: Snatched from Apache Mina'a Examples
+//
+
+package org.apache.geronimo.gshell.remote.ssl;
+
+import java.security.GeneralSecurityException;
+
+import javax.net.ssl.SSLContext;
+
+/**
+ * Provides an abstraction of client and server {@link SSLContext} creation.
+ *
+ * @version $Rev: 576656 $ $Date: 2007-09-17 19:02:43 -0700 (Mon, 17 Sep 2007) $
+ */
+public interface SSLContextFactory
+{
+ /**
+ * Creates a {@link SSLContext} suiteable for server-side usage.
+ */
+ SSLContext createServerContext() throws GeneralSecurityException;
+
+ /**
+ * Creates a {@link SSLContext} suiteable for client-side usage.
+ */
+ SSLContext createClientContext() throws GeneralSecurityException;
+}
\ No newline at end of file