001: /**
002: * Sequoia: Database clustering technology.
003: * Copyright (C) 2002-2004 French National Institute For Research In Computer
004: * Science And Control (INRIA).
005: * Contact: sequoia@continuent.org
006: *
007: * Licensed under the Apache License, Version 2.0 (the "License");
008: * you may not use this file except in compliance with the License.
009: * You may obtain a copy of the License at
010: *
011: * http://www.apache.org/licenses/LICENSE-2.0
012: *
013: * Unless required by applicable law or agreed to in writing, software
014: * distributed under the License is distributed on an "AS IS" BASIS,
015: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
016: * See the License for the specific language governing permissions and
017: * limitations under the License.
018: *
019: * Initial developer(s): Marc Wick.
020: * Contributor(s): ______________________.
021: */package org.continuent.sequoia.common.net;
022:
023: import java.io.File;
024: import java.io.FileInputStream;
025: import java.io.IOException;
026: import java.security.GeneralSecurityException;
027: import java.security.KeyStore;
028:
029: import javax.net.ServerSocketFactory;
030: import javax.net.SocketFactory;
031: import javax.net.ssl.SSLServerSocketFactory;
032: import javax.net.ssl.SSLSocketFactory;
033:
034: import com.sun.net.ssl.KeyManager;
035: import com.sun.net.ssl.KeyManagerFactory;
036: import com.sun.net.ssl.SSLContext;
037: import com.sun.net.ssl.TrustManager;
038: import com.sun.net.ssl.TrustManagerFactory;
039:
040: /**
041: * This class defines a SocketFactory
042: *
043: * @author <a href="mailto:marc.wick@monte-bre.ch">Marc Wick </a>
044: * @version 1.0
045: */
046: public class SocketFactoryFactory {
047:
048: /**
049: * create a server socket factory with the specified configuration
050: *
051: * @param config - the ssl configuration
052: * @return - the socket factory
053: * @throws SSLException - could not create factory
054: */
055: public static ServerSocketFactory createServerFactory(
056: SSLConfiguration config) throws SSLException {
057: try {
058:
059: if (config == null)
060: // nothing todo return default SocketFactory
061: return ServerSocketFactory.getDefault();
062:
063: SSLContext context = createSSLContext(config);
064: // Finally, we get a SocketFactory
065: SSLServerSocketFactory ssf = context
066: .getServerSocketFactory();
067:
068: if (!config.isClientAuthenticationRequired())
069: return ssf;
070:
071: return new AuthenticatedServerSocketFactory(ssf);
072: } catch (Exception e) {
073: throw new SSLException(e);
074: }
075: }
076:
077: /**
078: * create a socket factory with the specified configuration
079: *
080: * @param config - the ssl configuration
081: * @return - the socket factory
082: * @throws IOException if the SSL keystore file could not be opened
083: * @throws GeneralSecurityException if the SSL keystore file access is denied
084: */
085: public static SocketFactory createFactory(SSLConfiguration config)
086: throws IOException, GeneralSecurityException {
087: if (config == null)
088: // nothing todo return default SocketFactory
089: return SocketFactory.getDefault();
090:
091: SSLContext context = createSSLContext(config);
092:
093: // Finally, we get a SocketFactory
094: SSLSocketFactory ssf = context.getSocketFactory();
095:
096: if (!config.isClientAuthenticationRequired())
097: return ssf;
098:
099: return new AuthenticatedSocketFactory(ssf);
100: }
101:
102: /**
103: * create a ssl context
104: *
105: * @param config - ssl config
106: * @return - the ssl context
107: * @throws IOException if the SSL keystore file could not be opened
108: * @throws GeneralSecurityException if the SSL keystore file access is denied
109: */
110: public static SSLContext createSSLContext(SSLConfiguration config)
111: throws IOException, GeneralSecurityException {
112:
113: KeyManager[] kms = getKeyManagers(config.getKeyStore(), config
114: .getKeyStorePassword(), config.getKeyStoreKeyPassword());
115:
116: TrustManager[] tms = getTrustManagers(config.getTrustStore(),
117: config.getTrustStorePassword());
118:
119: // Now construct a SSLContext using these KeyManagers. We
120: // specify a null SecureRandom, indicating that the
121: // defaults should be used.
122: SSLContext context = SSLContext.getInstance("SSL");
123: context.init(kms, tms, null);
124: return context;
125: }
126:
127: protected static KeyManager[] getKeyManagers(File keyStore,
128: String keyStorePassword, String keyPassword)
129: throws IOException, GeneralSecurityException {
130: // First, get the default KeyManagerFactory.
131: String alg = KeyManagerFactory.getDefaultAlgorithm();
132: KeyManagerFactory kmFact = KeyManagerFactory.getInstance(alg);
133:
134: // Next, set up the KeyStore to use. We need to load the file into
135: // a KeyStore instance.
136: FileInputStream fis = new FileInputStream(keyStore);
137: KeyStore ks = KeyStore.getInstance("jks");
138:
139: char[] passwd = null;
140: if (keyStorePassword != null) {
141: passwd = keyStorePassword.toCharArray();
142: }
143: ks.load(fis, passwd);
144: fis.close();
145:
146: // Now we initialize the TrustManagerFactory with this KeyStore
147: kmFact.init(ks, keyPassword.toCharArray());
148:
149: // And now get the TrustManagers
150: KeyManager[] kms = kmFact.getKeyManagers();
151: return kms;
152: }
153:
154: protected static TrustManager[] getTrustManagers(File trustStore,
155: String trustStorePassword) throws IOException,
156: GeneralSecurityException {
157: // First, get the default TrustManagerFactory.
158: String alg = TrustManagerFactory.getDefaultAlgorithm();
159: TrustManagerFactory tmFact = TrustManagerFactory
160: .getInstance(alg);
161:
162: // Next, set up the TrustStore to use. We need to load the file into
163: // a KeyStore instance.
164: FileInputStream fis = new FileInputStream(trustStore);
165: KeyStore ks = KeyStore.getInstance("jks");
166: ks.load(fis, trustStorePassword.toCharArray());
167: fis.close();
168:
169: // Now we initialize the TrustManagerFactory with this KeyStore
170: tmFact.init(ks);
171:
172: // And now get the TrustManagers
173: TrustManager[] tms = tmFact.getTrustManagers();
174: return tms;
175: }
176: }
|