[Beepcore-java-commits] CVS: beepcore-java/tls/org/beepcore/beep/profile/tls/ptls TLSProfilePureTLS.
Status: Beta
Brought to you by:
huston
Menu
▾
▴
[Beepcore-java-commits] CVS: beepcore-java/tls/org/beepcore/beep/profile/tls/ptls TLSProfilePureTLS.java,1.4,1.5 TLSProfilePureTLSPemInit.java,1.3,1.4
|
From: Huston F. <hu...@us...> - 2001-11-09 18:41:26
|
Update of /cvsroot/beepcore-java/beepcore-java/tls/org/beepcore/beep/profile/tls/ptls
In directory usw-pr-cvs1:/tmp/cvs-serv32503/tls/org/beepcore/beep/profile/tls/ptls
Modified Files:
TLSProfilePureTLS.java TLSProfilePureTLSPemInit.java
Log Message:
Changed ProfileConfiguration to not inherit from Properties
Index: TLSProfilePureTLS.java
===================================================================
RCS file: /cvsroot/beepcore-java/beepcore-java/tls/org/beepcore/beep/profile/tls/ptls/TLSProfilePureTLS.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -C2 -r1.4 -r1.5
*** TLSProfilePureTLS.java 2001/11/08 05:51:35 1.4
--- TLSProfilePureTLS.java 2001/11/09 18:41:23 1.5
***************
*** 3,6 ****
--- 3,7 ----
*
* Copyright (c) 2001 Invisible Worlds, Inc. All rights reserved.
+ * Copyright (c) 2001 Huston Franklin. All rights reserved.
*
* The contents of this file are subject to the Blocks Public License (the
***************
*** 61,66 ****
* @see java.util.List
*/
! public class TLSProfilePureTLS extends TLSProfile
! implements StartChannelListener {
// Constants
--- 62,68 ----
* @see java.util.List
*/
! public class TLSProfilePureTLS extends TuningProfile
! implements StartChannelListener
! {
// Constants
***************
*** 71,75 ****
/**
! * use this as the uri for the channel to open to encrypt a session using TLS.
*/
public static final String URI = "http://iana.org/beep/TLS";
--- 73,78 ----
/**
! * use this as the uri for the channel to open to encrypt a
! * session using TLS.
*/
public static final String URI = "http://iana.org/beep/TLS";
***************
*** 95,99 ****
// property names
! // public static final String PROPERTY_PEER_AUTHENTICATION_REQUIRED = "Peer Authentication Required";
public static final String PROPERTY_CLIENT_AUTH_REQUIRED =
"Client Authenticaton Required";
--- 98,103 ----
// property names
! // public static final String PROPERTY_PEER_AUTHENTICATION_REQUIRED =
! // "Peer Authentication Required";
public static final String PROPERTY_CLIENT_AUTH_REQUIRED =
"Client Authenticaton Required";
***************
*** 183,187 ****
}
! public boolean advertiseProfile(Session session, SessionTuningProperties tuning)
throws BEEPException
{
--- 187,192 ----
}
! public boolean advertiseProfile(Session session,
! SessionTuningProperties tuning)
throws BEEPException
{
***************
*** 198,212 ****
*
* @param uri used to start a channel with TLS protection
! * @param config used to specify the parameters for sessions protected
! * by this profile's version of TLS. In other words, if you want another
! * set of paramters, you must either recall this method or create another
! * <code>TLSProfilePureTLS</code> and call this method with a new configuration.
* The meaningful properties that can be set are:
* <table>
* <tr>
! * <td><i>Cipher Suite</i></td><td><code>short []</code> corresponding to the
! * <a href="http://www.ietf.org/rfc/rfc2246.txt">TLS spec</a> ciphers (Appendix A).
! * By default all the ciphers (except anonymous for now) are available. Use this
! * to restrict to a certain strength of cipher if you desire to do so.</td>
* </tr>
* <tr>
--- 203,221 ----
*
* @param uri used to start a channel with TLS protection
! * @param config used to specify the parameters for sessions
! * protected by this profile's version of TLS. In other words, if
! * you want another set of paramters, you must either recall this
! * method or create another <code>TLSProfilePureTLS</code> and
! * call this method with a new configuration.
! *
* The meaningful properties that can be set are:
* <table>
* <tr>
! * <td><i>Cipher Suite</i></td><td><code>short []</code>
! * corresponding to the <a
! * href="http://www.ietf.org/rfc/rfc2246.txt">TLS spec</a> ciphers
! * (Appendix A). By default all the ciphers (except anonymous for
! * now) are available. Use this to restrict to a certain strength
! * of cipher if you desire to do so.</td>
* </tr>
* <tr>
***************
*** 226,234 ****
* <tr>
* <td><i>Trusted Certificates</i></td><td>{@link List} that holds
! * all trusted (or root) certificates that we can verify a peer against.</td>
* </tr>
* </table>
*/
! public StartChannelListener init(String uri, ProfileConfiguration config)
throws BEEPException
{
--- 235,244 ----
* <tr>
* <td><i>Trusted Certificates</i></td><td>{@link List} that holds
! * all trusted (or root) certificates that we can verify a peer
! * against.</td>
* </tr>
* </table>
*/
! public StartChannelListener init(String uri, Hashtable config)
throws BEEPException
{
***************
*** 281,285 ****
|| (config.get(PROPERTY_CERTIFICATES) == null)
|| (config.get(PROPERTY_TRUSTED_CERTS) == null)) {
! throw new BEEPException("Must have a private key and certificates with root certificates that match the key's algorithm");
}
--- 291,297 ----
|| (config.get(PROPERTY_CERTIFICATES) == null)
|| (config.get(PROPERTY_TRUSTED_CERTS) == null)) {
! throw new BEEPException("Must have a private key and " +
! "certificates with root certificates " +
! "that match the key's algorithm");
}
***************
*** 291,295 ****
// store the certificates
if (!(config.get(PROPERTY_CERTIFICATES) instanceof List)) {
! throw new BEEPException("X.509 Certificates should be in a List or subclass");
}
--- 303,308 ----
// store the certificates
if (!(config.get(PROPERTY_CERTIFICATES) instanceof List)) {
! throw new BEEPException("X.509 Certificates should be in a List " +
! "or subclass");
}
***************
*** 332,336 ****
}
} catch (Exception e) {
! throw new BEEPException("Trusted (root) certificates must be in DRE format contained in byte[]");
}
--- 345,350 ----
}
} catch (Exception e) {
! throw new BEEPException("Trusted (root) certificates must be in " +
! "DRE format contained in byte[]");
}
***************
*** 488,496 ****
* Called when the underlying BEEP framework receives
* a "close" element.<p>
! * As of now, it is not possible to close a TLS channel. To cease using
! * TLS, the entire session must be closed. This is done since opening
! * a TLS channel resets the entire session, effectively closing all the
! * previously open channels, including channel 0 (hence the greetings are
! * exchanged again).
*
* @param channel <code>Channel</code> which received the close request.
--- 502,511 ----
* Called when the underlying BEEP framework receives
* a "close" element.<p>
! *
! * As of now, it is not possible to close a TLS channel. To cease
! * using TLS, the entire session must be closed. This is done
! * since opening a TLS channel resets the entire session,
! * effectively closing all the previously open channels, including
! * channel 0 (hence the greetings are exchanged again).
*
* @param channel <code>Channel</code> which received the close request.
***************
*** 732,740 ****
/**
! * allows an initializer class to set the trusted certificates for the profile.
! * The initializers are profile classes with a custom {@link init} method
! * that takes the certificates (a {@link List} of byte[], each being
! * the DER format for an X.509 certificate) from a given source, such as a
! * file or database and calls this method.
* @param certs
*/
--- 747,757 ----
/**
! * allows an initializer class to set the trusted certificates for
! * the profile. The initializers are profile classes with a
! * custom {@link init} method that takes the certificates (a
! * {@link List} of byte[], each being the DER format for an X.509
! * certificate) from a given source, such as a file or database
! * and calls this method.
! *
* @param certs
*/
Index: TLSProfilePureTLSPemInit.java
===================================================================
RCS file: /cvsroot/beepcore-java/beepcore-java/tls/org/beepcore/beep/profile/tls/ptls/TLSProfilePureTLSPemInit.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -r1.3 -r1.4
*** TLSProfilePureTLSPemInit.java 2001/11/08 05:51:35 1.3
--- TLSProfilePureTLSPemInit.java 2001/11/09 18:41:23 1.4
***************
*** 3,6 ****
--- 3,7 ----
*
* Copyright (c) 2001 Invisible Worlds, Inc. All rights reserved.
+ * Copyright (c) 2001 Huston Franklin. All rights reserved.
*
* The contents of this file are subject to the Blocks Public License (the
***************
*** 21,24 ****
--- 22,26 ----
import org.beepcore.beep.profile.*;
import org.beepcore.beep.profile.tls.TLSProfile;
+ import org.beepcore.beep.transport.tcp.TCPSession;
import java.security.PrivateKey;
***************
*** 46,50 ****
* specific configuration to encrypt a session with TLS.
*/
! public class TLSProfilePureTLSPemInit implements Profile {
// property names
--- 48,52 ----
* specific configuration to encrypt a session with TLS.
*/
! public class TLSProfilePureTLSPemInit extends TLSProfile {
// property names
***************
*** 65,68 ****
--- 67,72 ----
"Trusted Certificates";
+ private TLSProfilePureTLS tlsp = new TLSProfilePureTLS();
+
/**
* init sets the criteria for which an TLS connection is made when
***************
*** 74,109 ****
*
* @param uri used to start a channel with TLS protection
! * @param config used to specify the parameters for sessions protected
! * by this profile's version of TLS. In other words, if you want another
! * set of paramters, you must either recall this method or create another
! * <code>TLSProfilePureTLSPemInit</code> and call this method with a new
! * configuration. Note: All different parameters may be in the same PEM file.
* The meaningful properties that can be set are:
* <table>
* <tr>
! * <td><i>Cipher Suite</i></td><td>List of cipher names (comma separated)
! * to accept. Cipher names are formatted as per Appendix A in the TLS spec.
! * By default all the ciphers (except anonymous for now) are available. Use this
! * to restrict to a certain strength of cipher if you desire to do so.</td>
* </tr>
* <tr>
! * <td><i>Certificates</i></td><td>Name of the PEM file that contains the
! * certificates to present. These are in order from the user's certificate
! * to the root certificate.</td>
* </tr>
* <tr>
* <td><i>Private Key</i></td><td>Name of the PEM file that contains the
* encrypted private key to use.</td>
* </tr>
* <tr>
! * <td><i>Private Key Passphrase</i></td><td>{@link String} passphrase used to
! * encrypt the private key in its file.</td>
* </tr>
* <tr>
! * <td><i>Private Key Type</i></td><td>"RSA" or "DSA" are the two accepted private key formats.</td>
* </tr>
* <tr>
! * <td><i>Trusted Certificates</i></td><td>Name of the PEM file that contains
! * the root certificates used to verify a peer's identity.</td>
* </tr>
* </table>
--- 78,124 ----
*
* @param uri used to start a channel with TLS protection
! * @param config used to specify the parameters for sessions
! * protected by this profile's version of TLS. In other words, if
! * you want another set of paramters, you must either recall this
! * method or create another <code>TLSProfilePureTLSPemInit</code>
! * and call this method with a new configuration. Note: All
! * different parameters may be in the same PEM file.
! *
* The meaningful properties that can be set are:
+ *
* <table>
* <tr>
! * <td><i>Cipher Suite</i></td><td>List of cipher names (comma
! * separated) to accept. Cipher names are formatted as per
! * Appendix A in the TLS spec. By default all the ciphers (except
! * anonymous for now) are available. Use this to restrict to a
! * certain strength of cipher if you desire to do so.</td>
* </tr>
+ *
* <tr>
! * <td><i>Certificates</i></td><td>Name of the PEM file that
! * contains the certificates to present. These are in order from
! * the user's certificate to the root certificate.</td>
* </tr>
+ *
* <tr>
* <td><i>Private Key</i></td><td>Name of the PEM file that contains the
* encrypted private key to use.</td>
* </tr>
+ *
* <tr>
! * <td><i>Private Key Passphrase</i></td><td>{@link String}
! * passphrase used to encrypt the private key in its file.</td>
* </tr>
+ *
* <tr>
! * <td><i>Private Key Type</i></td><td>"RSA" or "DSA" are the two
! * accepted private key formats.</td>
* </tr>
+ *
* <tr>
! * <td><i>Trusted Certificates</i></td><td>Name of the PEM file
! * that contains the root certificates used to verify a peer's
! * identity.</td>
* </tr>
* </table>
***************
*** 112,120 ****
throws BEEPException
{
- TLSProfilePureTLS tlsp = new TLSProfilePureTLS();
-
// set whether or not peer must send a certificate
! if (config.get(PROPERTY_CLIENT_AUTH_REQUIRED) != null) {
! if (new Boolean((String) config.get(PROPERTY_CLIENT_AUTH_REQUIRED)).booleanValue() == true) {
tlsp.setNeedPeerAuthentication(true);
} else {
--- 127,133 ----
throws BEEPException
{
// set whether or not peer must send a certificate
! if (config.getProperty(PROPERTY_CLIENT_AUTH_REQUIRED) != null) {
! if (new Boolean(config.getProperty(PROPERTY_CLIENT_AUTH_REQUIRED)).booleanValue() == true) {
tlsp.setNeedPeerAuthentication(true);
} else {
***************
*** 123,131 ****
}
// set the cipher suites
! if (config.get(PROPERTY_CIPHER_SUITE) != null) {
// parse the cipher names
int fromIndex = 0;
! String cipherNames = (String) config.get(PROPERTY_CIPHER_SUITE);
short cipherTemp[] = new short[TLSProfilePureTLS.MAX_CIPHERS];
int cipherCount = 0;
--- 136,144 ----
}
// set the cipher suites
! if (config.getProperty(PROPERTY_CIPHER_SUITE) != null) {
// parse the cipher names
int fromIndex = 0;
! String cipherNames = config.getProperty(PROPERTY_CIPHER_SUITE);
short cipherTemp[] = new short[TLSProfilePureTLS.MAX_CIPHERS];
int cipherCount = 0;
***************
*** 172,180 ****
// the user must supply a private key, certificate(s), and trusted
// certificate.
! if ((config.get(PROPERTY_PRIVATE_KEY) == null)
! || (config.get(PROPERTY_PRIVATE_KEY_TYPE) == null)
! || (config.get(PROPERTY_CERTIFICATES) == null)
! || (config.get(PROPERTY_TRUSTED_CERTS) == null)) {
! throw new BEEPException("Must have a private key and certificates with root certificates that match the key's algorithm");
}
--- 185,196 ----
// the user must supply a private key, certificate(s), and trusted
// certificate.
! if ((config.getProperty(PROPERTY_PRIVATE_KEY) == null)
! || (config.getProperty(PROPERTY_PRIVATE_KEY_TYPE) == null)
! || (config.getProperty(PROPERTY_CERTIFICATES) == null)
! || (config.getProperty(PROPERTY_TRUSTED_CERTS) == null))
! {
! throw new BEEPException("Must have a private key and certificates "
! + "with root certificates that match the "
! + "key's algorithm");
}
***************
*** 188,192 ****
// to the negotiated cipher suite. We assume that the
// peer has a root that is in common with us.
! String certFile = (String) config.get(PROPERTY_CERTIFICATES);
BufferedReader certbr =
new BufferedReader(new FileReader(certFile));
--- 204,208 ----
// to the negotiated cipher suite. We assume that the
// peer has a root that is in common with us.
! String certFile = config.getProperty(PROPERTY_CERTIFICATES);
BufferedReader certbr =
new BufferedReader(new FileReader(certFile));
***************
*** 207,216 ****
tlsp.setCertChain(certs);
! String keyFile = (String) config.get(PROPERTY_PRIVATE_KEY);
BufferedReader keybr =
new BufferedReader(new FileReader(keyFile));
! String keyType = (String) config.get(PROPERTY_PRIVATE_KEY_TYPE);
String passphrase =
! (String) config.get(PROPERTY_PRIVATE_KEY_PASSPHRASE);
StringBuffer actualKeyType = new StringBuffer();
--- 223,232 ----
tlsp.setCertChain(certs);
! String keyFile = config.getProperty(PROPERTY_PRIVATE_KEY);
BufferedReader keybr =
new BufferedReader(new FileReader(keyFile));
! String keyType = config.getProperty(PROPERTY_PRIVATE_KEY_TYPE);
String passphrase =
! config.getProperty(PROPERTY_PRIVATE_KEY_PASSPHRASE);
StringBuffer actualKeyType = new StringBuffer();
***************
*** 222,228 ****
if (!actualKeyType.toString().equals(keyType)) {
! throw new BEEPException("Private key types differ. Looking for "
! + keyType + " and found "
! + actualKeyType.toString());
}
--- 238,245 ----
if (!actualKeyType.toString().equals(keyType)) {
! throw new BEEPException("Private key types differ. " +
! "Looking for " + keyType +
! " and found " +
! actualKeyType.toString());
}
***************
*** 234,238 ****
// verify that the object passed in is either a list or a String
! certFile = (String) config.get(PROPERTY_TRUSTED_CERTS);
certbr = new BufferedReader(new FileReader(certFile));
certType = new StringBuffer();
--- 251,255 ----
// verify that the object passed in is either a list or a String
! certFile = config.getProperty(PROPERTY_TRUSTED_CERTS);
certbr = new BufferedReader(new FileReader(certFile));
certType = new StringBuffer();
***************
*** 258,261 ****
--- 275,282 ----
// return the TLSProfilePureTLS as the start channel listener
return tlsp;
+ }
+
+ public TCPSession startTLS(TCPSession session) throws BEEPException {
+ return tlsp.startTLS(session);
}
}
|
