Menu
▾
▴
[ebxmlms-commits] ebxmlms/src/hk/hku/cecid/phoenix/message/transport Http.java,1.6,1.7
|
From: <bob...@us...> - 2003-09-11 08:58:19
|
Update of /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/message/transport
In directory sc8-pr-cvs1:/tmp/cvs-serv2330/src/hk/hku/cecid/phoenix/message/transport
Modified Files:
Http.java
Log Message:
Implement SSL Client Authentication.
set SSL client cert map with URL.
however, currently don't know how to choose suitable client cert
upon certificate request from server.
Index: Http.java
===================================================================
RCS file: /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/message/transport/Http.java,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -d -r1.6 -r1.7
*** Http.java 10 Sep 2003 04:47:02 -0000 1.6
--- Http.java 11 Sep 2003 08:58:09 -0000 1.7
***************
*** 76,79 ****
--- 76,80 ----
import hk.hku.cecid.phoenix.message.packaging.EbxmlMessage;
import hk.hku.cecid.phoenix.pki.KeyStoreTrustManager;
+ import hk.hku.cecid.phoenix.pki.KeyStoreKeyManager;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
***************
*** 85,93 ****
--- 86,97 ----
import java.net.HttpURLConnection;
import java.net.URL;
+ import java.net.MalformedURLException;
import java.security.Provider;
import java.security.Security;
import java.security.KeyStore;
+ import java.security.KeyStoreException;
import java.util.Iterator;
import java.util.Map;
+ import java.util.HashMap;
// import java.util.Map.Entry;
import java.util.StringTokenizer;
***************
*** 141,146 ****
Constants.DEFAULT_CONTENT_TRANSFER_ENCODING;
! private static HostnameVerifier hostnameVerifier;
! private static SSLSocketFactory sslSocketFactory;
public static void configure(Property prop) throws InitializationException {
String s = prop.get(Constants.PROPERTY_CONTENT_TRANSFER_ENCODING);
--- 145,152 ----
Constants.DEFAULT_CONTENT_TRANSFER_ENCODING;
! private static HostnameVerifier hostnameVerifier = null;
! private static TrustManager[] trustManagers = null;
! private static Map keyManagerMap = null;
! //private static SSLSocketFactory sslSocketFactory;
public static void configure(Property prop) throws InitializationException {
String s = prop.get(Constants.PROPERTY_CONTENT_TRANSFER_ENCODING);
***************
*** 188,193 ****
Constants.PROPERTY_USER_HOME);
}
- String realTrustedStorePath = trustedStorePath + File.separator
- + trustedStoreFile;
File realTrustStoreFile = new File(trustedStorePath + File.separator
+ trustedStoreFile);
--- 194,197 ----
***************
*** 223,241 ****
}
}
! if (trustManagers != null || keyManagers != null) {
! configureHTTPS(keyManagers, trustManagers);
}
}
! private static void configureHTTPS(KeyManager[] keyManagers,
! TrustManager[] trustManagers) throws InitializationException {
try {
SSLContext context = SSLContext.getInstance("SSL");
context.init(keyManagers, trustManagers, null);
! /*
! HttpsURLConnection.setDefaultSSLSocketFactory(
! context.getSocketFactory());
! */
! sslSocketFactory = context.getSocketFactory();
} catch (Exception e) {
String err = ErrorMessages.getMessage
--- 227,297 ----
}
}
! keyManagerMap = makeKeyManagerMap(prop);
! }
!
! private static Map makeKeyManagerMap(Property prop)
! throws InitializationException {
! Map result = new HashMap();
! String[] values = prop.getMultiple(Constants.PROPERTY_SSL_CLIENT_AUTH);
! if (values != null) {
! for (int i = 0; i < values.length; i++) {
! String prefix = Constants.PROPERTY_SSL_CLIENT_AUTH + "[" + i + "]";
! String urlString = prop.get(prefix + "/" + Constants.PROPERTY_URL);
! String keystorePath = prop.get(
! prefix + "/" + Constants.PROPERTY_KEY_STORE_PATH, "");
! String keystoreFile = prop.get(
! prefix + "/" + Constants.PROPERTY_KEY_STORE_FILE, "");
! String keystoreAlias = prop.get(
! prefix + "/" + Constants.PROPERTY_KEY_STORE_ALIAS, "");
! String keystorePassword = prop.get(
! prefix + "/" + Constants.PROPERTY_KEY_STORE_PASSWORD,
! "");
! File realKeyStoreFile = new File(keystorePath + File.separator
! + keystoreFile);
! URL url = null;
! if (!(realKeyStoreFile.exists()
! && realKeyStoreFile.isFile())) {
! logger.warn("KeyStoreFile not exist or is not a file : "
! + realKeyStoreFile.toString());
! realKeyStoreFile = null;
! }
! try {
! url = new URL(urlString);
! } catch (java.net.MalformedURLException e) {
! logger.warn("Malformed url for SSL Client auth '" + urlString
! + "' : " + e.getMessage());
! }
! if (realKeyStoreFile != null && url != null) {
! KeyManager keyManager = null;
! try {
! keyManager = new KeyStoreKeyManager(
! realKeyStoreFile, keystoreAlias,
! keystorePassword.toCharArray());
! } catch (KeyStoreException e) {
! String err = "Cannot load the keystore on SSL "
! + "client authentication : " + e.getMessage();
! logger.error(err);
! throw new InitializationException(err);
! }
! if (keyManager != null) {
! logger.info("Add SSL Client Authentication entry : "
! + url + " " + realKeyStoreFile);
! result.put(url, keyManager);
! }
! } else {
! logger.warn("Ignore this SSL Client Authenication setting");
! }
! }
}
+ return result;
}
! private static SSLSocketFactory makeSSLSocketFactory(
! KeyManager[] keyManagers, TrustManager[] trustManagers)
! throws InitializationException {
try {
SSLContext context = SSLContext.getInstance("SSL");
context.init(keyManagers, trustManagers, null);
! return context.getSocketFactory();
} catch (Exception e) {
String err = ErrorMessages.getMessage
***************
*** 326,334 ****
url.openConnection();
if (connection instanceof com.sun.net.ssl.HttpsURLConnection) {
! logger.info("Connect to a HTTPS connection");
HttpsURLConnection httpsConnection
= (HttpsURLConnection) connection;
! httpsConnection.setHostnameVerifier(hostnameVerifier);
! httpsConnection.setSSLSocketFactory(sslSocketFactory);
}
connection.setRequestMethod(HTTP_METHOD);
--- 382,404 ----
url.openConnection();
if (connection instanceof com.sun.net.ssl.HttpsURLConnection) {
! logger.info("Configuration to a HTTPS connection");
HttpsURLConnection httpsConnection
= (HttpsURLConnection) connection;
! if (hostnameVerifier != null) {
! httpsConnection.setHostnameVerifier(hostnameVerifier);
! }
! KeyManager[] keyManagers = null;
! if (keyManagerMap != null) {
! KeyManager keyManager = (KeyManager) keyManagerMap.get(url);
! if (keyManager != null) {
! logger.debug("use key manager for url : " + url);
! keyManagers = new KeyManager[]{keyManager};
! }
! }
! if (trustManagers != null || keyManagers != null) {
! SSLSocketFactory sslSocketFactory = makeSSLSocketFactory(
! keyManagers, trustManagers);
! httpsConnection.setSSLSocketFactory(sslSocketFactory);
! }
}
connection.setRequestMethod(HTTP_METHOD);
|
