Erik This is what I'm currently using for Catalina as a SSLServerSocketFactory - some of it may look familiar!
rgds import java.io.InputStream; import java.io.IOException; import java.net.InetAddress; import java.net.ServerSocket; import java.net.Socket; import COM.claymoresystems.ptls.SSLContext; import COM.claymoresystems.ptls.SSLContext; import COM.claymoresystems.ptls.SSLSocket; import COM.claymoresystems.ptls.SSLServerSocket; import COM.claymoresystems.sslg.SSLPolicyInt; /** * SSL server socket factory--wraps PureTLS * * @author Eric Rescorla * * some sections of this file cribbed from SSLSocketFactory * (the JSSE socket factory) * */ public class PureTLSSocketFactory implements org.apache.catalina.net.ServerSocketFactory { static String defaultProtocol = "TLS"; static boolean defaultClientAuth = false; static String pureTLSCertificateFactoryName = "com.syntactics.server.net.PureTLSCertificateFactory"; private PureTLSCertificateFactoryInterface pureTLSCertificateFactory = null; private SSLContext context=null; public PureTLSSocketFactory() { } /** * Should we require client authentication? */ private boolean clientAuth = false; public boolean getClientAuth() { return (this.clientAuth); } public void setClientAuth(boolean clientAuth) { this.clientAuth = clientAuth; } public String getPureTLSCertificateFactory() { return pureTLSCertificateFactoryName; } public void setPureTLSCertificateFactory(String pureTLSCertificateFactory) { this.pureTLSCertificateFactoryName = pureTLSCertificateFactory; } public ServerSocket createSocket(int port) throws IOException { init(); return new SSLServerSocket(context,port); } public ServerSocket createSocket(int port, int backlog) throws IOException { init(); ServerSocket tmp; try { tmp=new SSLServerSocket(context,port,backlog); } catch (IOException e){ throw e; } return tmp; } public ServerSocket createSocket(int port, int backlog, InetAddress ifAddress) throws IOException { init(); return new SSLServerSocket(context,port,backlog,ifAddress); } private void init() throws IOException//, ClassNotFoundException, IllegalAccessException, InstantiationException { try { pureTLSCertificateFactory = (PureTLSCertificateFactoryInterface)Class.forName(pureTLSCertificateFactoryName).newInstance(); } catch (ClassNotFoundException cnfe) { throw new IOException(cnfe.getMessage());//ClassNotFoundException(cnfe.getMessage()); } catch (IllegalAccessException iae) { throw new IOException(iae.getMessage());//IllegalAccessException(iae.getMessage()); } catch (InstantiationException ie) { throw new IOException(ie.getMessage());//InstantiationException(ie.getMessage()); } if(context!=null) return; try { String keyStoreFile=null; if(keyStoreFile==null) keyStoreFile=pureTLSCertificateFactory.getKeyStoreFile(); InputStream keyStoreStream = pureTLSCertificateFactory.getKeyStoreStream(); String keyPass=null; if(keyPass==null) keyPass=pureTLSCertificateFactory.getKeyPassword(); String rootFile=null; if(rootFile==null) rootFile=pureTLSCertificateFactory.getRootFile(); InputStream rootStream = pureTLSCertificateFactory.getRootStream(); String randomFile=null; if(randomFile==null) randomFile=pureTLSCertificateFactory.getRandomFile(); String protocol=defaultProtocol; SSLContext tmpContext=new SSLContext(); if(clientAuth){ if (rootStream == null) tmpContext.loadRootCertificates(rootFile); else tmpContext.loadRootCertificates(rootStream); } if (keyStoreStream == null) tmpContext.loadEAYKeyFile(keyStoreFile,keyPass); else tmpContext.loadEAYKeyFile(keyStoreStream,keyPass); tmpContext.useRandomnessFile(randomFile,keyPass); if (rootStream!=null) rootStream.close(); if (keyStoreStream!=null) keyStoreStream.close(); SSLPolicyInt policy=new SSLPolicyInt(); policy.requireClientAuth(clientAuth); policy.handshakeOnConnect(false); policy.waitOnClose(false); tmpContext.setPolicy(policy); context=tmpContext; } catch (Exception e){ throw new IOException(e.getMessage()); } } public void handshake(Socket sock) throws IOException { ((SSLSocket)sock).handshake(); } } -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>