Erik
This is what I'm currently using for Catalina as a
SSLServerSocketFactory - some of it may look familiar!
rgds
import java.io.InputStream;
import java.io.IOException;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import COM.claymoresystems.ptls.SSLContext;
import COM.claymoresystems.ptls.SSLContext;
import COM.claymoresystems.ptls.SSLSocket;
import COM.claymoresystems.ptls.SSLServerSocket;
import COM.claymoresystems.sslg.SSLPolicyInt;
/**
* SSL server socket factory--wraps PureTLS
*
* @author Eric Rescorla
*
* some sections of this file cribbed from SSLSocketFactory
* (the JSSE socket factory)
*
*/
public class PureTLSSocketFactory
implements org.apache.catalina.net.ServerSocketFactory
{
static String defaultProtocol = "TLS";
static boolean defaultClientAuth = false;
static String pureTLSCertificateFactoryName =
"com.syntactics.server.net.PureTLSCertificateFactory";
private PureTLSCertificateFactoryInterface pureTLSCertificateFactory
= null;
private SSLContext context=null;
public PureTLSSocketFactory() {
}
/**
* Should we require client authentication?
*/
private boolean clientAuth = false;
public boolean getClientAuth() {
return (this.clientAuth);
}
public void setClientAuth(boolean clientAuth) {
this.clientAuth = clientAuth;
}
public String getPureTLSCertificateFactory() {
return pureTLSCertificateFactoryName;
}
public void setPureTLSCertificateFactory(String
pureTLSCertificateFactory) {
this.pureTLSCertificateFactoryName = pureTLSCertificateFactory;
}
public ServerSocket createSocket(int port)
throws IOException
{
init();
return new SSLServerSocket(context,port);
}
public ServerSocket createSocket(int port, int backlog)
throws IOException
{
init();
ServerSocket tmp;
try {
tmp=new SSLServerSocket(context,port,backlog);
}
catch (IOException e){
throw e;
}
return tmp;
}
public ServerSocket createSocket(int port, int backlog,
InetAddress ifAddress)
throws IOException
{
init();
return new SSLServerSocket(context,port,backlog,ifAddress);
}
private void init()
throws IOException//, ClassNotFoundException, IllegalAccessException,
InstantiationException
{
try {
pureTLSCertificateFactory =
(PureTLSCertificateFactoryInterface)Class.forName(pureTLSCertificateFactoryName).newInstance();
} catch (ClassNotFoundException cnfe) {
throw new
IOException(cnfe.getMessage());//ClassNotFoundException(cnfe.getMessage());
} catch (IllegalAccessException iae) {
throw new
IOException(iae.getMessage());//IllegalAccessException(iae.getMessage());
} catch (InstantiationException ie) {
throw new
IOException(ie.getMessage());//InstantiationException(ie.getMessage());
}
if(context!=null)
return;
try {
String keyStoreFile=null;
if(keyStoreFile==null)
keyStoreFile=pureTLSCertificateFactory.getKeyStoreFile();
InputStream keyStoreStream =
pureTLSCertificateFactory.getKeyStoreStream();
String keyPass=null;
if(keyPass==null)
keyPass=pureTLSCertificateFactory.getKeyPassword();
String rootFile=null;
if(rootFile==null)
rootFile=pureTLSCertificateFactory.getRootFile();
InputStream rootStream =
pureTLSCertificateFactory.getRootStream();
String randomFile=null;
if(randomFile==null)
randomFile=pureTLSCertificateFactory.getRandomFile();
String protocol=defaultProtocol;
SSLContext tmpContext=new SSLContext();
if(clientAuth){
if (rootStream == null)
tmpContext.loadRootCertificates(rootFile);
else
tmpContext.loadRootCertificates(rootStream);
}
if (keyStoreStream == null)
tmpContext.loadEAYKeyFile(keyStoreFile,keyPass);
else
tmpContext.loadEAYKeyFile(keyStoreStream,keyPass);
tmpContext.useRandomnessFile(randomFile,keyPass);
if (rootStream!=null) rootStream.close();
if (keyStoreStream!=null) keyStoreStream.close();
SSLPolicyInt policy=new SSLPolicyInt();
policy.requireClientAuth(clientAuth);
policy.handshakeOnConnect(false);
policy.waitOnClose(false);
tmpContext.setPolicy(policy);
context=tmpContext;
} catch (Exception e){
throw new IOException(e.getMessage());
}
}
public void handshake(Socket sock)
throws IOException
{
((SSLSocket)sock).handshake();
}
}
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
