Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  /*
   *  Licensed to the Apache Software Foundation (ASF) under one or more
   *  contributor license agreements.  See the NOTICE file distributed with
   *  this work for additional information regarding copyright ownership.
   *  The ASF licenses this file to You under the Apache License, Version 2.0
   *  (the "License"); you may not use this file except in compliance with
   *  the License.  You may obtain a copy of the License at
   *
   *      http://www.apache.org/licenses/LICENSE-2.0
  *
  *  Unless required by applicable law or agreed to in writing, software
  *  distributed under the License is distributed on an "AS IS" BASIS,
  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  *  See the License for the specific language governing permissions and
  *  limitations under the License.
  */
 
 package org.apache.tomcat.util.net.jsse;
 
 import static org.jboss.web.CoyoteMessages.MESSAGES;
 
 import java.util.Map;
 
 
JSSESupport Concrete implementation class for JSSE Support classes. This will only work with JDK 1.2 and up since it depends on JDK 1.2's certificate support

Author(s):
EKR
Craig R. McClanahan
Filip Hanik Parts cribbed from JSSECertCompat Parts cribbed from CertificatesValve
 
 
 class JSSESupport implements SSLSupport {
     
     protected SSLSocket ssl;
     protected SSLSession session;
 
     private static final Map<SSLSessionIntegerkeySizeCache =
         new WeakHashMap<SSLSessionInteger>(10);
 
     Listener listener = new Listener();
 
     JSSESupport(SSLSocket sock){
         =sock;
          = sock.getSession();
         sock.addHandshakeCompletedListener();
     }
     
     JSSESupport(SSLSession session) {
         this. = session;
     }
 
     public String getCipherSuite() throws IOException {
         // Look up the current SSLSession
         if ( == null)
             return null;
         return .getCipherSuite();
     }
 
     public Object[] getPeerCertificateChain() 
         throws IOException {
         return getPeerCertificateChain(false);
     }
 
     protected java.security.cert.X509Certificate [] getX509Certificates(SSLSession session
         throws IOException {
         Certificate [] certs=null;
         try {
             certs = session.getPeerCertificates();
         } catchThrowable t ) {
             ..debug("Error getting client certs"t);
             return null;
         }
         ifcerts==null ) return null;
         
        java.security.cert.X509Certificate [] x509Certs = 
            new java.security.cert.X509Certificate[certs.length];
        for(int i=0; i < certs.lengthi++) {
            if (certs[iinstanceof java.security.cert.X509Certificate ) {
                // always currently true with the JSSE 1.1.x
                x509Certs[i] = (java.security.cert.X509Certificatecerts[i];
            } else {
                try {
                    byte [] buffer = certs[i].getEncoded();
                    CertificateFactory cf =
                        CertificateFactory.getInstance("X.509");
                    ByteArrayInputStream stream =
                        new ByteArrayInputStream(buffer);
                    x509Certs[i] = (java.security.cert.X509Certificatecf.generateCertificate(stream);
                } catch(Exception ex) { 
                    ..errorTranslatingCertificate(certs[i], ex);
                    return null;
                }
            }
            if(..isTraceEnabled())
                ..trace("Cert #" + i + " = " + x509Certs[i]);
        }
        if(x509Certs.length < 1)
            return null;
        return x509Certs;
    }
    public Object[] getPeerCertificateChain(boolean force)
        throws IOException {
        // Look up the current SSLSession
        if ( == null)
            return null;
        // Convert JSSE's certificate format to the ones we need
	X509Certificate [] jsseCerts = null;
	try {
	    jsseCerts = .getPeerCertificateChain();
catch(Exception bex) {
	    // ignore.
	}
	if (jsseCerts == null)
	    jsseCerts = new X509Certificate[0];
	if(jsseCerts.length <= 0 && force) {
	    handShake();
	     = .getSession();
	}
        return getX509Certificates();
    }
    protected void handShake() throws IOException {
        if.getWantClientAuth() ) {
            ..debug("No client cert sent for want");
        } else {
            .setNeedClientAuth(true);
        }
        if (.getEnabledCipherSuites().length == 0) {
            // Handshake is never going to be successful.
            // Assume this is because handshakes are disabled
            .invalidate();
            .close();
            return;
        }
        InputStream in = .getInputStream();
        int oldTimeout = .getSoTimeout();
        .setSoTimeout(1000);
        byte[] b = new byte[1];
        .reset();
        .startHandshake();
        int maxTries = 60; // 60 * 1000 = example 1 minute time out
        for (int i = 0; i < maxTriesi++) {
            try {
                int read = in.read(b);
                if (read > 0) {
                    // Shouldn't happen as all input should have been swallowed
                    // before trying to do the handshake. If it does, something
                    // went wrong so lets bomb out now.
                    throw new SSLException(.sslHandshakeData());
                }
            } catch(SSLException sslex) {
                ..trace("SSL Error getting client Certs",sslex);
                throw sslex;
            } catch (IOException e) {
                // ignore - presumably the timeout
            }
            if (.) {
                break;
            }
        }
        .setSoTimeout(oldTimeout);
        if (. == false) {
            throw new SocketException(.sslHandshakeTimeout());
        }
    }

    
Copied from org.apache.catalina.valves.CertificateValve
    public Integer getKeySize() 
        throws IOException {
        // Look up the current SSLSession
        SSLSupport.CipherData c_aux[]=;
        if ( == null)
            return null;
        
        Integer keySize = null;
        synchronized() {
            keySize = .get();
        }
        if (keySize == null) {
            int size = 0;
            String cipherSuite = .getCipherSuite();
            for (int i = 0; i < c_aux.lengthi++) {
                if (cipherSuite.indexOf(c_aux[i].) >= 0) {
                    size = c_aux[i].;
                    break;
                }
            }
            keySize = new Integer(size);
            synchronized() {
                .put(keySize);
            }
        }
        return keySize;
    }
    public String getSessionId()
        throws IOException {
        // Look up the current SSLSession
        if ( == null)
            return null;
        // Expose ssl_session (getId)
        byte [] ssl_session = .getId();
        if ( ssl_session == null
            return null;
        StringBuilder buf=new StringBuilder("");
        for(int x=0; x<ssl_session.lengthx++) {
            String digit=Integer.toHexString((int)ssl_session[x]);
            if (digit.length()<2) buf.append('0');
            if (digit.length()>2) digit=digit.substring(digit.length()-2);
            buf.append(digit);
        }
        return buf.toString();
    }
    private static class Listener implements HandshakeCompletedListener {
        volatile boolean completed = false;
        public void handshakeCompleted(HandshakeCompletedEvent event) {
             = true;
        }
        void reset() {
             = false;
        }
    }
New to GrepCode? Check out our FAQ X