1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28 package org.apache.http.nio.conn.ssl;
29
30 import java.net.InetSocketAddress;
31 import java.security.KeyManagementException;
32 import java.security.KeyStore;
33 import java.security.KeyStoreException;
34 import java.security.NoSuchAlgorithmException;
35 import java.security.SecureRandom;
36 import java.security.UnrecoverableKeyException;
37 import java.security.cert.Certificate;
38 import java.security.cert.X509Certificate;
39
40 import javax.net.ssl.KeyManager;
41 import javax.net.ssl.KeyManagerFactory;
42 import javax.net.ssl.SSLContext;
43 import javax.net.ssl.SSLEngine;
44 import javax.net.ssl.SSLException;
45 import javax.net.ssl.SSLSession;
46 import javax.net.ssl.TrustManager;
47 import javax.net.ssl.TrustManagerFactory;
48 import javax.net.ssl.X509TrustManager;
49
50 import org.apache.http.conn.ssl.BrowserCompatHostnameVerifier;
51 import org.apache.http.conn.ssl.SSLContexts;
52 import org.apache.http.conn.ssl.TrustStrategy;
53 import org.apache.http.conn.ssl.X509HostnameVerifier;
54 import org.apache.http.nio.conn.scheme.LayeringStrategy;
55 import org.apache.http.nio.reactor.IOSession;
56 import org.apache.http.nio.reactor.ssl.SSLIOSession;
57 import org.apache.http.nio.reactor.ssl.SSLMode;
58 import org.apache.http.nio.reactor.ssl.SSLSetupHandler;
59
60 @Deprecated
61 public class SSLLayeringStrategy implements LayeringStrategy {
62
63 public static final String TLS = "TLS";
64 public static final String SSL = "SSL";
65 public static final String SSLV2 = "SSLv2";
66
67 public static SSLLayeringStrategy getDefaultStrategy() {
68 return new SSLLayeringStrategy(SSLContexts.createDefault());
69 }
70
71 public static SSLLayeringStrategy getSystemDefaultStrategy() {
72 return new SSLLayeringStrategy(SSLContexts.createSystemDefault());
73 }
74
75 private final SSLContext sslContext;
76 private final X509HostnameVerifier hostnameVerifier;
77
78 private static SSLContext createSSLContext(
79 final String algorithm,
80 final KeyStore keystore,
81 final String keystorePassword,
82 final KeyStore truststore,
83 final SecureRandom random,
84 final TrustStrategy trustStrategy)
85 throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException, KeyManagementException {
86 final String algo = algorithm != null ? algorithm : TLS;
87 final KeyManagerFactory kmfactory = KeyManagerFactory.getInstance(
88 KeyManagerFactory.getDefaultAlgorithm());
89 kmfactory.init(keystore, keystorePassword != null ? keystorePassword.toCharArray(): null);
90 final KeyManager[] keymanagers = kmfactory.getKeyManagers();
91 final TrustManagerFactory tmfactory = TrustManagerFactory.getInstance(
92 TrustManagerFactory.getDefaultAlgorithm());
93 tmfactory.init(truststore);
94 final TrustManager[] trustmanagers = tmfactory.getTrustManagers();
95 if (trustmanagers != null && trustStrategy != null) {
96 for (int i = 0; i < trustmanagers.length; i++) {
97 final TrustManager tm = trustmanagers[i];
98 if (tm instanceof X509TrustManager) {
99 trustmanagers[i] = new TrustManagerDecorator(
100 (X509TrustManager) tm, trustStrategy);
101 }
102 }
103 }
104 final SSLContext sslcontext = SSLContext.getInstance(algo);
105 sslcontext.init(keymanagers, trustmanagers, random);
106 return sslcontext;
107 }
108
109 public SSLLayeringStrategy(
110 final String algorithm,
111 final KeyStore keystore,
112 final String keystorePassword,
113 final KeyStore truststore,
114 final SecureRandom random,
115 final X509HostnameVerifier hostnameVerifier)
116 throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
117 this(createSSLContext(
118 algorithm, keystore, keystorePassword, truststore, random, null),
119 hostnameVerifier);
120 }
121
122 public SSLLayeringStrategy(
123 final String algorithm,
124 final KeyStore keystore,
125 final String keystorePassword,
126 final KeyStore truststore,
127 final SecureRandom random,
128 final TrustStrategy trustStrategy,
129 final X509HostnameVerifier hostnameVerifier)
130 throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
131 this(createSSLContext(
132 algorithm, keystore, keystorePassword, truststore, random, trustStrategy),
133 hostnameVerifier);
134 }
135
136 public SSLLayeringStrategy(
137 final KeyStore keystore,
138 final String keystorePassword,
139 final KeyStore truststore)
140 throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
141 this(TLS, keystore, keystorePassword, truststore, null, null, new BrowserCompatHostnameVerifier());
142 }
143
144 public SSLLayeringStrategy(
145 final KeyStore keystore,
146 final String keystorePassword)
147 throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException{
148 this(TLS, keystore, keystorePassword, null, null, null, new BrowserCompatHostnameVerifier());
149 }
150
151 public SSLLayeringStrategy(
152 final KeyStore truststore)
153 throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
154 this(TLS, null, null, truststore, null, null, new BrowserCompatHostnameVerifier());
155 }
156
157 public SSLLayeringStrategy(
158 final TrustStrategy trustStrategy,
159 final X509HostnameVerifier hostnameVerifier)
160 throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
161 this(TLS, null, null, null, null, trustStrategy, hostnameVerifier);
162 }
163
164 public SSLLayeringStrategy(
165 final TrustStrategy trustStrategy)
166 throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
167 this(TLS, null, null, null, null, trustStrategy, new BrowserCompatHostnameVerifier());
168 }
169
170 public SSLLayeringStrategy(
171 final SSLContext sslContext, final X509HostnameVerifier hostnameVerifier) {
172 super();
173 this.sslContext = sslContext;
174 this.hostnameVerifier = hostnameVerifier;
175 }
176
177 public SSLLayeringStrategy(final SSLContext sslContext) {
178 this(sslContext, new BrowserCompatHostnameVerifier());
179 }
180
181 @Override
182 public boolean isSecure() {
183 return true;
184 }
185
186 @Override
187 public SSLIOSession layer(final IOSession iosession) {
188 final SSLIOSession ssliosession = new SSLIOSession(
189 iosession,
190 SSLMode.CLIENT,
191 this.sslContext,
192 new SSLSetupHandler() {
193
194 @Override
195 public void initalize(
196 final SSLEngine sslengine) throws SSLException {
197 initializeEngine(sslengine);
198 }
199
200 @Override
201 public void verify(
202 final IOSession iosession,
203 final SSLSession sslsession) throws SSLException {
204 verifySession(iosession, sslsession);
205 }
206
207 });
208 iosession.setAttribute(SSLIOSession.SESSION_KEY, ssliosession);
209 return ssliosession;
210 }
211
212 protected void initializeEngine(final SSLEngine engine) {
213 }
214
215 protected void verifySession(
216 final IOSession iosession,
217 final SSLSession sslsession) throws SSLException {
218 final InetSocketAddress address = (InetSocketAddress) iosession.getRemoteAddress();
219
220 final Certificate[] certs = sslsession.getPeerCertificates();
221 final X509Certificate x509 = (X509Certificate) certs[0];
222 this.hostnameVerifier.verify(address.getHostName(), x509);
223 }
224
225 }