📄 jtlsparams.java
字号:
/************************************************************************
*
* $Id: JTlsParams.java,v 1.2 2002/03/04 21:42:58 echtcherbina Exp $
*
* Copyright (c) 2001 Sun Microsystems, Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Sun Microsystems, Inc. for Project JXTA."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Sun", "Sun Microsystems, Inc.", "JXTA" and "Project JXTA"
* must not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact Project JXTA at http://www.jxta.org.
*
* 5. Products derived from this software may not be called "JXTA",
* nor may "JXTA" appear in their name, without prior written
* permission of Sun.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL SUN MICROSYSTEMS OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of Project JXTA. For more
* information on Project JXTA, please see
* <http://www.jxta.org/>.
*
* This license is based on the BSD license adopted by the Apache Foundation.
*********************************************************************************/
package net.jxta.impl.endpoint.tls;
import COM.claymoresystems.ptls.SSLContext;
import COM.claymoresystems.sslg.SSLPolicyInt;
import java.io.IOException;
public class JTlsParams {
private String keyfile = null; // client's EAY key file.
private String passphrase = null; // pass phrase used with above
private String rootfile = null; // CA root file to use
private boolean acceptUnverifiedCerts = false;
private boolean validateDates = false; // check cert dates
// When we get this working, then we will create the default list
// that JXTA supports here.
private short[] cipherSuites = null; // client cipher suites
private SSLContext ctx = null; // SSL Context
private SSLPolicyInt policy = null; // policy object for this client
public JTlsParams() {
ctx = new SSLContext(); // Context for SSL
policy = new SSLPolicyInt(); // policy object
ctx.seedJxtaRNG(); // kick start RNG
cipherSuites = null;
}
// accessors
public SSLContext getContext()
{
return ctx;
}
public SSLPolicyInt getPolicy()
{
return policy;
}
// set the client/server parameters
private void loadRootCerts(String rootfile)
throws IOException {
this.passphrase = passphrase;
this.rootfile = rootfile;
ctx.loadRootCertificates(rootfile);
}
private void loadEAYKeyFile(String keyfile, String passphrase)
throws IOException {
this.keyfile = keyfile;
this.passphrase = passphrase;
ctx.loadEAYKeyFile(keyfile, passphrase);
}
private void setCertPolicies(boolean unverifiedOK,
boolean checkDates)
{
acceptUnverifiedCerts = unverifiedOK;
validateDates = checkDates;
policy.checkCertificateDates(validateDates);
policy.acceptUnverifiableCertificates(acceptUnverifiedCerts);
}
// We accept a ":" separated list of TLS cipher suites
private void setCipherSuites(String suites)
{
// Make sure something is passed
if (suites == null) return;
else {
// will be null if ALL of passed suites are not supported by TLS
cipherSuites = JTlsUtil.parseCipherSuites(suites);
// if null, then we use the default list.
if (cipherSuites != null)
policy.setCipherSuites(cipherSuites);
}
}
// Set up client TLS parameter context and policies
public void setClientParameters(String rootfile,
String keyfile,
String passphrase,
String suites,
boolean unverifiedOK,
boolean checkDates)
throws IOException, ArrayIndexOutOfBoundsException {
if (rootfile == null || keyfile == null)
throw new IOException("null file name as argument");
loadRootCerts(rootfile);
loadEAYKeyFile(keyfile, passphrase);
setCertPolicies(unverifiedOK, checkDates);
setCipherSuites(suites);
ctx.setPolicy(policy); // add to the SSL Context
}
// Set the server's TLS parameters (peer as a server)
public void setServerParameters(String rootfile,
String keyfile,
String dhfile,
String passphrase,
boolean clientAuthorization)
throws IOException {
if (rootfile == null || keyfile == null)
throw new IOException("null file name as argument");
// diffy-hellman parameters
if (dhfile != null)
ctx.loadDHParams(dhfile);
loadRootCerts(rootfile);
loadEAYKeyFile(keyfile, passphrase);
policy.requireClientAuth(clientAuthorization);
ctx.setPolicy(policy);
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -