📄 tlsconn.java
字号:
/************************************************************************
*
* $Id: TlsConn.java,v 1.23 2002/01/08 23:31:35 yeager Exp $
*
* Copyright (c) 2001 Sun Microsystems, Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Sun Microsystems, Inc. for Project JXTA."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Sun", "Sun Microsystems, Inc.", "JXTA" and "Project JXTA"
* must not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact Project JXTA at http://www.jxta.org.
*
* 5. Products derived from this software may not be called "JXTA",
* nor may "JXTA" appear in their name, without prior written
* permission of Sun.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL SUN MICROSYSTEMS OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of Project JXTA. For more
* information on Project JXTA, please see
* <http://www.jxta.org/>.
*
* This license is based on the BSD license adopted by the Apache Foundation.
*********************************************************************************/
package net.jxta.impl.endpoint.tls;
import COM.claymoresystems.ptls.SSLContext;
import COM.claymoresystems.ptls.SSLSocket;
import COM.claymoresystems.ptls.SSLDebug;
import COM.claymoresystems.sslg.SSLSocketXInt;
import COM.claymoresystems.sslg.SSLPolicyInt;
import java.io.*;
import java.util.Enumeration;
import org.apache.log4j.Category;
import org.apache.log4j.Priority;
import net.jxta.peergroup.*;
import net.jxta.document.*;
import net.jxta.discovery.*;
import net.jxta.endpoint.*;
import net.jxta.id.ID;
import net.jxta.protocol.PeerAdvertisement;
import net.jxta.impl.endpoint.MessageImpl;
import net.jxta.impl.endpoint.MessageElementImpl;
import net.jxta.impl.endpoint.MessageWireFormat;
import net.jxta.impl.endpoint.MessageWireFormatBinary;
/**
* This class implements the TLS connection between two peers.
*/
public class TlsConn {
private static final Category LOG = Category.getInstance(TlsConn.class.getName());
TlsManager manager = null;
TlsTransport transport = null;
// Test password
static final String userPassword = "password";
// For interfacing with TLS
SSLSocket ssls = null;
JTlsOutputStream jout = null;
JTlsInputStream jin = null;
JTlsParams params = null;
String rootdir = null; // Directory for root certs
String rootfile = null; // Defaut root certificate
String keyfile = null; // Service certificate
String dhfile = null; // diffy-hellman params
String passphrase = null; // the test passphrase is "password"
String suites = null; // Client crypto syites
String ppPath = null; // path phrase path
String rootCertFile = null; // The root cert file we really read
boolean unverifiedCerts = true; // client accepts unverified certs
boolean checkDates = true; // certificate dates must be verfied
boolean clientAuthorization = false; // server will authorize client
ReadPlaintextMessage readerThread = null;
EndpointAddress destAddr = null;
int which = 0; // are we client or server
// For a simple restransmission scheme
private boolean handshakeDone = false;
// If excessive, consecutive input errors
// while trying to read decrpyted messages
// occur, then this is set to true, and
// TlsManager will throw an IOException
// on the next incoming message.
private boolean inputDead = false;
public boolean getHandshakeDone()
{
return handshakeDone;
}
public boolean getInputDead()
{
return inputDead;
}
// This constructor is called by TlsManager in order to create a new
// TLS connection. This constructor must establish the TLS connection.
//
// If the connection cannot be established, throw an exception.
// PLUGIN: integrate the TLS connection code here.
public TlsConn (TlsManager manager,
TlsTransport tp,
EndpointAddress destAddr,
boolean client,
Message msg)
throws IOException {
this.manager = manager;
this.transport = tp;
this.destAddr = destAddr;
// This call belongs in the configuration code
if (LOG.isEnabledFor(Priority.DEBUG))
LOG.debug("TlsConn, contacting: " + destAddr.getProtocolAddress());
// Set pathnames for security data
setPathnames();
// Get our password
String thePassword = new String(TlsConfig.passitOn);
if (LOG.isEnabledFor(Priority.DEBUG)) {
LOG.debug("TlsConn, password = " + thePassword);
}
if (thePassword == null) { // something very broken
throw new IOException("TlsConn: null password. Cannot proceed.");
}
// System.out.println("\nTlsConn: password = " + thePassword);
// read the pass phrase
passphrase = JTlsUtil.readPassPhrase(ppPath, thePassword);
thePassword = null;
// set client/server tls parameters
// See if we have a root certificate for this destAddr
// We do both client and server authentication.
// Set state for root cert not present
unverifiedCerts = true;
clientAuthorization = false;
if ((rootCertFile = getRootCert(destAddr)) != null) {
// Have the root certificate
if (client) {
if (LOG.isEnabledFor(Priority.INFO))
LOG.info("Verifying certs, root = " + rootCertFile);
// We are verifying the server cert
unverifiedCerts = false;
} else {
// Server has client's root cert
if (LOG.isEnabledFor(Priority.INFO))
LOG.info("Authorizing client, root = " + rootCertFile);
// We are verifying the client cert
clientAuthorization = true;
}
} else {
// root cert not found:
// We need at least one even if it is not used.
// Use our own root cert(TLS requires a root cert)
rootCertFile = rootfile;
if (LOG.isEnabledFor(Priority.INFO)) {
String who = (String)(client ? "Server" : "Client");
LOG.info("NOT Verifying " + who + " cert, root = " + rootCertFile);
}
}
if (client) {
if (LOG.isEnabledFor(Priority.INFO))
LOG.info ("TLS Client");
// set the tls parameter context
params = new JTlsParams();
params.setClientParameters(rootCertFile,
keyfile,
passphrase,
suites,
unverifiedCerts,
checkDates);
which = SSLSocketXInt.CLIENT;
} else { // server parameters
if (LOG.isEnabledFor(Priority.INFO))
LOG.info ("TLS Server");
params = new JTlsParams();
params.setServerParameters(rootCertFile,
keyfile,
dhfile,
passphrase,
clientAuthorization);
which = SSLSocketXInt.SERVER;
}
// remove the tmp rootCert file if it is the remote peers
if (!unverifiedCerts || clientAuthorization) {
// Only required for setClientParameters
removeRootCertFile();
}
rootCertFile = null; // no longer required
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -