tlsconn.java

jxme的一些相关程序,主要是手机上程序开发以及手机和计算机通信的一些程序资料,程序编译需要Ant支持

      // instantiatiate i/o streams
      jin = new JTlsInputStream(this);

      // If msg is not null, we need to queue this message now.
      if (msg != null) {
	  jin.queueIncomingMessage (msg);
      }

      jout = new JTlsOutputStream(this, tp, destAddr);
  }

  // Called by TlsManager after our conn object has been created
  //
  public void openTLSConnection() 
    throws IOException {

      // open SSL socket and do the handshake
      //    create 2 strings for session hashing
      String shash1 = destAddr.getProtocolAddress();
      int shash2 = JTlsDefs.FAKEPORT;
      boolean client = (which == SSLSocketXInt.CLIENT);
      long startTime = 0;

      if (LOG.isEnabledFor(Priority.INFO)) {

	startTime = System.currentTimeMillis();
	LOG.info((String)(client ? "Client:" : "Server:") +
	  " Handshake START");

      }

      handshakeDone = false;

      ssls = new SSLSocket(params.getContext(), jin, jout, shash1, shash2, which);

      handshakeDone = true;
      if (LOG.isEnabledFor(Priority.INFO)) {

	long hsTime = (System.currentTimeMillis() - startTime)/1000;
	LOG.info((String)(client ? "Client:" : "Server:") +
		  "Handshake DONE in " + hsTime + " secs\n");
      }

      // set up plain text i/o
      jin.setPlaintextInputStream(ssls);   // reads decrypted
      jout.setPlaintextOutputStream(ssls); // writes to be encrypted
      
      // Start reader thread
      readerThread = new ReadPlaintextMessage(jin, transport);
      if (LOG.isEnabledFor(Priority.INFO)) {
	LOG.info("TLS: Started plaintext reader thread");
      }

  }

  // This is our reader thread
  // Note: jin.readMessage() triggers TLS to read a 
  // TLS Record, which in turn invokes a read in
  // JTlsInputStream waiting for incoming TLS Records. 
  //
  // Thus, these complete messages are built via processIncomingMessage's 
  // TLS Records by passing them through TLS.
  private class ReadPlaintextMessage implements Runnable {
    JTlsInputStream ptin = null;
    TlsTransport tp = null;
    int nErrors = 0;
    Thread th = null;

    public ReadPlaintextMessage(JTlsInputStream ptin, TlsTransport tp)
    {
      this.ptin = ptin;
      this.tp = tp;

      // start our thread
      th = new Thread(this, JTlsDefs.READTHREADNAME);
      th.setDaemon(true);
      th.start();
    }

    static private final long ERRORWAIT = 30000;

    public void run() {
      // We need an exit condition
      while (true) {
	Message msg = new MessageImpl();
	int i = this.ptin.readMessage(msg);
	if (i == 0) {		// have a message

	  // dispatch it to TlsTransport for demuxing
	  if (LOG.isEnabledFor(Priority.INFO)) {
	    LOG.info("Dispatching msg to TlsTransport");
	  }

	  this.tp.processReceivedMessage(msg);

	  nErrors = 0;		// reset error counter
	} else {		// error return

	  if (LOG.isEnabledFor(Priority.INFO)) 
	    LOG.info("I/O error while reading decrypted Message");

	  nErrors += 1;
	  if (nErrors == 10) {	// not spurious
            inputDead = true;   // for TlsManager
	    try {
	      Thread.currentThread().sleep(ERRORWAIT);
	    }  catch (InterruptedException e) {
	      ;
	    }
	    nErrors = 0;	// wait and keep trying
	  }
	}
      }
    }
  }

  // sendMessage is called by the TlsMessenger each time a service or
  // an application sends a new message over a TLS connection.
  // IOException is thrown when something goes wrong.
  // 
  // The message is encrypted by TLS ultimately calling
  // JTlsOutputStream.write(byte[], int, int); with the 
  // resulting TLS Record(s).
  public void sendMessage (Message msg)
    throws IOException {
      // Here we write the message to TLS
      jout.writeMessage(msg);
  }

  // Set pathnames for certificate files
  private void setPathnames()
  {
    String PCEPath = JTlsUtil.getPCEPath(); // base path

    String PCERootPath = JTlsUtil.getPCERootPath(); // for root certs
    this.rootdir = PCERootPath;	// used later in genRootCert()

    String PCEClientPath = JTlsUtil.getPCEClientPath(); // for service certs
 
    // under unix: cm/pse/filename
    rootfile = PCERootPath + JTlsDefs.CLIENTROOT;
    keyfile = PCEClientPath + JTlsDefs.CLIENTSERVICE;
    ppPath = PCEClientPath + JTlsDefs.PASSPHRASE;

    // diffy hellman parameters.
    // dhfile = PCEPath + JTlsDefs.DHFILE;
    dhfile = null;		// not required with RSA

    // System.out.println("\nPeer certs: root CA = " + rootfile + 
    //                    ", service = " + keyfile);

  }

  // See of a destination peers root cert file is available
  //   We will get it out of the peer advertisement for this
  //   dest Addr, and verify it.
  private String getRootCert(EndpointAddress destAddr)
  {
    // Get the protocol Address;
    String peerID =  net.jxta.id.ID.URIEncodingName + ":" +
      net.jxta.id.ID.URNNamespace + ":" +
      destAddr.getProtocolAddress();
    
    // get our peerGroup
    PeerGroup pg = transport.getPeerGroup();

    // Now, get the discovery service for this peer
    DiscoveryService discovery = pg.getDiscoveryService();

    // Finally, get the enumeration with the advertisements
    Enumeration enum = null;
    String rc = null;		// The root cert

    try {

      // get the local advertisements for this peerID
      enum = discovery.getLocalAdvertisements(DiscoveryService.PEER, "PID", peerID);

      if (enum.hasMoreElements()) {

	// Extract the root certificate from the peer advertisement
	PeerAdvertisement adv = (PeerAdvertisement)enum.nextElement();
	
	// get the advertisement's service parameters for the peer group ClassID
	StructuredDocument doc = (StructuredDocument)adv.getServiceParam((ID)pg.peerGroupClassID);

	// get an enumeration of these parameters (there is just one)
	Enumeration children = doc.getChildren("RootCert");

	// Extract the root certificate
	rc = (String)(((TextElement)children.nextElement()).getValue());

	// Extrating removes the final "\n" that is required
	rc += "\n";

      } else {

	if (LOG.isEnabledFor(Priority.INFO)) 
	  LOG.info("getRootCert: enum is empty" + "\n  PID = " + peerID);

	return null;
      }

    } catch (Exception e) {

      // no peer adv (should not happen)

      if (LOG.isEnabledFor(Priority.INFO)) {
	LOG.info("getRootCert, Exception: " + e.getMessage());
	e.printStackTrace();
      }
	
      return null;
    }

    // Create a tmp file for the root cert
    String rcfileName = rootdir + peerID + ".pem";

    try {

      // write the certificate
      JTlsUtil.writeRootCert(rc, rcfileName);

    } catch (Exception s) {

      if (LOG.isEnabledFor(Priority.WARN)) 
	LOG.warn("genRootCert, Exception: " + s.getMessage());
      
      return null;
	
    }

    // return the file name to which the root cert has been written
    return rcfileName;

  }

  // Remove the remote peers temporary root cert.
  private void removeRootCertFile() {

    File f = new File(rootCertFile);
    try {
      // If not debugging, then remove the tmp file
      if (!LOG.isEnabledFor(Priority.INFO)) {

	f.delete();

      } else {

	LOG.info("Removed " + rootCertFile);

      }

    } catch (Exception e) {
      // should not happen. We just created and read it.
      return;
    }
  }

}