📄 jndisocketfactory.java
字号:
* Load the keystore from the client keystore file using the client
* keystore password.
*/
if (clientKeystoreFile != null)
clientKeystore.load(new FileInputStream(clientKeystoreFile), clientPassphrase);
}
/*
* Create a key manager using the default sun X509 key manager
*/
clientKeyManagerFactory = KeyManagerFactory.getInstance("SunX509");
/*
* Initialise the client keystore manager with the just loaded keystore,
* and the keystore password.
*/
clientKeyManagerFactory.init(clientKeystore, clientPassphrase);
}
/*
* Initialise the list of key managers (may be null if the client keystore is not
* being used).
*/
KeyManager[] keyManagers = null;
if (clientKeyManagerFactory != null)
keyManagers = clientKeyManagerFactory.getKeyManagers();
/*
* Initialise the trusted server certificate keystore.
*/
if (caKeystoreType == null)
caKeystoreType = DEFAULT_KEYSTORE_TYPE;
caKeystore = KeyStore.getInstance(caKeystoreType);
/*
* Load the keys from the 'certificate authority' keystore (the trusted server keystore) file.
*/
if (caKeystoreFile != null)
{
// caPassword may be null for some keystores (e.g. a 'JKS' keystore), and it is not an error.
//if (caPassphrase == null && DEFAULT_KEYSTORE_TYPE.equals(caKeystoreType) == false)
// throw new Exception("Internal SSL Initialisation error: No password for non standard trusted server (CA) keystore.");
caKeystore.load(new FileInputStream(caKeystoreFile), caPassphrase);
}
/*
* Create a trust manager factory using the default java X509 certificate based trust manager.
*/
caTrustManagerFactory = TrustManagerFactory.getInstance("SunX509");
/*
* Initialise the trust manager with the keystore containing the trusted server certs.
*/
caTrustManagerFactory.init(caKeystore);
/*
* Get the list of trust managers from the trust manager factory, to initialise the
* ssl context with.
*/
TrustManager[] trustManagers = caTrustManagerFactory.getTrustManagers();
sslctx.init(keyManagers, trustManagers, null);
synchronized(JndiSocketFactory.class)
{
factory = sslctx.getSocketFactory();
default_factory = new JndiSocketFactory();
}
}
catch (GeneralSecurityException e)
{
NamingException ne = new NamingException("security error: unable to initialise JndiSocketFactory");
ne.initCause(e);
throw ne;
}
catch (IOException e)
{
NamingException ne = new NamingException("file access error: unable to initialise JndiSocketFactory");
ne.initCause(e);
throw ne;
}
}
/**
* Checks that the files containing the keystores really exist.
* Throws an exception (that can be bubbled through to the gui)
* if they don't. This is much clearer than relying on the
* Sun ssl stuff to meaningfully report back the error :-).
*/
private static void checkFileSanity(String caKeystoreFile, String clientKeystoreFile, char[] clientPassphrase)
throws NamingException
{
if (clientKeystoreFile == null && caKeystoreFile == null)
throw new NamingException("SSL Initialisation error: No valid keystore files available.");
if (caKeystoreFile != null)
if (new File(caKeystoreFile).exists() == false)
throw new NamingException("SSL Initialisation error: file '" + caKeystoreFile + "' does not exist.");
if (clientKeystoreFile != null && clientPassphrase != null)
if (new File(clientKeystoreFile).exists() == false)
throw new NamingException("SSL Initialisation error: file '" + clientKeystoreFile + "' does not exist.");
}
// DEBUG PRINT CODE
/*
KeyManager[] myKM = new KeyManager[keyManagers.length];
for (int i=0; i<keyManagers.length; i++)
{
myKM[i] = new MyX509KeyManager((X509KeyManager)keyManagers[i]);
}
TrustManager[] myTM = new TrustManager[trustManagers.length];
for (int i=0; i<trustManagers.length; i++)
{
myTM[i] = new MyX509TrustManager((X509TrustManager)trustManagers[i]);
}
System.out.println("Number of Keymanagers = " + myKM.length);
if (myKM.length >=1)
{
KeyManager bloop = myKM[0];
if (bloop == null) System.out.println("Bloop is Null???!");
System.out.println("bloop is a " + bloop.getClass());
if (bloop instanceof X509KeyManager)
{
System.out.println("bloop is X509KeyManager!");
String[] clients = ((X509KeyManager)bloop).getClientAliases("SunX509", null);
System.out.println("Num clients = " + clients.length);
for (int i=0; i<clients.length; i++)
System.out.println("client: " + i + " = " + clients[i]);
}
}
System.out.println("Number of Trustmanagers = " + myTM.length);
if (myTM.length >=1)
{
TrustManager bloop = myTM[0];
if (bloop == null) System.out.println("Bloop is Null???!");
System.out.println("bloop is a " + bloop.getClass());
if (bloop instanceof X509TrustManager)
{
System.out.println("bloop is X509TrustManager!");
((X509TrustManager)bloop).getAcceptedIssuers();
}
}
*/
/**
* Constructor
*/
public JndiSocketFactory()
{
}
/**
* Return an instance of this class.
*
* @return An instance of JndiSocketFactory.
*/
public static SocketFactory getDefault()
{
synchronized(JndiSocketFactory.class)
{
if (default_factory == null)
default_factory = new JndiSocketFactory();
}
return (SocketFactory)default_factory;
}
public static KeyStore getClientKeyStore() {
return clientKeystore;
}
/**
* Return an SSLSocket (upcast to Socket) given host and port.
*
* @param host Name of the host to which the socket will be opened.
* @param port Port to connect to.
* @return An SSLSocket instance (as a Socket).
* @throws IOException If the connection can't be established.
* @throws UnknownHostException If the host is not known.
*/
public Socket createSocket(String host, int port)
throws IOException, UnknownHostException
{
return factory.createSocket(host, port);
}
/**
* Return an SSLSocket (upcast to Socket) given host and port.
*
* @param host Address of the server host.
* @param port Port to connect to.
* @return An SSLSocket instance (as a Socket).
* @throws IOException If the connection can't be established.
* @throws UnknownHostException If the host is not known.
*/
public Socket createSocket(InetAddress host, int port)
throws IOException, UnknownHostException
{
return factory.createSocket(host, port);
}
/**
* Return an SSLSocket (upcast to Socket) given host and port.
* The client is bound to the specified network address and port.
*
* @param host Address of the server host.
* @param port Port to connect to.
* @param client_host Address of this (client) host.
* @param port Port to connect from.
* @return An SSLSocket instance (as a Socket).
* @throws IOException If the connection can't be established.
* @throws UnknownHostException If the host is not known.
*/
public Socket createSocket(InetAddress host, int port,
InetAddress client_host, int client_port)
throws IOException, UnknownHostException
{
return factory.createSocket(host, port, client_host, client_port);
}
/**
* Return an SSLSocket (upcast to Socket) given host and port.
* The client is bound to the specified network address and port.
*
* @param host Address of the server host.
* @param port Port to connect to.
* @param client_host Address of this (client) host.
* @param port Port to connect from.
* @return An SSLSocket instance (as a Socket).
* @throws IOException If the connection can't be established.
* @throws UnknownHostException If the host is not known.
*/
public Socket createSocket(String host, int port,
InetAddress client_host, int client_port)
throws IOException, UnknownHostException
{
return factory.createSocket(host, port, client_host, client_port);
}
/**
* Return an SSLSocket layered on top of the given Socket.
*/
public Socket createSocket(Socket socket, String host, int port, boolean autoclose)
throws IOException, UnknownHostException
{
return factory.createSocket(socket, host, port, autoclose);
}
/**
* Return default cipher suites.
*/
public String[] getDefaultCipherSuites()
{
return factory.getDefaultCipherSuites();
}
/**
* Return supported cipher suites.
*/
public String[] getSupportedCipherSuites()
{
return factory.getSupportedCipherSuites();
}
}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -