📄 jxsslsocketfactory.java
字号:
/*
* Load the keys from the 'certificate authority' keystore (the trusted server keystore) file.
*/
if (caKeystoreFile != null)
{
// caPassword may be null for some keystores (e.g. a 'JKS' keystore), and it is not an error.
caKeystore.load(new FileInputStream(caKeystoreFile), caPassphrase);
}
/**
* Create a trust manager using the default algorithm
* (can be set using 'ssl.TrustManagerFactory.algorithm=...' in java.security file - default is usually 'SunX509')
* - code suggestion from Vadim Tarassov
*/
String defaultTrustAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
caTrustManagerFactory = TrustManagerFactory.getInstance(defaultTrustAlgorithm);
/*
* Create a trust manager factory using the default java X509 certificate based trust manager.
*/
// caTrustManagerFactory = TrustManagerFactory.getInstance("SunX509");
/*
* Initialise the trust manager with the keystore containing the trusted server certs.
*/
caTrustManagerFactory.init(caKeystore);
/*
* Get the list of trust managers from the trust manager factory, to initialise the
* ssl context with.
*/
TrustManager[] caTrustManagers = caTrustManagerFactory.getTrustManagers();
caTrustManagers = JXTrustManager.convert(caTrustManagers, caKeystore, caKeystoreFile, caPassphrase, caKeystoreType, owner);
TrustManager[] trustedServerAndCAManagers = caTrustManagers;
sslctx.init(clientKeyManagers, trustedServerAndCAManagers, null);
factory = sslctx.getSocketFactory();
// we need to set/reset the default factory to take account of the new initialisation data received
// (this method may be called multiple times in the course of JXplorer's use.
synchronized(JXSSLSocketFactory.class)
{
default_factory = new JXSSLSocketFactory();
}
}
/**
* evil undocumented feature - can change SSL protocol on command line
* (needed for mainframe TOPSECRET folks who have want to use SSLv3).
* ... normally it just returns "TLS".
* @return
* @throws NoSuchAlgorithmException
*/
private static SSLContext setSSLContextProtocol() throws NoSuchAlgorithmException
{
SSLContext sslctx;
String protocol = System.getProperty("sslversion", "TLS"); // TLS for java 1.4
if (!"TLS".equals(protocol))
System.out.println("SECURITY WARNING: Using non-standard ssl version: '" + protocol + "'");
sslctx = SSLContext.getInstance(protocol);
return sslctx;
}
/**
* Checks that the files containing the keystores really exist.
* Throws an exception (that can be bubbled through to the gui)
* if they don't. This is much clearer than relying on the
* Sun ssl stuff to meaningfully report back the error :-).
*
* Also insist that we have at least one viable keystore to work with.
*/
private static void checkFileSanity(String caKeystoreFile, String clientKeystoreFile, char[] clientPassphrase)
throws SSLException
{
if (clientKeystoreFile == null && caKeystoreFile == null)
throw new SSLException("SSL Initialisation error: No valid keystore files available.");
if (caKeystoreFile != null)
if (new File(caKeystoreFile).exists() == false)
throw new SSLException("SSL Initialisation error: file '" + caKeystoreFile + "' does not exist.");
if (clientKeystoreFile != null && clientPassphrase != null)
if (new File(clientKeystoreFile).exists() == false)
throw new SSLException("SSL Initialisation error: file '" + clientKeystoreFile + "' does not exist.");
}
// DEBUG PRINT CODE - don't remove, can be quite usefull...
/*
KeyManager[] myKM = new KeyManager[keyManagers.length];
for (int i=0; i<keyManagers.length; i++)
{
myKM[i] = new MyX509KeyManager((X509KeyManager)keyManagers[i]);
}
TrustManager[] myTM = new TrustManager[trustManagers.length];
for (int i=0; i<trustManagers.length; i++)
{
myTM[i] = new MyX509TrustManager((X509TrustManager)trustManagers[i]);
}
System.out.println("Number of Keymanagers = " + myKM.length);
if (myKM.length >=1)
{
KeyManager bloop = myKM[0];
if (bloop == null) System.out.println("Bloop is Null???!");
System.out.println("bloop is a " + bloop.getClass());
if (bloop instanceof X509KeyManager)
{
System.out.println("bloop is X509KeyManager!");
String[] clients = ((X509KeyManager)bloop).getClientAliases("SunX509", null);
System.out.println("Num clients = " + clients.length);
for (int i=0; i<clients.length; i++)
System.out.println("client: " + i + " = " + clients[i]);
}
}
System.out.println("Number of Trustmanagers = " + myTM.length);
if (myTM.length >=1)
{
TrustManager bloop = myTM[0];
if (bloop == null) System.out.println("Bloop is Null???!");
System.out.println("bloop is a " + bloop.getClass());
if (bloop instanceof X509TrustManager)
{
System.out.println("bloop is X509TrustManager!");
((X509TrustManager)bloop).getAcceptedIssuers();
}
}
*/
/**
* Constructor
*/
public JXSSLSocketFactory()
{
}
/**
* <p>Return an instance of this class.</p>
*
* <p>Each call to 'init()' should reset the default factory.</p>
*
*
* @return An instance of JndiSocketFactory.
*/
public static SocketFactory getDefault()
{
synchronized(JXSSLSocketFactory.class)
{
if (default_factory == null)
default_factory = new JXSSLSocketFactory();
}
return default_factory;
}
public static KeyStore getClientKeyStore() {
return clientKeystore;
}
/**
* Return an SSLSocket (upcast to Socket) given host and port.
*
* @param host Name of the host to which the socket will be opened.
* @param port Port to connect to.
* @return An SSLSocket instance (as a Socket).
* @throws IOException If the connection can't be established.
* @throws UnknownHostException If the host is not known.
*/
public Socket createSocket(String host, int port)
throws IOException, UnknownHostException
{
return factory.createSocket(host, port);
}
/**
* Return an SSLSocket (upcast to Socket) given host and port.
*
* @param host Address of the server host.
* @param port Port to connect to.
* @return An SSLSocket instance (as a Socket).
* @throws IOException If the connection can't be established.
* @throws UnknownHostException If the host is not known.
*/
public Socket createSocket(InetAddress host, int port)
throws IOException, UnknownHostException
{
return factory.createSocket(host, port);
}
/**
* Return an SSLSocket (upcast to Socket) given host and port.
* The client is bound to the specified network address and port.
*
* @param host Address of the server host.
* @param port Port to connect to.
* @param client_host Address of this (client) host.
* @param port Port to connect from.
* @return An SSLSocket instance (as a Socket).
* @throws IOException If the connection can't be established.
* @throws UnknownHostException If the host is not known.
*/
public Socket createSocket(InetAddress host, int port,
InetAddress client_host, int client_port)
throws IOException, UnknownHostException
{
return factory.createSocket(host, port, client_host, client_port);
}
/**
* Return an SSLSocket (upcast to Socket) given host and port.
* The client is bound to the specified network address and port.
*
* @param host Address of the server host.
* @param port Port to connect to.
* @param client_host Address of this (client) host.
* @param port Port to connect from.
* @return An SSLSocket instance (as a Socket).
* @throws IOException If the connection can't be established.
* @throws UnknownHostException If the host is not known.
*/
public Socket createSocket(String host, int port,
InetAddress client_host, int client_port)
throws IOException, UnknownHostException
{
return factory.createSocket(host, port, client_host, client_port);
}
/**
* Return an SSLSocket layered on top of the given Socket.
*/
public Socket createSocket(Socket socket, String host, int port, boolean autoclose)
throws IOException, UnknownHostException
{
return factory.createSocket(socket, host, port, autoclose);
}
/**
* Return default cipher suites.
*/
public String[] getDefaultCipherSuites()
{
return factory.getDefaultCipherSuites();
}
/**
* Return supported cipher suites.
*/
public String[] getSupportedCipherSuites()
{
return factory.getSupportedCipherSuites();
}
}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -