socketurl.java

java开源的企业总线.xmlBlaster

java javaclients.HelloWorldPublish -plugin/socket/SSL true -plugin/socket/keyStore testStore -plugin/socket/keyStorePassword testtest
    * </pre>
    * @param backlog Socket parameter
    * @param address The configuration environment
    */
   public java.net.ServerSocket createServerSocketSSL(int backlog, AddressBase address) throws XmlBlasterException {

      /*
       TODO: Make trustStore,keyStore etc. static as they never change after startup, to avoid
             reparsing environment 
      */
      String trustStore = address.getEnv("trustStore", System.getProperty("javax.net.ssl.trustStore", "")).getValue();
      if (trustStore != "") {
         log.info("SSL server socket enabled for " + address.getRawAddress() + ", trustStore="+trustStore);
         System.setProperty("javax.net.ssl.trustStore", trustStore);
      }
      else {
         log.warning("SSL server socket is configured but no trustStore is specified, see http://www.xmlblaster.org/xmlBlaster/doc/requirements/protocol.socket.html#SSL");
      }

      String trustStorePassword = address.getEnv("trustStorePassword", System.getProperty("javax.net.ssl.trustStorePassword", "")).getValue();
      if (trustStorePassword != "") {
      }
      else {
         log.fine("SSL client socket is configured but no trustStorePassword is specified, see http://www.xmlblaster.org/xmlBlaster/doc/requirements/protocol.socket.html#SSL");
         System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword);
      }
      
      String keyStore = address.getEnv("keyStore", System.getProperty("javax.net.ssl.keyStore", "")).getValue();
      if (keyStore != "") {
         log.info("SSL server socket enabled for " + address.getRawAddress() + ", keyStore="+keyStore);
         System.setProperty("javax.net.ssl.keyStore", keyStore);
      }
      else {
         log.warning("SSL server socket is enabled but no keyStore is specified, see http://www.xmlblaster.org/xmlBlaster/doc/requirements/protocol.socket.html#SSL");
      }

      String keyStorePassword = address.getEnv("keyStorePassword", System.getProperty("javax.net.ssl.keyStorePassword", "")).getValue();
      if (keyStorePassword != "") {
         System.setProperty("javax.net.ssl.keyStorePassword", keyStorePassword);
      }
      else {
         log.warning("SSL server socket is enabled but no keyStorePassword is specified, see http://www.xmlblaster.org/xmlBlaster/doc/requirements/protocol.socket.html#SSL");
      }

      try  {
         javax.net.ssl.SSLServerSocket sock = (javax.net.ssl.SSLServerSocket)
                  javax.net.ssl.SSLServerSocketFactory.getDefault().createServerSocket(getPort(), backlog, getInetAddress());

         boolean needClientAuth = address.getEnv("needClientAuth", false).getValue();
         log.info("SSL server socket is configured with needClientAuth=" + needClientAuth + ": SSL client authentication is " + (needClientAuth==true?"":"NOT ") + "enabled");
         sock.setNeedClientAuth(needClientAuth);
         return sock;
      }
      catch (Exception e) {
         if (log.isLoggable(Level.FINE)) log.fine("Can't switch on SSL socket: " + e.toString() + " : " + e.getCause());
         Throwable tt = (e.getCause() != null) ? e.getCause() : e;
         throw new XmlBlasterException(glob, ErrorCode.RESOURCE_CONFIGURATION_SSLSOCKET, ME, 
                        "Can't switch on SSL socket, check your keyStore and keyStorePassword or socket configuration", tt);
      }
      finally {
         System.setProperty("javax.net.ssl.keyStore", "");
         System.setProperty("javax.net.ssl.keyStorePassword", "");
      }
   }

   /**
    * Helper to create a SSL socket, uses reflection to compile with JDK 1.3
    * SSL support can't be used with a standard JDK 1.3
    * @param localSocketUrl null or a configured local socket setting
    * @param address The configuration environment
    */
   public java.net.Socket createSocketSSL(SocketUrl localSocketUrl, AddressBase address) throws XmlBlasterException {

      /*
       NOTE: In a cluster environment you may have established a SSL server socket before.
       These settings are still valid when we later are a SSL client to a remote cluster node
       in which case no additional settings are needed here (they are actually ignored by the JDK ssl implementation)
      */

      // Configure a stand alone client key store (containing the clients private key)
      String keyStore = address.getEnv("keyStore", System.getProperty("javax.net.ssl.keyStore", "")).getValue();
      if (keyStore != "") {
         log.info("SSL client socket enabled for " + address.getRawAddress() + ", keyStore="+keyStore);
         System.setProperty("javax.net.ssl.keyStore", keyStore);
      }

      String keyStorePassword = address.getEnv("keyStorePassword", System.getProperty("javax.net.ssl.keyStorePassword", "")).getValue();
      if (keyStorePassword != "") {
         System.setProperty("javax.net.ssl.keyStorePassword", keyStorePassword);
      }
      else {
         log.warning("SSL client socket is enabled but no keyStorePassword is specified, see http://www.xmlblaster.org/xmlBlaster/doc/requirements/protocol.socket.html#SSL");
      }

      // The trustStore file can be identical to the server side keyStore file:
      String trustStore = address.getEnv("trustStore", System.getProperty("javax.net.ssl.trustStore", "")).getValue();
      String trustStorePassword = address.getEnv("trustStorePassword", System.getProperty("javax.net.ssl.trustStorePassword", "")).getValue();
      if (trustStore != "") {
         if (firstTrust) {
            log.info("SSL client socket enabled, trustStore="+trustStore);
            firstTrust = false;
         }
      }
      else {
         if (log.isLoggable(Level.FINE)) log.fine("SSL client socket is configured but no trustStore is specified we now check your keyStore setting ..., see http://www.xmlblaster.org/xmlBlaster/doc/requirements/protocol.socket.html#SSL");
         // Reuse a server store if one is found
         trustStore = address.getEnv("keyStore", System.getProperty("javax.net.ssl.keyStore", "")).getValue();
      }
      if (trustStorePassword != "") {
      }
      else {
         if (log.isLoggable(Level.FINE)) log.fine("SSL client socket is configured but no trustStorePassword is specified we now check your keyStorePassword setting ..., see http://www.xmlblaster.org/xmlBlaster/doc/requirements/protocol.socket.html#SSL");
         // Reuse a server store if one is found
         trustStorePassword = address.getEnv("keyStorePassword", System.getProperty("javax.net.ssl.keyStorePassword", "")).getValue();
      }

      if (trustStore != "") {
         System.setProperty("javax.net.ssl.trustStore", trustStore);
      }
      if (trustStorePassword != "") {
         System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword);
      }

      java.net.Socket retSock = null;

      try  {
         boolean findStoreInXmlBlasterSearchPath = address.getEnv("findStoreInXmlBlasterSearchPath", false).getValue();

         if (findStoreInXmlBlasterSearchPath) {
            javax.net.ssl.KeyManagerFactory kmf = null;    // since JDK 1.4
            javax.net.ssl.TrustManagerFactory tmf = null;

            // Can be changed by "keystore.type" in JAVA_HOME/lib/security/java.security, defaults to "jks"
            // "JKS" in caps works ok on java 1.4.x.. on java 1.5 you must use "jks" in lowercase
            String storeType = address.getEnv("keystore.type", java.security.KeyStore.getDefaultType()).getValue();

            {  // keyStore with my private key
               FileLocator locator = new FileLocator(glob);
               URL url = locator.findFileInXmlBlasterSearchPath((String)null, keyStore);
               if (url != null) {
                  InputStream in = url.openStream();
                  java.security.KeyStore ks = java.security.KeyStore.getInstance(storeType); // since JDK 1.2
                  ks.load(in, keyStorePassword.toCharArray());
                  kmf = javax.net.ssl.KeyManagerFactory.getInstance(javax.net.ssl.KeyManagerFactory.getDefaultAlgorithm());
                  kmf.init(ks, keyStorePassword.toCharArray());
                  if (firstKey) {
                     log.info("SSL client socket keyStore="+url.getFile().toString());
                     firstKey = false;
                  }
               }
               else {
                  log.warning("SSL client socket can't find keyStore=" + keyStore + " in xmlBlaster search pathes, see http://www.xmlblaster.org/xmlBlaster/doc/requirements/protocol.socket.html#SSL");
               }
            }
            {  // trustStore with others public keys
               FileLocator locator = new FileLocator(glob);
               URL url = locator.findFileInXmlBlasterSearchPath((String)null, trustStore);
               if (url != null) {
                  InputStream in = url.openStream();
                  java.security.KeyStore ks = java.security.KeyStore.getInstance(storeType);
                  ks.load(in, trustStorePassword.toCharArray());
                  tmf = javax.net.ssl.TrustManagerFactory.getInstance(javax.net.ssl.TrustManagerFactory.getDefaultAlgorithm());
                  tmf.init(ks);
                  if (firstTrust) {
                     log.info("SSL client socket trustStore="+url.getFile().toString());
                     firstTrust = false;
                  }
                  else {
                     log.warning("SSL client socket can't find trustStore=" + trustStore + " in xmlBlaster search pathes, see http://www.xmlblaster.org/xmlBlaster/doc/requirements/protocol.socket.html#SSL");
                  }
               }
            }

            javax.net.ssl.SSLContext ctx = javax.net.ssl.SSLContext.getInstance("SSLv3");
            java.security.SecureRandom random = null; // since JDK 1.2
            ctx.init((kmf==null)?null:kmf.getKeyManagers(), (tmf==null)?null:tmf.getTrustManagers(), random);
            javax.net.ssl.SSLSocketFactory ssf = ctx.getSocketFactory(); // since JDK 1.4
            if (localSocketUrl != null && localSocketUrl.getPort() > -1)
               retSock = ssf.createSocket(getInetAddress(),
                          getPort(), localSocketUrl.getInetAddress(), localSocketUrl.getPort());
            else
               retSock = ssf.createSocket(getInetAddress(), getPort());
         }
         else {
            if (!new java.io.File(keyStore).canRead()) {
               log.warning("SSL client socket is enabled but i can't read keyStore=" + keyStore + ", see http://www.xmlblaster.org/xmlBlaster/doc/requirements/protocol.socket.html#SSL");
            }

            if (localSocketUrl != null && localSocketUrl.getPort() > -1)
               retSock = javax.net.ssl.SSLSocketFactory.getDefault().createSocket(getInetAddress(),
                        getPort(), localSocketUrl.getInetAddress(), localSocketUrl.getPort());
            else
               retSock = javax.net.ssl.SSLSocketFactory.getDefault().createSocket(getInetAddress(), getPort());
         }
      }
      catch (Exception e) {
         if (log.isLoggable(Level.FINE)) log.fine("Can't switch on SSL socket: " + e.toString() + " : " + e.getCause());
         Throwable tt = (e.getCause() != null) ? e.getCause() : e;
         throw new XmlBlasterException(glob, ErrorCode.COMMUNICATION_NOCONNECTION, ME, 
                        "SSL XmlBlaster server is unknown, '-dispatch/connection/plugin/socket/hostname=<ip>'", tt);
      }
      finally {
         System.setProperty("javax.net.ssl.trustStore", "");
         System.setProperty("javax.net.ssl.trustStorePassword", "");
      }
      return retSock;
   }

   /** java org.xmlBlaster.protocol.socket.SocketUrl socket://localhost:7609 */
   public static void main(String[] args) {
      try {
         if (args.length > 0) {
            SocketUrl s = new SocketUrl(Global.instance(), args[0]);
            System.out.println(args[0] + " -> " + s.getUrl() + " hostname=" + s.getHostname() + " port=" + s.getPort());
         }
      }
      catch (Throwable e) {
         System.out.println("ERROR: " + e.toString());
      }
   }
}