protocol.java

This is a resource based on j2me embedded,if you dont understand,you can connection with me .

/*
 *  
 *
 * Copyright  1990-2007 Sun Microsystems, Inc. All Rights Reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER
 * 
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License version
 * 2 only, as published by the Free Software Foundation.
 * 
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * General Public License version 2 for more details (a copy is
 * included at /legal/license.txt).
 * 
 * You should have received a copy of the GNU General Public License
 * version 2 along with this work; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
 * 02110-1301 USA
 * 
 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
 * Clara, CA 95054 or visit www.sun.com if you need additional
 * information or have any questions.
 */

package com.sun.midp.io.j2me.https;

import java.util.Hashtable;
import java.util.Enumeration;
import java.util.Vector;

import java.io.IOException;
import java.io.InterruptedIOException;
import java.io.InputStream;
import java.io.OutputStream;

import javax.microedition.io.*;

import javax.microedition.pki.*;

import com.sun.j2me.security.*;

import com.sun.midp.pki.*;

import com.sun.midp.ssl.*;

import com.sun.midp.main.Configuration;

import com.sun.midp.io.*;

import com.sun.midp.io.j2me.http.*;

import com.sun.midp.publickeystore.WebPublicKeyStore;

import com.sun.midp.security.*;

import com.sun.midp.log.Logging;
import com.sun.midp.log.LogChannels;

import com.sun.midp.util.Properties;

/**
 * This class implements the necessary functionality
 * for an HTTPS connection. With support for HTTPS tunneling.
 * <center><img src="doc-files/https.gif" width=735 height=193
 * ALT="https diagram"></center> 
 * <p>
 * Handshake error codes at the beginning of IOException messages:</p>
 * <blockquote><p>
 *   (1) certificate is expired
 * </p><p>
 *   (2) certificate is not yet valid
 * </p><p>
 *   (3)  certificate failed signature verification
 * </p><p>
 *   (4)  certificate was signed using an unsupported algorithm
 * </p><p>
 *   (5)  certificate was issued by an unrecognized certificate authority
 * </p><p>
 *   (6)  certificate does not contain the correct site name
 * </p><p>
 *   (7)  certificate chain exceeds the length allowed
 * </p><p>
 *   (8)  certificate does not contain a signature
 * </p><p>
 *   (9)  version 3 certificate has unrecognized critical extensions
 * </p><p>
 *   (10) version 3 certificate has an inappropriate keyUsage or
 *        extendedKeyUsage extension
 * </p><p>
 *   (11) certificate in the a chain was not issued by the next
 *        authority in the chain
 * </p><p>
 *   (12) trusted certificate authority's public key is expired
 * </p></blockquote>
 */
public class Protocol extends com.sun.midp.io.j2me.http.Protocol
    implements HttpsConnection {

    /** HTTP permission name. */
    private static final String HTTPS_PERMISSION_NAME =
        "javax.microedition.io.Connector.https";

    /** Common name label. */
    private static final String COMMON_NAME_LABEL = "CN=";

    /** Common name label length. */
    private static final int COMMON_NAME_LABEL_LENGTH =
        COMMON_NAME_LABEL.length();

    /**
     * Inner class to request security token from SecurityInitializer.
     * SecurityInitializer should be able to check this inner class name.
     */
    static private class SecurityTrusted
        implements ImplicitlyTrustedClass {};

    /** This class has a different security domain than the MIDlet suite */
    private static SecurityToken classSecurityToken =
        SecurityInitializer.requestToken(new SecurityTrusted());

    /**
     * The methods other than openPrim need to know that the
     * permission occurred.
     */
    private boolean permissionChecked;

    /** True if the owner of this connection is trusted. */
    private boolean ownerTrusted;

    /**
     * Parse the common name out of a distinguished name.
     *
     * @param name distinguished name
     *
     * @return common name attribute without the label
     */
    private static String getCommonName(String name) {
        int start;
        int end;

        if (name == null) {
            return null;
        }

        /* The common name starts with "CN=" label */
        start = name.indexOf(COMMON_NAME_LABEL);
        if (start < 0) {
            return null;
        }

        start += COMMON_NAME_LABEL_LENGTH;
        end = name.indexOf(';', start);
        if (end < 0) {
            end = name.length();
        }

        return name.substring(start, end);
    }

    /**
     * Check to see if the site name given by the user matches the site
     * name of subject in the certificate. The method supports the wild card
     * character for the machine name if a domain name is included after it.
     *
     * @param siteName site name the user provided
     * @param certName site name of the subject from a certificate
     *
     * @return true if the common name checks out, else false
     */
    private static boolean checkSiteName(String siteName, String certName) {
        int startOfDomain;
        int domainLength;

        if (certName == null) {
            return false;
        }

        // try the easy way first, ignoring case
        if ((siteName.length() == certName.length()) &&
            siteName.regionMatches(true, 0, certName, 0,
                                   certName.length())) {
            return true;
        }

        if (!certName.startsWith("*.")) {
            // not a wild card, done
            return false;
        }

        startOfDomain = siteName.indexOf('.');
        if (startOfDomain == -1) {
            // no domain name
            return false;
        }

        // skip past the '.'
        startOfDomain++;

        domainLength = siteName.length() - startOfDomain;
        if ((certName.length() - 2) != domainLength) {
            return false;
        }

        // compare the just the domain names, ignoring case
        if (siteName.regionMatches(true, startOfDomain, certName, 2,
                                   domainLength)) {
            return true;
        }

        return false;
    }

    /** collection of "Proxy-" headers as name/value pairs */
    private Properties proxyHeaders = new Properties();

    /** Underlying SSL connection. */
    private SSLStreamConnection sslConnection;

    /**
     * Create a new instance of this class. Override the some of the values
     * in our super class.
     */
    public Protocol() {
        protocol = "https";
        default_port = 443; // 443 is the default port for HTTPS
    }

    /**
     * Sets up the state of the connection, but
     * does not actually connect to the server until there's something
     * to do.
     * <p>
     * Warning: A subclass that implements this method, not call this
     * method and should also implement the disconnect method.
     *
     * @param name             The URL for the connection, without the
     *                         without the protocol part.
     * @param mode             The access mode, ignored
     * @param timeouts         A flag to indicate that the called wants
     *                         timeout exceptions, ignored
     *
     * @return reference to this connection
     *
     * @exception IllegalArgumentException If a parameter is invalid.
     * @exception ConnectionNotFoundException If the connection cannot be
     *             found.
     * @exception IOException  If some other kind of I/O error occurs.
     */
    public Connection openPrim(String name, int mode, boolean timeouts)
        throws IOException, IllegalArgumentException,
        ConnectionNotFoundException {

        checkForPermission(name);

        initStreamConnection(mode);

        url = new HttpUrl(protocol, name);

        if (url.port == -1) {
            url.port = default_port;
        }

        if (url.host == null) {
            throw new IllegalArgumentException("missing host in URL");
        }

        hostAndPort = url.host + ":" + url.port;

        return this;
    }
    
    /**
     * Check for the required permission.
     *
     * @param name name of resource to insert into the permission question
     *
     * @exception IOInterruptedException if another thread interrupts the
     *   calling thread while this method is waiting to preempt the
     *   display.
     */
    private void checkForPermission(String name)
            throws InterruptedIOException {

        name = protocol + ":" + name;

        try {