diff options
Diffstat (limited to 'pki/base/util/src/com/netscape/cmsutil/http/JssSSLSocketFactory.java')
-rw-r--r-- | pki/base/util/src/com/netscape/cmsutil/http/JssSSLSocketFactory.java | 61 |
1 files changed, 28 insertions, 33 deletions
diff --git a/pki/base/util/src/com/netscape/cmsutil/http/JssSSLSocketFactory.java b/pki/base/util/src/com/netscape/cmsutil/http/JssSSLSocketFactory.java index 501886b54..45dc9d288 100644 --- a/pki/base/util/src/com/netscape/cmsutil/http/JssSSLSocketFactory.java +++ b/pki/base/util/src/com/netscape/cmsutil/http/JssSSLSocketFactory.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.http; - import java.io.IOException; import java.net.Socket; import java.net.SocketException; @@ -35,12 +34,12 @@ import com.netscape.cmsutil.net.ISocketFactory; /** * Uses NSS ssl socket. - * + * * @version $Revision$ $Date$ */ public class JssSSLSocketFactory implements ISocketFactory { private String mClientAuthCertNickname = null; - private SSLSocket s = null; + private SSLSocket s = null; public JssSSLSocketFactory() { } @@ -62,66 +61,62 @@ public class JssSSLSocketFactory implements ISocketFactory { SSLSocket.TLS_RSA_WITH_AES_256_CBC_SHA, SSLSocket.TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - //SSLSocket.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, - //SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, - //SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + // SSLSocket.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, + // SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + // SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSLSocket.TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSLSocket.TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSLSocket.TLS_DHE_RSA_WITH_AES_128_CBC_SHA, - SSLSocket.TLS_DHE_RSA_WITH_AES_256_CBC_SHA, - 0 - }; - + SSLSocket.TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 0 }; + static { int i; - for (i = SSLSocket.SSL2_RC4_128_WITH_MD5; - i <= SSLSocket.SSL2_RC2_128_CBC_EXPORT40_WITH_MD5; ++i) { + for (i = SSLSocket.SSL2_RC4_128_WITH_MD5; i <= SSLSocket.SSL2_RC2_128_CBC_EXPORT40_WITH_MD5; ++i) { try { SSLSocket.setCipherPreferenceDefault(i, false); - } catch( SocketException e) { + } catch (SocketException e) { } } - //skip SSL_EN_IDEA_128_EDE3_CBC_WITH_MD5 - for (i = SSLSocket.SSL2_DES_64_CBC_WITH_MD5; - i <= SSLSocket.SSL2_DES_192_EDE3_CBC_WITH_MD5; ++i) { + // skip SSL_EN_IDEA_128_EDE3_CBC_WITH_MD5 + for (i = SSLSocket.SSL2_DES_64_CBC_WITH_MD5; i <= SSLSocket.SSL2_DES_192_EDE3_CBC_WITH_MD5; ++i) { try { SSLSocket.setCipherPreferenceDefault(i, false); - } catch( SocketException e) { + } catch (SocketException e) { } } for (i = 0; cipherSuites[i] != 0; ++i) { try { SSLSocket.setCipherPreferenceDefault(cipherSuites[i], true); - } catch( SocketException e) { + } catch (SocketException e) { } } } - public Socket makeSocket(String host, int port) - throws IOException, UnknownHostException { + public Socket makeSocket(String host, int port) throws IOException, + UnknownHostException { return makeSocket(host, port, null, null); } - public Socket makeSocket(String host, int port, - SSLCertificateApprovalCallback certApprovalCallback, - SSLClientCertificateSelectionCallback clientCertCallback) - throws IOException, UnknownHostException { + public Socket makeSocket(String host, int port, + SSLCertificateApprovalCallback certApprovalCallback, + SSLClientCertificateSelectionCallback clientCertCallback) + throws IOException, UnknownHostException { try { s = new SSLSocket(host, port, null, 0, certApprovalCallback, - clientCertCallback); + clientCertCallback); for (int i = 0; cipherSuites[i] != 0; ++i) { try { SSLSocket.setCipherPreferenceDefault(cipherSuites[i], true); - } catch( SocketException e) { + } catch (SocketException e) { } } s.setUseClientMode(true); s.enableSSL2(false); - //TODO Do we rally want to set the default each time? + // TODO Do we rally want to set the default each time? SSLSocket.enableSSL2Default(false); s.enableV2CompatibleHello(false); @@ -135,7 +130,8 @@ public class JssSSLSocketFactory implements ISocketFactory { // report error if the nickName is invalid. // So we check this ourself using // findCertByNickname - X509Certificate cert = CryptoManager.getInstance().findCertByNickname(mClientAuthCertNickname); + X509Certificate cert = CryptoManager.getInstance() + .findCertByNickname(mClientAuthCertNickname); s.setClientCertNickname(mClientAuthCertNickname); } @@ -154,8 +150,8 @@ public class JssSSLSocketFactory implements ISocketFactory { return s; } - public Socket makeSocket(String host, int port, int timeout) - throws IOException, UnknownHostException { + public Socket makeSocket(String host, int port, int timeout) + throws IOException, UnknownHostException { Thread t = new ConnectAsync(this, host, port); t.start(); @@ -163,7 +159,7 @@ public class JssSSLSocketFactory implements ISocketFactory { t.join(1000 * timeout); } catch (InterruptedException e) { } - + if (t.isAlive()) { } @@ -179,9 +175,8 @@ public class JssSSLSocketFactory implements ISocketFactory { public ClientHandshakeCB(Object sc) { this.sc = sc; } - + public void handshakeCompleted(SSLHandshakeCompletedEvent event) { } } } - |