1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
// --- BEGIN COPYRIGHT BLOCK ---
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; version 2 of the License.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License along
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
//
// (C) 2007 Red Hat, Inc.
// All rights reserved.
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmsutil.http;
import java.io.IOException;
import java.net.Socket;
import java.net.SocketException;
import java.net.UnknownHostException;
import org.mozilla.jss.CryptoManager;
import org.mozilla.jss.ssl.SSLCertificateApprovalCallback;
import org.mozilla.jss.ssl.SSLClientCertificateSelectionCallback;
import org.mozilla.jss.ssl.SSLHandshakeCompletedEvent;
import org.mozilla.jss.ssl.SSLHandshakeCompletedListener;
import org.mozilla.jss.ssl.SSLSocket;
import com.netscape.cmsutil.net.ISocketFactory;
/**
* Uses NSS ssl socket.
*
* @version $Revision$ $Date$
*/
public class JssSSLSocketFactory implements ISocketFactory {
private String mClientAuthCertNickname = null;
private SSLSocket s = null;
public JssSSLSocketFactory() {
}
public JssSSLSocketFactory(String certNickname) {
mClientAuthCertNickname = certNickname;
}
public Socket makeSocket(String host, int port)
throws IOException, UnknownHostException {
return makeSocket(host, port, null, null);
}
public Socket makeSocket(String host, int port,
SSLCertificateApprovalCallback certApprovalCallback,
SSLClientCertificateSelectionCallback clientCertCallback)
throws IOException, UnknownHostException {
try {
/*
* let inherit tls range and cipher settings
*/
s = new SSLSocket(host, port, null, 0, certApprovalCallback,
clientCertCallback);
s.setUseClientMode(true);
SSLHandshakeCompletedListener listener = null;
listener = new ClientHandshakeCB(this);
s.addHandshakeCompletedListener(listener);
if (mClientAuthCertNickname != null) {
// 052799 setClientCertNickname does not
// report error if the nickName is invalid.
// So we check this ourself using
// findCertByNickname
CryptoManager.getInstance().findCertByNickname(mClientAuthCertNickname);
s.setClientCertNickname(mClientAuthCertNickname);
}
s.forceHandshake();
} catch (org.mozilla.jss.crypto.ObjectNotFoundException e) {
throw new IOException(e.toString());
} catch (org.mozilla.jss.crypto.TokenException e) {
throw new IOException(e.toString());
} catch (UnknownHostException e) {
throw e;
} catch (IOException e) {
throw e;
} catch (Exception e) {
throw new IOException(e.toString());
}
return s;
}
public Socket makeSocket(String host, int port, int timeout)
throws IOException, UnknownHostException {
Thread t = new ConnectAsync(this, host, port);
t.start();
try {
t.join(1000 * timeout);
} catch (InterruptedException e) {
}
if (t.isAlive()) {
}
return s;
}
public void log(int level, String msg) {
}
static class ClientHandshakeCB implements SSLHandshakeCompletedListener {
Object sc;
public ClientHandshakeCB(Object sc) {
this.sc = sc;
}
public void handshakeCompleted(SSLHandshakeCompletedEvent event) {
}
}
}
|