Author: pferraro
Date: 2008-09-11 13:03:43 -0400 (Thu, 11 Sep 2008)
New Revision: 1802
Modified:
trunk/mod_cluster/src/main/java/org/jboss/modcluster/mcmp/impl/JSSESocketFactory.java
Log:
Code cleanup.
Extends javax.net.SocketFactory for convenience.
Modified:
trunk/mod_cluster/src/main/java/org/jboss/modcluster/mcmp/impl/JSSESocketFactory.java
===================================================================
---
trunk/mod_cluster/src/main/java/org/jboss/modcluster/mcmp/impl/JSSESocketFactory.java 2008-09-11
16:56:41 UTC (rev 1801)
+++
trunk/mod_cluster/src/main/java/org/jboss/modcluster/mcmp/impl/JSSESocketFactory.java 2008-09-11
17:03:43 UTC (rev 1802)
@@ -24,6 +24,8 @@
import java.io.InputStream;
import java.net.InetAddress;
import java.net.Socket;
+import java.net.UnknownHostException;
+import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.CRL;
@@ -31,14 +33,18 @@
import java.security.cert.CertPathParameters;
import java.security.cert.CertStore;
import java.security.cert.CertStoreParameters;
-import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
+import java.util.ArrayList;
+import java.util.Arrays;
import java.util.Collection;
-import java.util.Vector;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+import javax.net.SocketFactory;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
@@ -51,6 +57,7 @@
import javax.net.ssl.X509KeyManager;
import org.apache.tomcat.util.res.StringManager;
+import org.jboss.logging.Logger;
import org.jboss.modcluster.config.SSLConfiguration;
/*
@@ -72,481 +79,376 @@
* @author Jan Luehe
* @author Bill Barker
*/
-public class JSSESocketFactory {
+public class JSSESocketFactory extends SocketFactory
+{
+ private static StringManager sm =
StringManager.getManager("org.apache.tomcat.util.net.jsse.res");
- private static StringManager sm =
- StringManager.getManager("org.apache.tomcat.util.net.jsse.res");
+ static Logger log = Logger.getLogger(JSSESocketFactory.class);
- static org.jboss.logging.Logger log =
- org.jboss.logging.Logger.getLogger(JSSESocketFactory.class);
+ private SSLSocketFactory socketFactory = null;
+ private String[] enabledCiphers;
+ private SSLConfiguration config = null;
- protected boolean initialized;
- //protected String clientAuth = "false";
- protected SSLSocketFactory sslProxy = null;
- protected String[] enabledCiphers;
- protected SSLConfiguration config = null;
-
- /**
- * Flag to state that we require client authentication.
- */
- //protected boolean requireClientAuth = false;
+ public JSSESocketFactory(SSLConfiguration config)
+ {
+ this.config = config;
+
+ try
+ {
+ // Create and init SSLContext
+ SSLContext context = SSLContext.getInstance(this.config.getSslProtocol());
+
+ KeyManager[] keyManagers = this.getKeyManagers();
+ TrustManager[] trustManagers = this.getTrustManagers();
+
+ context.init(keyManagers, trustManagers, new SecureRandom());
+
+ // create proxy
+ this.socketFactory = context.getSocketFactory();
+
+ String ciphers = this.config.getSslCiphers();
+
+ this.enabledCiphers = (ciphers != null) ? getEnabled(ciphers,
this.socketFactory.getSupportedCipherSuites()) :
this.socketFactory.getDefaultCipherSuites();
+ }
+ catch (GeneralSecurityException e)
+ {
+ throw new IllegalStateException(e);
+ }
+ catch (IOException e)
+ {
+ throw new IllegalStateException(e);
+ }
+ }
- /**
- * Flag to state that we would like client authentication.
- */
- //protected boolean wantClientAuth = false;
+ /**
+ * @{inheritDoc}
+ * @see javax.net.SocketFactory#createSocket()
+ */
+ @Override
+ public Socket createSocket() throws IOException
+ {
+ Socket socket = this.socketFactory.createSocket();
+ this.initSocket(socket);
+ return socket;
+ }
+ /**
+ * @{inheritDoc}
+ * @see
org.jboss.modcluster.mcmp.impl.SocketFactory#createSocket(java.net.InetAddress, int)
+ */
+ @Override
+ public Socket createSocket(InetAddress host, int port) throws IOException
+ {
+ Socket socket = this.socketFactory.createSocket(host, port);
+ this.initSocket(socket);
+ return socket;
+ }
- public JSSESocketFactory (SSLConfiguration config) {
- this.config = config;
- }
+ /**
+ * @{inheritDoc}
+ * @see javax.net.SocketFactory#createSocket(java.net.InetAddress, int,
java.net.InetAddress, int)
+ */
+ @Override
+ public Socket createSocket(InetAddress address, int port, InetAddress localAddress,
int localPort) throws IOException
+ {
+ Socket socket = this.socketFactory.createSocket(address, port, localAddress,
localPort);
+ this.initSocket(socket);
+ return socket;
+ }
- public Socket createSocket (InetAddress ifAddress, int port)
- throws IOException
- {
- if (!initialized) init();
- Socket socket = sslProxy.createSocket(ifAddress, port);
- initSocket(socket);
- return socket;
- }
-
- public void handshake(Socket sock) throws IOException {
- ((SSLSocket)sock).startHandshake();
- }
+ /**
+ * @{inheritDoc}
+ * @see javax.net.SocketFactory#createSocket(java.lang.String, int,
java.net.InetAddress, int)
+ */
+ @Override
+ public Socket createSocket(String host, int port, InetAddress localAddress, int
localPort) throws IOException, UnknownHostException
+ {
+ Socket socket = this.socketFactory.createSocket(host, port, localAddress,
localPort);
+ this.initSocket(socket);
+ return socket;
+ }
- /*
- * Determines the SSL cipher suites to be enabled.
- *
- * @param requestedCiphers Comma-separated list of requested ciphers
- * @param supportedCiphers Array of supported ciphers
- *
- * @return Array of SSL cipher suites to be enabled, or null if none of the
- * requested ciphers are supported
- */
- protected String[] getEnabledCiphers(String requestedCiphers,
- String[] supportedCiphers) {
+ /**
+ * @{inheritDoc}
+ * @see javax.net.SocketFactory#createSocket(java.lang.String, int)
+ */
+ @Override
+ public Socket createSocket(String host, int port) throws IOException,
UnknownHostException
+ {
+ Socket socket = this.socketFactory.createSocket(host, port);
+ this.initSocket(socket);
+ return socket;
+ }
- String[] enabledCiphers = null;
+ public void handshake(Socket socket) throws IOException
+ {
+ if (!(socket instanceof SSLSocket))
+ {
+ throw new IllegalArgumentException();
+ }
+
+ ((SSLSocket) socket).startHandshake();
+ }
- if (requestedCiphers != null) {
- Vector<String> vec = null;
- String cipher = requestedCiphers;
- int index = requestedCiphers.indexOf(',');
- if (index != -1) {
- int fromIndex = 0;
- while (index != -1) {
- cipher = requestedCiphers.substring(fromIndex, index).trim();
- if (cipher.length() > 0) {
- /*
- * Check to see if the requested cipher is among the
- * supported ciphers, i.e., may be enabled
- */
- for (int i=0; supportedCiphers != null
- && i<supportedCiphers.length; i++) {
- if (supportedCiphers[i].equals(cipher)) {
- if (vec == null) {
- vec = new Vector<String>();
- }
- vec.addElement(cipher);
- break;
- }
- }
- }
- fromIndex = index+1;
- index = requestedCiphers.indexOf(',', fromIndex);
- } // while
- cipher = requestedCiphers.substring(fromIndex);
+ private static String[] getEnabled(String requested, String[] supported)
+ {
+ if (requested == null) return null;
+
+ Set<String> supportedSet = new
HashSet<String>(Arrays.asList(supported));
+
+ String[] tokens = requested.split(",");
+ List<String> enabled = new ArrayList<String>(tokens.length);
+
+ for (String token: tokens)
+ {
+ token = token.trim();
+
+ if (token.length() > 0)
+ {
+ if (supportedSet.contains(token))
+ {
+ enabled.add(token);
}
+ }
+ }
+
+ return !enabled.isEmpty() ? enabled.toArray(new String[enabled.size()]) : null;
+ }
+
+ /*
+ * Gets the SSL server's keystore.
+ */
+ private KeyStore getKeystore() throws IOException
+ {
+ return this.getStore(this.config.getSslKeyStoreType(),
this.config.getSslKeyStoreProvider(), this.config.getSslKeyStore(),
this.config.getSslKeyStorePass());
+ }
- if (cipher != null) {
- cipher = cipher.trim();
- if (cipher.length() > 0) {
- /*
- * Check to see if the requested cipher is among the
- * supported ciphers, i.e., may be enabled
- */
- for (int i=0; supportedCiphers != null
- && i<supportedCiphers.length; i++) {
- if (supportedCiphers[i].equals(cipher)) {
- if (vec == null) {
- vec = new Vector<String>();
- }
- vec.addElement(cipher);
- break;
- }
- }
- }
- }
+ /*
+ * Gets the SSL server's truststore.
+ */
+ protected KeyStore getTrustStore() throws IOException
+ {
+ String trustStore = this.config.getSslTrustStore();
+
+ if (trustStore == null) return null;
+
+ String truststorePassword = this.config.getSslTrustStorePassword();
+ if (truststorePassword == null)
+ {
+ truststorePassword = this.config.getSslKeyStorePass();
+ }
+ else if (truststorePassword.equals(""))
+ {
+ truststorePassword = null;
+ }
+ String truststoreType = this.config.getSslTrustStoreType();
+ if (truststoreType == null)
+ {
+ truststoreType = this.config.getSslKeyStoreType();
+ }
+ String truststoreProvider = this.config.getSslTrustStoreProvider();
+ if (truststoreProvider == null)
+ {
+ truststoreProvider = this.config.getSslKeyStoreProvider();
+ }
- if (vec != null) {
- enabledCiphers = new String[vec.size()];
- vec.copyInto(enabledCiphers);
- }
- } else {
- enabledCiphers = sslProxy.getDefaultCipherSuites();
- }
+ return this.getStore(truststoreType, truststoreProvider, trustStore,
truststorePassword);
+ }
- return enabledCiphers;
- }
-
- /*
- * Gets the SSL server's keystore.
- */
- protected KeyStore getKeystore(String type, String provider, String pass)
- throws IOException {
- return getStore(type, provider, config.getSslKeyStore(), pass);
- }
-
- /*
- * Gets the SSL server's truststore.
- */
- protected KeyStore getTrustStore(String keystoreType,
- String keystoreProvider) throws IOException {
- KeyStore trustStore = null;
-
- String truststorePassword = config.getSslTrustStorePassword();
- if( truststorePassword == null ) {
- truststorePassword = config.getSslKeyStorePass();
- } else if (truststorePassword.equals("")) {
- truststorePassword = null;
- }
- String truststoreType = config.getSslTrustStoreType();
- if(truststoreType == null) {
- truststoreType = keystoreType;
- }
- String truststoreProvider = config.getSslTrustStoreProvider();
- if (truststoreProvider == null) {
- truststoreProvider = keystoreProvider;
- }
-
- if (config.getSslTrustStore() != null){
- trustStore = getStore(truststoreType, truststoreProvider,
- config.getSslTrustStore(), truststorePassword);
- }
-
- return trustStore;
- }
-
- /*
- * Gets the key- or truststore with the specified type, path, and password.
- */
- private KeyStore getStore(String type, String provider, String path,
- String pass) throws IOException {
-
- KeyStore ks = null;
- InputStream istream = null;
- try {
- if (provider == null) {
- ks = KeyStore.getInstance(type);
- } else {
- ks = KeyStore.getInstance(type, provider);
+ /*
+ * Gets the key- or truststore with the specified type, path, and password.
+ */
+ private KeyStore getStore(String type, String provider, String path, String pass)
throws IOException
+ {
+ InputStream istream = null;
+ try
+ {
+ KeyStore ks = (provider == null) ? KeyStore.getInstance(type) :
KeyStore.getInstance(type, provider);
+ if (!("PKCS11".equalsIgnoreCase(type) || "".equals(path)))
+ {
+ File keyStoreFile = new File(path);
+ if (!keyStoreFile.isAbsolute())
+ {
+ keyStoreFile = new File(System.getProperty("catalina.base"),
path);
}
- if(!("PKCS11".equalsIgnoreCase(type) ||
"".equalsIgnoreCase(path))) {
- File keyStoreFile = new File(path);
- if (!keyStoreFile.isAbsolute()) {
- keyStoreFile = new
File(System.getProperty("catalina.base"),
- path);
- }
- istream = new FileInputStream(keyStoreFile);
- }
+ istream = new FileInputStream(keyStoreFile);
+ }
- if (pass == null)
- ks.load(istream, null);
- else
- ks.load(istream, pass.toCharArray());
- } catch (FileNotFoundException fnfe) {
- log.error(sm.getString("jsse.keystore_load_failed", type, path,
- fnfe.getMessage()), fnfe);
- throw fnfe;
- } catch (IOException ioe) {
- log.error(sm.getString("jsse.keystore_load_failed", type, path,
- ioe.getMessage()), ioe);
- throw ioe;
- } catch(Exception ex) {
- String msg = sm.getString("jsse.keystore_load_failed", type, path,
- ex.getMessage());
- log.error(msg, ex);
- throw new IOException(msg);
- } finally {
- if (istream != null) {
- try {
- istream.close();
- } catch (IOException ioe) {
- // Do nothing
- }
+ if (pass == null)
+ {
+ ks.load(istream, null);
+ }
+ else
+ {
+ ks.load(istream, pass.toCharArray());
+ }
+ return ks;
+ }
+ catch (IOException ioe)
+ {
+ log.error(sm.getString("jsse.keystore_load_failed", type, path,
ioe.getMessage()), ioe);
+ throw ioe;
+ }
+ catch (GeneralSecurityException e)
+ {
+ String msg = sm.getString("jsse.keystore_load_failed", type, path,
e.getMessage());
+ log.error(msg, e);
+ throw new IOException(msg);
+ }
+ finally
+ {
+ if (istream != null)
+ {
+ try
+ {
+ istream.close();
}
- }
-
- return ks;
- }
-
- /**
- * Reads the keystore and initializes the SSL socket factory.
- */
- void init() throws IOException {
- try {
-
- /**
- String clientAuthStr = (String) attributes.get("clientauth");
- if("true".equalsIgnoreCase(clientAuthStr) ||
- "yes".equalsIgnoreCase(clientAuthStr)) {
- requireClientAuth = true;
- } else if("want".equalsIgnoreCase(clientAuthStr)) {
- wantClientAuth = true;
- }*/
-
- // Create and init SSLContext
- SSLContext context = SSLContext.getInstance(config.getSslProtocol());
- context.init(getKeyManagers(config.getSslKeyStoreType(),
- config.getSslKeyStoreProvider(),
- config.getSslCertificateEncodingAlgorithm(),
- config.getSslKeyAlias()),
- getTrustManagers(config.getSslKeyStoreType(),
config.getSslKeyStoreProvider(),
- config.getSslTrustAlgorithm()),
- new SecureRandom());
-
- // create proxy
- sslProxy = context.getSocketFactory();
-
- // Determine which cipher suites to enable
- enabledCiphers = getEnabledCiphers(config.getSslCiphers(),
- sslProxy.getSupportedCipherSuites());
-
- } catch(Exception e) {
- if( e instanceof IOException )
- throw (IOException)e;
- throw new IOException(e.getMessage());
- }
- }
-
- /**
- * Gets the initialized key managers.
- */
- protected KeyManager[] getKeyManagers(String keystoreType,
- String keystoreProvider,
- String algorithm,
- String keyAlias)
- throws Exception {
-
- KeyManager[] kms = null;
-
- KeyStore ks = getKeystore(keystoreType, keystoreProvider,
config.getSslKeyStorePass());
- if (keyAlias != null && !ks.isKeyEntry(keyAlias)) {
- throw new IOException(sm.getString("jsse.alias_no_key_entry",
keyAlias));
- }
-
- KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
- kmf.init(ks, config.getSslKeyStorePass().toCharArray());
-
- kms = kmf.getKeyManagers();
- if (keyAlias != null) {
- if ("JKS".equals(keystoreType)) {
- keyAlias = keyAlias.toLowerCase();
+ catch (IOException e)
+ {
+ log.warn(e.getMessage(), e);
}
- for(int i=0; i<kms.length; i++) {
- kms[i] = new JSSEKeyManager((X509KeyManager)kms[i], keyAlias);
- }
- }
+ }
+ }
+ }
- return kms;
- }
+ /**
+ * Gets the initialized key managers.
+ * @throws GeneralSecurityException
+ * @throws IOException
+ */
+ protected KeyManager[] getKeyManagers() throws GeneralSecurityException, IOException
+ {
+ KeyStore ks = this.getKeystore();
+ String alias = this.config.getSslKeyAlias();
+ if (alias != null && !ks.isKeyEntry(alias))
+ {
+ throw new IOException(sm.getString("jsse.alias_no_key_entry",
alias));
+ }
+
+ KeyManagerFactory kmf =
KeyManagerFactory.getInstance(this.config.getSslCertificateEncodingAlgorithm());
+ kmf.init(ks, this.config.getSslKeyStorePass().toCharArray());
- /**
- * Gets the intialized trust managers.
- */
- protected TrustManager[] getTrustManagers(String keystoreType,
- String keystoreProvider, String algorithm)
- throws Exception {
- TrustManager[] tms = null;
-
- KeyStore trustStore = getTrustStore(keystoreType, keystoreProvider);
- if (trustStore != null) {
- if (config.getSslCrlFile() == null) {
- TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
- tmf.init(trustStore);
- tms = tmf.getTrustManagers();
- } else {
- TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
- CertPathParameters params = getParameters(algorithm,
config.getSslCrlFile(), trustStore);
- ManagerFactoryParameters mfp = new
CertPathTrustManagerParameters(params);
- tmf.init(mfp);
- tms = tmf.getTrustManagers();
- }
- }
-
- return tms;
- }
-
- /**
- * Return the initialization parameters for the TrustManager.
- * Currently, only the default <code>PKIX</code> is supported.
- *
- * @param algorithm The algorithm to get parameters for.
- * @param crlf The path to the CRL file.
- * @param trustStore The configured TrustStore.
- * @return The parameters including the CRLs and TrustStore.
- */
- protected CertPathParameters getParameters(String algorithm,
- String crlf,
- KeyStore trustStore)
- throws Exception {
- CertPathParameters params = null;
- if("PKIX".equalsIgnoreCase(algorithm)) {
- PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore,
- new
X509CertSelector());
- Collection<? extends CRL> crls = getCRLs(crlf);
- CertStoreParameters csp = new CollectionCertStoreParameters(crls);
- CertStore store = CertStore.getInstance("Collection", csp);
- xparams.addCertStore(store);
- xparams.setRevocationEnabled(true);
- xparams.setMaxPathLength(config.getSslTrustMaxCertLength());
+ KeyManager[] kms = kmf.getKeyManagers();
+ if (alias != null)
+ {
+ if ("JKS".equals(this.config.getSslKeyStoreType()))
+ {
+ alias = alias.toLowerCase();
+ }
+ for (int i = 0; i < kms.length; i++)
+ {
+ kms[i] = new JSSEKeyManager((X509KeyManager) kms[i], alias);
+ }
+ }
- params = xparams;
- } else {
- throw new CRLException("CRLs not supported for type: "+algorithm);
- }
- return params;
- }
+ return kms;
+ }
+ /**
+ * Gets the intialized trust managers.
+ * @throws GeneralSecurityException
+ * @throws IOException
+ */
+ protected TrustManager[] getTrustManagers() throws GeneralSecurityException,
IOException
+ {
+ KeyStore trustStore = this.getTrustStore();
+
+ if (trustStore == null) return null;
+
+ String algorithm = this.config.getSslTrustAlgorithm();
+
+ TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
+
+ if (this.config.getSslCrlFile() == null)
+ {
+ tmf.init(trustStore);
+ return tmf.getTrustManagers();
+ }
+
+ CertPathParameters params = this.getParameters(algorithm,
this.config.getSslCrlFile(), trustStore);
+ ManagerFactoryParameters mfp = new CertPathTrustManagerParameters(params);
+ tmf.init(mfp);
+ return tmf.getTrustManagers();
+ }
- /**
- * Load the collection of CRLs.
- *
- */
- protected Collection<? extends CRL> getCRLs(String crlf)
- throws IOException, CRLException, CertificateException {
+ /**
+ * Return the initialization parameters for the TrustManager.
+ * Currently, only the default <code>PKIX</code> is supported.
+ *
+ * @param algorithm The algorithm to get parameters for.
+ * @param crlf The path to the CRL file.
+ * @param trustStore The configured TrustStore.
+ * @return The parameters including the CRLs and TrustStore.
+ * @throws GeneralSecurityException
+ * @throws IOException
+ */
+ protected CertPathParameters getParameters(String algorithm, String crlf, KeyStore
trustStore) throws GeneralSecurityException, IOException
+ {
+ if (!"PKIX".equalsIgnoreCase(algorithm))
+ {
+ throw new CRLException("CRLs not supported for type: " + algorithm);
+ }
+
+ PKIXBuilderParameters params = new PKIXBuilderParameters(trustStore, new
X509CertSelector());
+ Collection<? extends CRL> crls = this.getCRLs(crlf);
+ CertStoreParameters csp = new CollectionCertStoreParameters(crls);
+ CertStore store = CertStore.getInstance("Collection", csp);
+ params.addCertStore(store);
+ params.setRevocationEnabled(true);
+ params.setMaxPathLength(this.config.getSslTrustMaxCertLength());
- File crlFile = new File(crlf);
- if( !crlFile.isAbsolute() ) {
- crlFile = new File(System.getProperty("catalina.base"), crlf);
- }
- Collection<? extends CRL> crls = null;
- InputStream is = null;
- try {
- CertificateFactory cf = CertificateFactory.getInstance("X.509");
- is = new FileInputStream(crlFile);
- crls = cf.generateCRLs(is);
- } catch(IOException iex) {
- throw iex;
- } catch(CRLException crle) {
- throw crle;
- } catch(CertificateException ce) {
- throw ce;
- } finally {
- if(is != null) {
- try{
- is.close();
- } catch(Exception ex) {
- }
- }
- }
- return crls;
- }
+ return params;
+ }
- /**
- * Set the SSL protocol variants to be enabled.
- * @param socket the SSLServerSocket.
- * @param protocols the protocols to use.
- */
- protected void setEnabledProtocols(SSLSocket socket, String []protocols){
- if (protocols != null) {
- socket.setEnabledProtocols(protocols);
- }
- }
+ /**
+ * Load the collection of CRLs.
+ * @throws FileNotFoundException
+ * @throws GeneralSecurityException
+ */
+ protected Collection<? extends CRL> getCRLs(String crlf) throws
FileNotFoundException, GeneralSecurityException
+ {
+ File crlFile = new File(crlf);
+ if (!crlFile.isAbsolute())
+ {
+ crlFile = new File(System.getProperty("catalina.base"), crlf);
+ }
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ InputStream is = new FileInputStream(crlFile);
+ try
+ {
+ return cf.generateCRLs(is);
+ }
+ finally
+ {
+ try
+ {
+ is.close();
+ }
+ catch (Exception e)
+ {
+ log.warn(e.getMessage(), e);
+ }
+ }
+ }
- /**
- * Determines the SSL protocol variants to be enabled.
- *
- * @param socket The socket to get supported list from.
- * @param requestedProtocols Comma-separated list of requested SSL
- * protocol variants
- *
- * @return Array of SSL protocol variants to be enabled, or null if none of
- * the requested protocol variants are supported
- */
- protected String[] getEnabledProtocols(SSLSocket socket,
- String requestedProtocols){
- String[] supportedProtocols = socket.getSupportedProtocols();
+ /**
+ * Configures the given SSL server socket with the requested cipher suites,
+ * protocol versions, and need for client authentication
+ */
+ private void initSocket(Socket ssocket)
+ {
+ SSLSocket socket = (SSLSocket) ssocket;
- String[] enabledProtocols = null;
+ if (this.enabledCiphers != null)
+ {
+ socket.setEnabledCipherSuites(this.enabledCiphers);
+ }
- if (requestedProtocols != null) {
- Vector<String> vec = null;
- String protocol = requestedProtocols;
- int index = requestedProtocols.indexOf(',');
- if (index != -1) {
- int fromIndex = 0;
- while (index != -1) {
- protocol = requestedProtocols.substring(fromIndex, index).trim();
- if (protocol.length() > 0) {
- /*
- * Check to see if the requested protocol is among the
- * supported protocols, i.e., may be enabled
- */
- for (int i=0; supportedProtocols != null
- && i<supportedProtocols.length; i++) {
- if (supportedProtocols[i].equals(protocol)) {
- if (vec == null) {
- vec = new Vector<String>();
- }
- vec.addElement(protocol);
- break;
- }
- }
- }
- fromIndex = index+1;
- index = requestedProtocols.indexOf(',', fromIndex);
- } // while
- protocol = requestedProtocols.substring(fromIndex);
- }
-
- if (protocol != null) {
- protocol = protocol.trim();
- if (protocol.length() > 0) {
- /*
- * Check to see if the requested protocol is among the
- * supported protocols, i.e., may be enabled
- */
- for (int i=0; supportedProtocols != null
- && i<supportedProtocols.length; i++) {
- if (supportedProtocols[i].equals(protocol)) {
- if (vec == null) {
- vec = new Vector<String>();
- }
- vec.addElement(protocol);
- break;
- }
- }
- }
- }
-
- if (vec != null) {
- enabledProtocols = new String[vec.size()];
- vec.copyInto(enabledProtocols);
- }
- }
-
- return enabledProtocols;
- }
-
- /**
- * Configures the given SSL server socket with the requested cipher suites,
- * protocol versions, and need for client authentication
- */
- private void initSocket(Socket ssocket) {
-
- SSLSocket socket = (SSLSocket) ssocket;
-
- if (enabledCiphers != null) {
- socket.setEnabledCipherSuites(enabledCiphers);
- }
-
- setEnabledProtocols(socket, getEnabledProtocols(socket,
- config.getSslProtocol()));
-
- // we don't know if client auth is needed -
- // after parsing the request we may re-handshake
- //configureClientAuth(socket);
- }
-
+ String[] protocols = getEnabled(this.config.getSslProtocol(),
socket.getSupportedProtocols());
+
+ if (protocols != null)
+ {
+ socket.setEnabledProtocols(protocols);
+ }
+ }
}