1 /* SSLContextImpl.java --
2 Copyright (C) 2006 Free Software Foundation, Inc.
4 This file is a part of GNU Classpath.
6 GNU Classpath is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or (at
9 your option) any later version.
11 GNU Classpath is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with GNU Classpath; if not, write to the Free Software
18 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
21 Linking this library statically or dynamically with other modules is
22 making a combined work based on this library. Thus, the terms and
23 conditions of the GNU General Public License cover the whole
26 As a special exception, the copyright holders of this library give you
27 permission to link this library with independent modules to produce an
28 executable, regardless of the license terms of these independent
29 modules, and to copy and distribute the resulting executable under
30 terms of your choice, provided that you also meet, for each linked
31 independent module, the terms and conditions of the license of that
32 module. An independent module is a module which is not derived from
33 or based on this library. If you modify this library, you may extend
34 this exception to your version of the library, but you are not
35 obligated to do so. If you do not wish to do so, delete this
36 exception statement from your version. */
39 package gnu.javax.net.ssl.provider;
41 import gnu.java.security.action.GetSecurityPropertyAction;
42 import gnu.javax.net.ssl.AbstractSessionContext;
43 import gnu.javax.net.ssl.NullManagerParameters;
44 import gnu.javax.net.ssl.PreSharedKeyManager;
45 import gnu.javax.net.ssl.SRPTrustManager;
47 import java.security.AccessController;
48 import java.security.KeyManagementException;
49 import java.security.KeyStore;
50 import java.security.KeyStoreException;
51 import java.security.NoSuchAlgorithmException;
52 import java.security.NoSuchProviderException;
53 import java.security.SecureRandom;
54 import java.security.UnrecoverableKeyException;
56 import javax.net.ssl.KeyManager;
57 import javax.net.ssl.KeyManagerFactory;
58 import javax.net.ssl.SSLContextSpi;
59 import javax.net.ssl.SSLEngine;
60 import javax.net.ssl.SSLException;
61 import javax.net.ssl.SSLServerSocketFactory;
62 import javax.net.ssl.SSLSessionContext;
63 import javax.net.ssl.SSLSocketFactory;
64 import javax.net.ssl.TrustManager;
65 import javax.net.ssl.TrustManagerFactory;
66 import javax.net.ssl.X509ExtendedKeyManager;
67 import javax.net.ssl.X509TrustManager;
70 * Our implementation of {@link SSLContextSpi}.
72 * @author Casey Marshall (csm@gnu.org)
74 public final class SSLContextImpl extends SSLContextSpi
76 AbstractSessionContext serverContext;
77 AbstractSessionContext clientContext;
79 PreSharedKeyManager pskManager;
80 X509ExtendedKeyManager keyManager;
81 X509TrustManager trustManager;
82 SRPTrustManager srpTrustManager;
85 public SSLContextImpl()
90 * @see javax.net.ssl.SSLContextSpi#engineCreateSSLEngine()
92 protected @Override SSLEngine engineCreateSSLEngine()
94 return engineCreateSSLEngine(null, -1);
98 * @see javax.net.ssl.SSLContextSpi#engineCreateSSLEngine(java.lang.String, int)
100 protected @Override SSLEngine engineCreateSSLEngine(String host, int port)
102 return new SSLEngineImpl(this, host, port);
106 * @see javax.net.ssl.SSLContextSpi#engineGetClientSessionContext()
108 protected @Override synchronized SSLSessionContext engineGetClientSessionContext()
110 if (clientContext == null)
114 clientContext = AbstractSessionContext.newInstance();
116 catch (SSLException ssle)
121 return clientContext;
125 * @see javax.net.ssl.SSLContextSpi#engineGetServerSessionContext()
127 protected @Override synchronized SSLSessionContext engineGetServerSessionContext()
129 if (serverContext == null)
133 serverContext = AbstractSessionContext.newInstance();
135 catch (SSLException ssle)
140 return serverContext;
144 * @see javax.net.ssl.SSLContextSpi#engineGetServerSocketFactory()
146 protected @Override SSLServerSocketFactory engineGetServerSocketFactory()
148 return new SSLServerSocketFactoryImpl(this);
152 * @see javax.net.ssl.SSLContextSpi#engineGetSocketFactory()
154 protected @Override SSLSocketFactory engineGetSocketFactory()
156 return new SSLSocketFactoryImpl(this);
160 * @see javax.net.ssl.SSLContextSpi#engineInit(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], java.security.SecureRandom)
162 protected @Override void engineInit(KeyManager[] keyManagers,
163 TrustManager[] trustManagers,
165 throws KeyManagementException
169 srpTrustManager = null;
170 if (keyManagers != null)
172 for (int i = 0; i < keyManagers.length; i++)
174 if ((keyManagers[i] instanceof X509ExtendedKeyManager)
175 && keyManager == null)
176 keyManager = (X509ExtendedKeyManager) keyManagers[i];
177 if (keyManagers[i] instanceof PreSharedKeyManager
178 && pskManager == null)
179 pskManager = (PreSharedKeyManager) keyManagers[i];
182 if (keyManager == null)
183 keyManager = defaultKeyManager();
184 if (trustManagers != null)
186 for (int i = 0; i < trustManagers.length; i++)
188 if (trustManagers[i] instanceof X509TrustManager)
190 if (trustManager == null)
191 trustManager = (X509TrustManager) trustManagers[i];
193 else if (trustManagers[i] instanceof SRPTrustManager)
195 if (srpTrustManager == null)
196 srpTrustManager = (SRPTrustManager) trustManagers[i];
200 if (trustManager == null && srpTrustManager == null)
202 trustManager = defaultTrustManager();
206 this.random = random;
210 this.random = defaultRandom();
215 * Create and return a default key manager. The default is the JessieX509
216 * algorithm, loaded from either the jssecerts file, or the cacerts file.
218 * @return The default key manager instance.
219 * @throws KeyManagementException If the instance cannot be created.
221 private X509ExtendedKeyManager defaultKeyManager() throws KeyManagementException
223 KeyManagerFactory fact = null;
226 fact = KeyManagerFactory.getInstance("JessieX509", "Jessie");
228 catch (NoSuchAlgorithmException nsae)
230 throw new KeyManagementException(nsae);
232 catch (NoSuchProviderException nspe)
234 throw new KeyManagementException(nspe);
238 fact.init(null, null);
239 return (X509ExtendedKeyManager) fact.getKeyManagers()[0];
241 catch (NoSuchAlgorithmException nsae) { }
242 catch (KeyStoreException kse) { }
243 catch (UnrecoverableKeyException uke) { }
244 catch (IllegalStateException ise) { }
248 fact.init(new NullManagerParameters());
249 return (X509ExtendedKeyManager) fact.getKeyManagers()[0];
251 catch (Exception shouldNotHappen)
253 throw new Error(shouldNotHappen.toString());
258 * Create and return a default trust manager. The default is the JessieX509
259 * algorithm, loaded from either the jssecerts file, or the cacerts file.
261 * @return The default trust manager instance.
262 * @throws KeyManagementException If the instance cannot be created.
264 private X509TrustManager defaultTrustManager() throws KeyManagementException
268 TrustManagerFactory fact =
269 TrustManagerFactory.getInstance("JessieX509", "Jessie");
270 fact.init((KeyStore) null);
271 return (X509TrustManager) fact.getTrustManagers()[0];
273 catch (NoSuchAlgorithmException nsae)
275 throw new KeyManagementException(nsae);
277 catch (NoSuchProviderException nspe)
279 throw new KeyManagementException(nspe);
281 catch (KeyStoreException kse)
283 throw new KeyManagementException(kse);
288 * Create a default secure PRNG. This is defined as either the algorithm
289 * given in the <code>gnu.javax.net.ssl.secureRandom</code> security
290 * property, or Fortuna if that property is not set. If none of these
291 * algorithms can be found, and instance created with the SecureRandom
292 * constructor is returned.
294 * @return The default secure PRNG instance.
296 private SecureRandom defaultRandom()
298 GetSecurityPropertyAction gspa
299 = new GetSecurityPropertyAction("gnu.javax.net.ssl.secureRandom");
300 String alg = AccessController.doPrivileged(gspa);
303 SecureRandom rand = null;
306 rand = SecureRandom.getInstance(alg);
308 catch (NoSuchAlgorithmException nsae)
310 rand = new SecureRandom();