2
* This class uses code taken directly from the org.apache.tomcat.util.net.SSLSupport class of the
3
* Apache tomcat-connectors project. Please refer to the NOTICE file included in this distribution for
4
* more details. The following is the copyright, patent, trademark, and attribution notices from the
5
* SSLSupport source, which this class also maintains:
7
* Copyright 1999-2004 The Apache Software Foundation
9
* Licensed under the Apache License, Version 2.0 (the "License");
10
* you may not use this file except in compliance with the License.
11
* You may obtain a copy of the License at
13
* http://www.apache.org/licenses/LICENSE-2.0
15
* Unless required by applicable law or agreed to in writing, software
16
* distributed under the License is distributed on an "AS IS" BASIS,
17
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18
* See the License for the specific language governing permissions and
19
* limitations under the License.
22
* @author Craig R. McClanahan
23
* Parts cribbed from JSSECertCompat
24
* Parts cribbed from CertificatesValve
26
* (the full source of the org.apache.tomcat.util.net.SSLSupport can be found at
27
* http://svn.apache.org/repos/asf/tomcat/connectors/trunk/util/java/org/apache/tomcat/util/net/jsse/JSSESupport.java).
29
package org.jboss.remoting.transport.coyote.ssl;
31
import java.io.ByteArrayInputStream;
32
import java.io.IOException;
33
import java.security.cert.CertificateFactory;
34
import javax.net.ssl.SSLSession;
35
import javax.net.ssl.SSLSocket;
36
import javax.security.cert.X509Certificate;
37
import org.apache.tomcat.util.net.SSLSupport;
40
* @author <a href="mailto:tom.elrod@jboss.com">Tom Elrod</a>
42
public class RemotingSSLSupport implements SSLSupport
44
private SSLSocket sslSocket;
45
private SSLSession session;
47
public RemotingSSLSupport(SSLSocket socket)
49
this.sslSocket = socket;
50
this.session = socket.getSession();
53
public RemotingSSLSupport(SSLSession session)
55
this.session = session;
59
* The cipher suite being used on this connection.
61
public String getCipherSuite() throws IOException
67
return session.getCipherSuite();
71
* The client certificate chain (if any).
73
public Object[] getPeerCertificateChain() throws IOException
75
return getPeerCertificateChain(false);
78
public Object[] getPeerCertificateChain(boolean force)
86
// Convert JSSE's certificate format to the ones we need
87
X509Certificate [] jsseCerts = null;
90
jsseCerts = session.getPeerCertificateChain();
98
jsseCerts = new X509Certificate[0];
100
if(jsseCerts.length <= 0 && force)
102
session.invalidate();
104
session = sslSocket.getSession();
106
return getX509Certificates(session);
110
protected void handShake() throws IOException
112
if (sslSocket != null)
114
sslSocket.setNeedClientAuth(true);
115
sslSocket.startHandshake();
119
protected java.security.cert.X509Certificate[] getX509Certificates(SSLSession session) throws IOException
121
X509Certificate jsseCerts[] = null;
124
jsseCerts = session.getPeerCertificateChain();
128
// Get rid of the warning in the logs when no Client-Cert is
132
if(jsseCerts == null)
134
jsseCerts = new X509Certificate[0];
136
java.security.cert.X509Certificate [] x509Certs = new java.security.cert.X509Certificate[jsseCerts.length];
137
for(int i = 0; i < x509Certs.length; i++)
141
byte buffer[] = jsseCerts[i].getEncoded();
142
CertificateFactory cf = CertificateFactory.getInstance("X.509");
143
ByteArrayInputStream stream = new ByteArrayInputStream(buffer);
144
x509Certs[i] = (java.security.cert.X509Certificate) cf.generateCertificate(stream);
152
if(x509Certs.length < 1)
162
* What we're supposed to put here is ill-defined by the
163
* Servlet spec (S 4.7 again). There are at least 4 potential
164
* values that might go here:
166
* (a) The size of the encryption key
167
* (b) The size of the MAC key
168
* (c) The size of the key-exchange key
169
* (d) The size of the signature key used by the server
171
* Unfortunately, all of these values are nonsensical.
173
public Integer getKeySize() throws IOException
175
SSLSupport.CipherData c_aux[] = ciphers;
180
Integer keySize = (Integer) session.getValue(KEY_SIZE_KEY);
184
String cipherSuite = session.getCipherSuite();
185
for(int i = 0; i < c_aux.length; i++)
187
if(cipherSuite.indexOf(c_aux[i].phrase) >= 0)
189
size = c_aux[i].keySize;
193
keySize = new Integer(size);
194
session.putValue(KEY_SIZE_KEY, keySize);
200
* The current session Id.
202
public String getSessionId() throws IOException
208
// Expose ssl_session (getId)
209
byte [] ssl_session = session.getId();
210
if(ssl_session == null)
214
StringBuffer buf = new StringBuffer("");
215
for(int x = 0; x < ssl_session.length; x++)
217
String digit = Integer.toHexString((int) ssl_session[x]);
218
if(digit.length() < 2)
222
if(digit.length() > 2)
224
digit = digit.substring(digit.length() - 2);
228
return buf.toString();
b'\\ No newline at end of file'