1
2
3
4
5
6
7
8
9
10
11 package org.mule.management.agents;
12
13 import org.mule.umo.security.provider.AutoDiscoverySecurityProviderFactory;
14 import org.mule.umo.security.provider.SecurityProviderFactory;
15 import org.mule.umo.security.provider.SecurityProviderInfo;
16 import org.mule.util.FileUtils;
17 import org.mule.util.IOUtils;
18
19 import java.io.File;
20 import java.io.FileInputStream;
21 import java.io.IOException;
22 import java.io.InputStream;
23 import java.net.InetAddress;
24 import java.net.ServerSocket;
25 import java.security.KeyStore;
26 import java.security.Security;
27 import java.security.UnrecoverableKeyException;
28
29 import javax.net.ssl.KeyManagerFactory;
30 import javax.net.ssl.SSLContext;
31 import javax.net.ssl.SSLServerSocket;
32 import javax.net.ssl.SSLServerSocketFactory;
33 import javax.net.ssl.TrustManagerFactory;
34
35 import mx4j.log.Log;
36 import mx4j.log.Logger;
37 import mx4j.tools.adaptor.ssl.SSLAdaptorServerSocketFactoryMBean;
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69 public class IBMSslAdapterServerSocketFactory implements SSLAdaptorServerSocketFactoryMBean
70 {
71
72
73 private SecurityProviderFactory spFactory = new AutoDiscoverySecurityProviderFactory();
74 private SecurityProviderInfo spInfo = spFactory.getSecurityProviderInfo();
75
76 private String m_keyStoreType = "JKS";
77 private String m_trustStoreType = "JKS";
78 private String m_keyStoreName;
79 private String m_trustStoreName;
80 private String m_keyStorePassword;
81 private String m_trustStorePassword;
82 private String m_keyManagerAlgorithm = spInfo.getKeyManagerAlgorithm();
83
84 private String m_trustManagerAlgorithm = spInfo.getKeyManagerAlgorithm();
85 private String m_keyManagerPassword;
86
87
88
89 private String m_sslProtocol = "SSL";
90
91 public IBMSslAdapterServerSocketFactory()
92 {
93 Security.addProvider(spFactory.getProvider());
94 }
95
96 public void setKeyStoreType(String keyStoreType)
97 {
98 if (keyStoreType == null || keyStoreType.trim().length() == 0)
99 {
100 throw new IllegalArgumentException("Invalid KeyStore type");
101 }
102 m_keyStoreType = keyStoreType;
103 }
104
105 public void setTrustStoreType(String trustStoreType)
106 {
107 if (trustStoreType == null || trustStoreType.trim().length() == 0)
108 {
109 throw new IllegalArgumentException("Invalid TrustStore type");
110 }
111 m_trustStoreType = trustStoreType;
112 }
113
114 public void setKeyStoreName(String name)
115 {
116 if (name == null || name.trim().length() == 0)
117 {
118 throw new IllegalArgumentException("Invalid KeyStore name");
119 }
120 m_keyStoreName = name;
121 }
122
123 public void setTrustStoreName(String name)
124 {
125 if (name == null || name.trim().length() == 0)
126 {
127 throw new IllegalArgumentException("Invalid TrustStore name");
128 }
129 m_trustStoreName = name;
130 }
131
132 public void setKeyStorePassword(String password)
133 {
134 if (password == null || password.trim().length() == 0)
135 {
136 throw new IllegalArgumentException("Invalid KeyStore password");
137 }
138 m_keyStorePassword = password;
139 }
140
141 public void setTrustStorePassword(String password)
142 {
143 if (password == null || password.trim().length() == 0)
144 {
145 throw new IllegalArgumentException("Invalid TrustStore password");
146 }
147 m_trustStorePassword = password;
148 }
149
150 public void setKeyManagerAlgorithm(String algorithm)
151 {
152 if (algorithm == null || algorithm.trim().length() == 0)
153 {
154 throw new IllegalArgumentException("Invalid KeyManager algorithm");
155 }
156 m_keyManagerAlgorithm = algorithm;
157 }
158
159 public void setTrustManagerAlgorithm(String algorithm)
160 {
161 if (algorithm == null || algorithm.trim().length() == 0)
162 {
163 throw new IllegalArgumentException("Invalid TrustManager algorithm");
164 }
165 m_trustManagerAlgorithm = algorithm;
166 }
167
168 public void setKeyManagerPassword(String password)
169 {
170 if (password == null || password.trim().length() == 0)
171 {
172 throw new IllegalArgumentException("Invalid KeyManager password");
173 }
174 m_keyManagerPassword = password;
175 }
176
177 public void setSSLProtocol(String protocol)
178 {
179 if (protocol == null || protocol.trim().length() == 0)
180 {
181 throw new IllegalArgumentException("Invalid SSL protocol");
182 }
183 m_sslProtocol = protocol;
184 }
185
186
187
188
189 public ServerSocket createServerSocket(int port, int backlog, String host) throws IOException
190 {
191 if (m_keyStoreName == null)
192 {
193 throw new IOException("KeyStore file name cannot be null");
194 }
195 if (m_keyStorePassword == null)
196 {
197 throw new IOException("KeyStore password cannot be null");
198 }
199
200 Logger logger = getLogger();
201 if (logger.isEnabledFor(Logger.TRACE))
202 {
203 logger.trace("Creating SSLServerSocket");
204 logger.trace("\tKeyStore " + m_keyStoreName + ", type " + m_keyStoreType);
205 logger.trace("\tKeyManager algorithm is " + m_keyManagerAlgorithm);
206 logger.trace("\tTrustStore " + m_trustStoreName + ", type " + m_trustStoreType);
207 logger.trace("\tTrustManager algorithm is " + m_trustManagerAlgorithm);
208 logger.trace("\tSSL protocol version is " + m_sslProtocol);
209 }
210
211 try
212 {
213 KeyStore keystore = KeyStore.getInstance(m_keyStoreType);
214 InputStream keyStoreStream = IOUtils.getResourceAsStream(m_keyStoreName, getClass());
215
216
217 if (keyStoreStream == null)
218 {
219
220
221 File fle = FileUtils.newFile(m_keyStoreName);
222 if (fle.exists()) keyStoreStream = new FileInputStream(fle);
223 }
224 if (keyStoreStream == null) throw new IOException("Cannot find KeyStore " + m_keyStoreName);
225 keystore.load(keyStoreStream, m_keyStorePassword.toCharArray());
226 try
227 {
228 keyStoreStream.close();
229 }
230 catch (IOException x)
231 {
232
233 }
234
235 KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(m_keyManagerAlgorithm);
236
237 keyFactory.init(keystore, m_keyManagerPassword == null
238 ? m_keyStorePassword.toCharArray() : m_keyManagerPassword.toCharArray());
239
240 TrustManagerFactory trustFactory = null;
241 if (m_trustStoreName != null)
242 {
243
244
245 if (m_trustStorePassword == null)
246 {
247 throw new IOException("TrustStore password cannot be null");
248 }
249
250 KeyStore trustStore = KeyStore.getInstance(m_trustStoreType);
251 InputStream trustStoreStream = IOUtils.getResourceAsStream(m_trustStoreName, getClass());
252
253 if (trustStoreStream == null)
254 {
255 throw new IOException("Cannot find TrustStore " + m_trustStoreName);
256 }
257 trustStore.load(trustStoreStream, m_trustStorePassword.toCharArray());
258
259 trustFactory = TrustManagerFactory.getInstance(m_trustManagerAlgorithm);
260 trustFactory.init(trustStore);
261 }
262
263 SSLContext context = SSLContext.getInstance(m_sslProtocol);
264
265
266 context.init(keyFactory.getKeyManagers(), trustFactory == null
267 ? null : trustFactory.getTrustManagers(), null);
268
269 SSLServerSocketFactory ssf = context.getServerSocketFactory();
270 SSLServerSocket serverSocket = (SSLServerSocket)ssf.createServerSocket(port, backlog,
271 InetAddress.getByName(host));
272
273 return serverSocket;
274 }
275 catch (IOException x)
276 {
277 logger.error("", x);
278 throw x;
279 }
280 catch (UnrecoverableKeyException x)
281 {
282
283 logger.error("Probably a bad key password", x);
284 throw new IOException("Probably a bad key password: " + x.toString());
285 }
286 catch (Exception x)
287 {
288 logger.error("Unexpected exception", x);
289 throw new IOException(x.toString());
290 }
291 }
292
293 private Logger getLogger()
294 {
295 return Log.getLogger(getClass().getName());
296 }
297 }