1 | |
|
2 | |
|
3 | |
|
4 | |
|
5 | |
|
6 | |
|
7 | |
package org.mule.module.management.agent; |
8 | |
|
9 | |
import org.mule.api.security.provider.AutoDiscoverySecurityProviderFactory; |
10 | |
import org.mule.api.security.provider.SecurityProviderFactory; |
11 | |
import org.mule.api.security.provider.SecurityProviderInfo; |
12 | |
import org.mule.util.FileUtils; |
13 | |
import org.mule.util.IOUtils; |
14 | |
|
15 | |
import java.io.File; |
16 | |
import java.io.FileInputStream; |
17 | |
import java.io.IOException; |
18 | |
import java.io.InputStream; |
19 | |
import java.net.InetAddress; |
20 | |
import java.net.ServerSocket; |
21 | |
import java.security.KeyStore; |
22 | |
import java.security.Security; |
23 | |
import java.security.UnrecoverableKeyException; |
24 | |
|
25 | |
import javax.net.ssl.KeyManagerFactory; |
26 | |
import javax.net.ssl.SSLContext; |
27 | |
import javax.net.ssl.SSLServerSocket; |
28 | |
import javax.net.ssl.SSLServerSocketFactory; |
29 | |
import javax.net.ssl.TrustManagerFactory; |
30 | |
|
31 | |
import mx4j.log.Log; |
32 | |
import mx4j.log.Logger; |
33 | |
import mx4j.tools.adaptor.ssl.SSLAdaptorServerSocketFactoryMBean; |
34 | |
|
35 | |
|
36 | |
|
37 | |
|
38 | |
|
39 | |
|
40 | |
|
41 | |
|
42 | |
|
43 | |
|
44 | |
|
45 | |
|
46 | |
|
47 | |
|
48 | |
|
49 | |
|
50 | |
|
51 | |
|
52 | |
|
53 | |
|
54 | |
|
55 | |
|
56 | |
|
57 | |
|
58 | |
|
59 | |
|
60 | |
|
61 | |
|
62 | |
|
63 | |
public class IBMSslAdapterServerSocketFactory implements SSLAdaptorServerSocketFactoryMBean |
64 | |
{ |
65 | |
|
66 | |
|
67 | 0 | private SecurityProviderFactory spFactory = new AutoDiscoverySecurityProviderFactory(); |
68 | 0 | private SecurityProviderInfo spInfo = spFactory.getSecurityProviderInfo(); |
69 | |
|
70 | 0 | private String m_keyStoreType = "JKS"; |
71 | 0 | private String m_trustStoreType = "JKS"; |
72 | |
private String m_keyStoreName; |
73 | |
private String m_trustStoreName; |
74 | |
private String m_keyStorePassword; |
75 | |
private String m_trustStorePassword; |
76 | 0 | private String m_keyManagerAlgorithm = spInfo.getKeyManagerAlgorithm(); |
77 | |
|
78 | 0 | private String m_trustManagerAlgorithm = spInfo.getKeyManagerAlgorithm(); |
79 | |
private String m_keyManagerPassword; |
80 | |
|
81 | |
|
82 | |
|
83 | 0 | private String m_sslProtocol = "SSL"; |
84 | |
|
85 | |
public IBMSslAdapterServerSocketFactory() |
86 | 0 | { |
87 | 0 | Security.addProvider(spFactory.getProvider()); |
88 | 0 | } |
89 | |
|
90 | |
public void setKeyStoreType(String keyStoreType) |
91 | |
{ |
92 | 0 | if (keyStoreType == null || keyStoreType.trim().length() == 0) |
93 | |
{ |
94 | 0 | throw new IllegalArgumentException("Invalid KeyStore type"); |
95 | |
} |
96 | 0 | m_keyStoreType = keyStoreType; |
97 | 0 | } |
98 | |
|
99 | |
public void setTrustStoreType(String trustStoreType) |
100 | |
{ |
101 | 0 | if (trustStoreType == null || trustStoreType.trim().length() == 0) |
102 | |
{ |
103 | 0 | throw new IllegalArgumentException("Invalid TrustStore type"); |
104 | |
} |
105 | 0 | m_trustStoreType = trustStoreType; |
106 | 0 | } |
107 | |
|
108 | |
public void setKeyStoreName(String name) |
109 | |
{ |
110 | 0 | if (name == null || name.trim().length() == 0) |
111 | |
{ |
112 | 0 | throw new IllegalArgumentException("Invalid KeyStore name"); |
113 | |
} |
114 | 0 | m_keyStoreName = name; |
115 | 0 | } |
116 | |
|
117 | |
public void setTrustStoreName(String name) |
118 | |
{ |
119 | 0 | if (name == null || name.trim().length() == 0) |
120 | |
{ |
121 | 0 | throw new IllegalArgumentException("Invalid TrustStore name"); |
122 | |
} |
123 | 0 | m_trustStoreName = name; |
124 | 0 | } |
125 | |
|
126 | |
public void setKeyStorePassword(String password) |
127 | |
{ |
128 | 0 | if (password == null || password.trim().length() == 0) |
129 | |
{ |
130 | 0 | throw new IllegalArgumentException("Invalid KeyStore password"); |
131 | |
} |
132 | 0 | m_keyStorePassword = password; |
133 | 0 | } |
134 | |
|
135 | |
public void setTrustStorePassword(String password) |
136 | |
{ |
137 | 0 | if (password == null || password.trim().length() == 0) |
138 | |
{ |
139 | 0 | throw new IllegalArgumentException("Invalid TrustStore password"); |
140 | |
} |
141 | 0 | m_trustStorePassword = password; |
142 | 0 | } |
143 | |
|
144 | |
public void setKeyManagerAlgorithm(String algorithm) |
145 | |
{ |
146 | 0 | if (algorithm == null || algorithm.trim().length() == 0) |
147 | |
{ |
148 | 0 | throw new IllegalArgumentException("Invalid KeyManager algorithm"); |
149 | |
} |
150 | 0 | m_keyManagerAlgorithm = algorithm; |
151 | 0 | } |
152 | |
|
153 | |
public void setTrustManagerAlgorithm(String algorithm) |
154 | |
{ |
155 | 0 | if (algorithm == null || algorithm.trim().length() == 0) |
156 | |
{ |
157 | 0 | throw new IllegalArgumentException("Invalid TrustManager algorithm"); |
158 | |
} |
159 | 0 | m_trustManagerAlgorithm = algorithm; |
160 | 0 | } |
161 | |
|
162 | |
public void setKeyManagerPassword(String password) |
163 | |
{ |
164 | 0 | if (password == null || password.trim().length() == 0) |
165 | |
{ |
166 | 0 | throw new IllegalArgumentException("Invalid KeyManager password"); |
167 | |
} |
168 | 0 | m_keyManagerPassword = password; |
169 | 0 | } |
170 | |
|
171 | |
public void setSSLProtocol(String protocol) |
172 | |
{ |
173 | 0 | if (protocol == null || protocol.trim().length() == 0) |
174 | |
{ |
175 | 0 | throw new IllegalArgumentException("Invalid SSL protocol"); |
176 | |
} |
177 | 0 | m_sslProtocol = protocol; |
178 | 0 | } |
179 | |
|
180 | |
|
181 | |
|
182 | |
|
183 | |
public ServerSocket createServerSocket(int port, int backlog, String host) throws IOException |
184 | |
{ |
185 | 0 | if (m_keyStoreName == null) |
186 | |
{ |
187 | 0 | throw new IOException("KeyStore file name cannot be null"); |
188 | |
} |
189 | 0 | if (m_keyStorePassword == null) |
190 | |
{ |
191 | 0 | throw new IOException("KeyStore password cannot be null"); |
192 | |
} |
193 | |
|
194 | 0 | Logger logger = getLogger(); |
195 | 0 | if (logger.isEnabledFor(Logger.TRACE)) |
196 | |
{ |
197 | 0 | logger.trace("Creating SSLServerSocket"); |
198 | 0 | logger.trace("\tKeyStore " + m_keyStoreName + ", type " + m_keyStoreType); |
199 | 0 | logger.trace("\tKeyManager algorithm is " + m_keyManagerAlgorithm); |
200 | 0 | logger.trace("\tTrustStore " + m_trustStoreName + ", type " + m_trustStoreType); |
201 | 0 | logger.trace("\tTrustManager algorithm is " + m_trustManagerAlgorithm); |
202 | 0 | logger.trace("\tSSL protocol version is " + m_sslProtocol); |
203 | |
} |
204 | |
|
205 | |
try |
206 | |
{ |
207 | 0 | KeyStore keystore = KeyStore.getInstance(m_keyStoreType); |
208 | 0 | InputStream keyStoreStream = IOUtils.getResourceAsStream(m_keyStoreName, getClass()); |
209 | |
|
210 | |
|
211 | 0 | if (keyStoreStream == null) |
212 | |
{ |
213 | |
|
214 | |
|
215 | 0 | File fle = FileUtils.newFile(m_keyStoreName); |
216 | 0 | if (fle.exists()) keyStoreStream = new FileInputStream(fle); |
217 | |
} |
218 | 0 | if (keyStoreStream == null) throw new IOException("Cannot find KeyStore " + m_keyStoreName); |
219 | 0 | keystore.load(keyStoreStream, m_keyStorePassword.toCharArray()); |
220 | |
try |
221 | |
{ |
222 | 0 | keyStoreStream.close(); |
223 | |
} |
224 | 0 | catch (IOException x) |
225 | |
{ |
226 | |
|
227 | 0 | } |
228 | |
|
229 | 0 | KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(m_keyManagerAlgorithm); |
230 | |
|
231 | 0 | keyFactory.init(keystore, m_keyManagerPassword == null |
232 | |
? m_keyStorePassword.toCharArray() : m_keyManagerPassword.toCharArray()); |
233 | |
|
234 | 0 | TrustManagerFactory trustFactory = null; |
235 | 0 | if (m_trustStoreName != null) |
236 | |
{ |
237 | |
|
238 | |
|
239 | 0 | if (m_trustStorePassword == null) |
240 | |
{ |
241 | 0 | throw new IOException("TrustStore password cannot be null"); |
242 | |
} |
243 | |
|
244 | 0 | KeyStore trustStore = KeyStore.getInstance(m_trustStoreType); |
245 | 0 | InputStream trustStoreStream = IOUtils.getResourceAsStream(m_trustStoreName, getClass()); |
246 | |
|
247 | 0 | if (trustStoreStream == null) |
248 | |
{ |
249 | 0 | throw new IOException("Cannot find TrustStore " + m_trustStoreName); |
250 | |
} |
251 | 0 | trustStore.load(trustStoreStream, m_trustStorePassword.toCharArray()); |
252 | |
|
253 | 0 | trustFactory = TrustManagerFactory.getInstance(m_trustManagerAlgorithm); |
254 | 0 | trustFactory.init(trustStore); |
255 | |
} |
256 | |
|
257 | 0 | SSLContext context = SSLContext.getInstance(m_sslProtocol); |
258 | |
|
259 | |
|
260 | 0 | context.init(keyFactory.getKeyManagers(), trustFactory == null |
261 | |
? null : trustFactory.getTrustManagers(), null); |
262 | |
|
263 | 0 | SSLServerSocketFactory ssf = context.getServerSocketFactory(); |
264 | 0 | SSLServerSocket serverSocket = (SSLServerSocket)ssf.createServerSocket(port, backlog, |
265 | |
InetAddress.getByName(host)); |
266 | |
|
267 | 0 | return serverSocket; |
268 | |
} |
269 | 0 | catch (IOException x) |
270 | |
{ |
271 | 0 | logger.error("", x); |
272 | 0 | throw x; |
273 | |
} |
274 | 0 | catch (UnrecoverableKeyException x) |
275 | |
{ |
276 | |
|
277 | 0 | logger.error("Probably a bad key password", x); |
278 | 0 | throw new IOException("Probably a bad key password: " + x.toString()); |
279 | |
} |
280 | 0 | catch (Exception x) |
281 | |
{ |
282 | 0 | logger.error("Unexpected exception", x); |
283 | 0 | throw new IOException(x.toString()); |
284 | |
} |
285 | |
} |
286 | |
|
287 | |
private Logger getLogger() |
288 | |
{ |
289 | 0 | return Log.getLogger(getClass().getName()); |
290 | |
} |
291 | |
} |