/* | |
* Conditions Of Use | |
* | |
* This software was developed by employees of the National Institute of | |
* Standards and Technology (NIST), an agency of the Federal Government. | |
* Pursuant to title 15 Untied States Code Section 105, works of NIST | |
* employees are not subject to copyright protection in the United States | |
* and are considered to be in the public domain. As a result, a formal | |
* license is not needed to use the software. | |
* | |
* This software is provided by NIST as a service and is expressly | |
* provided "AS IS." NIST MAKES NO WARRANTY OF ANY KIND, EXPRESS, IMPLIED | |
* OR STATUTORY, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTY OF | |
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT | |
* AND DATA ACCURACY. NIST does not warrant or make any representations | |
* regarding the use of the software or the results thereof, including but | |
* not limited to the correctness, accuracy, reliability or usefulness of | |
* the software. | |
* | |
* Permission to use this software is contingent upon your acceptance | |
* of the terms of this agreement | |
* | |
* . | |
* | |
*/ | |
package gov.nist.core.net; | |
import java.io.FileInputStream; | |
import java.io.FileNotFoundException; | |
import java.io.IOException; | |
import java.net.DatagramSocket; | |
import java.net.InetAddress; | |
import java.net.InetSocketAddress; | |
import java.net.ServerSocket; | |
import java.net.Socket; | |
import java.net.SocketException; | |
import java.security.GeneralSecurityException; | |
import java.security.KeyStore; | |
import java.security.SecureRandom; | |
import javax.net.ssl.KeyManagerFactory; | |
import javax.net.ssl.SSLContext; | |
import javax.net.ssl.SSLServerSocket; | |
import javax.net.ssl.SSLServerSocketFactory; | |
import javax.net.ssl.SSLSocket; | |
import javax.net.ssl.SSLSocketFactory; | |
import javax.net.ssl.TrustManagerFactory; | |
/** | |
* extended implementation of a network layer that allows to define a private java | |
* keystores/truststores | |
* | |
* @author f.reif | |
* @version 1.2 | |
* @since 1.2 | |
* | |
*/ | |
public class SslNetworkLayer implements NetworkLayer { | |
private SSLSocketFactory sslSocketFactory; | |
private SSLServerSocketFactory sslServerSocketFactory; | |
public SslNetworkLayer( | |
String trustStoreFile, | |
String keyStoreFile, | |
char[] keyStorePassword, | |
String keyStoreType) throws GeneralSecurityException, FileNotFoundException, IOException | |
{ | |
SSLContext sslContext; | |
sslContext = SSLContext.getInstance("TLS"); | |
String algorithm = KeyManagerFactory.getDefaultAlgorithm(); | |
TrustManagerFactory tmFactory = TrustManagerFactory.getInstance(algorithm); | |
KeyManagerFactory kmFactory = KeyManagerFactory.getInstance(algorithm); | |
SecureRandom secureRandom = new SecureRandom(); | |
secureRandom.nextInt(); | |
KeyStore keyStore = KeyStore.getInstance(keyStoreType); | |
KeyStore trustStore = KeyStore.getInstance(keyStoreType); | |
keyStore.load(new FileInputStream(keyStoreFile), keyStorePassword); | |
trustStore.load(new FileInputStream(trustStoreFile), keyStorePassword); | |
tmFactory.init(trustStore); | |
kmFactory.init(keyStore, keyStorePassword); | |
sslContext.init(kmFactory.getKeyManagers(), tmFactory.getTrustManagers(), secureRandom); | |
sslServerSocketFactory = sslContext.getServerSocketFactory(); | |
sslSocketFactory = sslContext.getSocketFactory(); | |
} | |
public ServerSocket createServerSocket(int port, int backlog, | |
InetAddress bindAddress) throws IOException { | |
return new ServerSocket(port, backlog, bindAddress); | |
} | |
public Socket createSocket(InetAddress address, int port) | |
throws IOException { | |
return new Socket(address, port); | |
} | |
public DatagramSocket createDatagramSocket() throws SocketException { | |
return new DatagramSocket(); | |
} | |
public DatagramSocket createDatagramSocket(int port, InetAddress laddr) | |
throws SocketException { | |
return new DatagramSocket(port, laddr); | |
} | |
/* Added by Daniel J. Martinez Manzano <dani@dif.um.es> */ | |
public SSLServerSocket createSSLServerSocket(int port, int backlog, | |
InetAddress bindAddress) throws IOException { | |
return (SSLServerSocket) sslServerSocketFactory.createServerSocket( | |
port, backlog, bindAddress); | |
} | |
/* Added by Daniel J. Martinez Manzano <dani@dif.um.es> */ | |
public SSLSocket createSSLSocket(InetAddress address, int port) | |
throws IOException { | |
return (SSLSocket) sslSocketFactory.createSocket(address, port); | |
} | |
/* Added by Daniel J. Martinez Manzano <dani@dif.um.es> */ | |
public SSLSocket createSSLSocket(InetAddress address, int port, | |
InetAddress myAddress) throws IOException { | |
return (SSLSocket) sslSocketFactory.createSocket(address, port, | |
myAddress, 0); | |
} | |
public Socket createSocket(InetAddress address, int port, | |
InetAddress myAddress) throws IOException { | |
if (myAddress != null) | |
return new Socket(address, port, myAddress, 0); | |
else | |
return new Socket(address, port); | |
} | |
/** | |
* Creates a new Socket, binds it to myAddress:myPort and connects it to | |
* address:port. | |
* | |
* @param address the InetAddress that we'd like to connect to. | |
* @param port the port that we'd like to connect to | |
* @param myAddress the address that we are supposed to bind on or null | |
* for the "any" address. | |
* @param myPort the port that we are supposed to bind on or 0 for a random | |
* one. | |
* | |
* @return a new Socket, bound on myAddress:myPort and connected to | |
* address:port. | |
* @throws IOException if binding or connecting the socket fail for a reason | |
* (exception relayed from the correspoonding Socket methods) | |
*/ | |
public Socket createSocket(InetAddress address, int port, | |
InetAddress myAddress, int myPort) | |
throws IOException | |
{ | |
if (myAddress != null) | |
return new Socket(address, port, myAddress, myPort); | |
else if (port != 0) | |
{ | |
//myAddress is null (i.e. any) but we have a port number | |
Socket sock = new Socket(); | |
sock.bind(new InetSocketAddress(port)); | |
sock.connect(new InetSocketAddress(address, port)); | |
return sock; | |
} | |
else | |
return new Socket(address, port); | |
} | |
} |