/*
* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2001 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
* "Apache JMeter" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* "Apache JMeter", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
package org.apache.jmeter.util;
import iaik.protocol.https.HttpsURLConnection;
import iaik.security.ssl.SSLClientContext;
import iaik.security.ssl.ClientTrustDecider;
import iaik.security.ssl.SSLCertificate;
import iaik.security.ssl.CipherSuite;
import org.apache.jmeter.gui.GuiPackage;
import org.apache.jmeter.util.keystore.JmeterKeyStore;
import java.net.HttpURLConnection;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Principal;
import java.security.Provider;
import java.security.cert.X509Certificate;
/**
* The SSLManager handles the KeyStore information for JMeter. Basically, it
* handles all the logic for loading and initializing all the JSSE parameters
* and selecting the alias to authenticate against if it is available. SSLManager
* will try to automatically select the client certificate for you, but if it can't
* make a decision, it will pop open a dialog asking you for more information.
*
* @author <a href="bloritsch@apache.org">Berin Loritsch</a>
* @version CVS $Revision: 1.9 $ $Date: 2001/11/09 20:34:53 $
*/
public class IaikSSLManager extends SSLManager {
private SSLClientContext context;
protected static class AlwaysTrustDecider implements ClientTrustDecider {
protected X509Certificate[] certs;
public AlwaysTrustDecider(KeyStore store) {
try {
java.util.Enumeration enum = store.aliases();
java.util.ArrayList list = new java.util.ArrayList(store.size());
while (enum.hasMoreElements())
{
String alias = (String) enum.nextElement();
System.out.print("AlwaysTrustDecider alias: " + alias);
if (store.isCertificateEntry(alias)) {
list.add(store.getCertificate(alias));
System.out.println(" INSTALLED");
} else {
System.out.println(" SKIPPED");
}
}
this.certs = (X509Certificate[]) list.toArray(new X509Certificate[] {});
} catch (Exception e) {
this.certs = null;
}
}
public boolean isTrustedPeer(SSLCertificate cert) {
System.out.println("AlwaysTrustDecider: isTrusted???\n" + cert.toString());
return true;
}
public PrivateKey getPrivateKey() {
System.out.println("AlwaysTrustDecider: getPrivateKey");
return null;
}
public SSLCertificate getCertificate(byte[] cert, Principal[] p1, String p2) {
System.out.println("AlwaysTrustDecider: getCertificate");
try {
X509Certificate newCert = new iaik.x509.X509Certificate(cert);
return new SSLCertificate(iaik.x509.ChainVerifier.orderCertificateChain(newCert, this.certs));
} catch (Exception e) {}
return null;
}
}
public void setContext(HttpURLConnection conn) {
HttpsURLConnection secureConn = (HttpsURLConnection) conn;
secureConn.setSSLContext(this.context);
}
/**
* Private Constructor to remove the possibility of directly instantiating
* this object. Create the SSLContext, and wrap all the X509KeyManagers with
* our X509KeyManager so that we can choose our alias.
*/
public IaikSSLManager(Provider provider) {
this.setProvider(provider);
this.setProvider(new iaik.security.provider.IAIK());
this.setProvider(new sun.security.provider.Sun());
try {
String iaikProvider = JMeterUtils.getPropDefault("iaik.provider",
"iaik.security.ssl.IaikProvider");
iaik.security.ssl.SecurityProvider.setSecurityProvider(
(iaik.security.ssl.SecurityProvider)
Class.forName(iaikProvider).newInstance());
System.out.println("Installed IAIK Provider: " + iaikProvider);
} catch (Exception e) {
e.printStackTrace(System.err);
}
this.context = new SSLClientContext();
if ("all".equalsIgnoreCase(JMeterUtils.getPropDefault("javax.net.debug", "none"))) {
this.context.setDebugStream(System.err);
CipherSuite[] ciphers = this.context.getEnabledCipherSuites();
for (int i = 0; i < ciphers.length; i++)
{
System.out.println(ciphers[i].getName());
}
}
JmeterKeyStore keyStore = this.getKeyStore();
this.context.setTrustDecider(new AlwaysTrustDecider(this.getTrustStore()));
this.context.addClientCredentials(keyStore.getCertificateChain(),
keyStore.getPrivateKey());
System.out.println(keyStore.getClass().toString());
System.out.println("IaikSSLManager installed");
}
}