diff options
| author | Benoit Foucher <benoit@zeroc.com> | 2007-11-26 10:27:33 +0100 |
|---|---|---|
| committer | Benoit Foucher <benoit@zeroc.com> | 2007-11-26 10:27:33 +0100 |
| commit | a680e1c9cb73caa66d2cab436e28e95924dd8dbd (patch) | |
| tree | 473abb5c732c0cc5cb61b44ed5f74fc74d83b1ec /java | |
| parent | Merge branch 'master' of ssh://cvs.zeroc.com/home/git/ice (diff) | |
| download | ice-a680e1c9cb73caa66d2cab436e28e95924dd8dbd.tar.bz2 ice-a680e1c9cb73caa66d2cab436e28e95924dd8dbd.tar.xz ice-a680e1c9cb73caa66d2cab436e28e95924dd8dbd.zip | |
Remove JDK 1.4 IceSSL plugin
Diffstat (limited to 'java')
| -rw-r--r-- | java/build.xml | 6 | ||||
| -rw-r--r-- | java/config/build.properties | 8 | ||||
| -rw-r--r-- | java/config/common.xml | 24 | ||||
| -rw-r--r-- | java/jdk/1.4/IceInternal/Time.java | 23 | ||||
| -rw-r--r-- | java/jdk/1.4/IceSSL/AcceptorI.java | 467 | ||||
| -rw-r--r-- | java/jdk/1.4/IceSSL/ConnectorI.java | 490 | ||||
| -rw-r--r-- | java/jdk/1.4/IceSSL/EndpointI.java | 518 | ||||
| -rw-r--r-- | java/jdk/1.4/IceSSL/Instance.java | 918 | ||||
| -rw-r--r-- | java/jdk/1.4/IceSSL/TransceiverI.java | 398 | ||||
| -rw-r--r-- | java/jdk/1.4/IceSSL/TrustManager.java | 296 | ||||
| -rw-r--r-- | java/jdk/1.4/IceSSL/Util.java | 128 | ||||
| -rw-r--r-- | java/jdk/1.4/IceSSL/X509KeyManagerI.java | 58 | ||||
| -rw-r--r-- | java/jdk/1.5/IceSSL/CertificateVerifier.java | 23 | ||||
| -rw-r--r-- | java/jdk/1.5/IceSSL/ConnectionInfo.java | 52 | ||||
| -rw-r--r-- | java/jdk/1.5/IceSSL/ConnectionInvalidException.java | 30 | ||||
| -rw-r--r-- | java/jdk/1.5/IceSSL/EndpointFactoryI.java | 50 | ||||
| -rw-r--r-- | java/jdk/1.5/IceSSL/PasswordCallback.java | 36 | ||||
| -rw-r--r-- | java/jdk/1.5/IceSSL/Plugin.java | 54 | ||||
| -rw-r--r-- | java/jdk/1.5/IceSSL/PluginFactory.java | 19 | ||||
| -rw-r--r-- | java/jdk/1.5/IceSSL/PluginI.java | 68 | ||||
| -rw-r--r-- | java/jdk/1.5/IceSSL/RFC2253.java | 417 | ||||
| -rw-r--r-- | java/jdk/1.5/IceSSL/X509TrustManagerI.java | 50 | ||||
| -rw-r--r-- | java/src/IceInternal/Time.java (renamed from java/jdk/1.5/IceInternal/Time.java) | 0 | ||||
| -rw-r--r-- | java/src/IceSSL/AcceptorI.java (renamed from java/jdk/1.5/IceSSL/AcceptorI.java) | 0 | ||||
| -rw-r--r-- | java/src/IceSSL/CertificateVerifier.java (renamed from java/jdk/1.4/IceSSL/CertificateVerifier.java) | 0 | ||||
| -rw-r--r-- | java/src/IceSSL/ConnectionInfo.java (renamed from java/jdk/1.4/IceSSL/ConnectionInfo.java) | 0 | ||||
| -rw-r--r-- | java/src/IceSSL/ConnectionInvalidException.java (renamed from java/jdk/1.4/IceSSL/ConnectionInvalidException.java) | 0 | ||||
| -rw-r--r-- | java/src/IceSSL/ConnectorI.java (renamed from java/jdk/1.5/IceSSL/ConnectorI.java) | 0 | ||||
| -rw-r--r-- | java/src/IceSSL/EndpointFactoryI.java (renamed from java/jdk/1.4/IceSSL/EndpointFactoryI.java) | 0 | ||||
| -rw-r--r-- | java/src/IceSSL/EndpointI.java (renamed from java/jdk/1.5/IceSSL/EndpointI.java) | 0 | ||||
| -rw-r--r-- | java/src/IceSSL/Instance.java (renamed from java/jdk/1.5/IceSSL/Instance.java) | 0 | ||||
| -rw-r--r-- | java/src/IceSSL/PasswordCallback.java (renamed from java/jdk/1.4/IceSSL/PasswordCallback.java) | 0 | ||||
| -rw-r--r-- | java/src/IceSSL/Plugin.java (renamed from java/jdk/1.4/IceSSL/Plugin.java) | 0 | ||||
| -rw-r--r-- | java/src/IceSSL/PluginFactory.java (renamed from java/jdk/1.4/IceSSL/PluginFactory.java) | 0 | ||||
| -rw-r--r-- | java/src/IceSSL/PluginI.java (renamed from java/jdk/1.4/IceSSL/PluginI.java) | 0 | ||||
| -rw-r--r-- | java/src/IceSSL/RFC2253.java (renamed from java/jdk/1.4/IceSSL/RFC2253.java) | 0 | ||||
| -rw-r--r-- | java/src/IceSSL/TransceiverI.java (renamed from java/jdk/1.5/IceSSL/TransceiverI.java) | 0 | ||||
| -rw-r--r-- | java/src/IceSSL/TrustManager.java (renamed from java/jdk/1.5/IceSSL/TrustManager.java) | 0 | ||||
| -rw-r--r-- | java/src/IceSSL/Util.java (renamed from java/jdk/1.5/IceSSL/Util.java) | 0 | ||||
| -rw-r--r-- | java/src/IceSSL/X509KeyManagerI.java (renamed from java/jdk/1.5/IceSSL/X509KeyManagerI.java) | 0 | ||||
| -rw-r--r-- | java/src/IceSSL/X509TrustManagerI.java (renamed from java/jdk/1.4/IceSSL/X509TrustManagerI.java) | 0 |
41 files changed, 25 insertions, 4108 deletions
diff --git a/java/build.xml b/java/build.xml index 01a5026760f..c6fe806c5eb 100644 --- a/java/build.xml +++ b/java/build.xml @@ -146,9 +146,9 @@ <target name="ice-compile" depends="generate"> <mkdir dir="${lib.dir}"/> <mkdir dir="${cache.dir}"/> - <depend srcdir="${generated.dir}:${src.dir}:${jdk.src.dir}" destdir="${lib.dir}" cache="${cache.dir}"/> - <javac srcdir="${generated.dir}:${src.dir}:${jdk.src.dir}" destdir="${lib.dir}" - source="1.5" debug="${debug}" + <depend srcdir="${generated.dir}:${src.dir}" destdir="${lib.dir}" cache="${cache.dir}"/> + <javac srcdir="${generated.dir}:${src.dir}" destdir="${lib.dir}" + source="${jdk.version}" debug="${debug}" excludes="IceGridGUI/**" includes="**" deprecation="on"> diff --git a/java/config/build.properties b/java/config/build.properties index 7a87a16325e..94e4d402cdb 100644 --- a/java/config/build.properties +++ b/java/config/build.properties @@ -12,12 +12,12 @@ # debug = on + # -# Set to "1.4" or "1.5" to select a JDK version. This setting affects -# the version of the IceSSL plugin that is compiled. The default value -# is the JDK version detected by Ant. +# Set to "java2" or "java5" to select the Ice for Java mapping +# version to build. The default value is "java5". # -jdk.version = ${ant.java.version} +#ice.mapping = java2 ice.version = 3.3 diff --git a/java/config/common.xml b/java/config/common.xml index bb4c8e25eb6..72e6300a1e0 100644 --- a/java/config/common.xml +++ b/java/config/common.xml @@ -21,19 +21,31 @@ <!-- Load build configuration properties --> <property file="${top.dir}/config/build.properties"/> - <!-- Determine whether we are using JDK 1.4 --> + <condition property="ice.mapping" value="java5"> + <not><isset property="ice.mapping"/></not> + </condition> + + <fail message="Invalid ${ice.mapping} value specified in build.properties."> + <condition> + <and> + <not><equals arg1="${ice.mapping}" arg2="java2" trim="true"/></not> + <not><equals arg1="${ice.mapping}" arg2="java5" trim="true"/></not> + </and> + </condition> + </fail> + <condition property="java2"> - <equals arg1="${jdk.version}" arg2="1.4"/> + <equals arg1="${ice.mapping}" arg2="java2"/> </condition> - <!-- Use the global metadata "java:java2" when using JDK 1.4 --> + <!-- Use the global metadata "java:java2" when using java2 mapping --> <condition property="java2metadata" value="java:java2" else=""> <isset property="java2"/> </condition> - <!-- JDK specific source directory --> - <condition property="jdk.src.dir" value="jdk/1.4" else="jdk/1.5"> - <isset property="java2"/> + <!-- Require 1.5 compatibility for the source code --> + <condition property="jdk.version" value="1.5"> + <not><isset property="jdk.version"/></not> </condition> <!-- Use -Xlint:unchecked when using JDK 1.5 --> diff --git a/java/jdk/1.4/IceInternal/Time.java b/java/jdk/1.4/IceInternal/Time.java deleted file mode 100644 index 0f149ebc057..00000000000 --- a/java/jdk/1.4/IceInternal/Time.java +++ /dev/null @@ -1,23 +0,0 @@ -// ********************************************************************** -// -// Copyright (c) 2003-2007 ZeroC, Inc. All rights reserved. -// -// This copy of Ice is licensed to you under the terms described in the -// ICE_LICENSE file included in this distribution. -// -// ********************************************************************** - -package IceInternal; - -final public class Time -{ - static public long - currentMonotonicTimeMillis() - { - // - // The jdk 1.4 doesn't support also supports a wall - // clock. That's the best we can use. - // - return System.currentTimeMillis(); - } -}; diff --git a/java/jdk/1.4/IceSSL/AcceptorI.java b/java/jdk/1.4/IceSSL/AcceptorI.java deleted file mode 100644 index 8bec44c40a3..00000000000 --- a/java/jdk/1.4/IceSSL/AcceptorI.java +++ /dev/null @@ -1,467 +0,0 @@ -// ********************************************************************** -// -// Copyright (c) 2003-2007 ZeroC, Inc. All rights reserved. -// -// This copy of Ice is licensed to you under the terms described in the -// ICE_LICENSE file included in this distribution. -// -// ********************************************************************** - -package IceSSL; - -class AcceptorI implements IceInternal.Acceptor -{ - public java.nio.channels.ServerSocketChannel - fd() - { - return null; - } - - public void - close() - { - if(_instance.networkTraceLevel() >= 1) - { - String s = "stopping to accept ssl connections at " + toString(); - _logger.trace(_instance.networkTraceCategory(), s); - } - - javax.net.ssl.SSLServerSocket fd; - synchronized(this) - { - fd = _fd; - _fd = null; - } - if(fd != null) - { - try - { - fd.close(); - } - catch(java.io.IOException ex) - { - // Ignore. - } - } - } - - public void - listen() - { - // Nothing to do. - - if(_instance.networkTraceLevel() >= 1) - { - String s = "accepting ssl connections at " + toString(); - _logger.trace(_instance.networkTraceCategory(), s); - } - } - - public IceInternal.Transceiver - accept(int timeout) - { - // - // The plugin may not be fully initialized. - // - if(!_instance.initialized()) - { - Ice.PluginInitializationException ex = new Ice.PluginInitializationException(); - ex.reason = "IceSSL: plugin is not initialized"; - throw ex; - } - - javax.net.ssl.SSLSocket fd = null; - ConnectionInfo connInfo = null; - try - { - if(timeout == -1) - { - timeout = 0; // Infinite - } - else if(timeout == 0) - { - timeout = 1; - } - _fd.setSoTimeout(timeout); - fd = (javax.net.ssl.SSLSocket)_fd.accept(); - - // - // Check whether this socket is the result of a call to connectToSelf. - // Despite the fact that connectToSelf immediately closes the socket, - // the server-side handshake process does not raise an exception. - // Furthermore, we can't simply proceed with the regular handshake - // process because we don't want to pass such a socket to the - // certificate verifier (if any). - // - // In order to detect a call to connectToSelf, we compare the remote - // address of the newly-accepted socket to that in _connectToSelfAddr. - // - java.net.SocketAddress remoteAddr = fd.getRemoteSocketAddress(); - synchronized(this) - { - if(remoteAddr.equals(_connectToSelfAddr)) - { - try - { - fd.close(); - } - catch(java.io.IOException e) - { - } - return null; - } - } - - fd.setUseClientMode(false); - - // - // getSession blocks until the initial handshake completes. - // - if(timeout == 0) - { - fd.getSession(); - } - else - { - HandshakeThread ht = new HandshakeThread(fd); - ht.start(); - if(!ht.waitForHandshake(timeout)) - { - throw new Ice.TimeoutException(); - } - } - - connInfo = Util.populateConnectionInfo(fd, _adapterName, true); - _instance.verifyPeer(connInfo, fd, "", true); - } - catch(java.net.SocketTimeoutException ex) - { - if(fd != null) - { - try - { - fd.close(); - } - catch(java.io.IOException e) - { - } - } - Ice.TimeoutException e = new Ice.TimeoutException(); - e.initCause(ex); - throw e; - } - catch(javax.net.ssl.SSLException ex) - { - if(fd != null) - { - try - { - fd.close(); - } - catch(java.io.IOException e) - { - } - } - - // - // Unfortunately, the situation where the cipher suite does not match - // the certificates is not detected until accept is called. If we were - // to throw a LocalException, the IncomingConnectionFactory would - // simply log it and call accept again, resulting in an infinite loop. - // To avoid this problem, we check for the special case and throw - // an exception that IncomingConnectionFactory doesn't trap. - // - if(ex.getMessage().toLowerCase().startsWith("no available certificate corresponds to the ssl cipher " + - "suites which are enabled")) - { - RuntimeException e = new RuntimeException(); - e.initCause(ex); - throw e; - } - - Ice.SecurityException e = new Ice.SecurityException(); - e.initCause(ex); - throw e; - } - catch(java.io.IOException ex) - { - if(fd != null) - { - try - { - fd.close(); - } - catch(java.io.IOException e) - { - } - } - - if(IceInternal.Network.connectionLost(ex)) - { - throw new Ice.ConnectionLostException(); - } - - Ice.SocketException e = new Ice.SocketException(); - e.initCause(ex); - throw e; - } - catch(RuntimeException ex) - { - if(fd != null) - { - try - { - fd.close(); - } - catch(java.io.IOException e) - { - } - } - throw ex; - } - - if(_instance.networkTraceLevel() >= 1) - { - String s = "accepted ssl connection\n" + IceInternal.Network.fdToString(fd); - _logger.trace(_instance.networkTraceCategory(), s); - } - - if(_instance.securityTraceLevel() > 0) - { - _instance.traceConnection(fd, true); - } - - return new TransceiverI(_instance, fd, connInfo); - } - - public void - connectToSelf() - { - java.nio.channels.SocketChannel fd = IceInternal.Network.createTcpSocket(); - IceInternal.Network.setBlock(fd, false); - synchronized(this) - { - // - // connectToSelf is called to wake up the thread blocked in - // accept. We remember the originating address for use in - // accept. See accept for details. - // - IceInternal.Network.doConnect(fd, _addr, -1); - _connectToSelfAddr = (java.net.InetSocketAddress)fd.socket().getLocalSocketAddress(); - } - IceInternal.Network.closeSocket(fd); - } - - public String - toString() - { - return IceInternal.Network.addrToString(_addr); - } - - int - effectivePort() - { - return _addr.getPort(); - } - - AcceptorI(Instance instance, String adapterName, String host, int port) - { - _instance = instance; - _adapterName = adapterName; - _logger = instance.communicator().getLogger(); - _backlog = 0; - - if(_backlog <= 0) - { - _backlog = 5; - } - - try - { - javax.net.ssl.SSLServerSocketFactory factory = _instance.context().getServerSocketFactory(); - _addr = new java.net.InetSocketAddress(host, port); - if(_instance.networkTraceLevel() >= 2) - { - String s = "attempting to bind to ssl socket " + toString(); - _logger.trace(_instance.networkTraceCategory(), s); - } - java.net.InetSocketAddress iface = IceInternal.Network.getAddress(host, port); - _fd = (javax.net.ssl.SSLServerSocket)factory.createServerSocket(port, _backlog, iface.getAddress()); - if(!System.getProperty("os.name").startsWith("Windows")) - { - // - // Enable SO_REUSEADDR on Unix platforms to allow - // re-using the socket even if it's in the TIME_WAIT - // state. On Windows, this doesn't appear to be - // necessary and enabling SO_REUSEADDR would actually - // not be a good thing since it allows a second - // process to bind to an address even it's already - // bound by another process. - // - // TODO: using SO_EXCLUSIVEADDRUSE on Windows would - // probably be better but it's only supported by recent - // Windows versions (XP SP2, Windows Server 2003). - // - _fd.setReuseAddress(true); - } - _addr = (java.net.InetSocketAddress)_fd.getLocalSocketAddress(); - - int verifyPeer = - _instance.communicator().getProperties().getPropertyAsIntWithDefault("IceSSL.VerifyPeer", 2); - if(verifyPeer == 0) - { - _fd.setWantClientAuth(false); - _fd.setNeedClientAuth(false); - } - else if(verifyPeer == 1) - { - _fd.setWantClientAuth(true); - } - else - { - _fd.setNeedClientAuth(true); - } - - String[] cipherSuites = - _instance.filterCiphers(_fd.getSupportedCipherSuites(), _fd.getEnabledCipherSuites()); - try - { - _fd.setEnabledCipherSuites(cipherSuites); - } - catch(IllegalArgumentException ex) - { - Ice.SecurityException e = new Ice.SecurityException(); - e.reason = "IceSSL: invalid ciphersuite"; - e.initCause(ex); - throw e; - } - if(_instance.securityTraceLevel() > 0) - { - StringBuffer s = new StringBuffer(); - s.append("enabling SSL ciphersuites for server socket " + toString() + ":"); - for(int i = 0; i < cipherSuites.length; ++i) - { - s.append("\n " + cipherSuites[i]); - } - _logger.trace(_instance.securityTraceCategory(), s.toString()); - } - - String[] protocols = _instance.protocols(); - if(protocols != null) - { - try - { - _fd.setEnabledProtocols(protocols); - } - catch(IllegalArgumentException ex) - { - Ice.SecurityException e = new Ice.SecurityException(); - e.reason = "IceSSL: invalid protocol"; - e.initCause(ex); - throw e; - } - } - } - catch(java.io.IOException ex) - { - try - { - if(_fd != null) - { - _fd.close(); - } - } - catch(java.io.IOException e) - { - } - _fd = null; - Ice.SocketException se = new Ice.SocketException(); - se.initCause(ex); - throw se; - } - } - - protected void - finalize() - throws Throwable - { - assert(_fd == null); - - super.finalize(); - } - - private static class HandshakeThread extends Thread - { - HandshakeThread(javax.net.ssl.SSLSocket fd) - { - _fd = fd; - _ok = false; - } - - public void - run() - { - try - { - _fd.getSession(); - synchronized(this) - { - _ok = true; - notifyAll(); - } - - } - catch(RuntimeException ex) - { - synchronized(this) - { - _ex = ex; - notifyAll(); - } - } - } - - boolean - waitForHandshake(int timeout) - { - boolean result = false; - - synchronized(this) - { - while(!_ok && _ex == null) - { - try - { - wait(timeout); - break; - } - catch(InterruptedException ex) - { - continue; - } - } - - if(_ex != null) - { - throw _ex; - } - - result = _ok; - } - - return result; - } - - private javax.net.ssl.SSLSocket _fd; - private boolean _ok; - private RuntimeException _ex; - } - - private Instance _instance; - private String _adapterName; - private Ice.Logger _logger; - private javax.net.ssl.SSLServerSocket _fd; - private int _backlog; - private java.net.InetSocketAddress _addr; - private java.net.InetSocketAddress _connectToSelfAddr; -} diff --git a/java/jdk/1.4/IceSSL/ConnectorI.java b/java/jdk/1.4/IceSSL/ConnectorI.java deleted file mode 100644 index 004bf95cdc6..00000000000 --- a/java/jdk/1.4/IceSSL/ConnectorI.java +++ /dev/null @@ -1,490 +0,0 @@ -// ********************************************************************** -// -// Copyright (c) 2003-2007 ZeroC, Inc. All rights reserved. -// -// This copy of Ice is licensed to you under the terms described in the -// ICE_LICENSE file included in this distribution. -// -// ********************************************************************** - -package IceSSL; - -final class ConnectorI implements IceInternal.Connector, java.lang.Comparable -{ - final static short TYPE = 2; - - public IceInternal.Transceiver - connect(int timeout) - { - // - // The plugin may not be fully initialized. - // - if(!_instance.initialized()) - { - Ice.PluginInitializationException ex = new Ice.PluginInitializationException(); - ex.reason = "IceSSL: plugin is not initialized"; - throw ex; - } - - if(_instance.networkTraceLevel() >= 2) - { - String s = "trying to establish ssl connection to " + toString(); - _logger.trace(_instance.networkTraceCategory(), s); - } - - javax.net.ssl.SSLSocket fd = null; - ConnectionInfo connInfo = null; - try - { - // - // If a connect timeout is specified, do the connect in a separate thread. - // - if(timeout >= 0) - { - ConnectThread ct = new ConnectThread(_instance.context(), _addr); - ct.start(); - fd = ct.getFd(timeout == 0 ? 1 : timeout); - if(fd == null) - { - throw new Ice.ConnectTimeoutException(); - } - } - else - { - javax.net.SocketFactory factory = _instance.context().getSocketFactory(); - fd = (javax.net.ssl.SSLSocket)factory.createSocket(_addr.getAddress(), _addr.getPort()); - } - - fd.setUseClientMode(true); - - String[] cipherSuites = _instance.filterCiphers(fd.getSupportedCipherSuites(), fd.getEnabledCipherSuites()); - try - { - fd.setEnabledCipherSuites(cipherSuites); - } - catch(IllegalArgumentException ex) - { - Ice.SecurityException e = new Ice.SecurityException(); - e.reason = "IceSSL: invalid ciphersuite"; - e.initCause(ex); - throw e; - } - if(_instance.securityTraceLevel() > 0) - { - StringBuffer s = new StringBuffer(); - s.append("enabling SSL ciphersuites for socket\n" + IceInternal.Network.fdToString(fd) + ":"); - for(int i = 0; i < cipherSuites.length; ++i) - { - s.append("\n " + cipherSuites[i]); - } - _logger.trace(_instance.securityTraceCategory(), s.toString()); - } - - String[] protocols = _instance.protocols(); - if(protocols != null) - { - try - { - fd.setEnabledProtocols(protocols); - } - catch(IllegalArgumentException ex) - { - Ice.SecurityException e = new Ice.SecurityException(); - e.reason = "IceSSL: invalid protocol"; - e.initCause(ex); - throw e; - } - } - - // - // If a connect timeout is specified, do the SSL handshake in a separate thread. - // - if(timeout >= 0) - { - HandshakeThread ht = new HandshakeThread(fd); - ht.start(); - if(!ht.waitForHandshake(timeout == 0 ? 1 : timeout)) - { - throw new Ice.ConnectTimeoutException(); - } - } - else - { - fd.startHandshake(); - } - - // - // Check IceSSL.VerifyPeer. - // - int verifyPeer = - _instance.communicator().getProperties().getPropertyAsIntWithDefault("IceSSL.VerifyPeer", 2); - if(verifyPeer > 0) - { - try - { - fd.getSession().getPeerCertificates(); - } - catch(javax.net.ssl.SSLPeerUnverifiedException ex) - { - Ice.SecurityException e = new Ice.SecurityException(); - e.reason = "IceSSL: server did not supply a certificate"; - e.initCause(ex); - throw e; - } - } - - connInfo = Util.populateConnectionInfo(fd, "", false); - _instance.verifyPeer(connInfo, fd, _host, false); - } - catch(java.net.ConnectException ex) - { - if(fd != null) - { - try - { - fd.close(); - } - catch(java.io.IOException e) - { - } - } - Ice.ConnectFailedException se; - if(IceInternal.Network.connectionRefused(ex)) - { - se = new Ice.ConnectionRefusedException(); - } - else - { - se = new Ice.ConnectFailedException(); - } - se.initCause(ex); - throw se; - } - catch(javax.net.ssl.SSLException ex) - { - if(fd != null) - { - try - { - fd.close(); - } - catch(java.io.IOException e) - { - } - } - Ice.SecurityException e = new Ice.SecurityException(); - e.initCause(ex); - throw e; - } - catch(java.io.IOException ex) - { - if(fd != null) - { - try - { - fd.close(); - } - catch(java.io.IOException e) - { - } - } - - if(IceInternal.Network.connectionLost(ex)) - { - throw new Ice.ConnectionLostException(); - } - - Ice.SocketException e = new Ice.SocketException(); - e.initCause(ex); - throw e; - } - catch(RuntimeException ex) - { - if(fd != null) - { - try - { - fd.close(); - } - catch(java.io.IOException e) - { - } - } - throw ex; - } - - if(_instance.networkTraceLevel() >= 1) - { - String s = "ssl connection established\n" + IceInternal.Network.fdToString(fd); - _logger.trace(_instance.networkTraceCategory(), s); - } - - if(_instance.securityTraceLevel() > 0) - { - _instance.traceConnection(fd, false); - } - - return new TransceiverI(_instance, fd, connInfo); - } - - public short - type() - { - return TYPE; - } - - public String - toString() - { - return IceInternal.Network.addrToString(_addr); - } - - public int - hashCode() - { - return _hashCode; - } - - final boolean - equivalent(String host, int port) - { - java.net.InetSocketAddress addr; - try - { - addr = IceInternal.Network.getAddress(host, port); - } - catch(Ice.DNSException ex) - { - return false; - } - return addr.equals(_addr); - } - - // - // Only for use by EndpointI - // - ConnectorI(Instance instance, java.net.InetSocketAddress addr, int timeout, String connectionId) - { - _instance = instance; - _logger = instance.communicator().getLogger(); - _host = addr.getHostName(); - _addr = addr; - _timeout = timeout; - _connectionId = connectionId; - - _hashCode = _addr.getAddress().getHostAddress().hashCode(); - _hashCode = 5 * _hashCode + _addr.getPort(); - _hashCode = 5 * _hashCode + _timeout; - _hashCode = 5 * _hashCode + _connectionId.hashCode(); - } - - // - // Compare connectors for sorting purposes - // - public boolean - equals(java.lang.Object obj) - { - return compareTo(obj) == 0; - } - - public int - compareTo(java.lang.Object obj) // From java.lang.Comparable - { - ConnectorI p = null; - - try - { - p = (ConnectorI)obj; - } - catch(ClassCastException ex) - { - try - { - IceInternal.Connector c = (IceInternal.Connector)obj; - return type() < c.type() ? -1 : 1; - } - catch(ClassCastException ee) - { - assert(false); - } - } - - if(this == p) - { - return 0; - } - - if(_timeout < p._timeout) - { - return -1; - } - else if(p._timeout < _timeout) - { - return 1; - } - - if(!_connectionId.equals(p._connectionId)) - { - return _connectionId.compareTo(p._connectionId); - } - - if(_timeout < p._timeout) - { - return -1; - } - else if(p._timeout < _timeout) - { - return 1; - } - - return IceInternal.Network.compareAddress(_addr, p._addr); - } - - - private static class ConnectThread extends Thread - { - ConnectThread(javax.net.ssl.SSLContext ctx, java.net.InetSocketAddress addr) - { - _ctx = ctx; - _addr = addr; - } - - public void - run() - { - try - { - javax.net.SocketFactory factory = _ctx.getSocketFactory(); - javax.net.ssl.SSLSocket fd = - (javax.net.ssl.SSLSocket)factory.createSocket(_addr.getAddress(), _addr.getPort()); - synchronized(this) - { - _fd = fd; - notifyAll(); - } - } - catch(java.io.IOException ex) - { - synchronized(this) - { - _ex = ex; - notifyAll(); - } - } - } - - javax.net.ssl.SSLSocket - getFd(int timeout) - throws java.io.IOException - { - javax.net.ssl.SSLSocket fd = null; - - synchronized(this) - { - while(_fd == null && _ex == null) - { - try - { - wait(timeout); - break; - } - catch(InterruptedException ex) - { - continue; - } - } - - if(_ex != null) - { - throw _ex; - } - - fd = _fd; - _fd = null; - } - - return fd; - } - - private javax.net.ssl.SSLContext _ctx; - private java.net.InetSocketAddress _addr; - private javax.net.ssl.SSLSocket _fd; - private java.io.IOException _ex; - } - - private static class HandshakeThread extends Thread - { - HandshakeThread(javax.net.ssl.SSLSocket fd) - { - _fd = fd; - _ok = false; - } - - public void - run() - { - try - { - _fd.startHandshake(); - synchronized(this) - { - _ok = true; - notifyAll(); - } - - } - catch(java.io.IOException ex) - { - synchronized(this) - { - _ex = ex; - notifyAll(); - } - } - } - - boolean - waitForHandshake(int timeout) - throws java.io.IOException - { - boolean result = false; - - synchronized(this) - { - while(!_ok && _ex == null) - { - try - { - wait(timeout); - break; - } - catch(InterruptedException ex) - { - continue; - } - } - - if(_ex != null) - { - throw _ex; - } - - result = _ok; - } - - return result; - } - - private javax.net.ssl.SSLSocket _fd; - private boolean _ok; - private java.io.IOException _ex; - } - - private Instance _instance; - private Ice.Logger _logger; - private String _host; - private java.net.InetSocketAddress _addr; - private int _timeout; - private String _connectionId; - private int _hashCode; -} diff --git a/java/jdk/1.4/IceSSL/EndpointI.java b/java/jdk/1.4/IceSSL/EndpointI.java deleted file mode 100644 index 0f295b420b1..00000000000 --- a/java/jdk/1.4/IceSSL/EndpointI.java +++ /dev/null @@ -1,518 +0,0 @@ -// ********************************************************************** -// -// Copyright (c) 2003-2007 ZeroC, Inc. All rights reserved. -// -// This copy of Ice is licensed to you under the terms described in the -// ICE_LICENSE file included in this distribution. -// -// ********************************************************************** - -package IceSSL; - -final class EndpointI extends IceInternal.EndpointI -{ - final static short TYPE = 2; - - public - EndpointI(Instance instance, String ho, int po, int ti, String conId, boolean co) - { - _instance = instance; - _host = ho; - _port = po; - _timeout = ti; - _connectionId = conId; - _compress = co; - calcHashValue(); - } - - public - EndpointI(Instance instance, String str, boolean server) - { - _instance = instance; - _host = null; - _port = 0; - _timeout = -1; - _compress = false; - - String[] arr = str.split("[ \t\n\r]+"); - - int i = 0; - while(i < arr.length) - { - if(arr[i].length() == 0) - { - i++; - continue; - } - - String option = arr[i++]; - if(option.length() != 2 || option.charAt(0) != '-') - { - throw new Ice.EndpointParseException("ssl " + str); - } - - String argument = null; - if(i < arr.length && arr[i].charAt(0) != '-') - { - argument = arr[i++]; - } - - switch(option.charAt(1)) - { - case 'h': - { - if(argument == null) - { - throw new Ice.EndpointParseException("ssl " + str); - } - - _host = argument; - break; - } - - case 'p': - { - if(argument == null) - { - throw new Ice.EndpointParseException("ssl " + str); - } - - try - { - _port = Integer.parseInt(argument); - } - catch(NumberFormatException ex) - { - throw new Ice.EndpointParseException("ssl " + str); - } - - if(_port < 0 || _port > 65535) - { - throw new Ice.EndpointParseException("ssl " + str); - } - - break; - } - - case 't': - { - if(argument == null) - { - throw new Ice.EndpointParseException("ssl " + str); - } - - try - { - _timeout = Integer.parseInt(argument); - } - catch(NumberFormatException ex) - { - throw new Ice.EndpointParseException("ssl " + str); - } - - break; - } - - case 'z': - { - if(argument != null) - { - throw new Ice.EndpointParseException("ssl " + str); - } - - _compress = true; - break; - } - - default: - { - throw new Ice.EndpointParseException("ssl " + str); - } - } - } - - if(_host == null) - { - _host = _instance.defaultHost(); - if(_host == null) - { - if(server) - { - _host = "0.0.0.0"; - } - else - { - _host = "127.0.0.1"; - } - } - } - else if(_host.equals("*")) - { - _host = "0.0.0.0"; - } - calcHashValue(); - } - - public - EndpointI(Instance instance, IceInternal.BasicStream s) - { - _instance = instance; - s.startReadEncaps(); - _host = s.readString(); - _port = s.readInt(); - _timeout = s.readInt(); - _compress = s.readBool(); - s.endReadEncaps(); - calcHashValue(); - } - - // - // Marshal the endpoint - // - public void - streamWrite(IceInternal.BasicStream s) - { - s.writeShort(TYPE); - s.startWriteEncaps(); - s.writeString(_host); - s.writeInt(_port); - s.writeInt(_timeout); - s.writeBool(_compress); - s.endWriteEncaps(); - } - - // - // Convert the endpoint to its string form - // - public String - _toString() - { - // - // WARNING: Certain features, such as proxy validation in Glacier2, - // depend on the format of proxy strings. Changes to toString() and - // methods called to generate parts of the reference string could break - // these features. Please review for all features that depend on the - // format of proxyToString() before changing this and related code. - // - String s = "ssl -h " + _host + " -p " + _port; - if(_timeout != -1) - { - s += " -t " + _timeout; - } - if(_compress) - { - s += " -z"; - } - return s; - } - - // - // Return the endpoint type - // - public short - type() - { - return TYPE; - } - - // - // Return the timeout for the endpoint in milliseconds. 0 means - // non-blocking, -1 means no timeout. - // - public int - timeout() - { - return _timeout; - } - - // - // Return a new endpoint with a different timeout value, provided - // that timeouts are supported by the endpoint. Otherwise the same - // endpoint is returned. - // - public IceInternal.EndpointI - timeout(int timeout) - { - if(timeout == _timeout) - { - return this; - } - else - { - return new EndpointI(_instance, _host, _port, timeout, _connectionId, _compress); - } - } - - // - // Return a new endpoint with a different connection id. - // - public IceInternal.EndpointI - connectionId(String connectionId) - { - if(connectionId.equals(_connectionId)) - { - return this; - } - else - { - return new EndpointI(_instance, _host, _port, _timeout, connectionId, _compress); - } - } - - // - // Return true if the endpoints support bzip2 compress, or false - // otherwise. - // - public boolean - compress() - { - return _compress; - } - - // - // Return a new endpoint with a different compression value, - // provided that compression is supported by the - // endpoint. Otherwise the same endpoint is returned. - // - public IceInternal.EndpointI - compress(boolean compress) - { - if(compress == _compress) - { - return this; - } - else - { - return new EndpointI(_instance, _host, _port, _timeout, _connectionId, compress); - } - } - - // - // Return true if the endpoint is datagram-based. - // - public boolean - datagram() - { - return false; - } - - // - // Return true if the endpoint is secure. - // - public boolean - secure() - { - return true; - } - - // - // Return true if the endpoint type is unknown. - // - public boolean - unknown() - { - return false; - } - - // - // Return a server side transceiver for this endpoint, or null if a - // transceiver can only be created by an acceptor. In case a - // transceiver is created, this operation also returns a new - // "effective" endpoint, which might differ from this endpoint, - // for example, if a dynamic port number is assigned. - // - public IceInternal.Transceiver - transceiver(IceInternal.EndpointIHolder endpoint) - { - endpoint.value = this; - return null; - } - - // - // Return connectors for this endpoint, or empty list if no connector - // is available. - // - public java.util.ArrayList - connectors() - { - java.util.ArrayList connectors = new java.util.ArrayList(); - java.util.ArrayList addresses = IceInternal.Network.getAddresses(_host, _port); - java.util.Iterator p = addresses.iterator(); - while(p.hasNext()) - { - connectors.add(new ConnectorI(_instance, (java.net.InetSocketAddress)p.next(), _timeout, _connectionId)); - } - return connectors; - } - - // - // Return an acceptor for this endpoint, or null if no acceptors - // is available. In case an acceptor is created, this operation - // also returns a new "effective" endpoint, which might differ - // from this endpoint, for example, if a dynamic port number is - // assigned. - // - public IceInternal.Acceptor - acceptor(IceInternal.EndpointIHolder endpoint, String adapterName) - { - AcceptorI p = new AcceptorI(_instance, adapterName, _host, _port); - endpoint.value = new EndpointI(_instance, _host, p.effectivePort(), _timeout, _connectionId, _compress); - return p; - } - - // - // Expand endpoint out in to separate endpoints for each local - // host if listening on INADDR_ANY. - // - public java.util.ArrayList - expand() - { - java.util.ArrayList endps = new java.util.ArrayList(); - if(_host.equals("0.0.0.0")) - { - java.util.ArrayList hosts = IceInternal.Network.getLocalHosts(); - java.util.Iterator iter = hosts.iterator(); - while(iter.hasNext()) - { - String host = (String)iter.next(); - if(hosts.size() == 1 || !host.equals("127.0.0.1")) - { - endps.add(new EndpointI(_instance, host, _port, _timeout, _connectionId, _compress)); - - } - } - } - else - { - endps.add(this); - } - return endps; - } - - // - // Check whether the endpoint is equivalent to a specific Connector. - // - public boolean - equivalent(IceInternal.Connector connector) - { - ConnectorI sslConnector = null; - try - { - sslConnector = (ConnectorI)connector; - } - catch(ClassCastException ex) - { - return false; - } - return sslConnector.equivalent(_host, _port); - } - - public int - hashCode() - { - return _hashCode; - } - - // - // Compare endpoints for sorting purposes - // - public boolean - equals(java.lang.Object obj) - { - return compareTo(obj) == 0; - } - - public int - compareTo(java.lang.Object obj) // From java.lang.Comparable - { - EndpointI p = null; - - try - { - p = (EndpointI)obj; - } - catch(ClassCastException ex) - { - try - { - IceInternal.EndpointI e = (IceInternal.EndpointI)obj; - return type() < e.type() ? -1 : 1; - } - catch(ClassCastException ee) - { - assert(false); - } - } - - if(this == p) - { - return 0; - } - - if(_port < p._port) - { - return -1; - } - else if(p._port < _port) - { - return 1; - } - - if(!_connectionId.equals(p._connectionId)) - { - return _connectionId.compareTo(p._connectionId); - } - - if(_timeout < p._timeout) - { - return -1; - } - else if(p._timeout < _timeout) - { - return 1; - } - - if(!_compress && p._compress) - { - return -1; - } - else if(!p._compress && _compress) - { - return 1; - } - - return _host.compareTo(p._host); - } - - public boolean - requiresThreadPerConnection() - { - return true; - } - - private void - calcHashValue() - { - try - { - java.net.InetSocketAddress addr = IceInternal.Network.getAddress(_host, _port); - _hashCode = addr.getAddress().getHostAddress().hashCode(); - } - catch(Ice.DNSException ex) - { - _hashCode = _host.hashCode(); - } - _hashCode = 5 * _hashCode + _port; - _hashCode = 5 * _hashCode + _timeout; - _hashCode = 5 * _hashCode + _connectionId.hashCode(); - _hashCode = 5 * _hashCode + (_compress ? 1 : 0); - } - - private Instance _instance; - private String _host; - private int _port; - private int _timeout; - private String _connectionId = ""; - private boolean _compress; - private int _hashCode; -} diff --git a/java/jdk/1.4/IceSSL/Instance.java b/java/jdk/1.4/IceSSL/Instance.java deleted file mode 100644 index 074242086ff..00000000000 --- a/java/jdk/1.4/IceSSL/Instance.java +++ /dev/null @@ -1,918 +0,0 @@ -// ********************************************************************** -// -// Copyright (c) 2003-2007 ZeroC, Inc. All rights reserved. -// -// This copy of Ice is licensed to you under the terms described in the -// ICE_LICENSE file included in this distribution. -// -// ********************************************************************** - -package IceSSL; - -class Instance -{ - Instance(Ice.Communicator communicator) - { - _logger = communicator.getLogger(); - _facade = Ice.Util.getProtocolPluginFacade(communicator); - _securityTraceLevel = communicator.getProperties().getPropertyAsIntWithDefault("IceSSL.Trace.Security", 0); - _securityTraceCategory = "Security"; - _initialized = false; - _trustManager = new TrustManager(communicator); - - // - // Register the endpoint factory. We have to do this now, rather than - // in initialize, because the communicator may need to interpret - // proxies before the plugin is fully initialized. - // - _facade.addEndpointFactory(new EndpointFactoryI(this)); - } - - void - initialize() - { - if(_initialized) - { - return; - } - - final String prefix = "IceSSL."; - Ice.Properties properties = communicator().getProperties(); - - // - // Parse the cipher list. - // - String ciphers = properties.getProperty(prefix + "Ciphers"); - if(ciphers.length() > 0) - { - parseCiphers(ciphers); - } - - // - // Select protocols. - // - String protocols = properties.getProperty(prefix + "Protocols"); - if(protocols.length() > 0) - { - java.util.ArrayList l = new java.util.ArrayList(); - String[] arr = protocols.split("[ \t,]+"); - for(int i = 0; i < arr.length; ++i) - { - String s = arr[i].toLowerCase(); - if(s.equals("ssl3") || s.equals("sslv3")) - { - l.add("SSLv3"); - } - else if(s.equals("tls") || s.equals("tls1") || s.equals("tlsv1")) - { - l.add("TLSv1"); - } - else - { - Ice.PluginInitializationException e = new Ice.PluginInitializationException(); - e.reason = "IceSSL: unrecognized protocol `" + arr[i] + "'"; - throw e; - } - } - _protocols = new String[l.size()]; - l.toArray(_protocols); - } - - // - // CheckCertName determines whether we compare the name in a peer's - // certificate against its hostname. - // - _checkCertName = properties.getPropertyAsIntWithDefault(prefix + "CheckCertName", 0) > 0; - - // - // VerifyDepthMax establishes the maximum length of a peer's certificate - // chain, including the peer's certificate. A value of 0 means there is - // no maximum. - // - _verifyDepthMax = properties.getPropertyAsIntWithDefault(prefix + "VerifyDepthMax", 2); - - // - // Check for a certificate verifier. - // - final String certVerifierClass = properties.getProperty(prefix + "CertVerifier"); - if(certVerifierClass.length() > 0) - { - if(_verifier != null) - { - Ice.PluginInitializationException e = new Ice.PluginInitializationException(); - e.reason = "IceSSL: certificate verifier already installed"; - throw e; - } - - Class cls = null; - try - { - cls = Class.forName(certVerifierClass); - } - catch(Throwable ex) - { - Ice.PluginInitializationException e = new Ice.PluginInitializationException(); - e.reason = "IceSSL: unable to load certificate verifier class " + certVerifierClass; - e.initCause(ex); - throw e; - } - - try - { - _verifier = (CertificateVerifier)cls.newInstance(); - } - catch(Throwable ex) - { - Ice.PluginInitializationException e = new Ice.PluginInitializationException(); - e.reason = "IceSSL: unable to instantiate certificate verifier class " + certVerifierClass; - e.initCause(ex); - throw e; - } - } - - // - // Check for a password callback. - // - final String passwordCallbackClass = properties.getProperty(prefix + "PasswordCallback"); - if(passwordCallbackClass.length() > 0) - { - if(_passwordCallback != null) - { - Ice.PluginInitializationException e = new Ice.PluginInitializationException(); - e.reason = "IceSSL: password callback already installed"; - throw e; - } - - Class cls = null; - try - { - cls = Class.forName(passwordCallbackClass); - } - catch(Throwable ex) - { - Ice.PluginInitializationException e = new Ice.PluginInitializationException(); - e.reason = "IceSSL: unable to load password callback class " + passwordCallbackClass; - e.initCause(ex); - throw e; - } - - try - { - _passwordCallback = (PasswordCallback)cls.newInstance(); - } - catch(Throwable ex) - { - Ice.PluginInitializationException e = new Ice.PluginInitializationException(); - e.reason = "IceSSL: unable to instantiate password callback class " + passwordCallbackClass; - e.initCause(ex); - throw e; - } - } - - // - // If the user doesn't supply an SSLContext, we need to create one based - // on property settings. - // - if(_context == null) - { - try - { - // - // Check for a default directory. We look in this directory for - // files mentioned in the configuration. - // - _defaultDir = properties.getProperty(prefix + "DefaultDir"); - - // - // We need a SecureRandom object. - // - // NOTE: The JDK recommends obtaining a SecureRandom object like this: - // - // java.security.SecureRandom rand = java.security.SecureRandom.getInstance("SHA1PRNG"); - // - // However, there is a bug (6202721) which causes it to always use /dev/random, - // which can lead to long delays at program startup. The workaround is to use - // the default constructor. - // - java.security.SecureRandom rand = new java.security.SecureRandom(); - - // - // Check for seed data for the random number generator. - // - final String seedFiles = properties.getProperty(prefix + "Random"); - if(seedFiles.length() > 0) - { - byte[] seed = null; - int start = 0; - final String[] arr = seedFiles.split(java.io.File.pathSeparator); - for(int i = 0; i < arr.length; ++i) - { - Ice.StringHolder seedFile = new Ice.StringHolder(arr[i]); - if(!checkPath(seedFile, false)) - { - Ice.PluginInitializationException e = new Ice.PluginInitializationException(); - e.reason = "IceSSL: random seed file not found:\n" + arr[i]; - throw e; - } - java.io.File f = new java.io.File(seedFile.value); - int num = (int)f.length(); - if(seed == null) - { - seed = new byte[num]; - } - else - { - byte[] tmp = new byte[seed.length + num]; - System.arraycopy(seed, 0, tmp, 0, seed.length); - start = seed.length; - seed = tmp; - } - try - { - java.io.FileInputStream in = new java.io.FileInputStream(f); - in.read(seed, start, num); - in.close(); - } - catch(java.io.IOException ex) - { - Ice.PluginInitializationException e = new Ice.PluginInitializationException(); - e.reason = "IceSSL: error while reading random seed file:\n" + arr[i]; - e.initCause(ex); - throw e; - } - } - rand.setSeed(seed); - } - - // - // We call nextInt() in order to force the object to perform any time-consuming - // initialization tasks now. - // - rand.nextInt(); - - // - // The keystore holds private keys and associated certificates. - // - Ice.StringHolder keystorePath = new Ice.StringHolder(properties.getProperty(prefix + "Keystore")); - - // - // The password for the keys. - // - String password = properties.getProperty(prefix + "Password"); - - // - // The password for the keystore. - // - String keystorePassword = properties.getProperty(prefix + "KeystorePassword"); - - // - // The default keystore type value is "JKS", but it can also be "PKCS12". - // - final String defaultType = java.security.KeyStore.getDefaultType(); - final String keystoreType = properties.getPropertyWithDefault(prefix + "KeystoreType", defaultType); - - // - // The alias of the key to use in authentication. - // - final String alias = properties.getProperty(prefix + "Alias"); - - // - // The truststore holds the certificates of trusted CAs. - // - Ice.StringHolder truststorePath = new Ice.StringHolder(properties.getProperty(prefix + "Truststore")); - - // - // The password for the truststore. - // - String truststorePassword = properties.getProperty(prefix + "TruststorePassword"); - - // - // The truststore type defaults to "JKS", but it can also be "PKCS12". - // - final String truststoreType = - properties.getPropertyWithDefault(prefix + "TruststoreType", - java.security.KeyStore.getDefaultType()); - - // - // Collect the key managers. - // - javax.net.ssl.KeyManager[] keyManagers = null; - if(keystorePath.value.length() > 0) - { - if(!checkPath(keystorePath, false)) - { - Ice.PluginInitializationException e = new Ice.PluginInitializationException(); - e.reason = "IceSSL: keystore file not found:\n" + keystorePath.value; - throw e; - } - java.security.KeyStore keys = java.security.KeyStore.getInstance(keystoreType); - try - { - char[] passwordChars = null; - if(keystorePassword.length() > 0) - { - passwordChars = keystorePassword.toCharArray(); - } - else if(_passwordCallback != null) - { - passwordChars = _passwordCallback.getKeystorePassword(); - } - - java.io.BufferedInputStream bis = - new java.io.BufferedInputStream(new java.io.FileInputStream(keystorePath.value)); - keys.load(bis, passwordChars); - - if(passwordChars != null) - { - java.util.Arrays.fill(passwordChars, '\0'); - } - keystorePassword = null; - } - catch(java.io.IOException ex) - { - Ice.PluginInitializationException e = new Ice.PluginInitializationException(); - e.reason = "IceSSL: unable to load keystore:\n" + keystorePath.value; - e.initCause(ex); - throw e; - } - - String algorithm = javax.net.ssl.KeyManagerFactory.getDefaultAlgorithm(); - javax.net.ssl.KeyManagerFactory kmf = javax.net.ssl.KeyManagerFactory.getInstance(algorithm); - char[] passwordChars = new char[0]; // This password cannot be null. - if(password.length() > 0) - { - passwordChars = password.toCharArray(); - } - else if(_passwordCallback != null) - { - passwordChars = _passwordCallback.getPassword(alias); - } - kmf.init(keys, passwordChars); - if(passwordChars.length > 0) - { - java.util.Arrays.fill(passwordChars, '\0'); - } - password = null; - keyManagers = kmf.getKeyManagers(); - - // - // If the user selected a specific alias, we need to wrap the key managers - // in order to return the desired alias. - // - if(alias.length() > 0) - { - if(!keys.isKeyEntry(alias)) - { - Ice.PluginInitializationException e = new Ice.PluginInitializationException(); - e.reason = "IceSSL: keystore does not contain an entry with alias `" + alias + "'"; - throw e; - } - - for(int i = 0; i < keyManagers.length; ++i) - { - keyManagers[i] = new X509KeyManagerI((javax.net.ssl.X509KeyManager)keyManagers[i], alias); - } - } - } - - // - // Collect the trust managers. - // - javax.net.ssl.TrustManager[] trustManagers = null; - if(truststorePath.value.length() > 0) - { - if(!checkPath(truststorePath, false)) - { - Ice.PluginInitializationException e = new Ice.PluginInitializationException(); - e.reason = "IceSSL: truststore file not found:\n" + truststorePath.value; - throw e; - } - java.security.KeyStore ts = java.security.KeyStore.getInstance(truststoreType); - try - { - char[] passwordChars = null; - if(truststorePassword.length() > 0) - { - passwordChars = truststorePassword.toCharArray(); - } - else if(_passwordCallback != null) - { - passwordChars = _passwordCallback.getTruststorePassword(); - } - - java.io.BufferedInputStream bis = - new java.io.BufferedInputStream(new java.io.FileInputStream(truststorePath.value)); - ts.load(bis, passwordChars); - - if(passwordChars != null) - { - java.util.Arrays.fill(passwordChars, '\0'); - } - truststorePassword = null; - } - catch(java.io.IOException ex) - { - Ice.PluginInitializationException e = new Ice.PluginInitializationException(); - e.reason = "IceSSL: unable to load truststore:\n" + truststorePath.value; - e.initCause(ex); - throw e; - } - - String algorithm = javax.net.ssl.TrustManagerFactory.getDefaultAlgorithm(); - javax.net.ssl.TrustManagerFactory tmf = javax.net.ssl.TrustManagerFactory.getInstance(algorithm); - tmf.init(ts); - trustManagers = tmf.getTrustManagers(); - } - - // - // The default TrustManager implementation in IBM's JDK does not accept - // anonymous ciphers, so we have to install our own. - // - if(trustManagers == null) - { - trustManagers = new javax.net.ssl.TrustManager[1]; - trustManagers[0] = new X509TrustManagerI(null); - } - else - { - for(int i = 0; i < trustManagers.length; ++i) - { - trustManagers[i] = new X509TrustManagerI((javax.net.ssl.X509TrustManager)trustManagers[i]); - } - } - - // - // Initialize the SSL context. - // - _context = javax.net.ssl.SSLContext.getInstance("SSL"); - _context.init(keyManagers, trustManagers, rand); - } - catch(java.security.GeneralSecurityException ex) - { - Ice.PluginInitializationException e = new Ice.PluginInitializationException(); - e.reason = "IceSSL: unable to initialize context"; - e.initCause(ex); - throw e; - } - } - - _initialized = true; - } - - void - context(javax.net.ssl.SSLContext context) - { - if(_initialized) - { - Ice.PluginInitializationException ex = new Ice.PluginInitializationException(); - ex.reason = "IceSSL: plugin is already initialized"; - throw ex; - } - - _context = context; - } - - javax.net.ssl.SSLContext - context() - { - return _context; - } - - void - setCertificateVerifier(CertificateVerifier verifier) - { - _verifier = verifier; - } - - CertificateVerifier - getCertificateVerifier() - { - return _verifier; - } - - void - setPasswordCallback(PasswordCallback callback) - { - _passwordCallback = callback; - } - - PasswordCallback - getPasswordCallback() - { - return _passwordCallback; - } - - Ice.Communicator - communicator() - { - return _facade.getCommunicator(); - } - - String - defaultHost() - { - return _facade.getDefaultHost(); - } - - int - networkTraceLevel() - { - return _facade.getNetworkTraceLevel(); - } - - String - networkTraceCategory() - { - return _facade.getNetworkTraceCategory(); - } - - int - securityTraceLevel() - { - return _securityTraceLevel; - } - - String - securityTraceCategory() - { - return _securityTraceCategory; - } - - boolean - initialized() - { - return _initialized; - } - - String[] - filterCiphers(String[] supportedCiphers, String[] defaultCiphers) - { - java.util.LinkedList result = new java.util.LinkedList(); - if(_allCiphers) - { - for(int i = 0; i < supportedCiphers.length; ++i) - { - result.add(supportedCiphers[i]); - } - } - else if(!_noCiphers) - { - for(int i = 0; i < defaultCiphers.length; ++i) - { - result.add(defaultCiphers[i]); - } - } - - if(_ciphers != null) - { - for(int i = 0; i < _ciphers.length; ++i) - { - CipherExpression ce = (CipherExpression)_ciphers[i]; - if(ce.not) - { - java.util.Iterator e = result.iterator(); - while(e.hasNext()) - { - String cipher = (String)e.next(); - if(ce.cipher != null) - { - if(ce.cipher.equals(cipher)) - { - e.remove(); - } - } - else - { - assert(ce.re != null); - java.util.regex.Matcher m = ce.re.matcher(cipher); - if(m.find()) - { - e.remove(); - } - } - } - } - else - { - if(ce.cipher != null) - { - result.add(0, ce.cipher); - } - else - { - assert(ce.re != null); - for(int j = 0; j < supportedCiphers.length; ++j) - { - java.util.regex.Matcher m = ce.re.matcher(supportedCiphers[j]); - if(m.find()) - { - result.add(0, supportedCiphers[j]); - } - } - } - } - } - } - - String[] arr = new String[result.size()]; - result.toArray(arr); - return arr; - } - - String[] - protocols() - { - return _protocols; - } - - void - traceConnection(javax.net.ssl.SSLSocket fd, boolean incoming) - { - javax.net.ssl.SSLSession session = fd.getSession(); - String msg = "SSL summary for " + (incoming ? "incoming" : "outgoing") + " connection\n" + - "cipher = " + session.getCipherSuite() + "\n" + - "protocol = " + session.getProtocol() + "\n" + - IceInternal.Network.fdToString(fd); - _logger.trace(_securityTraceCategory, msg); - } - - void - verifyPeer(ConnectionInfo info, javax.net.ssl.SSLSocket fd, String address, boolean incoming) - { - if(_verifyDepthMax > 0 && info.certs != null && info.certs.length > _verifyDepthMax) - { - String msg = (incoming ? "incoming" : "outgoing") + " connection rejected:\n" + - "length of peer's certificate chain (" + info.certs.length + ") exceeds maximum of " + - _verifyDepthMax + "\n" + - IceInternal.Network.fdToString(fd); - if(_securityTraceLevel >= 1) - { - _logger.trace(_securityTraceCategory, msg); - } - Ice.SecurityException ex = new Ice.SecurityException(); - ex.reason = msg; - throw ex; - } - - // - // Extract the IP addresses and the DNS names from the subject - // alternative names. - // - if(info.certs != null) - { - try - { - java.util.Collection subjectAltNames = - ((java.security.cert.X509Certificate)info.certs[0]).getSubjectAlternativeNames(); - java.util.ArrayList ipAddresses = new java.util.ArrayList(); - java.util.ArrayList dnsNames = new java.util.ArrayList(); - if(subjectAltNames != null) - { - java.util.Iterator i = subjectAltNames.iterator(); - while(i.hasNext()) - { - java.util.List l = (java.util.List)i.next(); - assert(!l.isEmpty()); - Integer n = (Integer)l.get(0); - if(n.intValue() == 7) - { - ipAddresses.add((String)l.get(1)); - } - else if(n.intValue() == 2) - { - dnsNames.add(((String)l.get(1)).toLowerCase()); - } - } - } - - // - // Compare the peer's address against the dnsName and ipAddress values. - // This is only relevant for an outgoing connection. - // - if(address.length() > 0) - { - boolean certNameOK = ipAddresses.contains(address); - if(!certNameOK) - { - certNameOK = dnsNames.contains(address.toLowerCase()); - } - - // - // Log a message if the name comparison fails. If CheckCertName is defined, - // we also raise an exception to abort the connection. Don't log a message if - // CheckCertName is not defined and a verifier is present. - // - if(!certNameOK && (_checkCertName || (_securityTraceLevel >= 1 && _verifier == null))) - { - StringBuffer sb = new StringBuffer(); - sb.append("IceSSL: "); - if(!_checkCertName) - { - sb.append("ignoring "); - } - sb.append("certificate validation failure:\npeer certificate does not contain `" + - address + "' in its subjectAltName extension"); - if(!dnsNames.isEmpty()) - { - sb.append("\nDNS names found in certificate: "); - for(int j = 0; j < dnsNames.size(); ++j) - { - if(j > 0) - { - sb.append(", "); - } - sb.append(dnsNames.get(j).toString()); - } - } - if(!ipAddresses.isEmpty()) - { - sb.append("\nIP addresses found in certificate: "); - for(int j = 0; j < ipAddresses.size(); ++j) - { - if(j > 0) - { - sb.append(", "); - } - sb.append(ipAddresses.get(j).toString()); - } - } - if(_securityTraceLevel >= 1) - { - _logger.trace(_securityTraceCategory, sb.toString()); - } - if(_checkCertName) - { - Ice.SecurityException ex = new Ice.SecurityException(); - ex.reason = sb.toString(); - throw ex; - } - } - } - } - catch(java.security.cert.CertificateParsingException ex) - { - assert(false); - } - } - - if(!_trustManager.verify(info)) - { - String msg = (incoming ? "incoming" : "outgoing") + " connection rejected by trust manager\n" + - IceInternal.Network.fdToString(fd); - if(_securityTraceLevel >= 1) - { - _logger.trace(_securityTraceCategory, msg); - } - Ice.SecurityException ex = new Ice.SecurityException(); - ex.reason = msg; - throw ex; - } - - if(_verifier != null && !_verifier.verify(info)) - { - String msg = (incoming ? "incoming" : "outgoing") + " connection rejected by certificate verifier\n" + - IceInternal.Network.fdToString(fd); - - if(_securityTraceLevel > 0) - { - _logger.trace(_securityTraceCategory, msg); - } - - Ice.SecurityException ex = new Ice.SecurityException(); - ex.reason = msg; - throw ex; - } - } - - private void - parseCiphers(String ciphers) - { - java.util.ArrayList cipherList = new java.util.ArrayList(); - String[] expr = ciphers.split("[ \t]+"); - for(int i = 0; i < expr.length; ++i) - { - if(expr[i].equals("ALL")) - { - if(i != 0) - { - Ice.PluginInitializationException ex = new Ice.PluginInitializationException(); - ex.reason = "IceSSL: `ALL' must be first in cipher list `" + ciphers + "'"; - throw ex; - } - _allCiphers = true; - } - else if(expr[i].equals("NONE")) - { - if(i != 0) - { - Ice.PluginInitializationException ex = new Ice.PluginInitializationException(); - ex.reason = "IceSSL: `NONE' must be first in cipher list `" + ciphers + "'"; - throw ex; - } - _noCiphers = true; - } - else - { - CipherExpression ce = new CipherExpression(); - String exp = expr[i]; - if(exp.charAt(0) == '!') - { - ce.not = true; - if(exp.length() > 1) - { - exp = exp.substring(1); - } - else - { - Ice.PluginInitializationException ex = new Ice.PluginInitializationException(); - ex.reason = "IceSSL: invalid cipher expression `" + exp + "'"; - throw ex; - } - } - - if(exp.charAt(0) == '(') - { - if(!exp.endsWith(")")) - { - Ice.PluginInitializationException ex = new Ice.PluginInitializationException(); - ex.reason = "IceSSL: invalid cipher expression `" + exp + "'"; - throw ex; - } - - try - { - ce.re = java.util.regex.Pattern.compile(exp.substring(1, exp.length() - 2)); - } - catch(java.util.regex.PatternSyntaxException ex) - { - Ice.PluginInitializationException e = new Ice.PluginInitializationException(); - e.reason = "IceSSL: invalid cipher expression `" + exp + "'"; - e.initCause(ex); - throw e; - } - } - else - { - ce.cipher = exp; - } - - cipherList.add(ce); - } - } - _ciphers = new CipherExpression[cipherList.size()]; - cipherList.toArray(_ciphers); - } - - private boolean - checkPath(Ice.StringHolder path, boolean dir) - { - // - // Check if file exists. If not, try prepending the default - // directory and check again. If the file is found, the - // string argument is modified and true is returned. Otherwise - // false is returned. - // - java.io.File f = new java.io.File(path.value); - if(f.exists()) - { - return dir ? f.isDirectory() : f.isFile(); - } - - if(_defaultDir.length() > 0) - { - String s = _defaultDir + java.io.File.separator + path.value; - f = new java.io.File(s); - if(f.exists() && ((!dir && f.isFile()) || (dir && f.isDirectory()))) - { - path.value = s; - return true; - } - } - - return false; - } - - private static class CipherExpression - { - boolean not; - String cipher; - java.util.regex.Pattern re; - } - - private Ice.Logger _logger; - private IceInternal.ProtocolPluginFacade _facade; - private int _securityTraceLevel; - private String _securityTraceCategory; - private boolean _initialized; - private javax.net.ssl.SSLContext _context; - private String _defaultDir; - private CipherExpression[] _ciphers; - private boolean _allCiphers; - private boolean _noCiphers; - private String[] _protocols; - private boolean _checkCertName; - private int _verifyDepthMax; - private CertificateVerifier _verifier; - private PasswordCallback _passwordCallback; - private TrustManager _trustManager; -} diff --git a/java/jdk/1.4/IceSSL/TransceiverI.java b/java/jdk/1.4/IceSSL/TransceiverI.java deleted file mode 100644 index c93696ab32c..00000000000 --- a/java/jdk/1.4/IceSSL/TransceiverI.java +++ /dev/null @@ -1,398 +0,0 @@ -// ********************************************************************** -// -// Copyright (c) 2003-2007 ZeroC, Inc. All rights reserved. -// -// This copy of Ice is licensed to you under the terms described in the -// ICE_LICENSE file included in this distribution. -// -// ********************************************************************** - -package IceSSL; - -final class TransceiverI implements IceInternal.Transceiver -{ - public java.nio.channels.SelectableChannel - fd() - { - return null; - } - - public void - close() - { - if(_instance.networkTraceLevel() >= 1) - { - String s = "closing ssl connection\n" + toString(); - _logger.trace(_instance.networkTraceCategory(), s); - } - - synchronized(this) - { - assert(_fd != null); - try - { - _fd.close(); - } - catch(java.io.IOException ex) - { - Ice.SocketException se = new Ice.SocketException(); - se.initCause(ex); - throw se; - } - finally - { - _fd = null; - } - } - } - - public void - shutdownWrite() - { - /* - * shutdownOutput is not supported by an SSL socket. - * - if(_instance.networkTraceLevel() >= 2) - { - String s = "shutting down ssl connection for writing\n" + toString(); - _logger.trace(_instance.networkTraceCategory(), s); - } - - assert(_fd != null); - try - { - _fd.shutdownOutput(); // Shutdown socket for writing - } - catch(UnsupportedOperationException ex) - { - // Ignore - shutdownOutput not supported. - } - catch(java.io.IOException ex) - { - Ice.SocketException se = new Ice.SocketException(); - se.initCause(ex); - throw se; - } - */ - } - - public void - shutdownReadWrite() - { - if(_instance.networkTraceLevel() >= 2) - { - String s = "shutting down ssl connection for reading and writing\n" + toString(); - _logger.trace(_instance.networkTraceCategory(), s); - } - - assert(_fd != null); - - _shutdown = true; - - /* - * shutdownInput is not supported by an SSL socket. - * - try - { - _fd.shutdownInput(); // Shutdown socket for reading - //_fd.shutdownOutput(); // Shutdown socket for writing - } - catch(UnsupportedOperationException ex) - { - // Ignore - shutdownInput not supported. - } - catch(java.net.SocketException ex) - { - // Ignore. - } - catch(java.io.IOException ex) - { - Ice.SocketException se = new Ice.SocketException(); - se.initCause(ex); - throw se; - } - */ - } - - public void - write(IceInternal.BasicStream stream, int timeout) - throws IceInternal.LocalExceptionWrapper - { - java.nio.ByteBuffer buf = stream.prepareWrite(); - - byte[] data = null; - int off = 0; - try - { - data = buf.array(); - off = buf.arrayOffset(); - } - catch(UnsupportedOperationException ex) - { - assert(false); - } - - try - { - if(timeout == -1) - { - timeout = 0; // Infinite - } - else if(timeout == 0) - { - timeout = 1; - } - _fd.setSoTimeout(timeout); - } - catch(java.net.SocketException ex) - { - Ice.SocketException se = new Ice.SocketException(); - se.initCause(ex); - throw se; - } - - while(buf.hasRemaining() && !_shutdown) - { - int pos = buf.position(); - try - { - assert(_fd != null); - int rem = buf.remaining(); - _out.write(data, off + pos, rem); - buf.position(pos + rem); - - if(_instance.networkTraceLevel() >= 3) - { - String s = "sent " + rem + " of " + buf.limit() + " bytes via ssl\n" + toString(); - _logger.trace(_instance.networkTraceCategory(), s); - } - - if(_stats != null) - { - _stats.bytesSent(type(), rem); - } - - break; - } - catch(java.io.InterruptedIOException ex) - { - buf.position(pos + ex.bytesTransferred); - } - catch(java.io.IOException ex) - { - if(IceInternal.Network.connectionLost(ex)) - { - // - // Java's SSL implementation might have successfully sent the - // packet but then detected loss of connection and raised an - // exception. As a result, we cannot be sure that it is safe - // to retry in this situation, so we raise LocalExceptionWrapper. - // - Ice.ConnectionLostException se = new Ice.ConnectionLostException(); - se.initCause(ex); - throw new IceInternal.LocalExceptionWrapper(se, false); - } - - Ice.SocketException se = new Ice.SocketException(); - se.initCause(ex); - throw se; - } - } - - if(_shutdown && buf.hasRemaining()) - { - throw new Ice.ConnectionLostException(); - } - } - - public boolean - read(IceInternal.BasicStream stream, int timeout) - { - java.nio.ByteBuffer buf = stream.prepareRead(); - - int remaining = 0; - if(_instance.networkTraceLevel() >= 3) - { - remaining = buf.remaining(); - } - - byte[] data = null; - int off = 0; - try - { - data = buf.array(); - off = buf.arrayOffset(); - } - catch(UnsupportedOperationException ex) - { - assert(false); - } - - int interval = 500; - if(timeout >= 0 && timeout < interval) - { - interval = timeout; - } - - while(buf.hasRemaining() && !_shutdown) - { - int pos = buf.position(); - try - { - _fd.setSoTimeout(interval); - assert(_fd != null); - int ret = _in.read(data, off + pos, buf.remaining()); - - if(ret == -1) - { - throw new Ice.ConnectionLostException(); - } - - if(ret > 0) - { - if(_instance.networkTraceLevel() >= 3) - { - String s = "received " + ret + " of " + remaining + " bytes via ssl\n" + toString(); - _logger.trace(_instance.networkTraceCategory(), s); - } - - if(_stats != null) - { - _stats.bytesReceived(type(), ret); - } - - buf.position(pos + ret); - } - } - catch(java.net.SocketTimeoutException ex) - { - if(ex.bytesTransferred > 0) - { - buf.position(pos + ex.bytesTransferred); - } - if(timeout >= 0) - { - if(interval >= timeout) - { - throw new Ice.TimeoutException(); - } - timeout -= interval; - } - } - catch(java.io.InterruptedIOException ex) - { - buf.position(pos + ex.bytesTransferred); - } - catch(java.io.IOException ex) - { - if(IceInternal.Network.connectionLost(ex)) - { - Ice.ConnectionLostException se = new Ice.ConnectionLostException(); - se.initCause(ex); - throw se; - } - - Ice.SocketException se = new Ice.SocketException(); - se.initCause(ex); - throw se; - } - } - - if(_shutdown) - { - throw new Ice.ConnectionLostException(); - } - - return false; - } - - public String - type() - { - return "ssl"; - } - - public String - toString() - { - return _desc; - } - - public void - checkSendSize(IceInternal.BasicStream stream, int messageSizeMax) - { - if(stream.size() > messageSizeMax) - { - throw new Ice.MemoryLimitException(); - } - } - - ConnectionInfo - getConnectionInfo() - { - // - // This can only be called on an open transceiver. - // - assert(_fd != null); - return _info; - } - - // - // Only for use by ConnectorI, AcceptorI - // - TransceiverI(Instance instance, javax.net.ssl.SSLSocket fd, ConnectionInfo info) - { - _instance = instance; - _fd = fd; - _info = info; - _logger = instance.communicator().getLogger(); - try - { - _stats = instance.communicator().getStats(); - } - catch(Ice.CommunicatorDestroyedException ex) - { - // Ignore. - } - _desc = IceInternal.Network.fdToString(_fd); - try - { - _in = _fd.getInputStream(); - _out = _fd.getOutputStream(); - } - catch(java.io.IOException ex) - { - try - { - _fd.close(); - } - catch(java.io.IOException e) - { - } - _fd = null; - Ice.SocketException se = new Ice.SocketException(); - se.initCause(ex); - throw se; - } - _shutdown = false; - } - - protected synchronized void - finalize() - throws Throwable - { - assert(_fd == null); - - super.finalize(); - } - - private Instance _instance; - private javax.net.ssl.SSLSocket _fd; - private ConnectionInfo _info; - private Ice.Logger _logger; - private Ice.Stats _stats; - private String _desc; - private java.io.InputStream _in; - private java.io.OutputStream _out; - private volatile boolean _shutdown; -} diff --git a/java/jdk/1.4/IceSSL/TrustManager.java b/java/jdk/1.4/IceSSL/TrustManager.java deleted file mode 100644 index d53cdf74273..00000000000 --- a/java/jdk/1.4/IceSSL/TrustManager.java +++ /dev/null @@ -1,296 +0,0 @@ -// ********************************************************************** -// -// Copyright (c) 2003-2007 ZeroC, Inc. All rights reserved. -// -// This copy of Ice is licensed to you under the terms described in the -// ICE_LICENSE file included in this distribution. -// -// ********************************************************************** - -package IceSSL; - -class TrustManager -{ - TrustManager(Ice.Communicator communicator) - { - assert communicator != null; - _communicator = communicator; - Ice.Properties properties = communicator.getProperties(); - _traceLevel = properties.getPropertyAsInt("IceSSL.Trace.Security"); - String key = null; - try - { - key = "IceSSL.TrustOnly"; - _all = parse(properties.getProperty(key)); - key = "IceSSL.TrustOnly.Client"; - _client = parse(properties.getProperty(key)); - key = "IceSSL.TrustOnly.Server"; - _allServer = parse(properties.getProperty(key)); - java.util.Map dict = properties.getPropertiesForPrefix("IceSSL.TrustOnly.Server."); - java.util.Iterator p = dict.entrySet().iterator(); - while(p.hasNext()) - { - java.util.Map.Entry entry = (java.util.Map.Entry)p.next(); - key = (String)entry.getKey(); - String name = key.substring("IceSSL.TrustOnly.Server.".length()); - _server.put(name, parse((String)entry.getValue())); - } - } - catch(RFC2253.ParseException e) - { - Ice.PluginInitializationException ex = new Ice.PluginInitializationException(); - ex.reason = "IceSSL: invalid property " + key + ":\n" + e.reason; - throw ex; - } - } - - boolean - verify(ConnectionInfo info) - { - java.util.List trustset = new java.util.LinkedList(); - if(!_all.isEmpty()) - { - trustset.add(_all); - } - - if(info.incoming) - { - if(!_allServer.isEmpty()) - { - trustset.add(_allServer); - } - if(info.adapterName.length() > 0) - { - java.util.List p = (java.util.List)_server.get(info.adapterName); - if(p != null) - { - trustset.add(p); - } - } - } - else - { - if(!_client.isEmpty()) - { - trustset.add(_client); - } - } - - // - // If there is nothing to match against, then we accept the cert. - // - if(trustset.isEmpty()) - { - return true; - } - - // - // If there is no certificate then we match false. - // - if(info.certs != null && info.certs.length > 0) - { - javax.security.auth.x500.X500Principal subjectDN = (javax.security.auth.x500.X500Principal) - ((java.security.cert.X509Certificate)info.certs[0]).getSubjectX500Principal(); - String subjectName = subjectDN.getName(javax.security.auth.x500.X500Principal.RFC2253); - assert subjectName != null; - try - { - // - // Decompose the subject DN into the RDNs. - // - if(_traceLevel > 0) - { - if(info.incoming) - { - _communicator.getLogger().trace("Security", "trust manager evaluating client:\n" + - "subject = " + subjectName + "\n" + - "adapter = " + info.adapterName + "\n" + - "local addr = " + IceInternal.Network.addrToString(info.localAddr) + "\n" + - "remote addr = " + IceInternal.Network.addrToString(info.remoteAddr)); - } - else - { - _communicator.getLogger().trace("Security", "trust manager evaluating server:\n" + - "subject = " + subjectName + "\n" + - "local addr = " + IceInternal.Network.addrToString(info.localAddr) + "\n" + - "remote addr = " + IceInternal.Network.addrToString(info.remoteAddr)); - } - } - java.util.List dn = RFC2253.parseStrict(subjectName); - - // - // Try matching against everything in the trust set. - // - java.util.Iterator p = trustset.iterator(); - while(p.hasNext()) - { - java.util.List matchSet = (java.util.List)p.next(); - if(_traceLevel > 1) - { - String s = "trust manager matching PDNs:\n"; - java.util.Iterator q = matchSet.iterator(); - boolean addSemi = false; - while(q.hasNext()) - { - if(addSemi) - { - s += ';'; - } - addSemi = true; - java.util.List rdnSet = (java.util.List)q.next(); - java.util.Iterator r = rdnSet.iterator(); - boolean addComma = false; - while(r.hasNext()) - { - if(addComma) - { - s += ','; - } - addComma = true; - RFC2253.RDNPair rdn = (RFC2253.RDNPair)r.next(); - s += rdn.key; - s += '='; - s += rdn.value; - } - } - _communicator.getLogger().trace("Security", s); - } - - if(match(matchSet, dn)) - { - return true; - } - } - } - catch(RFC2253.ParseException e) - { - _communicator.getLogger().warning( - "IceSSL: unable to parse certificate DN `" + subjectName + "'\nreason: " + e.reason); - } - } - - return false; - } - - private boolean - match(java.util.List matchSet, java.util.List subject) - { - java.util.Iterator r = matchSet.iterator(); - while(r.hasNext()) - { - if(matchRDNs((java.util.List)r.next(), subject)) - { - return true; - } - } - return false; - } - - private boolean - matchRDNs(java.util.List match, java.util.List subject) - { - java.util.Iterator p = match.iterator(); - while(p.hasNext()) - { - RFC2253.RDNPair matchRDN = (RFC2253.RDNPair)p.next(); - boolean found = false; - java.util.Iterator q = subject.iterator(); - while(q.hasNext()) - { - RFC2253.RDNPair subjectRDN = (RFC2253.RDNPair)q.next(); - if(matchRDN.key.equals(subjectRDN.key)) - { - found = true; - if(!matchRDN.value.equals(subjectRDN.value)) - { - return false; - } - } - } - if(!found) - { - return false; - } - } - return true; - } - - java.util.List - parse(String value) - throws RFC2253.ParseException - { - // - // Java X500Principal.getName says: - // - // If "RFC2253" is specified as the format, this method emits - // the attribute type keywords defined in RFC 2253 (CN, L, ST, - // O, OU, C, STREET, DC, UID). Any other attribute type is - // emitted as an OID. Under a strict reading, RFC 2253 only - // specifies a UTF-8 string representation. The String - // returned by this method is the Unicode string achieved by - // decoding this UTF-8 representation. - // - // This means that things like emailAddress and such will be turned into - // something like: - // - // 1.2.840.113549.1.9.1=#160e696e666f407a65726f632e636f6d - // - // The left hand side is the OID (see - // http://www.columbia.edu/~ariel/ssleay/asn1-oids.html) for a - // list. The right hand side is a BER encoding of the value. - // - // This means that the user input, unless it uses the - // unfriendly OID format, will not directly match the - // principal. - // - // Two possible solutions: - // - // Have the RFC2253 parser convert anything that is not CN, L, - // ST, O, OU, C, STREET, DC, UID into OID format, and have it - // convert the values into a BER encoding. - // - // Send the user data through X500Principal to string form and - // then through the RFC2253 encoder. This uses the - // X500Principal to do the encoding for us. - // - // The latter is much simpler, however, it means we need to - // send the data through the parser twice because we split the - // DNs on ';' which cannot be blindly split because of quotes, - // \ and such. - // - java.util.List l = RFC2253.parse(value); - java.util.List result = new java.util.LinkedList(); - java.util.Iterator p = l.iterator(); - while(p.hasNext()) - { - java.util.List dn = (java.util.List)p.next(); - String v = new String(); - boolean first = true; - java.util.Iterator q = dn.iterator(); - while(q.hasNext()) - { - if(!first) - { - v += ","; - } - first = false; - RFC2253.RDNPair pair = (RFC2253.RDNPair)q.next(); - v += pair.key; - v += "="; - v += pair.value; - } - javax.security.auth.x500.X500Principal princ = new javax.security.auth.x500.X500Principal(v); - String subjectName = princ.getName(javax.security.auth.x500.X500Principal.RFC2253); - result.add(RFC2253.parseStrict(subjectName)); - } - return result; - } - - private Ice.Communicator _communicator; - private int _traceLevel; - - private java.util.List _all; - private java.util.List _client; - private java.util.List _allServer; - private java.util.Map _server = new java.util.HashMap(); -} diff --git a/java/jdk/1.4/IceSSL/Util.java b/java/jdk/1.4/IceSSL/Util.java deleted file mode 100644 index 685c94030b5..00000000000 --- a/java/jdk/1.4/IceSSL/Util.java +++ /dev/null @@ -1,128 +0,0 @@ -// ********************************************************************** -// -// Copyright (c) 2003-2007 ZeroC, Inc. All rights reserved. -// -// This copy of Ice is licensed to you under the terms described in the -// ICE_LICENSE file included in this distribution. -// -// ********************************************************************** - -package IceSSL; - -public final class Util -{ - public static ConnectionInfo - getConnectionInfo(Ice.Connection connection) - { - Ice.ConnectionI con = (Ice.ConnectionI)connection; - assert(con != null); - - // - // Lock the connection directly. This is done because the only - // thing that prevents the transceiver from being closed during - // the duration of the invocation is the connection. - // - synchronized(con) - { - IceInternal.Transceiver transceiver = con.getTransceiver(); - if(transceiver == null) - { - ConnectionInvalidException ex = new ConnectionInvalidException(); - ex.reason = "connection closed"; - throw ex; - } - - try - { - TransceiverI sslTransceiver = (TransceiverI)transceiver; - return sslTransceiver.getConnectionInfo(); - } - catch(ClassCastException ex) - { - ConnectionInvalidException e = new ConnectionInvalidException(); - e.reason = "not ssl connection"; - throw e; - } - } - } - - // - // Create a certificate from a PEM-encoded string. - // - public static java.security.cert.X509Certificate - createCertificate(String certPEM) - throws java.security.cert.CertificateException - { - final String header = "-----BEGIN CERTIFICATE-----"; - final String footer = "-----END CERTIFICATE-----"; - - // - // The generateCertificate method requires that its input begin - // with the PEM header. - // - int pos = certPEM.indexOf(header); - if(pos == -1) - { - certPEM = header + "\n" + certPEM; - } - else if(pos > 0) - { - certPEM = certPEM.substring(pos); - } - - // - // Add the footer if necessary. - // - if(certPEM.indexOf(footer) == -1) - { - certPEM = certPEM + footer; - } - - byte[] bytes = null; - try - { - bytes = certPEM.getBytes("UTF8"); - } - catch(java.io.UnsupportedEncodingException ex) - { - assert(false); - return null; - } - - java.io.ByteArrayInputStream in = new java.io.ByteArrayInputStream(bytes); - java.security.cert.CertificateFactory cf = java.security.cert.CertificateFactory.getInstance("X.509"); - return (java.security.cert.X509Certificate)cf.generateCertificate(in); - } - - static ConnectionInfo - populateConnectionInfo(javax.net.ssl.SSLSocket fd, String adapterName, boolean incoming) - { - ConnectionInfo info = new ConnectionInfo(); - javax.net.ssl.SSLSession session = fd.getSession(); - try - { - info.certs = session.getPeerCertificates(); - } - catch(javax.net.ssl.SSLPeerUnverifiedException ex) - { - // No peer certificates. - } - info.cipher = session.getCipherSuite(); - info.localAddr = (java.net.InetSocketAddress)fd.getLocalSocketAddress(); - info.remoteAddr = (java.net.InetSocketAddress)fd.getRemoteSocketAddress(); - info.adapterName = adapterName; - info.incoming = incoming; - return info; - } - - public final static String jdkTarget = "1.4"; - - // - // Needed by the test scripts to determine the JDK target of the SSL plug-in. - // - public static void - main(String[] args) - { - System.out.println(jdkTarget); - } -} diff --git a/java/jdk/1.4/IceSSL/X509KeyManagerI.java b/java/jdk/1.4/IceSSL/X509KeyManagerI.java deleted file mode 100644 index 5f039a89034..00000000000 --- a/java/jdk/1.4/IceSSL/X509KeyManagerI.java +++ /dev/null @@ -1,58 +0,0 @@ -// ********************************************************************** -// -// Copyright (c) 2003-2007 ZeroC, Inc. All rights reserved. -// -// This copy of Ice is licensed to you under the terms described in the -// ICE_LICENSE file included in this distribution. -// -// ********************************************************************** - -package IceSSL; - -final class X509KeyManagerI implements javax.net.ssl.X509KeyManager -{ - X509KeyManagerI(javax.net.ssl.X509KeyManager del, String alias) - { - _delegate = del; - _alias = alias; - } - - public String - chooseClientAlias(String[] keyType, java.security.Principal[] issuers, java.net.Socket socket) - { - return _alias; - } - - public String - chooseServerAlias(String keyType, java.security.Principal[] issuers, java.net.Socket socket) - { - return _alias; - } - - public java.security.cert.X509Certificate[] - getCertificateChain(String alias) - { - return _delegate.getCertificateChain(alias); - } - - public String[] - getClientAliases(String keyType, java.security.Principal[] issuers) - { - return _delegate.getClientAliases(keyType, issuers); - } - - public String[] - getServerAliases(String keyType, java.security.Principal[] issuers) - { - return _delegate.getServerAliases(keyType, issuers); - } - - public java.security.PrivateKey - getPrivateKey(String alias) - { - return _delegate.getPrivateKey(alias); - } - - private javax.net.ssl.X509KeyManager _delegate; - private String _alias; -} diff --git a/java/jdk/1.5/IceSSL/CertificateVerifier.java b/java/jdk/1.5/IceSSL/CertificateVerifier.java deleted file mode 100644 index 8426eae8ffe..00000000000 --- a/java/jdk/1.5/IceSSL/CertificateVerifier.java +++ /dev/null @@ -1,23 +0,0 @@ -// ********************************************************************** -// -// Copyright (c) 2003-2007 ZeroC, Inc. All rights reserved. -// -// This copy of Ice is licensed to you under the terms described in the -// ICE_LICENSE file included in this distribution. -// -// ********************************************************************** - -package IceSSL; - -// -// An application can customize the certificate verification process -// by implementing the CertificateVerifier interface. -// -public interface CertificateVerifier -{ - // - // Return false if the connection should be rejected, or true to - // allow it. - // - boolean verify(ConnectionInfo info); -} diff --git a/java/jdk/1.5/IceSSL/ConnectionInfo.java b/java/jdk/1.5/IceSSL/ConnectionInfo.java deleted file mode 100644 index ed7340a44a1..00000000000 --- a/java/jdk/1.5/IceSSL/ConnectionInfo.java +++ /dev/null @@ -1,52 +0,0 @@ -// ********************************************************************** -// -// Copyright (c) 2003-2007 ZeroC, Inc. All rights reserved. -// -// This copy of Ice is licensed to you under the terms described in the -// ICE_LICENSE file included in this distribution. -// -// ********************************************************************** - -package IceSSL; - -// -// ConnectionInfo contains information that may be of use to a -// CertificateVerifier or an application that wants information -// about its peer. -// -public class ConnectionInfo -{ - // - // The certificate chain. This may be null if the peer did not - // supply a certificate. The peer's certificate (if any) is the - // first one in the chain. - // - public java.security.cert.Certificate[] certs; - - // - // The name of the negotiated cipher. - // - public String cipher; - - // - // The local TCP/IP host & port. - // - public java.net.InetSocketAddress localAddr; - - // - // The remote TCP/IP host & port. - // - public java.net.InetSocketAddress remoteAddr; - - // - // If the connection is incoming this bool is true, false - // otherwise. - // - boolean incoming; - - // - // The name of the object adapter that hosts this endpoint, if - // any. - // - String adapterName; -} diff --git a/java/jdk/1.5/IceSSL/ConnectionInvalidException.java b/java/jdk/1.5/IceSSL/ConnectionInvalidException.java deleted file mode 100644 index 3b7921ae9cf..00000000000 --- a/java/jdk/1.5/IceSSL/ConnectionInvalidException.java +++ /dev/null @@ -1,30 +0,0 @@ -// ********************************************************************** -// -// Copyright (c) 2003-2007 ZeroC, Inc. All rights reserved. -// -// This copy of Ice is licensed to you under the terms described in the -// ICE_LICENSE file included in this distribution. -// -// ********************************************************************** - -package IceSSL; - -public final class ConnectionInvalidException extends Ice.LocalException -{ - public ConnectionInvalidException() - { - } - - public ConnectionInvalidException(String reason) - { - this.reason = reason; - } - - public String - ice_name() - { - return "Ice::ConnectionInvalidException"; - } - - public String reason; -} diff --git a/java/jdk/1.5/IceSSL/EndpointFactoryI.java b/java/jdk/1.5/IceSSL/EndpointFactoryI.java deleted file mode 100644 index 41f1d1eb12c..00000000000 --- a/java/jdk/1.5/IceSSL/EndpointFactoryI.java +++ /dev/null @@ -1,50 +0,0 @@ -// ********************************************************************** -// -// Copyright (c) 2003-2007 ZeroC, Inc. All rights reserved. -// -// This copy of Ice is licensed to you under the terms described in the -// ICE_LICENSE file included in this distribution. -// -// ********************************************************************** - -package IceSSL; - -final class EndpointFactoryI implements IceInternal.EndpointFactory -{ - EndpointFactoryI(Instance instance) - { - _instance = instance; - } - - public short - type() - { - return EndpointI.TYPE; - } - - public String - protocol() - { - return "ssl"; - } - - public IceInternal.EndpointI - create(String str, boolean server) - { - return new EndpointI(_instance, str, server); - } - - public IceInternal.EndpointI - read(IceInternal.BasicStream s) - { - return new EndpointI(_instance, s); - } - - public void - destroy() - { - _instance = null; - } - - private Instance _instance; -} diff --git a/java/jdk/1.5/IceSSL/PasswordCallback.java b/java/jdk/1.5/IceSSL/PasswordCallback.java deleted file mode 100644 index 55aa3144ba5..00000000000 --- a/java/jdk/1.5/IceSSL/PasswordCallback.java +++ /dev/null @@ -1,36 +0,0 @@ -// ********************************************************************** -// -// Copyright (c) 2003-2007 ZeroC, Inc. All rights reserved. -// -// This copy of Ice is licensed to you under the terms described in the -// ICE_LICENSE file included in this distribution. -// -// ********************************************************************** - -package IceSSL; - -// -// A password callback is an alternate way of supplying the plugin with -// passwords that avoids using plaintext configuration properties. -// -public interface PasswordCallback -{ - // - // Obtain the password for the key. If an alias was selected using - // the IceSSL.Alias property, the value of the property is provided. - // The return value must not be null. - // - char[] getPassword(String alias); - - // - // Obtain the password for validating the truststore. Return null - // to skip truststore validation. - // - char[] getTruststorePassword(); - - // - // Obtain the password for validating the keystore. Return null - // to skip keystore validation. - // - char[] getKeystorePassword(); -} diff --git a/java/jdk/1.5/IceSSL/Plugin.java b/java/jdk/1.5/IceSSL/Plugin.java deleted file mode 100644 index 15aeb7692cc..00000000000 --- a/java/jdk/1.5/IceSSL/Plugin.java +++ /dev/null @@ -1,54 +0,0 @@ -// ********************************************************************** -// -// Copyright (c) 2003-2007 ZeroC, Inc. All rights reserved. -// -// This copy of Ice is licensed to you under the terms described in the -// ICE_LICENSE file included in this distribution. -// -// ********************************************************************** - -package IceSSL; - -public interface Plugin extends Ice.Plugin -{ - // - // Establish the SSL context. This must be done before the - // plugin is initialized, therefore the application must define - // the property Ice.InitPlugins=0, set the context, and finally - // invoke initializePlugins on the PluginManager. - // - // When the application supplies its own SSL context, the - // plugin skips its normal property-based configuration. - // - void setContext(javax.net.ssl.SSLContext context); - - // - // Obtain the SSL context. Use caution when modifying this value. - // Changes made to this value have no effect on existing connections. - // - javax.net.ssl.SSLContext getContext(); - - // - // Establish the certificate verifier object. This should be - // done before any connections are established. - // - void setCertificateVerifier(CertificateVerifier verifier); - - // - // Obtain the certificate verifier object. Returns null if no - // verifier is set. - // - CertificateVerifier getCertificateVerifier(); - - // - // Establish the password callback object. This should be - // done before the plugin is initialized. - // - void setPasswordCallback(PasswordCallback callback); - - // - // Obtain the password callback object. Returns null if no - // callback is set. - // - PasswordCallback getPasswordCallback(); -} diff --git a/java/jdk/1.5/IceSSL/PluginFactory.java b/java/jdk/1.5/IceSSL/PluginFactory.java deleted file mode 100644 index 70064d8a1b0..00000000000 --- a/java/jdk/1.5/IceSSL/PluginFactory.java +++ /dev/null @@ -1,19 +0,0 @@ -// ********************************************************************** -// -// Copyright (c) 2003-2007 ZeroC, Inc. All rights reserved. -// -// This copy of Ice is licensed to you under the terms described in the -// ICE_LICENSE file included in this distribution. -// -// ********************************************************************** - -package IceSSL; - -public class PluginFactory implements Ice.PluginFactory -{ - public Ice.Plugin - create(Ice.Communicator communicator, String name, String[] args) - { - return new PluginI(communicator); - } -} diff --git a/java/jdk/1.5/IceSSL/PluginI.java b/java/jdk/1.5/IceSSL/PluginI.java deleted file mode 100644 index 2021b7ae9f2..00000000000 --- a/java/jdk/1.5/IceSSL/PluginI.java +++ /dev/null @@ -1,68 +0,0 @@ -// ********************************************************************** -// -// Copyright (c) 2003-2007 ZeroC, Inc. All rights reserved. -// -// This copy of Ice is licensed to you under the terms described in the -// ICE_LICENSE file included in this distribution. -// -// ********************************************************************** - -package IceSSL; - -class PluginI implements Plugin -{ - public - PluginI(Ice.Communicator communicator) - { - _instance = new Instance(communicator); - } - - public void - initialize() - { - _instance.initialize(); - } - - public void - destroy() - { - } - - public void - setContext(javax.net.ssl.SSLContext context) - { - _instance.context(context); - } - - public javax.net.ssl.SSLContext - getContext() - { - return _instance.context(); - } - - public void - setCertificateVerifier(CertificateVerifier verifier) - { - _instance.setCertificateVerifier(verifier); - } - - public CertificateVerifier - getCertificateVerifier() - { - return _instance.getCertificateVerifier(); - } - - public void - setPasswordCallback(PasswordCallback callback) - { - _instance.setPasswordCallback(callback); - } - - public PasswordCallback - getPasswordCallback() - { - return _instance.getPasswordCallback(); - } - - private Instance _instance; -} diff --git a/java/jdk/1.5/IceSSL/RFC2253.java b/java/jdk/1.5/IceSSL/RFC2253.java deleted file mode 100644 index 601f8622aa4..00000000000 --- a/java/jdk/1.5/IceSSL/RFC2253.java +++ /dev/null @@ -1,417 +0,0 @@ -// ********************************************************************** -// -// Copyright (c) 2003-2007 ZeroC, Inc. All rights reserved. -// -// This copy of Ice is licensed to you under the terms described in the -// ICE_LICENSE file included in this distribution. -// -// ********************************************************************** - -package IceSSL; - -// -// See RFC 2253 and RFC 1779. -// -class RFC2253 -{ - static class ParseException extends Ice.LocalException - { - public ParseException() - { - } - - public ParseException(String reason) - { - this.reason = reason; - } - - public String - ice_name() - { - return "RFC2253::ParseException"; - } - - public String reason; - } - - static class RDNPair - { - String key; - String value; - } - - static private class ParseState - { - String data; - int pos; - } - - public static java.util.List - parse(String data) - throws ParseException - { - java.util.List results = new java.util.LinkedList(); - java.util.List current = new java.util.LinkedList(); - ParseState state = new ParseState(); - state.data = data; - state.pos = 0; - while(state.pos < state.data.length()) - { - current.add(parseNameComponent(state)); - eatWhite(state); - if(state.pos < state.data.length() && state.data.charAt(state.pos) == ',') - { - ++state.pos; - } - else if(state.pos < state.data.length() && state.data.charAt(state.pos) == ';') - { - ++state.pos; - results.add(current); - current = new java.util.LinkedList(); - } - else if(state.pos < state.data.length()) - { - throw new ParseException("expected ',' or ';' at `" + state.data.substring(state.pos) + "'"); - } - } - if(!current.isEmpty()) - { - results.add(current); - } - - return results; - } - - public static java.util.List - parseStrict(String data) - throws ParseException - { - java.util.List results = new java.util.LinkedList(); - ParseState state = new ParseState(); - state.data = data; - state.pos = 0; - while(state.pos < state.data.length()) - { - results.add(parseNameComponent(state)); - eatWhite(state); - if(state.pos < state.data.length() && - (state.data.charAt(state.pos) == ',' || state.data.charAt(state.pos) == ';')) - { - ++state.pos; - } - else if(state.pos < state.data.length()) - { - throw new ParseException("expected ',' or ';' at `" + state.data.substring(state.pos) + "'"); - } - } - return results; - } - - private static RDNPair - parseNameComponent(ParseState state) - throws ParseException - { - RDNPair result = parseAttributeTypeAndValue(state); - while(state.pos < state.data.length()) - { - eatWhite(state); - if(state.pos < state.data.length() && state.data.charAt(state.pos) == '+') - { - ++state.pos; - } - else - { - break; - } - RDNPair p = parseAttributeTypeAndValue(state); - result.value += "+"; - result.value += p.key; - result.value += '='; - result.value += p.value; - } - return result; - } - - private static RDNPair - parseAttributeTypeAndValue(ParseState state) - throws ParseException - { - RDNPair p = new RDNPair(); - p.key = parseAttributeType(state); - eatWhite(state); - if(state.pos >= state.data.length()) - { - throw new ParseException("invalid attribute type/value pair (unexpected end of state.data)"); - } - if(state.data.charAt(state.pos) != '=') - { - throw new ParseException("invalid attribute type/value pair (missing =)"); - } - ++state.pos; - p.value = parseAttributeValue(state); - return p; - } - - private static String - parseAttributeType(ParseState state) - throws ParseException - { - eatWhite(state); - if(state.pos >= state.data.length()) - { - throw new ParseException("invalid attribute type (expected end of state.data)"); - } - - String result = new String(); - - // - // RFC 1779. - // <key> ::= 1*( <keychar> ) | "OID." <oid> | "oid." <oid> - // <oid> ::= <digitString> | <digitstring> "." <oid> - // RFC 2253: - // attributeType = (ALPHA 1*keychar) | oid - // keychar = ALPHA | DIGIT | "-" - // oid = 1*DIGIT *("." 1*DIGIT) - // - // In section 4 of RFC 2253 the document says: - // Implementations MUST allow an oid in the attribute type to be - // prefixed by one of the character Strings "oid." or "OID.". - // - // Here we must also check for "oid." and "OID." before parsing - // according to the ALPHA KEYCHAR* rule. - // - // First the OID case. - // - if(Character.isDigit(state.data.charAt(state.pos)) || - (state.data.length() - state.pos >= 4 && (state.data.substring(state.pos, state.pos + 4) == "oid." || - state.data.substring(state.pos, state.pos + 4) == "OID."))) - { - if(!Character.isDigit(state.data.charAt(state.pos))) - { - result += state.data.substring(state.pos, state.pos + 4); - state.pos += 4; - } - - while(true) - { - // 1*DIGIT - while(state.pos < state.data.length() && Character.isDigit(state.data.charAt(state.pos))) - { - result += state.data.charAt(state.pos); - ++state.pos; - } - // "." 1*DIGIT - if(state.pos < state.data.length() && state.data.charAt(state.pos) == '.') - { - result += state.data.charAt(state.pos); - ++state.pos; - // 1*DIGIT must follow "." - if(state.pos < state.data.length() && !Character.isDigit(state.data.charAt(state.pos))) - { - throw new ParseException("invalid attribute type (expected end of state.data)"); - } - } - else - { - break; - } - } - } - else if(Character.isUpperCase(state.data.charAt(state.pos)) || - Character.isLowerCase(state.data.charAt(state.pos))) - { - // - // The grammar is wrong in this case. It should be ALPHA - // KEYCHAR* otherwise it will not accept "O" as a valid - // attribute type. - // - result += state.data.charAt(state.pos); - ++state.pos; - // 1* KEYCHAR - while(state.pos < state.data.length() && - (Character.isDigit(state.data.charAt(state.pos)) || - Character.isUpperCase(state.data.charAt(state.pos)) || - Character.isLowerCase(state.data.charAt(state.pos)) || - state.data.charAt(state.pos) == '-')) - { - result += state.data.charAt(state.pos); - ++state.pos; - } - } - else - { - throw new ParseException("invalid attribute type"); - } - return result; - } - - private static String - parseAttributeValue(ParseState state) - throws ParseException - { - eatWhite(state); - String result = new String(); - if(state.pos >= state.data.length()) - { - return result; - } - - // - // RFC 2253 - // # hexString - // - if(state.data.charAt(state.pos) == '#') - { - result += state.data.charAt(state.pos); - ++state.pos; - while(true) - { - String h = parseHexPair(state, true); - if(h.length() == 0) - { - break; - } - result += h; - } - } - // - // RFC 2253 - // QUOTATION *( quotechar | pair ) QUOTATION ; only from v2 - // quotechar = <any character except "\" or QUOTATION > - // - else if(state.data.charAt(state.pos) == '"') - { - result += state.data.charAt(state.pos); - ++state.pos; - while(true) - { - if(state.pos >= state.data.length()) - { - throw new ParseException("invalid attribute value (unexpected end of state.data)"); - } - // final terminating " - if(state.data.charAt(state.pos) == '"') - { - result += state.data.charAt(state.pos); - ++state.pos; - break; - } - // any character except '\' - else if(state.data.charAt(state.pos) != '\\') - { - result += state.data.charAt(state.pos); - ++state.pos; - } - // pair '\' - else - { - result += parsePair(state); - } - } - } - // - // RFC 2253 - // * (Stringchar | pair) - // Stringchar = <any character except one of special, "\" or QUOTATION > - // - else - { - while(state.pos < state.data.length()) - { - if(state.data.charAt(state.pos) == '\\') - { - result += parsePair(state); - } - else if(special.indexOf(state.data.charAt(state.pos)) == -1 && state.data.charAt(state.pos) != '"') - { - result += state.data.charAt(state.pos); - ++state.pos; - } - else - { - break; - } - } - } - return result; - } - - // - // RFC2253: - // pair = "\" ( special | "\" | QUOTATION | hexpair ) - // - private static String - parsePair(ParseState state) - throws ParseException - { - String result = new String(); - - assert(state.data.charAt(state.pos) == '\\'); - result += state.data.charAt(state.pos); - ++state.pos; - - if(state.pos >= state.data.length()) - { - throw new ParseException("invalid escape format (unexpected end of state.data)"); - } - - if(special.indexOf(state.data.charAt(state.pos)) != -1 || state.data.charAt(state.pos) != '\\' || - state.data.charAt(state.pos) != '"') - { - result += state.data.charAt(state.pos); - ++state.pos; - return result; - } - return parseHexPair(state, false); - } - - // - // RFC 2253 - // hexpair = hexchar hexchar - // - private static String - parseHexPair(ParseState state, boolean allowEmpty) - throws ParseException - { - String result = new String(); - if(state.pos < state.data.length() && hexvalid.indexOf(state.data.charAt(state.pos)) != -1) - { - result += state.data.charAt(state.pos); - ++state.pos; - } - if(state.pos < state.data.length() && hexvalid.indexOf(state.data.charAt(state.pos)) != -1) - { - result += state.data.charAt(state.pos); - ++state.pos; - } - if(result.length() != 2) - { - if(allowEmpty && result.length() == 0) - { - return result; - } - throw new ParseException("invalid hex format"); - } - return result; - } - - // - // RFC 2253: - // - // Implementations MUST allow for space (' ' ASCII 32) characters to be - // present between name-component and ',', between attributeTypeAndValue - // and '+', between attributeType and '=', and between '=' and - // attributeValue. These space characters are ignored when parsing. - // - private static void - eatWhite(ParseState state) - { - while(state.pos < state.data.length() && state.data.charAt(state.pos) == ' ') - { - ++state.pos; - } - } - - private final static String special = ",=+<>#;"; - private final static String hexvalid = "0123456789abcdefABCDEF"; -} diff --git a/java/jdk/1.5/IceSSL/X509TrustManagerI.java b/java/jdk/1.5/IceSSL/X509TrustManagerI.java deleted file mode 100644 index 325287daec1..00000000000 --- a/java/jdk/1.5/IceSSL/X509TrustManagerI.java +++ /dev/null @@ -1,50 +0,0 @@ -// ********************************************************************** -// -// Copyright (c) 2003-2007 ZeroC, Inc. All rights reserved. -// -// This copy of Ice is licensed to you under the terms described in the -// ICE_LICENSE file included in this distribution. -// -// ********************************************************************** - -package IceSSL; - -final class X509TrustManagerI implements javax.net.ssl.X509TrustManager -{ - X509TrustManagerI(javax.net.ssl.X509TrustManager delegate) - { - _delegate = delegate; - } - - public void - checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) - throws java.security.cert.CertificateException - { - if(!authType.equals("DH_anon") && _delegate != null) - { - _delegate.checkClientTrusted(chain, authType); - } - } - - public void - checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) - throws java.security.cert.CertificateException - { - if(!authType.equals("DH_anon") && _delegate != null) - { - _delegate.checkServerTrusted(chain, authType); - } - } - - public java.security.cert.X509Certificate[] - getAcceptedIssuers() - { - if(_delegate != null) - { - return _delegate.getAcceptedIssuers(); - } - return null; - } - - private javax.net.ssl.X509TrustManager _delegate; -} diff --git a/java/jdk/1.5/IceInternal/Time.java b/java/src/IceInternal/Time.java index d77879ef836..d77879ef836 100644 --- a/java/jdk/1.5/IceInternal/Time.java +++ b/java/src/IceInternal/Time.java diff --git a/java/jdk/1.5/IceSSL/AcceptorI.java b/java/src/IceSSL/AcceptorI.java index 04f2b3331ab..04f2b3331ab 100644 --- a/java/jdk/1.5/IceSSL/AcceptorI.java +++ b/java/src/IceSSL/AcceptorI.java diff --git a/java/jdk/1.4/IceSSL/CertificateVerifier.java b/java/src/IceSSL/CertificateVerifier.java index 8426eae8ffe..8426eae8ffe 100644 --- a/java/jdk/1.4/IceSSL/CertificateVerifier.java +++ b/java/src/IceSSL/CertificateVerifier.java diff --git a/java/jdk/1.4/IceSSL/ConnectionInfo.java b/java/src/IceSSL/ConnectionInfo.java index ed7340a44a1..ed7340a44a1 100644 --- a/java/jdk/1.4/IceSSL/ConnectionInfo.java +++ b/java/src/IceSSL/ConnectionInfo.java diff --git a/java/jdk/1.4/IceSSL/ConnectionInvalidException.java b/java/src/IceSSL/ConnectionInvalidException.java index 3b7921ae9cf..3b7921ae9cf 100644 --- a/java/jdk/1.4/IceSSL/ConnectionInvalidException.java +++ b/java/src/IceSSL/ConnectionInvalidException.java diff --git a/java/jdk/1.5/IceSSL/ConnectorI.java b/java/src/IceSSL/ConnectorI.java index 9836a78753a..9836a78753a 100644 --- a/java/jdk/1.5/IceSSL/ConnectorI.java +++ b/java/src/IceSSL/ConnectorI.java diff --git a/java/jdk/1.4/IceSSL/EndpointFactoryI.java b/java/src/IceSSL/EndpointFactoryI.java index 41f1d1eb12c..41f1d1eb12c 100644 --- a/java/jdk/1.4/IceSSL/EndpointFactoryI.java +++ b/java/src/IceSSL/EndpointFactoryI.java diff --git a/java/jdk/1.5/IceSSL/EndpointI.java b/java/src/IceSSL/EndpointI.java index 8cf0f559fa4..8cf0f559fa4 100644 --- a/java/jdk/1.5/IceSSL/EndpointI.java +++ b/java/src/IceSSL/EndpointI.java diff --git a/java/jdk/1.5/IceSSL/Instance.java b/java/src/IceSSL/Instance.java index 0e6bb03a571..0e6bb03a571 100644 --- a/java/jdk/1.5/IceSSL/Instance.java +++ b/java/src/IceSSL/Instance.java diff --git a/java/jdk/1.4/IceSSL/PasswordCallback.java b/java/src/IceSSL/PasswordCallback.java index 55aa3144ba5..55aa3144ba5 100644 --- a/java/jdk/1.4/IceSSL/PasswordCallback.java +++ b/java/src/IceSSL/PasswordCallback.java diff --git a/java/jdk/1.4/IceSSL/Plugin.java b/java/src/IceSSL/Plugin.java index 15aeb7692cc..15aeb7692cc 100644 --- a/java/jdk/1.4/IceSSL/Plugin.java +++ b/java/src/IceSSL/Plugin.java diff --git a/java/jdk/1.4/IceSSL/PluginFactory.java b/java/src/IceSSL/PluginFactory.java index 70064d8a1b0..70064d8a1b0 100644 --- a/java/jdk/1.4/IceSSL/PluginFactory.java +++ b/java/src/IceSSL/PluginFactory.java diff --git a/java/jdk/1.4/IceSSL/PluginI.java b/java/src/IceSSL/PluginI.java index 2021b7ae9f2..2021b7ae9f2 100644 --- a/java/jdk/1.4/IceSSL/PluginI.java +++ b/java/src/IceSSL/PluginI.java diff --git a/java/jdk/1.4/IceSSL/RFC2253.java b/java/src/IceSSL/RFC2253.java index 601f8622aa4..601f8622aa4 100644 --- a/java/jdk/1.4/IceSSL/RFC2253.java +++ b/java/src/IceSSL/RFC2253.java diff --git a/java/jdk/1.5/IceSSL/TransceiverI.java b/java/src/IceSSL/TransceiverI.java index b43a340c703..b43a340c703 100644 --- a/java/jdk/1.5/IceSSL/TransceiverI.java +++ b/java/src/IceSSL/TransceiverI.java diff --git a/java/jdk/1.5/IceSSL/TrustManager.java b/java/src/IceSSL/TrustManager.java index 8598c1ac7e6..8598c1ac7e6 100644 --- a/java/jdk/1.5/IceSSL/TrustManager.java +++ b/java/src/IceSSL/TrustManager.java diff --git a/java/jdk/1.5/IceSSL/Util.java b/java/src/IceSSL/Util.java index fcde66a5db4..fcde66a5db4 100644 --- a/java/jdk/1.5/IceSSL/Util.java +++ b/java/src/IceSSL/Util.java diff --git a/java/jdk/1.5/IceSSL/X509KeyManagerI.java b/java/src/IceSSL/X509KeyManagerI.java index 8b209ee3978..8b209ee3978 100644 --- a/java/jdk/1.5/IceSSL/X509KeyManagerI.java +++ b/java/src/IceSSL/X509KeyManagerI.java diff --git a/java/jdk/1.4/IceSSL/X509TrustManagerI.java b/java/src/IceSSL/X509TrustManagerI.java index 325287daec1..325287daec1 100644 --- a/java/jdk/1.4/IceSSL/X509TrustManagerI.java +++ b/java/src/IceSSL/X509TrustManagerI.java |