Mercurial > hg > release > thermostat-0.7
view common/core/src/main/java/com/redhat/thermostat/common/internal/JSSEKeyManager.java @ 1051:77607020a4d3
TLS hardening and host name verification.
Reviewed-by: omajid, neugens
Review-thread: http://icedtea.classpath.org/pipermail/thermostat/2013-March/006214.html
| author | Severin Gehwolf <sgehwolf@redhat.com> |
|---|---|
| date | Fri, 22 Mar 2013 19:57:11 +0100 |
| parents | |
| children |
line wrap: on
line source
/* * Copyright 2012, 2013 Red Hat, Inc. * * This file is part of Thermostat. * * Thermostat is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published * by the Free Software Foundation; either version 2, or (at your * option) any later version. * * Thermostat is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * * You should have received a copy of the GNU General Public License * along with Thermostat; see the file COPYING. If not see * <http://www.gnu.org/licenses/>. * * Linking this code with other modules is making a combined work * based on this code. Thus, the terms and conditions of the GNU * General Public License cover the whole combination. * * As a special exception, the copyright holders of this code give * you permission to link this code with independent modules to * produce an executable, regardless of the license terms of these * independent modules, and to copy and distribute the resulting * executable under terms of your choice, provided that you also * meet, for each linked independent module, the terms and conditions * of the license of that module. An independent module is a module * which is not derived from or based on this code. If you modify * this code, you may extend this exception to your version of the * library, but you are not obligated to do so. If you do not wish * to do so, delete this exception statement from your version. */ package com.redhat.thermostat.common.internal; import java.net.Socket; import java.security.Principal; import java.security.PrivateKey; import java.security.cert.X509Certificate; import java.util.logging.Level; import java.util.logging.Logger; import javax.net.ssl.SSLEngine; import javax.net.ssl.X509ExtendedKeyManager; import javax.net.ssl.X509KeyManager; import com.redhat.thermostat.common.utils.LoggingUtils; /** * KeyManager for selecting the thermostat key-pair and certificate chain. */ public class JSSEKeyManager extends X509ExtendedKeyManager { private static final Logger logger = LoggingUtils.getLogger(JSSEKeyManager.class); static final String THERMOSTAT_KEY_ALIAS = "thermostat"; private X509KeyManager delegate; public JSSEKeyManager(X509KeyManager keymanager) { this.delegate = keymanager; } @Override public String[] getClientAliases(String keyType, Principal[] issuers) { return delegate.getClientAliases(keyType, issuers); } @Override public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) { return delegate.chooseClientAlias(keyType, issuers, socket); } @Override public String[] getServerAliases(String keyType, Principal[] issuers) { return delegate.getServerAliases(keyType, issuers); } @Override public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) { logger.log(Level.FINE, "keyType: " + keyType); return THERMOSTAT_KEY_ALIAS; } @Override public X509Certificate[] getCertificateChain(String alias) { logger.log(Level.FINE, "get private key for: " + alias); return delegate.getCertificateChain(alias); } @Override public PrivateKey getPrivateKey(String alias) { logger.log(Level.FINE, "get private key for: " + alias); return delegate.getPrivateKey(alias); } @Override public String chooseEngineServerAlias(String keyType, Principal[] issuers, SSLEngine engine) { logger.log(Level.FINE, "choosing server engine alias"); return THERMOSTAT_KEY_ALIAS; } }