From: Aleš Křenek <ljocha@ics.muni.cz>
Date: Wed, 13 May 2009 12:12:09 +0000 (+0000)
Subject: extract LB protocol independent parts from SSLSend to SSL
X-Git-Tag: glite-lb-client_R_4_0_2_2~13
X-Git-Url: http://scientific.zcu.cz/git/?a=commitdiff_plain;h=b76d4e1aa566159ba16e0b1f91d7858e29ed556d;p=jra1mw.git

extract LB protocol independent parts from SSLSend to SSL
---

diff --git a/org.glite.lb.client-java/Makefile b/org.glite.lb.client-java/Makefile
index 734707b..4fe2d3e 100644
--- a/org.glite.lb.client-java/Makefile
+++ b/org.glite.lb.client-java/Makefile
@@ -1,6 +1,6 @@
 -include Makefile.inc
 
-EXAMPLES := SimpleLLTest.class 
+EXAMPLES := SimpleLLTest.class SSLClient.class
 # broken: ProducerTestIL.class ProducerTestLL.class
 
 VPATH := examples
diff --git a/org.glite.lb.client-java/src/org/glite/lb/SSL.java b/org.glite.lb.client-java/src/org/glite/lb/SSL.java
new file mode 100644
index 0000000..9b3e284
--- /dev/null
+++ b/org.glite.lb.client-java/src/org/glite/lb/SSL.java
@@ -0,0 +1,226 @@
+package org.glite.lb;
+
+import javax.net.ssl.*;
+import java.net.SocketException;
+import java.io.*;
+import java.net.InetSocketAddress;
+import java.net.Socket;
+import java.security.*;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.Enumeration;
+import org.globus.cog.security.cert.request.BouncyCastleOpenSSLKey;
+import org.globus.gsi.GlobusCredential;
+import org.globus.gsi.GlobusCredentialException;
+import org.gridforum.jgss.ExtendedGSSCredential;
+import org.gridforum.jgss.ExtendedGSSManager;
+import org.ietf.jgss.GSSCredential;
+import org.ietf.jgss.GSSException;
+
+public class SSL {
+
+    static final String proxyProp = "X509UserProxy";
+
+    /**
+     * Implementation of abstract class X509KeyManager. 
+     * It is used to manage X509 certificates which are used to authenticate
+     * the local side of a secure socket.
+     */
+    static class MyX509KeyManager implements X509KeyManager {
+
+        private X509Certificate[] certchain;
+        private PrivateKey key;
+
+        public MyX509KeyManager(Certificate[] cchain, PrivateKey key) {
+            this.certchain = new X509Certificate[cchain.length];
+	    System.arraycopy(cchain, 0, this.certchain, 0, cchain.length); 
+            this.key = key;
+        }
+
+        public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket
+socket) {
+            //System.out.println("MyX509KeyManager.chooseClientAlias()");
+            //for (int i = 0; i < keyType.length; i++) {
+                //System.out.println("MyX509KeyManager.chooseClientAlias() keyType[" + i +
+//"]=" + keyType[i]);
+            //}
+            //for (int i = 0; i < issuers.length; i++) {
+                //System.out.println("MyX509KeyManager.chooseClientAlias() issuers[" + i +
+//"]=" + issuers[i]);
+            //}
+            return "";
+        }
+
+        public String chooseServerAlias(String keyType, Principal[] issuers, Socket
+socket) {
+            //System.out.println("MyX509KeyManager.chooseServerAlias(" + keyType + ")");
+            return null;
+        }
+
+        public X509Certificate[] getCertificateChain(String alias) {
+            //System.out.println("MyX509KeyManager.getCertificateChain(" + alias + ")");
+            return certchain;
+        }
+
+        public String[] getClientAliases(String keyType, Principal[] issuers) {
+            //System.out.println("MyX509KeyManager.getClientAliases(" + keyType + ")");
+            return null;
+        }
+
+        public PrivateKey getPrivateKey(String alias) {
+            //System.out.println("MyX509KeyManager.getPrivateKey(" + alias + ")");
+            return key;
+        }
+
+        public String[] getServerAliases(String keyType, Principal[] issuers) {
+            //System.out.println("MyX509KeyManager.getServerAliases(" + keyType + ")");
+            return null;
+        }
+    }
+
+    /**
+     * Implementation of abstract class X509TrustManager.
+     * It is used to authenticate the remote side of a secure socket.
+     */
+    static class MyX509TrustManager implements X509TrustManager {
+
+        public X509Certificate[] getAcceptedIssuers() {
+            return null;
+        }
+
+        public void checkClientTrusted(X509Certificate[] certs, String authType) {
+            //System.out.println("X509TrustManager.checkClientTrusted(certs["+certs.length+"],"+authType+")");
+        }
+
+        public void checkServerTrusted(X509Certificate[] certs, String authType) throws
+                CertificateException {
+            //System.out.println("----X509TrustManager.checkServerTrusted-----");
+            //System.out.println("number of certs: "+certs.length+", authType="+authType);
+            //for(int i=0;i<certs.length;i++) {
+            //    System.out.println("cert["+i+"]="+certs[i].getSubjectDN());
+            //}
+            //System.out.println("--------------------------------------------");
+        }
+    }
+
+    SSLContext sctx;
+    SSLSocket socket;
+    SSLSession sess;
+    String proxy;
+    PrintStream osw = null;
+
+    void init_ctx() throws KeyStoreException,NoSuchAlgorithmException,KeyManagementException {
+	    if (sctx == null) {
+
+		if (proxy == null) proxy = System.getProperty(proxyProp);
+
+	        TrustManager[] trustAllCerts = new TrustManager[]{new MyX509TrustManager()};
+       	     	X509KeyManager[] myKeyManager = createX509KeyManager(proxy);
+       	     
+       	     	if (myKeyManager == null) {
+                	throw new NullPointerException("myKeyManager is null");
+            	}
+
+            	sctx = SSLContext.getInstance("SSLv3");
+            	sctx.init(myKeyManager, trustAllCerts, null);
+	    }
+    }
+
+    public void setProxy(String p) {
+	    proxy = p;
+    }
+
+    public void connect(String host,int port,int timeout) throws KeyStoreException,NoSuchAlgorithmException,KeyManagementException,SocketException,IOException {
+
+	    init_ctx();
+	    
+	    osw = null;
+	    socket = (SSLSocket) sctx.getSocketFactory().createSocket();
+
+            socket.setEnabledProtocols(new String[]{"SSLv3"});
+            socket.setUseClientMode(true);
+            socket.setSoTimeout(timeout * 10); //read timeout
+
+            socket.connect(new InetSocketAddress(host, port), timeout); //connect timeout
+            socket.startHandshake();
+
+            sess = socket.getSession();
+            if (sess == null) {
+                throw new NullPointerException("null session");
+            }
+
+	    osw = new PrintStream(socket.getOutputStream(), false);
+    }
+
+    public void close() throws IOException,SocketException {
+	    osw.close();
+	    socket.close();
+    }
+
+    public void sendString(String message,int timeout) throws IOException,SocketException {
+	    socket.setSoTimeout(timeout * 10);
+	    osw.print(message);
+	    osw.flush();
+    }
+
+    public void sendBytes(byte[] message,int len,int timeout) throws IOException,SocketException {
+	    socket.setSoTimeout(timeout * 10);
+	    osw.write(message,0,len);
+	    osw.flush();
+    }
+
+    /**
+     * This methods reads user's certificate
+     * 
+     * @param ksfile path to certificate
+     * @return instance of KeyStore with certificate
+     * @throws java.security.KeyStoreException
+     * @throws java.security.cert.CertificateException
+     * @throws java.security.NoSuchAlgorithmException
+     * @throws java.io.IOException
+     */
+    X509KeyManager[] createX509KeyManager(String ksfile) throws KeyStoreException {
+
+        if (ksfile.endsWith(".pem") || !ksfile.contains(".")) {
+            return readPEM(ksfile);
+        }
+
+        throw new KeyStoreException("Unknown key store");
+    }
+
+    X509KeyManager[] readPEM(String ksfile) {
+        BufferedReader br = null;
+        BufferedInputStream pemFile = null;
+        ByteArrayInputStream bais = null;
+
+        X509KeyManager[] myX509KeyManager = null;
+        
+	try {
+            // read in the credential data
+            File f = new File(ksfile);
+            pemFile = new BufferedInputStream(new FileInputStream(f));
+            byte [] data = new byte[(int)f.length()];
+            pemFile.read(data);
+            
+            GlobusCredential gc = new GlobusCredential(ksfile);
+            Certificate[] cert = gc.getCertificateChain();
+
+            PrivateKey privateKey = gc.getPrivateKey();
+            myX509KeyManager = new X509KeyManager[]{new MyX509KeyManager(cert, privateKey)};
+        } catch (IOException ex) {
+            System.err.println(ex);
+        } catch (GlobusCredentialException ex) {
+            System.err.println(ex);
+        } finally {
+            try {
+                pemFile.close();
+            } catch (IOException ex) {
+                System.err.println(ex);
+            }
+        }
+
+        return myX509KeyManager;
+    }
+}
diff --git a/org.glite.lb.client-java/src/org/glite/lb/SSLSend.java b/org.glite.lb.client-java/src/org/glite/lb/SSLSend.java
index c226140..347236a 100644
--- a/org.glite.lb.client-java/src/org/glite/lb/SSLSend.java
+++ b/org.glite.lb.client-java/src/org/glite/lb/SSLSend.java
@@ -1,24 +1,8 @@
 package org.glite.lb;
 
-import javax.net.ssl.*;
-import java.io.*;
-import java.net.InetSocketAddress;
-import java.net.Socket;
+import java.io.IOException;
 import java.security.*;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.util.Enumeration;
-import org.globus.cog.security.cert.request.BouncyCastleOpenSSLKey;
-import org.globus.gsi.GlobusCredential;
-import org.globus.gsi.GlobusCredentialException;
-import org.gridforum.jgss.ExtendedGSSCredential;
-import org.gridforum.jgss.ExtendedGSSManager;
-import org.ietf.jgss.GSSCredential;
-import org.ietf.jgss.GSSException;
 
-// http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#SupportClasses
 /**
  * This class opens secure connection using SSLv3 and then sends message to set
  * address.
@@ -30,94 +14,6 @@ public class SSLSend {
     private static final String EDG_WLL_LOG_SOCKET_HEADER = "DGLOG";
 
     /**
-     * Implementation of abstract class X509KeyManager. 
-     * It is used to manage X509 certificates which are used to authenticate
-     * the local side of a secure socket.
-     */
-    static class MyX509KeyManager implements X509KeyManager {
-
-        private X509Certificate[] certchain;
-        private PrivateKey key;
-
-        public MyX509KeyManager(Certificate[] cchain, PrivateKey key) {
-            this.certchain = new X509Certificate[cchain.length];
-	    System.arraycopy(cchain, 0, this.certchain, 0, cchain.length); 
-            this.key = key;
-        }
-
-        public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket
-socket) {
-            //System.out.println("MyX509KeyManager.chooseClientAlias()");
-            //for (int i = 0; i < keyType.length; i++) {
-                //System.out.println("MyX509KeyManager.chooseClientAlias() keyType[" + i +
-//"]=" + keyType[i]);
-            //}
-            //for (int i = 0; i < issuers.length; i++) {
-                //System.out.println("MyX509KeyManager.chooseClientAlias() issuers[" + i +
-//"]=" + issuers[i]);
-            //}
-            return "";
-        }
-
-        public String chooseServerAlias(String keyType, Principal[] issuers, Socket
-socket) {
-            //System.out.println("MyX509KeyManager.chooseServerAlias(" + keyType + ")");
-            return null;
-        }
-
-        public X509Certificate[] getCertificateChain(String alias) {
-            //System.out.println("MyX509KeyManager.getCertificateChain(" + alias + ")");
-            return certchain;
-        }
-
-        public String[] getClientAliases(String keyType, Principal[] issuers) {
-            //System.out.println("MyX509KeyManager.getClientAliases(" + keyType + ")");
-            return null;
-        }
-
-        public PrivateKey getPrivateKey(String alias) {
-            //System.out.println("MyX509KeyManager.getPrivateKey(" + alias + ")");
-            return key;
-        }
-
-        public String[] getServerAliases(String keyType, Principal[] issuers) {
-            //System.out.println("MyX509KeyManager.getServerAliases(" + keyType + ")");
-            return null;
-        }
-    }
-
-    /**
-     * Implementation of abstract class X509TrustManager.
-     * It is used to authenticate the remote side of a secure socket.
-     */
-    static class MyX509TrustManager implements X509TrustManager {
-
-        public X509Certificate[] getAcceptedIssuers() {
-            return null;
-        }
-
-        public void checkClientTrusted(X509Certificate[] certs, String authType) {
-            //System.out.println("X509TrustManager.checkClientTrusted(certs["+certs.length+"],"+authType+")");
-        }
-
-        public void checkServerTrusted(X509Certificate[] certs, String authType) throws
-                CertificateException {
-            //System.out.println("----X509TrustManager.checkServerTrusted-----");
-            //System.out.println("number of certs: "+certs.length+", authType="+authType);
-            //for(int i=0;i<certs.length;i++) {
-            //    System.out.println("cert["+i+"]="+certs[i].getSubjectDN());
-            //}
-            //System.out.println("--------------------------------------------");
-        }
-    }
-
-    /**
-     * Non-parametric constructor.
-     */
-    public SSLSend() {
-    }
-
-    /**
      * This method is used to send messages using a secure socket.
      * 
      * @param keyStoreSender path to user's certificate
@@ -127,148 +23,34 @@ socket) {
      * @param message message which will be send
      */
     public void send(String keyStoreSender, String host,
-            int port, int timeout, String message) {
-
-        try {
-            TrustManager[] trustAllCerts = new TrustManager[]{new MyX509TrustManager()};
-            X509KeyManager[] myKeyManager = createX509KeyManager(keyStoreSender);
-            
-            if (myKeyManager == null) {
-                throw new NullPointerException("myKeyManager is null");
-            }
-
-            SSLContext sctx = SSLContext.getInstance("SSLv3");
-            sctx.init(myKeyManager, trustAllCerts, null);
+            int port, int timeout, String message) 
+    throws KeyStoreException,IOException,NoSuchAlgorithmException,KeyManagementException
+    {
 
-            SSLSocketFactory factory = sctx.getSocketFactory();
+	SSL lbsock = new SSL();
 
-            connect(factory, host, port, timeout, message);
-        } catch (KeyManagementException ex) {
-            System.err.println(ex);
-        } catch (NoSuchAlgorithmException ex) {
-            System.err.println(ex);
-        } catch (Exception ex) {
-            System.err.println(ex);
-        }
-    }
-
-    /**
-     * This method is used to connect to the remote side using SSL sockets. 
-     * After successful connection is send the message.
-     * 
-     * @param factory instance of SSLSocketFactory
-     * @param host host name
-     * @param port port number
-     * @param timeout connection timeout
-     * @param message message which will be send
-     */
-    static void connect(SSLSocketFactory factory, String host, int port, int timeout,
-            String message) {
-        PrintStream osw = null;
-        SSLSocket socket = null;
-        try {
-            socket = (SSLSocket) factory.createSocket();
-
-            socket.setEnabledProtocols(new String[]{"SSLv3"});
-            socket.setUseClientMode(true);
-
-            socket.setSoTimeout(timeout * 10); //read timeout
-
-            socket.connect(new InetSocketAddress(host, port), timeout); //connect timeout
-
-            socket.startHandshake();
+	lbsock.setProxy(keyStoreSender);
+	lbsock.connect(host,port,timeout);
 
-            SSLSession sess = socket.getSession();
-            if (sess == null) {
-                throw new NullPointerException("null session");
-            }
+        lbsock.sendString(EDG_WLL_LOG_SOCKET_HEADER,timeout);
 
-            message = message.replaceFirst("DG.LLLID=[0-9]* ", "");
-            message = message.replaceFirst("DG.USER=\\x22[a-zA-Z ]*\\x22 ", "");
-            osw = new PrintStream(socket.getOutputStream(), false);
-            osw.print(EDG_WLL_LOG_SOCKET_HEADER);
-            osw.flush();
+        message = message.replaceFirst("DG.LLLID=[0-9]* ", "");
+        message = message.replaceFirst("DG.USER=\\x22[a-zA-Z ]*\\x22 ", "");
 
-            int messageSize = message.length() + 2;
-            byte revertedInt[] = new byte[4];
-            revertedInt[0] = (byte) (messageSize % 256);
-            messageSize >>= 8;
-            revertedInt[1] = (byte) (messageSize % 256);
-            messageSize >>= 8;
-            revertedInt[2] = (byte) (messageSize % 256);
-            messageSize >>= 8;
-            revertedInt[3] = (byte) (messageSize);
+        int messageSize = message.length() + 2;
+        byte revertedInt[] = new byte[4];
+        revertedInt[0] = (byte) (messageSize % 256);
+        messageSize >>= 8;
+        revertedInt[1] = (byte) (messageSize % 256);
+        messageSize >>= 8;
+        revertedInt[2] = (byte) (messageSize % 256);
+        messageSize >>= 8;
+        revertedInt[3] = (byte) (messageSize);
 
-            osw.write(revertedInt, 0, 4);
-            osw.flush();
+        lbsock.sendBytes(revertedInt,4,timeout);
+	lbsock.sendString(message + '\n' + '\0',timeout);
+	lbsock.close();
 
-            osw.print(message + '\n' + '\0');
-            osw.flush();
-        } catch (IOException ex) {
-            ex.printStackTrace();
-        } catch (NullPointerException ex) {
-            ex.printStackTrace();
-        } finally {
-            osw.close();
-
-            try {
-                socket.close();
-            } catch (IOException ex) {
-                ex.printStackTrace();
-            }
-        }
-    }
-
-    /**
-     * This methods reads user's certificate
-     * 
-     * @param ksfile path to certificate
-     * @return instance of KeyStore with certificate
-     * @throws java.security.KeyStoreException
-     * @throws java.security.cert.CertificateException
-     * @throws java.security.NoSuchAlgorithmException
-     * @throws java.io.IOException
-     */
-    public X509KeyManager[] createX509KeyManager(String ksfile) throws KeyStoreException {
-
-        if (ksfile.endsWith(".pem") || !ksfile.contains(".")) {
-            return readPEM(ksfile);
-        }
-
-        throw new KeyStoreException("Unknown key store");
     }
 
-    public X509KeyManager[] readPEM(String ksfile) {
-        BufferedReader br = null;
-        BufferedInputStream pemFile = null;
-        ByteArrayInputStream bais = null;
-
-        X509KeyManager[] myX509KeyManager = null;
-        
-	try {
-            // read in the credential data
-            File f = new File(ksfile);
-            pemFile = new BufferedInputStream(new FileInputStream(f));
-            byte [] data = new byte[(int)f.length()];
-            pemFile.read(data);
-            
-            GlobusCredential gc = new GlobusCredential(ksfile);
-            Certificate[] cert = gc.getCertificateChain();
-
-            PrivateKey privateKey = gc.getPrivateKey();
-            myX509KeyManager = new X509KeyManager[]{new MyX509KeyManager(cert, privateKey)};
-        } catch (IOException ex) {
-            System.err.println(ex);
-        } catch (GlobusCredentialException ex) {
-            System.err.println(ex);
-        } finally {
-            try {
-                pemFile.close();
-            } catch (IOException ex) {
-                System.err.println(ex);
-            }
-        }
-
-        return myX509KeyManager;
-    }
 }