Source Code of org.apache.jmeter.util.IaikSSLManager$AlwaysTrustDecider

/*
 * ====================================================================
 * The Apache Software License, Version 1.1
 *
 * Copyright (c) 2001 The Apache Software Foundation.  All rights
 * reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 * notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 * notice, this list of conditions and the following disclaimer in
 * the documentation and/or other materials provided with the
 * distribution.
 *
 * 3. The end-user documentation included with the redistribution,
 * if any, must include the following acknowledgment:
 * "This product includes software developed by the
 * Apache Software Foundation (http://www.apache.org/)."
 * Alternately, this acknowledgment may appear in the software itself,
 * if and wherever such third-party acknowledgments normally appear.
 *
 * 4. The names "Apache" and "Apache Software Foundation" and
 * "Apache JMeter" must not be used to endorse or promote products
 * derived from this software without prior written permission. For
 * written permission, please contact apache@apache.org.
 *
 * 5. Products derived from this software may not be called "Apache",
 * "Apache JMeter", nor may "Apache" appear in their name, without
 * prior written permission of the Apache Software Foundation.
 *
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * ====================================================================
 *
 * This software consists of voluntary contributions made by many
 * individuals on behalf of the Apache Software Foundation.  For more
 * information on the Apache Software Foundation, please see
 * <http://www.apache.org/>.
 */
package org.apache.jmeter.util;

import iaik.protocol.https.HttpsURLConnection;
import iaik.security.ssl.SSLClientContext;
import iaik.security.ssl.ClientTrustDecider;
import iaik.security.ssl.SSLCertificate;
import iaik.security.ssl.CipherSuite;
import org.apache.jmeter.gui.GuiPackage;
import org.apache.jmeter.util.keystore.JmeterKeyStore;

import java.net.HttpURLConnection;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Principal;
import java.security.Provider;
import java.security.cert.X509Certificate;

/**
 * The SSLManager handles the KeyStore information for JMeter.  Basically, it
 * handles all the logic for loading and initializing all the JSSE parameters
 * and selecting the alias to authenticate against if it is available.  SSLManager
 * will try to automatically select the client certificate for you, but if it can't
 * make a decision, it will pop open a dialog asking you for more information.
 *
 * @author <a href="bloritsch@apache.org">Berin Loritsch</a>
 * @version CVS $Revision: 1.9 $ $Date: 2001/11/09 20:34:53 $
 */
public class IaikSSLManager extends SSLManager {
    private SSLClientContext context;

    protected static class AlwaysTrustDecider implements ClientTrustDecider {
        protected X509Certificate[] certs;

        public AlwaysTrustDecider(KeyStore store) {
            try {
                java.util.Enumeration enum = store.aliases();
                java.util.ArrayList list = new java.util.ArrayList(store.size());
                while (enum.hasMoreElements())
                {
                    String alias = (String) enum.nextElement();
                    System.out.print("AlwaysTrustDecider alias: " + alias);

                    if (store.isCertificateEntry(alias)) {
                        list.add(store.getCertificate(alias));
                        System.out.println(" INSTALLED");
                    } else {
                        System.out.println(" SKIPPED");
                    }
                }
                this.certs = (X509Certificate[]) list.toArray(new X509Certificate[] {});
            } catch (Exception e) {
                this.certs = null;
            }
        }

        public boolean isTrustedPeer(SSLCertificate cert) {
            System.out.println("AlwaysTrustDecider: isTrusted???\n" + cert.toString());
            return true;
        }

        public PrivateKey getPrivateKey() {
            System.out.println("AlwaysTrustDecider: getPrivateKey");
            return null;
        }

        public SSLCertificate getCertificate(byte[] cert, Principal[] p1, String p2) {
            System.out.println("AlwaysTrustDecider: getCertificate");
            try {
                X509Certificate newCert = new iaik.x509.X509Certificate(cert);
                return new SSLCertificate(iaik.x509.ChainVerifier.orderCertificateChain(newCert, this.certs));
            } catch (Exception e) {}
            return null;
        }
    }

    public void setContext(HttpURLConnection conn) {
        HttpsURLConnection secureConn = (HttpsURLConnection) conn;
        secureConn.setSSLContext(this.context);
    }

    /**
     * Private Constructor to remove the possibility of directly instantiating
     * this object.  Create the SSLContext, and wrap all the X509KeyManagers with
     * our X509KeyManager so that we can choose our alias.
     */
    public IaikSSLManager(Provider provider) {
        this.setProvider(provider);
        this.setProvider(new iaik.security.provider.IAIK());
        this.setProvider(new sun.security.provider.Sun());

        try {
            String iaikProvider = JMeterUtils.getPropDefault("iaik.provider",
                                               "iaik.security.ssl.IaikProvider");
            iaik.security.ssl.SecurityProvider.setSecurityProvider(
                                          (iaik.security.ssl.SecurityProvider)
                                          Class.forName(iaikProvider).newInstance());
            System.out.println("Installed IAIK Provider: " + iaikProvider);
        } catch (Exception e) {
            e.printStackTrace(System.err);
        }

        this.context = new SSLClientContext();

        if ("all".equalsIgnoreCase(JMeterUtils.getPropDefault("javax.net.debug", "none"))) {
            this.context.setDebugStream(System.err);

            CipherSuite[] ciphers = this.context.getEnabledCipherSuites();
            for (int i = 0; i < ciphers.length; i++)
            {
                System.out.println(ciphers[i].getName());
            }
        }

        JmeterKeyStore keyStore = this.getKeyStore();
        this.context.setTrustDecider(new AlwaysTrustDecider(this.getTrustStore()));
        this.context.addClientCredentials(keyStore.getCertificateChain(),
                                          keyStore.getPrivateKey());

        System.out.println(keyStore.getClass().toString());
        System.out.println("IaikSSLManager installed");
    }
}