/*
* SSLContextManager.java
*
* Created on 12 January 2006, 09:06
*
* To change this template, choose Tools | Options and locate the template under
* the Source Creation and Management node. Right-click the template and choose
* Open. You can then make changes to the template in the Source Editor.
*/
package org.owasp.webscarab.httpclient;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.Map;
import java.util.TreeMap;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.owasp.webscarab.util.NullComparator;
/**
*
* @author rdawes
*/
public class SSLContextManager extends AbstractCertificateRepository {
private Map _contextMaps = new TreeMap(new NullComparator());
private SSLContext _noClientCertContext;
private static TrustManager[] _trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {}
public void checkServerTrusted(X509Certificate[] certs, String authType) {}
}
};
/** Creates a new instance of SSLContextManager */
public SSLContextManager() {
System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");
try {
_noClientCertContext = SSLContext.getInstance("SSL");
_noClientCertContext.init(null, _trustAllCerts, new SecureRandom());
} catch (NoSuchAlgorithmException nsao) {
_logger.severe("Could not get an instance of the SSL algorithm: " + nsao.getMessage());
} catch (KeyManagementException kme) {
_logger.severe("Error initialising the SSL Context: " + kme);
}
try {
if (System.getProperty("os.name").toLowerCase().indexOf("win") >= 0) {
initPKCS11("P11-CAPI", "lib/p11-capi.dll", 0, "");
}
} catch (Exception e) {
e.printStackTrace();
}
}
public void unlockKey(int keystoreIndex, int aliasIndex, String keyPassword) throws KeyStoreException, KeyManagementException {
KeyStore ks = (KeyStore) _keyStores.get(keystoreIndex);
String alias = getAliasAt(keystoreIndex, aliasIndex);
AliasKeyManager akm = new AliasKeyManager(ks, alias, keyPassword);
String fingerprint = getFingerPrint(getCertificate(keystoreIndex, aliasIndex));
if (fingerprint == null) {
_logger.severe("No fingerprint found");
return;
}
SSLContext sc;
try {
sc = SSLContext.getInstance("SSL");
} catch (NoSuchAlgorithmException nsao) {
_logger.severe("Could not get an instance of the SSL algorithm: " + nsao.getMessage());
return;
}
sc.init(new KeyManager[] { akm }, _trustAllCerts, new SecureRandom());
String key = fingerprint;
if (key.indexOf(" ")>0)
key = key.substring(0, key.indexOf(" "));
_contextMaps.put(key, sc);
}
public void invalidateSessions() {
invalidateSession(_noClientCertContext);
Iterator it = _contextMaps.keySet().iterator();
while (it.hasNext()) {
invalidateSession((SSLContext)_contextMaps.get(it.next()));
}
}
private void invalidateSession(SSLContext sc) {
SSLSessionContext sslsc = sc.getClientSessionContext();
if (sslsc != null) {
int timeout = sslsc.getSessionTimeout();
// force sessions to be timed out
sslsc.setSessionTimeout(1);
sslsc.setSessionTimeout(timeout);
}
sslsc = sc.getServerSessionContext();
if (sslsc != null) {
int timeout = sslsc.getSessionTimeout();
// force sessions to be timed out
sslsc.setSessionTimeout(1);
sslsc.setSessionTimeout(timeout);
}
}
public SSLContext getSSLContext(String fingerprint) {
_logger.info("Requested SSLContext for " + fingerprint);
if (fingerprint == null || fingerprint.equals("none"))
return _noClientCertContext;
if (fingerprint.indexOf(" ")>0)
fingerprint = fingerprint.substring(0, fingerprint.indexOf(" "));
return (SSLContext) _contextMaps.get(fingerprint);
}
}