/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
*
* The contents of this file are subject to the Netscape Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/NPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*/
package com.day.ldap.factory;
import java.net.Socket;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import javax.net.SocketFactory;
import com.day.ldap.LDAPConnection;
import com.day.ldap.LDAPSocketFactory;
import com.day.ldap.LDAPException;
/**
* Creates an SSL socket connection to a server, using the JSSE package
* from Sun. This class implements the <CODE>LDAPSocketFactory</CODE>
* interface.
* <P>
*
* @version 1.0
* @see LDAPSocketFactory
* @see LDAPConnection#LDAPConnection(com.day.ldap.LDAPSocketFactory)
*/
public class JSSESocketFactory
implements LDAPSocketFactory, java.io.Serializable {
static final long serialVersionUID = 6834205777733266609L;
// Optional explicit cipher suites to use
private final String[] suites;
// Whether to check certificates
private final boolean checkCertificates;
// Create a trust manager that does not validate certificate chains
private final TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(X509Certificate[] certs, String authType) {
}
} };
/**
* Factory constructor
*
* @param suites Cipher suites to attempt to use with the server;
* if <code>null</code>, use any cipher suites available in the
* JSSE package
*/
public JSSESocketFactory( String[] suites ) {
this(suites, true);
}
/**
* Factory constructor
*
* @param suites Cipher suites to attempt to use with the server;
* if <code>null</code>, use any cipher suites available in the
* JSSE package
* @param checkCertificates set to <code>false </code> to disable
* certificate checking
*/
public JSSESocketFactory( String[] suites, boolean checkCertificates ) {
this.suites = suites;
this.checkCertificates = checkCertificates;
}
/**
* Creates an SSL socket
*
* @param host Host name or IP address of SSL server
* @param port Port numbers of SSL server
* @return A socket for an encrypted session
* @exception LDAPException on error creating socket
*/
public Socket makeSocket(String host, int port)
throws LDAPException {
SSLSocket sock;
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, this.checkCertificates ? null : trustAllCerts, null);
SocketFactory factory = sc.getSocketFactory();
sock = (SSLSocket) factory.createSocket(host, port);
if (suites != null) {
sock.setEnabledCipherSuites(suites);
}
sock.startHandshake();
} catch (Exception e) {
LDAPException ex = new LDAPException("SSL connection to " + host +
":" + port, LDAPException.CONNECT_ERROR);
ex.initCause(e);
throw ex;
}
return sock;
}
}