public EmailChannel(String configuration) {
Properties props = new Properties();
try {
props.load(new StringReader(configuration));
} catch (IOException e) {
// really shouldn't happen
throw new IllegalStateException(
"Bug: can't load email properties " + "for the channel instance", e);
}
String smtpUser = props.getProperty(CFG_USER);
String smtpPassword = props.getProperty(CFG_PASSWD);
Authenticator smtpAuthn =
(smtpUser != null && smtpPassword != null)
? new SimpleAuthenticator(smtpUser, smtpPassword)
: null;
String trustAll = props.getProperty(CFG_TRUST_ALL);
if (trustAll != null && "true".equalsIgnoreCase(trustAll)) {
MailSSLSocketFactory trustAllSF;
try {
trustAllSF = new MailSSLSocketFactory();
} catch (GeneralSecurityException e) {
// really shouldn't happen
throw new IllegalStateException("Can't init trust-all SSL socket factory", e);
}
trustAllSF.setTrustAllHosts(true);
props.put("mail.smtp.ssl.socketFactory", trustAllSF);
} else {
X509CertChainValidator validator = pkiManagement.getMainAuthnAndTrust().getValidator();
SSLSocketFactory factory = SocketFactoryCreator.getSocketFactory(null, validator);
props.put("mail.smtp.ssl.socketFactory", factory);
}
session = Session.getInstance(props, smtpAuthn);
}
/** Creates a new SSLSocket bound to ContextWrapper * */
private Socket createSocket() throws IOException {
if (_factory == null) {
Properties attributes = getCurrentProperties();
StoreUpdateListener listener =
new StoreUpdateListener() {
public void loadingNotification(
String location, String type, Severity level, Exception cause) {
if (level != Severity.NOTIFICATION) {
System.out.println(
"Error when creating or using SSL socket. Type "
+ type
+ " level: "
+ level
+ " cause: "
+ cause.getClass()
+ ":"
+ cause.getMessage());
} else {
// log successful (re)loading
}
}
};
ArrayList<StoreUpdateListener> listenerList = new ArrayList<StoreUpdateListener>();
listenerList.add(listener);
RevocationParameters revParam =
new RevocationParameters(
CrlCheckingMode.REQUIRE,
new OCSPParametes(),
false,
RevocationCheckingOrder.CRL_OCSP);
String crlCheckingMode = (String) attributes.get(CRL_CHEKING_MODE_STRING);
if (crlCheckingMode != null) {
if (crlCheckingMode.equalsIgnoreCase("ifvalid")) {
revParam =
new RevocationParameters(
CrlCheckingMode.IF_VALID,
new OCSPParametes(),
false,
RevocationCheckingOrder.CRL_OCSP);
} else {
if (crlCheckingMode.equalsIgnoreCase("ignore")) {
revParam =
new RevocationParameters(
CrlCheckingMode.IGNORE,
new OCSPParametes(),
false,
RevocationCheckingOrder.CRL_OCSP);
}
}
}
ProxySupport proxySupport = ProxySupport.ALLOW;
String proxySupportString = (String) attributes.get(PROXY_SUPPORT_STRING);
if (proxySupportString != null) {
if (proxySupportString.equalsIgnoreCase("no")
|| proxySupportString.equalsIgnoreCase("false")) {
proxySupport = ProxySupport.DENY;
}
}
ValidatorParams validatorParams = new ValidatorParams(revParam, proxySupport, listenerList);
String trustStoreLocation = (String) attributes.get(TRUSTSTORE_STRING);
if (trustStoreLocation == null) {
throw new IOException(
"No truststore defined, unable to load CA certificates and thus create SSL socket.");
}
String namespaceModeString = (String) attributes.get(NAMESPACE_STRING);
NamespaceCheckingMode namespaceMode = NamespaceCheckingMode.EUGRIDPMA_AND_GLOBUS;
if (namespaceModeString != null) {
if (namespaceModeString.equalsIgnoreCase("no")
|| namespaceModeString.equalsIgnoreCase("false")
|| namespaceModeString.equalsIgnoreCase("off")) {
namespaceMode = NamespaceCheckingMode.IGNORE;
} else {
if (namespaceModeString.equalsIgnoreCase("require")) {
namespaceMode = NamespaceCheckingMode.EUGRIDPMA_AND_GLOBUS_REQUIRE;
}
}
}
String intervalString = (String) attributes.get(UPDATEINTERVAL_STRING);
long intervalMS = 3600000; // update ever hour
if (intervalString != null) {
intervalMS = Long.parseLong(intervalString);
}
OpensslCertChainValidator validator =
new OpensslCertChainValidator(
trustStoreLocation, namespaceMode, intervalMS, validatorParams);
X509Credential credentials = null;
String proxyLoc = (String) attributes.get(PROXY_STRING);
if (proxyLoc != null) {
try {
credentials = new PEMCredential(proxyLoc, (char[]) null);
} catch (KeyStoreException e) {
throw new IOException("Error opening proxy from " + proxyLoc + ": ", e);
} catch (CertificateException e) {
throw new IOException("Error reading proxy from " + proxyLoc + ": ", e);
}
} else {
String hostCertLoc = (String) attributes.get(CERT_STRING);
if (hostCertLoc == null) {
throw new IOException(
"Variable hostcert undefined, cannot start server with SSL/TLS without host certificate.");
}
java.security.cert.X509Certificate[] hostCertChain =
CertificateUtils.loadCertificateChain(new FileInputStream(hostCertLoc), Encoding.PEM);
String password = (String) attributes.get(PASSWORD_STRING);
String hostKeyLoc = (String) attributes.get(KEY_STRING);
if (hostKeyLoc == null) {
throw new IOException(
"Variable hostkey undefined, cannot start server with SSL/TLS without host private key.");
}
PrivateKey hostKey =
CertificateUtils.loadPrivateKey(
new FileInputStream(hostKeyLoc),
Encoding.PEM,
password == null ? null : password.toCharArray());
try {
credentials = new KeyAndCertCredential(hostKey, hostCertChain);
} catch (KeyStoreException e) {
throw new IOException("Error while creating keystore: " + e + ": " + e.getMessage(), e);
}
}
SSLSocketFactory newFactory = SocketFactoryCreator.getSocketFactory(credentials, validator);
SSLSocket socket = (SSLSocket) newFactory.createSocket();
return socket;
} else {
return _factory.createSocket();
}
}
