コード例 #1
0
 public EmailChannel(String configuration) {
   Properties props = new Properties();
   try {
     props.load(new StringReader(configuration));
   } catch (IOException e) {
     // really shouldn't happen
     throw new IllegalStateException(
         "Bug: can't load email properties " + "for the channel instance", e);
   }
   String smtpUser = props.getProperty(CFG_USER);
   String smtpPassword = props.getProperty(CFG_PASSWD);
   Authenticator smtpAuthn =
       (smtpUser != null && smtpPassword != null)
           ? new SimpleAuthenticator(smtpUser, smtpPassword)
           : null;
   String trustAll = props.getProperty(CFG_TRUST_ALL);
   if (trustAll != null && "true".equalsIgnoreCase(trustAll)) {
     MailSSLSocketFactory trustAllSF;
     try {
       trustAllSF = new MailSSLSocketFactory();
     } catch (GeneralSecurityException e) {
       // really shouldn't happen
       throw new IllegalStateException("Can't init trust-all SSL socket factory", e);
     }
     trustAllSF.setTrustAllHosts(true);
     props.put("mail.smtp.ssl.socketFactory", trustAllSF);
   } else {
     X509CertChainValidator validator = pkiManagement.getMainAuthnAndTrust().getValidator();
     SSLSocketFactory factory = SocketFactoryCreator.getSocketFactory(null, validator);
     props.put("mail.smtp.ssl.socketFactory", factory);
   }
   session = Session.getInstance(props, smtpAuthn);
 }
コード例 #2
0
  /** Creates a new SSLSocket bound to ContextWrapper * */
  private Socket createSocket() throws IOException {

    if (_factory == null) {
      Properties attributes = getCurrentProperties();
      StoreUpdateListener listener =
          new StoreUpdateListener() {
            public void loadingNotification(
                String location, String type, Severity level, Exception cause) {
              if (level != Severity.NOTIFICATION) {
                System.out.println(
                    "Error when creating or using SSL socket. Type "
                        + type
                        + " level: "
                        + level
                        + " cause: "
                        + cause.getClass()
                        + ":"
                        + cause.getMessage());
              } else {
                // log successful (re)loading
              }
            }
          };

      ArrayList<StoreUpdateListener> listenerList = new ArrayList<StoreUpdateListener>();
      listenerList.add(listener);

      RevocationParameters revParam =
          new RevocationParameters(
              CrlCheckingMode.REQUIRE,
              new OCSPParametes(),
              false,
              RevocationCheckingOrder.CRL_OCSP);

      String crlCheckingMode = (String) attributes.get(CRL_CHEKING_MODE_STRING);
      if (crlCheckingMode != null) {
        if (crlCheckingMode.equalsIgnoreCase("ifvalid")) {
          revParam =
              new RevocationParameters(
                  CrlCheckingMode.IF_VALID,
                  new OCSPParametes(),
                  false,
                  RevocationCheckingOrder.CRL_OCSP);
        } else {
          if (crlCheckingMode.equalsIgnoreCase("ignore")) {
            revParam =
                new RevocationParameters(
                    CrlCheckingMode.IGNORE,
                    new OCSPParametes(),
                    false,
                    RevocationCheckingOrder.CRL_OCSP);
          }
        }
      }

      ProxySupport proxySupport = ProxySupport.ALLOW;
      String proxySupportString = (String) attributes.get(PROXY_SUPPORT_STRING);
      if (proxySupportString != null) {
        if (proxySupportString.equalsIgnoreCase("no")
            || proxySupportString.equalsIgnoreCase("false")) {
          proxySupport = ProxySupport.DENY;
        }
      }

      ValidatorParams validatorParams = new ValidatorParams(revParam, proxySupport, listenerList);

      String trustStoreLocation = (String) attributes.get(TRUSTSTORE_STRING);
      if (trustStoreLocation == null) {
        throw new IOException(
            "No truststore defined, unable to load CA certificates and thus create SSL socket.");
      }

      String namespaceModeString = (String) attributes.get(NAMESPACE_STRING);
      NamespaceCheckingMode namespaceMode = NamespaceCheckingMode.EUGRIDPMA_AND_GLOBUS;
      if (namespaceModeString != null) {
        if (namespaceModeString.equalsIgnoreCase("no")
            || namespaceModeString.equalsIgnoreCase("false")
            || namespaceModeString.equalsIgnoreCase("off")) {
          namespaceMode = NamespaceCheckingMode.IGNORE;
        } else {
          if (namespaceModeString.equalsIgnoreCase("require")) {
            namespaceMode = NamespaceCheckingMode.EUGRIDPMA_AND_GLOBUS_REQUIRE;
          }
        }
      }

      String intervalString = (String) attributes.get(UPDATEINTERVAL_STRING);
      long intervalMS = 3600000; // update ever hour
      if (intervalString != null) {
        intervalMS = Long.parseLong(intervalString);
      }

      OpensslCertChainValidator validator =
          new OpensslCertChainValidator(
              trustStoreLocation, namespaceMode, intervalMS, validatorParams);

      X509Credential credentials = null;

      String proxyLoc = (String) attributes.get(PROXY_STRING);
      if (proxyLoc != null) {
        try {
          credentials = new PEMCredential(proxyLoc, (char[]) null);
        } catch (KeyStoreException e) {
          throw new IOException("Error opening proxy from " + proxyLoc + ": ", e);
        } catch (CertificateException e) {
          throw new IOException("Error reading proxy from " + proxyLoc + ": ", e);
        }
      } else {

        String hostCertLoc = (String) attributes.get(CERT_STRING);
        if (hostCertLoc == null) {
          throw new IOException(
              "Variable hostcert undefined, cannot start server with SSL/TLS without host certificate.");
        }
        java.security.cert.X509Certificate[] hostCertChain =
            CertificateUtils.loadCertificateChain(new FileInputStream(hostCertLoc), Encoding.PEM);

        String password = (String) attributes.get(PASSWORD_STRING);
        String hostKeyLoc = (String) attributes.get(KEY_STRING);
        if (hostKeyLoc == null) {
          throw new IOException(
              "Variable hostkey undefined, cannot start server with SSL/TLS without host private key.");
        }
        PrivateKey hostKey =
            CertificateUtils.loadPrivateKey(
                new FileInputStream(hostKeyLoc),
                Encoding.PEM,
                password == null ? null : password.toCharArray());

        try {
          credentials = new KeyAndCertCredential(hostKey, hostCertChain);
        } catch (KeyStoreException e) {
          throw new IOException("Error while creating keystore: " + e + ": " + e.getMessage(), e);
        }
      }
      SSLSocketFactory newFactory = SocketFactoryCreator.getSocketFactory(credentials, validator);
      SSLSocket socket = (SSLSocket) newFactory.createSocket();
      return socket;
    } else {
      return _factory.createSocket();
    }
  }