platform/util-rt/src/com/intellij/execution/rmi/ssl/SslSocketFactory.java - platform/tools/idea - Git at Google

 /*
  * Copyright 2000-2014 JetBrains s.r.o.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package com.intellij.execution.rmi.ssl;

 import com.intellij.openapi.util.text.StringUtilRt;
 import org.jetbrains.annotations.NotNull;

 import javax.net.ssl.*;
 import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.net.InetAddress;
 import java.net.Socket;
 import java.security.*;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.util.UUID;

 public class SslSocketFactory extends SSLSocketFactory {
   public static final String SSL_CA_CERT_PATH = "sslCaCertPath";
   public static final String SSL_CLIENT_CERT_PATH = "sslClientCertPath";
   public static final String SSL_CLIENT_KEY_PATH = "sslClientKeyPath";
   public static final String SSL_TRUST_EVERYBODY = "sslTrustEverybody";
   private SSLSocketFactory myFactory;

   public SslSocketFactory() throws GeneralSecurityException, IOException {
     super();
     SSLContext ctx = SSLContext.getInstance("TLS");
     TrustManager[] tms;
     KeyManager[] kms;
     try {
       String caCertPath = System.getProperty(SSL_CA_CERT_PATH);
       String clientCertPath = System.getProperty(SSL_CLIENT_CERT_PATH);
       String clientKeyPath = System.getProperty(SSL_CLIENT_KEY_PATH);
       boolean trustEverybody = StringUtilRt.parseBoolean(System.getProperty(SSL_TRUST_EVERYBODY), false);

       tms = trustEverybody ? new TrustManager[]{new MyTrustEverybodyManager()} :
             caCertPath == null ? new TrustManager[]{} : new TrustManager[]{new MyTrustManager(caCertPath)};
       kms = clientCertPath != null && clientKeyPath != null
             ? new KeyManager[]{new MyKeyManager(clientCertPath, clientKeyPath)}
             : new KeyManager[]{};
     }
     catch (Exception e) {
       throw new RuntimeException(e);
     }

     ctx.init(kms, tms, null);
     myFactory = ctx.getSocketFactory();
   }

   @NotNull
   public Socket createSocket(InetAddress host, int port) throws IOException {
     return myFactory.createSocket(host, port);
   }

   @NotNull
   public Socket createSocket(String host, int port) throws IOException {
     return myFactory.createSocket(host, port);
   }

   @NotNull
   public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException {
     return myFactory.createSocket(host, port, localHost, localPort);
   }

   @NotNull
   public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {
     return myFactory.createSocket(address, port, localAddress, localPort);
   }

   public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException {
     return myFactory.createSocket(socket, host, port, autoClose);
   }

   @NotNull
   public String[] getDefaultCipherSuites() {
     return myFactory.getDefaultCipherSuites();
   }

   @NotNull
   public String[] getSupportedCipherSuites() {
     return myFactory.getSupportedCipherSuites();
   }

   @NotNull
   public static X509Certificate readCertificate(@NotNull String filePath) throws CertificateException, IOException {
     CertificateFactory factory = CertificateFactory.getInstance("X.509");
     InputStream inStream = new FileInputStream(filePath);
     X509Certificate ca = (X509Certificate)factory.generateCertificate(inStream);
     inStream.close();
     return ca;
   }

   @NotNull
   public static PrivateKey readPrivateKey(@NotNull String filePath) throws IOException {
     return new PrivateKeyReader(filePath).getPrivateKey();
   }

   private static class MyTrustManager implements X509TrustManager {
     @NotNull private final String myCaCertPath;
     private X509TrustManager trustManager;

     private MyTrustManager(@NotNull String caCertPath) throws Exception {
       myCaCertPath = caCertPath;
       KeyStore ks = createStore();
       TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
       tmf.init(ks);
       for (TrustManager tm : tmf.getTrustManagers()) {
         if (tm instanceof X509TrustManager) {
           trustManager = (X509TrustManager)tm;
           break;
         }
       }
       if (trustManager == null) {
         throw new RuntimeException("No X509TrustManager found");
       }
     }

     @NotNull
     public KeyStore createStore() throws CertificateException, IOException, KeyStoreException, NoSuchAlgorithmException {
       KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
       ks.load(null);
       X509Certificate caCert = readCertificate(myCaCertPath);
       ks.setCertificateEntry(UUID.randomUUID().toString(), caCert);
       return ks;
     }

     public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
     }

     public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
       if (trustManager == null) throw new RuntimeException("No X509TrustManager found");
       trustManager.checkServerTrusted(x509Certificates, s);
     }

     @NotNull
     public X509Certificate[] getAcceptedIssuers() {
       return new X509Certificate[0];
     }
   }

   private static class MyTrustEverybodyManager implements X509TrustManager {
     public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
     }

     public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
     }

     @NotNull
     public X509Certificate[] getAcceptedIssuers() {
       return new X509Certificate[0];
     }
   }

   private static class MyKeyManager extends X509ExtendedKeyManager {
     private final String myAlias = UUID.randomUUID().toString();
     private final X509Certificate[] myCertificates;
     private final PrivateKey myPrivateKey;

     private MyKeyManager(@NotNull String certPath, @NotNull String keyPath) throws Exception {
       myCertificates = new X509Certificate[]{readCertificate(certPath)};
       myPrivateKey = readPrivateKey(keyPath);
     }

     public String[] getClientAliases(String s, Principal[] principals) {
       return new String[]{};
     }

     public String chooseClientAlias(String[] strings, Principal[] principals, Socket socket) {
       return myAlias;
     }

     public String[] getServerAliases(String s, Principal[] principals) {
       return new String[]{};
     }

     public String chooseServerAlias(String s, Principal[] principals, Socket socket) {
       return null;
     }

     public X509Certificate[] getCertificateChain(String s) {
       return myCertificates;
     }

     public PrivateKey getPrivateKey(String s) {
       return myPrivateKey;
     }
   }
 }
	/*
	* Copyright 2000-2014 JetBrains s.r.o.
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package com.intellij.execution.rmi.ssl;

	import com.intellij.openapi.util.text.StringUtilRt;
	import org.jetbrains.annotations.NotNull;

	import javax.net.ssl.*;
	import java.io.FileInputStream;
	import java.io.IOException;
	import java.io.InputStream;
	import java.net.InetAddress;
	import java.net.Socket;
	import java.security.*;
	import java.security.cert.CertificateException;
	import java.security.cert.CertificateFactory;
	import java.security.cert.X509Certificate;
	import java.util.UUID;

	public class SslSocketFactory extends SSLSocketFactory {
	public static final String SSL_CA_CERT_PATH = "sslCaCertPath";
	public static final String SSL_CLIENT_CERT_PATH = "sslClientCertPath";
	public static final String SSL_CLIENT_KEY_PATH = "sslClientKeyPath";
	public static final String SSL_TRUST_EVERYBODY = "sslTrustEverybody";
	private SSLSocketFactory myFactory;

	public SslSocketFactory() throws GeneralSecurityException, IOException {
	super();
	SSLContext ctx = SSLContext.getInstance("TLS");
	TrustManager[] tms;
	KeyManager[] kms;
	try {
	String caCertPath = System.getProperty(SSL_CA_CERT_PATH);
	String clientCertPath = System.getProperty(SSL_CLIENT_CERT_PATH);
	String clientKeyPath = System.getProperty(SSL_CLIENT_KEY_PATH);
	boolean trustEverybody = StringUtilRt.parseBoolean(System.getProperty(SSL_TRUST_EVERYBODY), false);

	tms = trustEverybody ? new TrustManager[]{new MyTrustEverybodyManager()} :
	caCertPath == null ? new TrustManager[]{} : new TrustManager[]{new MyTrustManager(caCertPath)};
	kms = clientCertPath != null && clientKeyPath != null
	? new KeyManager[]{new MyKeyManager(clientCertPath, clientKeyPath)}
	: new KeyManager[]{};
	}
	catch (Exception e) {
	throw new RuntimeException(e);
	}

	ctx.init(kms, tms, null);
	myFactory = ctx.getSocketFactory();
	}

	@NotNull
	public Socket createSocket(InetAddress host, int port) throws IOException {
	return myFactory.createSocket(host, port);
	}

	@NotNull
	public Socket createSocket(String host, int port) throws IOException {
	return myFactory.createSocket(host, port);
	}

	@NotNull
	public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException {
	return myFactory.createSocket(host, port, localHost, localPort);
	}

	@NotNull
	public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {
	return myFactory.createSocket(address, port, localAddress, localPort);
	}

	public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException {
	return myFactory.createSocket(socket, host, port, autoClose);
	}

	@NotNull
	public String[] getDefaultCipherSuites() {
	return myFactory.getDefaultCipherSuites();
	}

	@NotNull
	public String[] getSupportedCipherSuites() {
	return myFactory.getSupportedCipherSuites();
	}

	@NotNull
	public static X509Certificate readCertificate(@NotNull String filePath) throws CertificateException, IOException {
	CertificateFactory factory = CertificateFactory.getInstance("X.509");
	InputStream inStream = new FileInputStream(filePath);
	X509Certificate ca = (X509Certificate)factory.generateCertificate(inStream);
	inStream.close();
	return ca;
	}

	@NotNull
	public static PrivateKey readPrivateKey(@NotNull String filePath) throws IOException {
	return new PrivateKeyReader(filePath).getPrivateKey();
	}

	private static class MyTrustManager implements X509TrustManager {
	@NotNull private final String myCaCertPath;
	private X509TrustManager trustManager;

	private MyTrustManager(@NotNull String caCertPath) throws Exception {
	myCaCertPath = caCertPath;
	KeyStore ks = createStore();
	TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
	tmf.init(ks);
	for (TrustManager tm : tmf.getTrustManagers()) {
	if (tm instanceof X509TrustManager) {
	trustManager = (X509TrustManager)tm;
	break;
	}
	}
	if (trustManager == null) {
	throw new RuntimeException("No X509TrustManager found");
	}
	}

	@NotNull
	public KeyStore createStore() throws CertificateException, IOException, KeyStoreException, NoSuchAlgorithmException {
	KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
	ks.load(null);
	X509Certificate caCert = readCertificate(myCaCertPath);
	ks.setCertificateEntry(UUID.randomUUID().toString(), caCert);
	return ks;
	}

	public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
	}

	public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
	if (trustManager == null) throw new RuntimeException("No X509TrustManager found");
	trustManager.checkServerTrusted(x509Certificates, s);
	}

	@NotNull
	public X509Certificate[] getAcceptedIssuers() {
	return new X509Certificate[0];
	}
	}

	private static class MyTrustEverybodyManager implements X509TrustManager {
	public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
	}

	public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
	}

	@NotNull
	public X509Certificate[] getAcceptedIssuers() {
	return new X509Certificate[0];
	}
	}

	private static class MyKeyManager extends X509ExtendedKeyManager {
	private final String myAlias = UUID.randomUUID().toString();
	private final X509Certificate[] myCertificates;
	private final PrivateKey myPrivateKey;

	private MyKeyManager(@NotNull String certPath, @NotNull String keyPath) throws Exception {
	myCertificates = new X509Certificate[]{readCertificate(certPath)};
	myPrivateKey = readPrivateKey(keyPath);
	}

	public String[] getClientAliases(String s, Principal[] principals) {
	return new String[]{};
	}

	public String chooseClientAlias(String[] strings, Principal[] principals, Socket socket) {
	return myAlias;
	}

	public String[] getServerAliases(String s, Principal[] principals) {
	return new String[]{};
	}

	public String chooseServerAlias(String s, Principal[] principals, Socket socket) {
	return null;
	}

	public X509Certificate[] getCertificateChain(String s) {
	return myCertificates;
	}

	public PrivateKey getPrivateKey(String s) {
	return myPrivateKey;
	}
	}
	}