SSLFactory

/**
 * @Author: bcoffman@paypal.com
 * A Secure Socket Layer Factory.
 */

package com.paypal.api.client;
import java.lang.*;
import java.net.*;
import javax.net.*;
import java.io.*;
import java.util.*;
import java.security.*;
import javax.net.ssl.*;

 

/**
 * Default TrustManager checks that a cert is signed by a well known
 * certificate authority, like Verisign or Thawte.
 */
class RelaxedX509TrustManager implements X509TrustManager {
    public boolean checkClientTrusted(java.security.cert.X509Certificate[] chain){ return true; }
    public boolean isServerTrusted(java.security.cert.X509Certificate[] chain){ return true; }
    public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; }
    public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) {}
    public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) {}
}

/**
 * The SSL factory pattern (as in design patterns) that produces an SSL channel.
 * We specify a cert, and the passwor, as well as the format of the cert.  The
 * supported types are PCKS12, and JKS.  You must specify
 */
public class SSLFactory extends org.apache.axis.components.net.JSSESocketFactory {
    public SSLFactory(Hashtable attributes) {
 super(attributes);
    }

    protected void initFactory() throws IOException {
 sslFactory = get_SSLFactory();
    }

    protected SSLSocketFactory get_SSLFactory() throws IOException {
 String cert_password = "";
 String cert_format = "";
 String cert_file = "";
 try {
     SimpleConfigFile cfg = new SimpleConfigFile();  // Uses previously instantiated file.
     cert_file    = cfg.val("cert_file");
     cert_password= cfg.val("cert_password");
     cert_format  = cfg.val("cert_format");
            if (cert_format==null) {
                cert_format="PKCS12"; // Default value.
            }
            if (cert_file==null || cert_password==null) {
                throw new IOException("missing cert info");
            }
 }
 catch (Exception e) {
     System.err.println("com.paypal.api.client.SSLFactory: Problems with keystore configuration");
     throw new IOException("Problems with keystore configuration");
 }
 char[] keypass   = cert_password.toCharArray();
 char[] storepass = cert_password.toCharArray();
 try {
     //InputFileStream ifs = getClass().getResourceAsStream(cert_file);
     File file = new File(cert_file);
     if(!file.canRead()) {
  System.err.println("com.paypal.api.client.SSLFactory: Can't find/read cert file: /"" +cert_file+"/".");
  throw new IOException("com.paypal.api.client.SSLFactory: Can't find/read cert file: /"" +cert_file+"/".");
     }
     FileInputStream fin = new FileInputStream(file);
     SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
     random.setSeed(System.currentTimeMillis());
     KeyStore ks = null;
     if (cert_format.toUpperCase() == "JKS") {
         ks = KeyStore.getInstance(cert_format);
     } else {
         ks = KeyStore.getInstance(cert_format, "SunJSSE"); // PKCS12
     }
     KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
     TrustManager[] tm = {new RelaxedX509TrustManager()}; // customized, see above
            try {
         ks.load(fin, storepass);
            } catch (Exception e) {
                System.out.println("com.paypal.api.client.SSLFactory: Bad cert_password");
                throw new IOException("com.paypal.api.client.SSLFactory: Bad cert_password");
            }
     kmf.init(ks, keypass);
     SSLContext ctx = SSLContext.getInstance("SSL"); //TLS, SSLv3, SSL
     ctx.init(kmf.getKeyManagers(), tm, random);
     return ctx.getSocketFactory();
 }
 catch (Exception e) {
     throw new IOException("com.paypal.api.client.SSLFactory: Cannot create SSL factory.");
 }
    }
}