Examples of org.jboss.remoting.security.SSLSocketBuilder

• org.jboss.remoting.security.SSLSocketBuilder
  A class that contains code that remoting factories need to build customized server and client SSL sockets. @author John Mazzitelli @author Tom Elrod @version $Revision: 5691 $

      if (serverSocketFactory == null && needsCustomSSLConfiguration(configuration))
      {
         try
         {
            SSLSocketBuilder socketBuilder = new SSLSocketBuilder(configuration);
            socketBuilder.setUseSSLServerSocketFactory(false);
            serverSocketFactory = socketBuilder.createSSLServerSocketFactory();
         }
         catch (IOException e)
         {
            throw new RuntimeException("Unable to create customized SSL socket factory", e);
         }

      if (serverSocketFactory == null && needsCustomSSLConfiguration(configuration))
      {
         try
         {
            SSLSocketBuilder socketBuilder = new SSLSocketBuilder(configuration);
            socketBuilder.setUseSSLServerSocketFactory(false);
            serverSocketFactory = socketBuilder.createSSLServerSocketFactory();
         }
         catch (IOException e)
         {
            throw new RuntimeException("Unable to create customized SSL socket factory", e);
         }

      if (serverSocketFactory == null && needsCustomSSLConfiguration(configuration))
      {
         try
         {
            SSLSocketBuilder socketBuilder = new SSLSocketBuilder(configuration);
            socketBuilder.setUseSSLServerSocketFactory(false);
            serverSocketFactory = socketBuilder.createSSLServerSocketFactory();
         }
         catch (IOException e)
         {
            throw new RuntimeException("Unable to create customized SSL socket factory", e);
         }

            config.put(SSLSocketBuilder.REMOTING_SERVER_AUTH_MODE,
                Boolean.toString(m_configuration.isClientSenderSecurityServerAuthMode()));
            config.put(SSLSocketBuilder.REMOTING_SOCKET_USE_CLIENT_MODE, "true");

            // since we do not know the server's client-auth mode, assume we need a keystore and let's make sure we have one
            SSLSocketBuilder dummy_sslbuilder = new SSLSocketBuilder(); // just so we can test finding our keystore
            try {
                // this allows the configured keystore file to be a URL, file path or a resource relative to our classloader
                dummy_sslbuilder.setKeyStoreURL(m_configuration.getClientSenderSecurityKeystoreFile());
            } catch (Exception e) {
                // this probably is due to the fact that the keystore doesn't exist yet - let's prepare one now
                SecurityUtil.createKeyStore(m_configuration.getClientSenderSecurityKeystoreFile(),
                    m_configuration.getClientSenderSecurityKeystoreAlias(), "CN=RHQ, OU=RedHat, O=redhat.com, C=US",
                    m_configuration.getClientSenderSecurityKeystorePassword(),
                    m_configuration.getClientSenderSecurityKeystoreKeyPassword(), "DSA", 36500);

                // now try to set it again, if an exception is still thrown, it's an unrecoverable error
                dummy_sslbuilder.setKeyStoreURL(m_configuration.getClientSenderSecurityKeystoreFile());
            }

            // in case the transport floats over https - we want to make sure a hostname verifier is installed and allows all hosts
            config.put(HTTPSClientInvoker.IGNORE_HTTPS_HOST, "true");
        }

     *
     * @throws Exception if failed to initialize all the services
     */
    private void initializeSecurityServices() throws Exception {
        // we need a socket builder - this is the thing that allows us to provide custom keystore information
        SSLSocketBuilder socket_builder = new SSLSocketBuilder();
        socket_builder.setUseSSLServerSocketFactory(false);
        socket_builder.setSecureSocketProtocol(m_configuration.getConnectorSecuritySocketProtocol());
        socket_builder.setKeyStoreAlgorithm(m_configuration.getConnectorSecurityKeystoreAlgorithm());
        socket_builder.setKeyStoreType(m_configuration.getConnectorSecurityKeystoreType());
        socket_builder.setKeyStorePassword(m_configuration.getConnectorSecurityKeystorePassword());
        socket_builder.setKeyPassword(m_configuration.getConnectorSecurityKeystoreKeyPassword());
        socket_builder.setTrustStoreAlgorithm(m_configuration.getConnectorSecurityTruststoreAlgorithm());
        socket_builder.setTrustStoreType(m_configuration.getConnectorSecurityTruststoreType());
        socket_builder.setTrustStorePassword(m_configuration.getConnectorSecurityTruststorePassword());
        socket_builder.setClientAuthMode(m_configuration.getConnectorSecurityClientAuthMode());
        socket_builder.setServerSocketUseClientMode(false);

        try {
            // this allows the configured keystore file to be a URL, file path or a resource relative to our classloader
            socket_builder.setKeyStoreURL(m_configuration.getConnectorSecurityKeystoreFile());
        } catch (Exception e) {
            // this probably is due to the fact that the keystore doesn't exist yet - let's prepare one now
            createKeyStore();

            // now try to set it again, if an exception is still thrown, it's an unrecoverable error
            socket_builder.setKeyStoreURL(m_configuration.getConnectorSecurityKeystoreFile());
        }

        try {
            // this allows the configured keystore file to be a URL, file path or a resource relative to our classloader
            socket_builder.setTrustStoreURL(m_configuration.getConnectorSecurityTruststoreFile());
        } catch (Exception e) {
            // this may or may not be a bad thing - let's just log a message but keep going
            if (!m_configuration.getConnectorSecurityClientAuthMode().equals(SSLSocketBuilder.CLIENT_AUTH_MODE_NONE)) {
                LOG.debug(CommI18NResourceKeys.SERVICE_CONTAINER_TRUSTSTORE_FAILURE);
            }

            setConfigProp(config, SSLSocketBuilder.REMOTING_KEY_ALIAS, "self");
            setConfigProp(config, SSLSocketBuilder.REMOTING_SERVER_AUTH_MODE, "false");
            config.put(SSLSocketBuilder.REMOTING_SOCKET_USE_CLIENT_MODE, "true");

            // since we do not know the server's client-auth mode, assume we need a keystore and let's make sure we have one
            SSLSocketBuilder dummy_sslbuilder = new SSLSocketBuilder(); // just so we can test finding our keystore
            try {
                // this allows the configured keystore file to be a URL, file path or a resource relative to our classloader
                dummy_sslbuilder.setKeyStoreURL(config.get(SSLSocketBuilder.REMOTING_KEY_STORE_FILE_PATH));
            } catch (Exception e) {
                // this probably is due to the fact that the keystore doesn't exist yet - let's prepare one now
                SecurityUtil.createKeyStore(config.get(SSLSocketBuilder.REMOTING_KEY_STORE_FILE_PATH),
                    config.get(SSLSocketBuilder.REMOTING_KEY_ALIAS), "CN=RHQ, OU=RedHat, O=redhat.com, C=US",
                    config.get(SSLSocketBuilder.REMOTING_KEY_STORE_PASSWORD),
                    config.get(SSLSocketBuilder.REMOTING_KEY_PASSWORD), "DSA", 36500);

                // now try to set it again, if an exception is still thrown, it's an unrecoverable error
                dummy_sslbuilder.setKeyStoreURL(config.get(SSLSocketBuilder.REMOTING_KEY_STORE_FILE_PATH));
            }

            // in case the transport floats over https - we want to make sure a hostname verifier is installed and allows all hosts
            config.put(HTTPSClientInvoker.IGNORE_HTTPS_HOST, "true");
        }

       * will use the default within tomcat (and not override with own default).
       */

      if ("https".equals(locator.getProtocol()))
      {
         SSLSocketBuilder builder = new SSLSocketBuilder(configuration);
         builder.setUseSSLServerSocketFactory(false);
         try
         {
            return builder.createSSLServerSocketFactory();
         }
         catch (IOException e)
         {
            log.error("unable to create server socket factory", e);
            throw e;

       * will use the default within tomcat (and not override with own default).
       */

      if ("https".equals(locator.getProtocol()))
      {
         SSLSocketBuilder builder = new SSLSocketBuilder(configuration);
         builder.setUseSSLServerSocketFactory(false);
         try
         {
            return builder.createSSLServerSocketFactory();
         }
         catch (IOException e)
         {
            log.debug("unable to create server socket factory", e);
            throw e;

      if (serverSocketFactory == null && needsCustomSSLConfiguration(configuration))
      {
         try
         {
            SSLSocketBuilder socketBuilder = new SSLSocketBuilder(configuration);
            socketBuilder.setUseSSLServerSocketFactory(false);
            serverSocketFactory = socketBuilder.createSSLServerSocketFactory();
         }
         catch (IOException e)
         {
            throw new RuntimeException("Unable to create customized SSL socket factory", e);
         }

      if (serverSocketFactory == null && needsCustomSSLConfiguration(configuration))
      {
         try
         {
            SSLSocketBuilder socketBuilder = new SSLSocketBuilder(configuration);
            socketBuilder.setUseSSLServerSocketFactory(false);
            serverSocketFactory = socketBuilder.createSSLServerSocketFactory();
         }
         catch (IOException e)
         {
            throw new RuntimeException("Unable to create customized SSL socket factory", e);
         }