Skip to content
Browse files

- The engine has been moved from "com.noelios.restlet" to

   the "org.restlet.engine" package, simplifying the packaging.
 - All engine extensions have been moved to "org.restlet.ext"
   packages.
 - The com.noelios.restlet.ext.spring extension has been merged
   with org.restlet.ext.spring.
  • Loading branch information...
1 parent 6fb9daa commit 70fb14f8ffc3b85a6d0863d920578c3fc2b9b576 Jérôme Louvel committed Nov 19, 2008
View
7 modules/org.restlet.ext.ssl/.classpath
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5"/>
+ <classpathentry kind="con" path="org.eclipse.pde.core.requiredPlugins"/>
+ <classpathentry kind="src" path="src"/>
+ <classpathentry kind="output" path="bin"/>
+</classpath>
View
28 modules/org.restlet.ext.ssl/.project
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+ <name>org.restlet.ext.ssl</name>
+ <comment></comment>
+ <projects>
+ </projects>
+ <buildSpec>
+ <buildCommand>
+ <name>org.eclipse.jdt.core.javabuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ <buildCommand>
+ <name>org.eclipse.pde.ManifestBuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ <buildCommand>
+ <name>org.eclipse.pde.SchemaBuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ </buildSpec>
+ <natures>
+ <nature>org.eclipse.pde.PluginNature</nature>
+ <nature>org.eclipse.jdt.core.javanature</nature>
+ </natures>
+</projectDescription>
View
21 modules/org.restlet.ext.ssl/META-INF/MANIFEST.MF
@@ -0,0 +1,21 @@
+Manifest-Version: 1.0
+Bundle-ManifestVersion: 2
+Bundle-Name: Noelios Restlet Engine - Extension - Java ssl utils
+Bundle-SymbolicName: org.restlet.ext.ssl
+Bundle-Version: 1.1
+Bundle-Vendor: Noelios Technologies
+Export-Package: org.restlet.ext.ssl;uses:="org.restlet.engine.util,jsslutils.sslcontext,jsslutils.sslcontext.trustmanagers"
+Import-Package: org.jsslutils.keystores,
+ org.jsslutils.sslcontext,
+ org.jsslutils.sslcontext.keymanagers,
+ org.jsslutils.sslcontext.trustmanagers,
+ org.restlet,
+ org.restlet.data,
+ org.restlet.engine,
+ org.restlet.engine.util,
+ org.restlet.resource,
+ org.restlet.service,
+ org.restlet.util
+ionEnvironment: J2SE-1.5
+Bundle-RequiredExecutionEnvironment: J2SE-1.5,
+ J2SE-1.5
View
4 modules/org.restlet.ext.ssl/build.properties
@@ -0,0 +1,4 @@
+source.. = src/
+output.. = bin/
+bin.includes = META-INF/,\
+ .
View
3 modules/org.restlet.ext.ssl/src/META-INF/MANIFEST.MF
@@ -0,0 +1,3 @@
+Manifest-Version: 1.0
+Class-Path:
+
View
86 modules/org.restlet.ext.ssl/src/org/restlet/ext/ssl/JsslutilsSslContextFactory.java
@@ -0,0 +1,86 @@
+/**
+ * Copyright 2005-2008 Noelios Technologies.
+ *
+ * The contents of this file are subject to the terms of the following open
+ * source licenses: LGPL 3.0 or LGPL 2.1 or CDDL 1.0 (the "Licenses"). You can
+ * select the license that you prefer but you may not use this file except in
+ * compliance with one of these Licenses.
+ *
+ * You can obtain a copy of the LGPL 3.0 license at
+ * http://www.gnu.org/licenses/lgpl-3.0.html
+ *
+ * You can obtain a copy of the LGPL 2.1 license at
+ * http://www.gnu.org/licenses/lgpl-2.1.html
+ *
+ * You can obtain a copy of the CDDL 1.0 license at
+ * http://www.sun.com/cddl/cddl.html
+ *
+ * See the Licenses for the specific language governing permissions and
+ * limitations under the Licenses.
+ *
+ * Alternatively, you can obtain a royaltee free commercial license with less
+ * limitations, transferable or non-transferable, directly at
+ * http://www.noelios.com/products/restlet-engine
+ *
+ * Restlet is a registered trademark of Noelios Technologies.
+ */
+package org.restlet.ext.ssl;
+
+import javax.net.ssl.SSLContext;
+
+import org.jsslutils.sslcontext.SSLContextFactory;
+
+import org.restlet.data.Parameter;
+import org.restlet.engine.util.SslContextFactory;
+import org.restlet.util.Series;
+
+
+/**
+ * This SslContextFactory is a wrapper for the SSLContextFactory of <a
+ * href="http://code.google.com/p/jsslutils/">jSSLutils</a>.
+ *
+ * @author Bruno Harbulot (Bruno.Harbulot@manchester.ac.uk)
+ */
+public class JsslutilsSslContextFactory extends SslContextFactory {
+ /**
+ * The wrapped SSLContextFactory.
+ */
+ private final SSLContextFactory sslContextFactory;
+
+ /**
+ * Builds JsslutilsSslContextFactory that wraps an instance of
+ * jsslutils.sslcontext.SSLContextFactory.
+ *
+ * @param sslContextFactory
+ * SSLContextFactory (from jSSLutils) to wrap.
+ */
+ public JsslutilsSslContextFactory(SSLContextFactory sslContextFactory) {
+ this.sslContextFactory = sslContextFactory;
+ }
+
+ /**
+ * Creates a configured and initialised SSLContext by delegating the call to
+ * the SSLContextFactory with which the target instance was built. Please
+ * set the SSLContext protocol in that factory; it is 'SSLv3' in version 0.3
+ * of jSSLutils.
+ *
+ * @see SSLContextFactory#buildSSLContext()
+ */
+ @Override
+ public SSLContext createSslContext() throws Exception {
+ return this.sslContextFactory.buildSSLContext();
+ }
+
+ /**
+ * Returns the wrapped SSLContextFactory with which this instance was built.
+ *
+ * @return the wrapped SSLContextFactory.
+ */
+ public SSLContextFactory getSslContextFactory() {
+ return this.sslContextFactory;
+ }
+
+ @Override
+ public void init(Series<Parameter> parameters) {
+ }
+}
View
277 modules/org.restlet.ext.ssl/src/org/restlet/ext/ssl/PkixSslContextFactory.java
@@ -0,0 +1,277 @@
+/*
+ * Copyright 2005-2008 Noelios Technologies.
+ *
+ * The contents of this file are subject to the terms of the following open
+ * source licenses: LGPL 3.0 or LGPL 2.1 or CDDL 1.0 (the "Licenses"). You can
+ * select the license that you prefer but you may not use this file except in
+ * compliance with one of these Licenses.
+ *
+ * You can obtain a copy of the LGPL 3.0 license at
+ * http://www.gnu.org/licenses/lgpl-3.0.html
+ *
+ * You can obtain a copy of the LGPL 2.1 license at
+ * http://www.gnu.org/licenses/lgpl-2.1.html
+ *
+ * You can obtain a copy of the CDDL 1.0 license at
+ * http://www.sun.com/cddl/cddl.html
+ *
+ * See the Licenses for the specific language governing permissions and
+ * limitations under the Licenses.
+ *
+ * Alternatively, you can obtain a royaltee free commercial license with less
+ * limitations, transferable or non-transferable, directly at
+ * http://www.noelios.com/products/restlet-engine
+ *
+ * Restlet is a registered trademark of Noelios Technologies.
+ */
+
+package org.restlet.ext.ssl;
+
+import java.io.IOException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.cert.CertificateException;
+
+import javax.net.ssl.SSLContext;
+
+import org.jsslutils.keystores.KeyStoreLoader;
+import org.jsslutils.sslcontext.PKIXSSLContextFactory;
+import org.jsslutils.sslcontext.SSLContextFactory.SSLContextFactoryException;
+import org.jsslutils.sslcontext.X509SSLContextFactory.LockedSettingsException;
+import org.jsslutils.sslcontext.keymanagers.FixedServerAliasKeyManager;
+
+import org.restlet.data.Parameter;
+import org.restlet.engine.util.DefaultSslContextFactory;
+import org.restlet.engine.util.SslContextFactory;
+import org.restlet.util.Series;
+
+
+/**
+ * This SslContextFactory uses PKIXSSLContextFactory from <a
+ * href="http://code.google.com/p/jsslutils/">jSSLutils</a> and can be
+ * configured via parameters.
+ *
+ * @author Bruno Harbulot (Bruno.Harbulot@manchester.ac.uk)
+ */
+public class PkixSslContextFactory extends SslContextFactory {
+ private String sslProtocol = "TLS";
+
+ private PKIXSSLContextFactory sslContextFactory;
+
+ /**
+ * Creates a configured and initialised SSLContext by delegating the call to
+ * the PKIXSSLContextFactory with has been initialised using 'init'.
+ *
+ * @see PKIXSSLContextFactory#buildSSLContext()
+ */
+ @Override
+ public SSLContext createSslContext() throws Exception {
+ synchronized (this) {
+ return this.sslContextFactory.buildSSLContext(this.sslProtocol);
+ }
+ }
+
+ /**
+ * Sets the following options according to parameters that may have been set
+ * up directly in the HttpsServerHelper parameters.
+ * <table>
+ * <tr>
+ * <th>Parameter name</th>
+ * <th>Value type</th>
+ * <th>Default value</th>
+ * <th>Description</th>
+ * </tr>
+ * <tr>
+ * <td>keystorePath</td>
+ * <td>String</td>
+ * <td>javax.net.ssl.keyStore system property</td>
+ * <td>SSL keystore path.</td>
+ * </tr>
+ * <tr>
+ * <td>keystorePassword</td>
+ * <td>String</td>
+ * <td>javax.net.ssl.keyStorePassword system property</td>
+ * <td>SSL keystore password.</td>
+ * </tr>
+ * <tr>
+ * <td>keystoreType</td>
+ * <td>String</td>
+ * <td>javax.net.ssl.keyStoreType system property, otherwise default type</td>
+ * <td>SSL keystore type</td>
+ * </tr>
+ * <tr>
+ * <td>keystoreProvider</td>
+ * <td>String</td>
+ * <td>javax.net.ssl.keyStoreProvider system property, otherwise default
+ * provider</td>
+ * <td>SSL keystore provider</td>
+ * </tr>
+ * <tr>
+ * <td>keyPassword</td>
+ * <td>String</td>
+ * <td></td>
+ * <td>SSL key password.</td>
+ * </tr>
+ * <tr>
+ * <td>truststorePath</td>
+ * <td>String</td>
+ * <td>javax.net.ssl.trustStore system property</td>
+ * <td>SSL truststore path.</td>
+ * </tr>
+ * <tr>
+ * <td>truststorePassword</td>
+ * <td>String</td>
+ * <td>javax.net.ssl.trustStorePassword system property</td>
+ * <td>SSL truststore password.</td>
+ * </tr>
+ * <tr>
+ * <td>truststoreType</td>
+ * <td>String</td>
+ * <td>javax.net.ssl.trustStoreType system property, otherwise default type</td>
+ * <td>SSL truststore type</td>
+ * </tr>
+ * <tr>
+ * <td>truststoreProvider</td>
+ * <td>String</td>
+ * <td>javax.net.ssl.trustStoreProvider system property, otherwise default
+ * provider</td>
+ * <td>SSL truststore provider</td>
+ * </tr>
+ * <tr>
+ * <td>sslServerAlias</td>
+ * <td>String</td>
+ * <td></td>
+ * <td>alias to use on the server side</td>
+ * </tr>
+ * <tr>
+ * <td>sslProtocol</td>
+ * <td>String: TLS/SSLv3</td>
+ * <td>TLS</td>
+ * <td>SSL protocol</td>
+ * </tr>
+ * <tr>
+ * <td>disableCrl</td>
+ * <td>String (true/false)</td>
+ * <td>false</td>
+ * <td>Set to true if you want not to use the CRLs</td>
+ * </tr>
+ * <tr>
+ * <td>crlUrl</td>
+ * <td>String (URL)</td>
+ * <td></td>
+ * <td>URL of CRL to load (there can be multiple occurrences of this
+ * parameter).</td>
+ * </tr>
+ * </table>
+ *
+ * @param parameters
+ * Typically, the parameters that would have been obtained from
+ * HttpsServerHelper.getParameters()
+ *
+ */
+ @Override
+ public void init(Series<Parameter> parameters) {
+ KeyStoreLoader keyStoreLoader = KeyStoreLoader
+ .getKeyStoreDefaultLoader();
+ String keyStorePath = parameters.getFirstValue("keystorePath");
+ if (keyStorePath != null) {
+ keyStoreLoader.setKeyStorePath(keyStorePath);
+ }
+ String keyStorePassword = parameters.getFirstValue("keystorePassword");
+ if (keyStorePassword != null) {
+ keyStoreLoader.setKeyStorePassword(keyStorePassword);
+ }
+ String keyStoreType = parameters.getFirstValue("keystoreType");
+ if (keyStoreType != null) {
+ keyStoreLoader.setKeyStoreType(keyStoreType);
+ }
+ String keyStoreProvider = parameters.getFirstValue("keystoreProvider");
+ if (keyStoreProvider != null) {
+ keyStoreLoader.setKeyStoreProvider(keyStoreProvider);
+ }
+
+ KeyStoreLoader trustStoreLoader = KeyStoreLoader
+ .getKeyStoreDefaultLoader();
+ String trustStorePath = parameters.getFirstValue("truststorePath");
+ if (trustStorePath != null) {
+ trustStoreLoader.setKeyStorePath(trustStorePath);
+ }
+ String trustStorePassword = parameters
+ .getFirstValue("truststorePassword");
+ if (trustStorePassword != null) {
+ trustStoreLoader.setKeyStorePassword(trustStorePassword);
+ }
+ String trustStoreType = parameters.getFirstValue("truststoreType");
+ if (trustStoreType != null) {
+ trustStoreLoader.setKeyStoreType(trustStoreType);
+ }
+ String trustStoreProvider = parameters
+ .getFirstValue("truststoreProvider");
+ if (trustStoreProvider != null) {
+ trustStoreLoader.setKeyStoreProvider(trustStoreProvider);
+ }
+
+ String keyPassword = parameters.getFirstValue("keyPassword", "");
+
+ String sslProtocol = parameters.getFirstValue("sslProtocol");
+
+ String serverAlias = parameters.getFirstValue("sslServerAlias");
+
+ boolean disableRevocation = Boolean.parseBoolean(parameters
+ .getFirstValue("disableCrl"));
+
+ try {
+ KeyStore keyStore = keyStoreLoader.loadKeyStore();
+ KeyStore trustStore = trustStoreLoader.loadKeyStore();
+
+ PKIXSSLContextFactory sslContextFactory = new PKIXSSLContextFactory(
+ keyStore, keyPassword, trustStore, !disableRevocation);
+
+ if (serverAlias != null) {
+ sslContextFactory
+ .setKeyManagerWrapper(new FixedServerAliasKeyManager.Wrapper(
+ serverAlias));
+ }
+
+ String[] crlArray = parameters.getValuesArray("crlUrl");
+ if (crlArray != null) {
+ for (String crlUrl : crlArray) {
+ sslContextFactory.addCrl(crlUrl);
+ }
+ }
+
+ synchronized (this) {
+ this.sslContextFactory = sslContextFactory;
+ if (sslProtocol != null) {
+ this.sslProtocol = sslProtocol;
+ }
+ }
+ } catch (KeyStoreException e) {
+ throw new RuntimeException(e);
+ } catch (NoSuchProviderException e) {
+ throw new RuntimeException(e);
+ } catch (NoSuchAlgorithmException e) {
+ throw new RuntimeException(e);
+ } catch (CertificateException e) {
+ throw new RuntimeException(e);
+ } catch (IOException e) {
+ throw new RuntimeException(e);
+ } catch (SSLContextFactoryException e) {
+ throw new RuntimeException(e);
+ } catch (LockedSettingsException e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ /**
+ * This class is likely to contain sensitive information; cloning is
+ * therefore not allowed.
+ */
+ @Override
+ protected final DefaultSslContextFactory clone()
+ throws CloneNotSupportedException {
+ throw new CloneNotSupportedException();
+ }
+}
View
7 modules/org.restlet.ext.ssl/src/org/restlet/ext/ssl/package.html
@@ -0,0 +1,7 @@
+<HTML>
+<BODY>
+Support for SSL utilities and integration with jSSLutils library.
+@since 1.1
+@see <a href="http://code.google.com/p/jsslutils/">jSSLutils home</a>
+</BODY>
+</HTML>

0 comments on commit 70fb14f

Please sign in to comment.
Something went wrong with that request. Please try again.