HttpTimestamper.java 6.3 KB
Newer Older
D
duke 已提交
1
/*
2
 * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
D
duke 已提交
3 4 5 6
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.  Oracle designates this
D
duke 已提交
8
 * particular file as subject to the "Classpath" exception as provided
9
 * by Oracle in the LICENSE file that accompanied this code.
D
duke 已提交
10 11 12 13 14 15 16 17 18 19 20
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
21 22 23
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
D
duke 已提交
24 25 26 27 28 29 30
 */

package sun.security.timestamp;

import java.io.BufferedInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
31
import java.net.URI;
D
duke 已提交
32 33
import java.net.URL;
import java.net.HttpURLConnection;
34
import java.util.*;
D
duke 已提交
35

36
import sun.misc.IOUtils;
37
import sun.security.util.Debug;
D
duke 已提交
38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60

/**
 * A timestamper that communicates with a Timestamping Authority (TSA)
 * over HTTP.
 * It supports the Time-Stamp Protocol defined in:
 * <a href="http://www.ietf.org/rfc/rfc3161.txt">RFC 3161</a>.
 *
 * @since 1.5
 * @author Vincent Ryan
 */

public class HttpTimestamper implements Timestamper {

    private static final int CONNECT_TIMEOUT = 15000; // 15 seconds

    // The MIME type for a timestamp query
    private static final String TS_QUERY_MIME_TYPE =
        "application/timestamp-query";

    // The MIME type for a timestamp reply
    private static final String TS_REPLY_MIME_TYPE =
        "application/timestamp-reply";

61
    private static final Debug debug = Debug.getInstance("ts");
D
duke 已提交
62 63

    /*
64
     * HTTP URI identifying the location of the TSA
D
duke 已提交
65
     */
66
    private URI tsaURI = null;
D
duke 已提交
67 68 69 70

    /**
     * Creates a timestamper that connects to the specified TSA.
     *
71 72
     * @param tsa The location of the TSA. It must be an HTTP or HTTPS URI.
     * @throws IllegalArgumentException if tsaURI is not an HTTP or HTTPS URI
D
duke 已提交
73
     */
74
    public HttpTimestamper(URI tsaURI) {
75 76 77 78 79
        if (!tsaURI.getScheme().equalsIgnoreCase("http") &&
                !tsaURI.getScheme().equalsIgnoreCase("https")) {
            throw new IllegalArgumentException(
                    "TSA must be an HTTP or HTTPS URI");
        }
80
        this.tsaURI = tsaURI;
D
duke 已提交
81 82 83 84 85 86 87 88 89 90 91 92 93
    }

    /**
     * Connects to the TSA and requests a timestamp.
     *
     * @param tsQuery The timestamp query.
     * @return The result of the timestamp query.
     * @throws IOException The exception is thrown if a problem occurs while
     *         communicating with the TSA.
     */
    public TSResponse generateTimestamp(TSRequest tsQuery) throws IOException {

        HttpURLConnection connection =
94
            (HttpURLConnection) tsaURI.toURL().openConnection();
D
duke 已提交
95 96 97 98 99 100 101
        connection.setDoOutput(true);
        connection.setUseCaches(false); // ignore cache
        connection.setRequestProperty("Content-Type", TS_QUERY_MIME_TYPE);
        connection.setRequestMethod("POST");
        // Avoids the "hang" when a proxy is required but none has been set.
        connection.setConnectTimeout(CONNECT_TIMEOUT);

102
        if (debug != null) {
103
            Set<Map.Entry<String, List<String>>> headers =
104 105
                connection.getRequestProperties().entrySet();
            debug.println(connection.getRequestMethod() + " " + tsaURI +
D
duke 已提交
106
                " HTTP/1.1");
107 108
            for (Map.Entry<String, List<String>> e : headers) {
                debug.println("  " + e);
D
duke 已提交
109
            }
110
            debug.println();
D
duke 已提交
111 112 113 114 115 116 117 118 119 120
        }
        connection.connect(); // No HTTP authentication is performed

        // Send the request
        DataOutputStream output = null;
        try {
            output = new DataOutputStream(connection.getOutputStream());
            byte[] request = tsQuery.encode();
            output.write(request, 0, request.length);
            output.flush();
121 122
            if (debug != null) {
                debug.println("sent timestamp query (length=" +
D
duke 已提交
123 124 125 126 127 128 129 130 131 132 133 134 135
                        request.length + ")");
            }
        } finally {
            if (output != null) {
                output.close();
            }
        }

        // Receive the reply
        BufferedInputStream input = null;
        byte[] replyBuffer = null;
        try {
            input = new BufferedInputStream(connection.getInputStream());
136
            if (debug != null) {
D
duke 已提交
137
                String header = connection.getHeaderField(0);
138
                debug.println(header);
D
duke 已提交
139 140 141
                int i = 1;
                while ((header = connection.getHeaderField(i)) != null) {
                    String key = connection.getHeaderFieldKey(i);
142
                    debug.println("  " + ((key==null) ? "" : key + ": ") +
D
duke 已提交
143 144 145
                        header);
                    i++;
                }
146
                debug.println();
D
duke 已提交
147
            }
148 149
            verifyMimeType(connection.getContentType());

D
duke 已提交
150
            int contentLength = connection.getContentLength();
151
            replyBuffer = IOUtils.readFully(input, contentLength, false);
152

153 154
            if (debug != null) {
                debug.println("received timestamp response (length=" +
155
                        replyBuffer.length + ")");
D
duke 已提交
156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177
            }
        } finally {
            if (input != null) {
                input.close();
            }
        }
        return new TSResponse(replyBuffer);
    }

    /*
     * Checks that the MIME content type is a timestamp reply.
     *
     * @param contentType The MIME content type to be checked.
     * @throws IOException The exception is thrown if a mismatch occurs.
     */
    private static void verifyMimeType(String contentType) throws IOException {
        if (! TS_REPLY_MIME_TYPE.equalsIgnoreCase(contentType)) {
            throw new IOException("MIME Content-Type is not " +
                TS_REPLY_MIME_TYPE);
        }
    }
}