Return-Path: Delivered-To: apmail-incubator-felix-commits-archive@www.apache.org Received: (qmail 47483 invoked from network); 24 Aug 2006 12:43:06 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 24 Aug 2006 12:43:06 -0000 Received: (qmail 2196 invoked by uid 500); 24 Aug 2006 12:43:06 -0000 Delivered-To: apmail-incubator-felix-commits-archive@incubator.apache.org Received: (qmail 2152 invoked by uid 500); 24 Aug 2006 12:43:06 -0000 Mailing-List: contact felix-commits-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: felix-dev@incubator.apache.org Delivered-To: mailing list felix-commits@incubator.apache.org Received: (qmail 2141 invoked by uid 99); 24 Aug 2006 12:43:06 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 24 Aug 2006 05:43:06 -0700 X-ASF-Spam-Status: No, hits=-9.4 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: local policy) Received: from [140.211.166.113] (HELO eris.apache.org) (140.211.166.113) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 24 Aug 2006 05:43:05 -0700 Received: by eris.apache.org (Postfix, from userid 65534) id 749C51A981A; Thu, 24 Aug 2006 05:42:45 -0700 (PDT) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r434387 - /incubator/felix/trunk/main/src/main/java/org/apache/felix/main/Main.java Date: Thu, 24 Aug 2006 12:42:45 -0000 To: felix-commits@incubator.apache.org From: pauls@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20060824124245.749C51A981A@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Author: pauls Date: Thu Aug 24 05:42:44 2006 New Revision: 434387 URL: http://svn.apache.org/viewvc?rev=434387&view=rev Log: Add the ability to specify keystores with trustedCaCerts to main and subsequently, pass it to the framework in order to enable digitally signed bundles (FELIX-22). Modified: incubator/felix/trunk/main/src/main/java/org/apache/felix/main/Main.java Modified: incubator/felix/trunk/main/src/main/java/org/apache/felix/main/Main.java URL: http://svn.apache.org/viewvc/incubator/felix/trunk/main/src/main/java/org/apache/felix/main/Main.java?rev=434387&r1=434386&r2=434387&view=diff ============================================================================== --- incubator/felix/trunk/main/src/main/java/org/apache/felix/main/Main.java (original) +++ incubator/felix/trunk/main/src/main/java/org/apache/felix/main/Main.java Thu Aug 24 05:42:44 2006 @@ -19,6 +19,7 @@ import java.io.*; import java.net.MalformedURLException; import java.net.URL; +import java.security.*; import java.util.*; import org.apache.felix.framework.Felix; @@ -58,6 +59,21 @@ **/ public static final String CONFIG_PROPERTIES_FILE_VALUE = "config.properties"; + public static final String KEYSTORE_FILE_PROP = "felix.keystore"; + + public static final String KEYSTORE_FILE_VALUE = System.getProperty("java.home") + + File.separatorChar + "lib" + File.separatorChar + "security" + + File.separatorChar + "cacerts" + File.pathSeparatorChar + System.getProperty("user.home") + + File.separatorChar + ".keystore"; + + public static final String KEYSTORE_TYPE_PROP = "felix.keystore.type"; + + public static final String KEYSTORE_TYPE_VALUE = "JKS" + File.pathSeparatorChar + "JKS"; + + public static final String KEYSTORE_PASS_PROP = "felix.keystore.pass"; + + public static final String KEYSTORE_PASS_VALUE = "changeit" + File.pathSeparatorChar + "changeit"; + private static Felix m_felix = null; /** @@ -189,7 +205,7 @@ m_felix = new Felix(); m_felix.start( new MutablePropertyResolverImpl(new StringMap(configProps, false)), - null); + null, (System.getSecurityManager() == null) ? null : new TrustManager(configProps)); } catch (Exception ex) { @@ -451,10 +467,10 @@ { cycleMap = new HashMap(); } - + // Put the current key in the cycle map. cycleMap.put(currentKey, currentKey); - + // Assume we have a value that is something like: // "leading ${foo.${bar}} middle ${baz} trailing" @@ -539,5 +555,120 @@ // Return the value. return val; + } + + private static class TrustManager extends AbstractCollection + { + private String[] m_keystores = null; + private String[] m_passwds = null; + private String[] m_types = null; + private ArrayList m_stores = null; + + TrustManager(Properties config) + { + StringTokenizer tok = new StringTokenizer(System.getProperty(KEYSTORE_FILE_PROP, + config.getProperty(KEYSTORE_FILE_PROP, KEYSTORE_FILE_VALUE)), File.pathSeparator); + + m_keystores = new String[tok.countTokens()]; + + for (int i = 0;tok.hasMoreTokens();i++) + { + m_keystores[i] = tok.nextToken(); + } + + tok = new StringTokenizer(System.getProperty(KEYSTORE_PASS_PROP, + config.getProperty(KEYSTORE_PASS_PROP, KEYSTORE_PASS_VALUE)), File.pathSeparator); + + m_passwds = new String[tok.countTokens()]; + + for (int i = 0;tok.hasMoreTokens();i++) + { + m_passwds[i] = tok.nextToken(); + } + + tok = new StringTokenizer(System.getProperty(KEYSTORE_TYPE_PROP, + config.getProperty(KEYSTORE_TYPE_PROP, KEYSTORE_TYPE_VALUE)), File.pathSeparator); + + m_types = new String[tok.countTokens()]; + + for (int i = 0;tok.hasMoreTokens();i++) + { + m_types[i] = tok.nextToken(); + } + } + + public synchronized Iterator iterator() + { + if (m_stores == null) + { + loadStores(); + } + + return m_stores.iterator(); + } + + public synchronized int size() + { + if (m_stores == null) + { + loadStores(); + } + + return m_stores.size(); + } + + private void loadStores() + { + m_stores = new ArrayList(); + + if ((m_keystores.length == m_passwds.length) && (m_passwds.length == m_types.length) + && (System.getSecurityManager() != null)) + { + AccessController.doPrivileged(new PrivilegedAction() + { + public Object run() + { + List certs = new ArrayList(); + + for (int i = 0;i < m_keystores.length;i++) + { + + try + { + KeyStore ks = KeyStore.getInstance(m_types[i]); + ks.load(new FileInputStream(m_keystores[i]), m_passwds[i].toCharArray()); + for (Enumeration enum = ks.aliases();enum.hasMoreElements();) + { + String alias = (String) enum.nextElement(); + if (ks.isCertificateEntry(alias)) + { + certs.add(ks.getCertificate(alias)); + } + } + } + catch (Exception ex) + { + certs.clear(); + ex.printStackTrace(System.err); + + System.err.println("WARNING: Error accessing keystore: " + m_keystores[i]); + } + + if (!certs.isEmpty()) + { + m_stores.addAll(certs); + certs.clear(); + } + } + + return null; + } + }); + } + if (m_stores.isEmpty()) + { + System.err.println("WARNING: No trusted CA certificates!"); + } + } } }