geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ammul...@apache.org
Subject svn commit: r389206 [1/2] - in /geronimo/trunk: applications/console-standard/src/java/org/apache/geronimo/console/keystores/ applications/console-standard/src/java/org/apache/geronimo/console/webmanager/ applications/console-standard/src/webapp/WEB-IN...
Date Mon, 27 Mar 2006 17:43:25 GMT
Author: ammulder
Date: Mon Mar 27 09:43:21 2006
New Revision: 389206

URL: http://svn.apache.org/viewcvs?rev=389206&view=rev
Log:
Use the new keystore manager to manage the default keystore distributed
  with Geronimo.
Update the Jetty HTTPS connector to be configured by the keystore manager
  instead of by hardcoding files, passwords, etc.
Update the console to allow unlocking a keystore and private key for use,
  and to make the create Jetty HTTPS connector configuration select from
  the available keystores (still need edit support)

Added:
    geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/EditKeystoreHandler.java   (with props)
    geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/LockEditKeystoreHandler.java   (with props)
    geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/LockKeystoreHandler.java   (with props)
    geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/UnlockKeyHandler.java   (with props)
    geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/view/keystore/unlockKey.jsp   (with props)
    geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/connector/GeronimoSSLListener.java   (with props)
Modified:
    geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/BaseKeystoreHandler.java
    geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/KeystoresPortlet.java
    geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/ListHandler.java
    geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/UnlockKeystoreHandler.java
    geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/webmanager/ConnectorPortlet.java
    geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/view/keystore/index.jsp
    geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/view/keystore/unlockKeystore.jsp
    geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/view/webmanager/connector/editHTTPS.jsp
    geronimo/trunk/assemblies/j2ee-installer/src/var/config/config.xml
    geronimo/trunk/assemblies/j2ee-jetty-server/src/var/config/config.xml
    geronimo/trunk/assemblies/j2ee-tomcat-server/src/var/config/config.xml
    geronimo/trunk/assemblies/minimal-tomcat-server/src/var/config/config.xml
    geronimo/trunk/assemblies/web-jms-tomcat-server/src/var/config/config.xml
    geronimo/trunk/configs/jetty/project.xml
    geronimo/trunk/configs/jetty/src/plan/plan.xml
    geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyManagerImpl.java
    geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettySecureConnector.java
    geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/connector/HTTPSConnector.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreInstance.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreManager.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/keystore/KeystoreInstance.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/keystore/KeystoreManager.java

Modified: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/BaseKeystoreHandler.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/BaseKeystoreHandler.java?rev=389206&r1=389205&r2=389206&view=diff
==============================================================================
--- geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/BaseKeystoreHandler.java (original)
+++ geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/BaseKeystoreHandler.java Mon Mar 27 09:43:21 2006
@@ -49,6 +49,7 @@
     protected static final String LIST_MODE = "list";
     protected static final String UNLOCK_KEYSTORE_FOR_EDITING = "unlockEdit";
     protected static final String UNLOCK_KEYSTORE_FOR_USAGE = "unlockKeystore";
+    protected static final String UNLOCK_KEY = "unlockKey";
     protected static final String LOCK_KEYSTORE_FOR_EDITING = "lockEdit";
     protected static final String LOCK_KEYSTORE_FOR_USAGE = "lockKeystore";
     protected static final String CREATE_KEYSTORE = "createKeystore";
@@ -87,6 +88,11 @@
 
         public void setPassword(char[] password) {
             this.password = password;
+            if(password == null) { // If locking, clear all saved data
+                certificates = null;
+                keys = null;
+                fingerprints = null;
+            }
         }
 
         public boolean isLocked() {

Added: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/EditKeystoreHandler.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/EditKeystoreHandler.java?rev=389206&view=auto
==============================================================================
--- geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/EditKeystoreHandler.java (added)
+++ geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/EditKeystoreHandler.java Mon Mar 27 09:43:21 2006
@@ -0,0 +1,67 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.console.keystores;
+
+import org.apache.geronimo.console.MultiPageModel;
+
+import javax.portlet.ActionRequest;
+import javax.portlet.ActionResponse;
+import javax.portlet.PortletException;
+import javax.portlet.RenderRequest;
+import javax.portlet.RenderResponse;
+import java.io.IOException;
+
+/**
+ * Handler for entering a password to allow editing of a keystore
+ *
+ * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $
+ */
+public class EditKeystoreHandler extends BaseKeystoreHandler {
+    public EditKeystoreHandler() {
+        super(UNLOCK_KEYSTORE_FOR_EDITING, "/WEB-INF/view/keystore/unlockKeystore.jsp");
+    }
+
+    public String actionBeforeView(ActionRequest request, ActionResponse response, MultiPageModel model) throws PortletException, IOException {
+        String keystore = request.getParameter("keystore");
+        if(keystore != null) {
+            response.setRenderParameter("keystore", keystore);
+        } // else we hope this is after a failure and the actionAfterView took care of it below!
+        return getMode();
+    }
+
+    public void renderView(RenderRequest request, RenderResponse response, MultiPageModel model) throws PortletException, IOException {
+        request.setAttribute("keystore", request.getParameter("keystore"));
+        request.setAttribute("mode", "unlockEdit");
+    }
+
+    public String actionAfterView(ActionRequest request, ActionResponse response, MultiPageModel model) throws PortletException, IOException {
+        String keystore = request.getParameter("keystore");
+        String password = request.getParameter("password");
+        if(keystore == null || keystore.equals("")) {
+            return getMode(); // todo: this is bad; if there's no ID, then the form on the page is just not valid!
+        } else if(password == null) {
+            response.setRenderParameter("keystore", keystore);
+            return getMode();
+        }
+        KeystoreData data = ((KeystoreData) request.getPortletSession(true).getAttribute(KEYSTORE_DATA_PREFIX + keystore));
+        char[] storePass = password.toCharArray();
+        data.setPassword(storePass);
+        data.setCertificates(data.getInstance().listTrustCertificates(storePass));
+        data.setKeys(data.getInstance().listPrivateKeys(storePass));
+        return LIST_MODE+BEFORE_ACTION;
+    }
+}

Propchange: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/EditKeystoreHandler.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/KeystoresPortlet.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/KeystoresPortlet.java?rev=389206&r1=389205&r2=389206&view=diff
==============================================================================
--- geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/KeystoresPortlet.java (original)
+++ geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/KeystoresPortlet.java Mon Mar 27 09:43:21 2006
@@ -32,6 +32,7 @@
     public void init(PortletConfig config) throws PortletException {
         super.init(config);
         addHelper(new ListHandler(), config);
+        addHelper(new EditKeystoreHandler(), config);
         addHelper(new UnlockKeystoreHandler(), config);
         addHelper(new CreateKeystoreHandler(), config);
         addHelper(new ViewKeystoreHandler(), config);
@@ -39,6 +40,9 @@
         addHelper(new ConfirmCertificateHandler(), config);
         addHelper(new ConfigureNewKeyHandler(), config);
         addHelper(new ConfirmKeyHandler(), config);
+        addHelper(new LockEditKeystoreHandler(), config);
+        addHelper(new LockKeystoreHandler(), config);
+        addHelper(new UnlockKeyHandler(), config);
     }
 
     protected String getModelJSPVariableName() {

Modified: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/ListHandler.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/ListHandler.java?rev=389206&r1=389205&r2=389206&view=diff
==============================================================================
--- geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/ListHandler.java (original)
+++ geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/ListHandler.java Mon Mar 27 09:43:21 2006
@@ -19,6 +19,7 @@
 import org.apache.geronimo.console.MultiPageModel;
 import org.apache.geronimo.console.util.PortletManager;
 import org.apache.geronimo.security.keystore.KeystoreManager;
+import org.apache.geronimo.security.keystore.KeystoreIsLocked;
 
 import javax.portlet.ActionRequest;
 import javax.portlet.ActionResponse;
@@ -27,6 +28,8 @@
 import javax.portlet.RenderRequest;
 import javax.portlet.RenderResponse;
 import java.io.IOException;
+import java.util.Map;
+import java.util.HashMap;
 
 /**
  * Handler for the keystore list screen.
@@ -47,6 +50,7 @@
         String[] names = manager.listKeystores();
         PortletSession session = request.getPortletSession(true);
         KeystoreData[] keystores = new KeystoreData[names.length];
+        Map keys = new HashMap();
         for (int i = 0; i < names.length; i++) {
             String name = names[i];
             KeystoreData data = (KeystoreData) session.getAttribute(KEYSTORE_DATA_PREFIX+name);
@@ -56,8 +60,19 @@
                 session.setAttribute(KEYSTORE_DATA_PREFIX+name, data);
             }
             keystores[i] = data;
+            if(!data.getInstance().isKeystoreLocked()) {
+                try {
+                    String[] all = data.getInstance().getUnlockedKeys();
+                    if(all.length > 0) {
+                        keys.put(data.getInstance().getKeystoreName(), all.length+" key"+(all.length > 1 ? "s" : "")+" ready");
+                    } else {
+                        keys.put(data.getInstance().getKeystoreName(), "NO KEYS READY");
+                    }
+                } catch (KeystoreIsLocked locked) {}
+            }
         }
         request.setAttribute("keystores", keystores);
+        request.setAttribute("keys", keys);
     }
 
     public String actionAfterView(ActionRequest request, ActionResponse response, MultiPageModel model) throws PortletException, IOException {

Added: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/LockEditKeystoreHandler.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/LockEditKeystoreHandler.java?rev=389206&view=auto
==============================================================================
--- geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/LockEditKeystoreHandler.java (added)
+++ geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/LockEditKeystoreHandler.java Mon Mar 27 09:43:21 2006
@@ -0,0 +1,51 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.console.keystores;
+
+import org.apache.geronimo.console.MultiPageModel;
+
+import javax.portlet.ActionRequest;
+import javax.portlet.ActionResponse;
+import javax.portlet.PortletException;
+import javax.portlet.RenderRequest;
+import javax.portlet.RenderResponse;
+import java.io.IOException;
+
+/**
+ * Handler for preventing the editing of a keystore.
+ *
+ * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $
+ */
+public class LockEditKeystoreHandler extends BaseKeystoreHandler {
+    public LockEditKeystoreHandler() {
+        super(LOCK_KEYSTORE_FOR_EDITING, null);
+    }
+
+    public String actionBeforeView(ActionRequest request, ActionResponse response, MultiPageModel model) throws PortletException, IOException {
+        String keystore = request.getParameter("keystore");
+        KeystoreData data = ((KeystoreData) request.getPortletSession(true).getAttribute(KEYSTORE_DATA_PREFIX + keystore));
+        data.setPassword(null);
+        return LIST_MODE+BEFORE_ACTION;
+    }
+
+    public void renderView(RenderRequest request, RenderResponse response, MultiPageModel model) throws PortletException, IOException {
+    }
+
+    public String actionAfterView(ActionRequest request, ActionResponse response, MultiPageModel model) throws PortletException, IOException {
+        return LIST_MODE+BEFORE_ACTION;
+    }
+}

Propchange: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/LockEditKeystoreHandler.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/LockKeystoreHandler.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/LockKeystoreHandler.java?rev=389206&view=auto
==============================================================================
--- geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/LockKeystoreHandler.java (added)
+++ geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/LockKeystoreHandler.java Mon Mar 27 09:43:21 2006
@@ -0,0 +1,51 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.console.keystores;
+
+import org.apache.geronimo.console.MultiPageModel;
+
+import javax.portlet.ActionRequest;
+import javax.portlet.ActionResponse;
+import javax.portlet.PortletException;
+import javax.portlet.RenderRequest;
+import javax.portlet.RenderResponse;
+import java.io.IOException;
+
+/**
+ * Handler for locking and unlocked keystore
+ *
+ * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $
+ */
+public class LockKeystoreHandler extends BaseKeystoreHandler {
+    public LockKeystoreHandler() {
+        super(LOCK_KEYSTORE_FOR_USAGE, null);
+    }
+
+    public String actionBeforeView(ActionRequest request, ActionResponse response, MultiPageModel model) throws PortletException, IOException {
+        String keystore = request.getParameter("keystore");
+        KeystoreData data = ((KeystoreData) request.getPortletSession(true).getAttribute(KEYSTORE_DATA_PREFIX + keystore));
+        data.getInstance().lockKeystore();
+        return LIST_MODE+BEFORE_ACTION;
+    }
+
+    public void renderView(RenderRequest request, RenderResponse response, MultiPageModel model) throws PortletException, IOException {
+    }
+
+    public String actionAfterView(ActionRequest request, ActionResponse response, MultiPageModel model) throws PortletException, IOException {
+        return LIST_MODE+BEFORE_ACTION;
+    }
+}

Propchange: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/LockKeystoreHandler.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/UnlockKeyHandler.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/UnlockKeyHandler.java?rev=389206&view=auto
==============================================================================
--- geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/UnlockKeyHandler.java (added)
+++ geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/UnlockKeyHandler.java Mon Mar 27 09:43:21 2006
@@ -0,0 +1,66 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.console.keystores;
+
+import org.apache.geronimo.console.MultiPageModel;
+import org.apache.geronimo.security.keystore.KeystoreIsLocked;
+
+import javax.portlet.ActionRequest;
+import javax.portlet.ActionResponse;
+import javax.portlet.PortletException;
+import javax.portlet.RenderRequest;
+import javax.portlet.RenderResponse;
+import java.io.IOException;
+
+/**
+ * Handler for entering a password to unlock a keystore
+ *
+ * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $
+ */
+public class UnlockKeyHandler extends BaseKeystoreHandler {
+    public UnlockKeyHandler() {
+        super(UNLOCK_KEY, "/WEB-INF/view/keystore/unlockKey.jsp");
+    }
+
+    public String actionBeforeView(ActionRequest request, ActionResponse response, MultiPageModel model) throws PortletException, IOException {
+        return getMode();
+    }
+
+    public void renderView(RenderRequest request, RenderResponse response, MultiPageModel model) throws PortletException, IOException {
+        String keystore = request.getParameter("keystore");
+        String password = request.getParameter("password");
+        request.setAttribute("keystore", keystore);
+        KeystoreData data = ((KeystoreData) request.getPortletSession(true).getAttribute(KEYSTORE_DATA_PREFIX + keystore));
+        request.setAttribute("keys", data.getInstance().listPrivateKeys(password.toCharArray()));
+    }
+
+    public String actionAfterView(ActionRequest request, ActionResponse response, MultiPageModel model) throws PortletException, IOException {
+        String keystore = request.getParameter("keystore");
+        String alias = request.getParameter("keyAlias");
+        String keyPassword = request.getParameter("keyPassword");
+        if(keystore == null || keystore.equals("")) {
+            return getMode(); // todo: this is bad; if there's no ID, then the form on the page is just not valid!
+        }
+        KeystoreData data = ((KeystoreData) request.getPortletSession(true).getAttribute(KEYSTORE_DATA_PREFIX + keystore));
+        try {
+            data.getInstance().unlockPrivateKey(alias, keyPassword.toCharArray());
+        } catch (KeystoreIsLocked e) {
+            throw new PortletException("Invalid password for keystore", e);
+        }
+        return LIST_MODE+BEFORE_ACTION;
+    }
+}

Propchange: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/UnlockKeyHandler.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/UnlockKeystoreHandler.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/UnlockKeystoreHandler.java?rev=389206&r1=389205&r2=389206&view=diff
==============================================================================
--- geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/UnlockKeystoreHandler.java (original)
+++ geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/UnlockKeystoreHandler.java Mon Mar 27 09:43:21 2006
@@ -17,6 +17,7 @@
 package org.apache.geronimo.console.keystores;
 
 import org.apache.geronimo.console.MultiPageModel;
+import org.apache.geronimo.security.keystore.KeystoreIsLocked;
 
 import javax.portlet.ActionRequest;
 import javax.portlet.ActionResponse;
@@ -32,34 +33,50 @@
  */
 public class UnlockKeystoreHandler extends BaseKeystoreHandler {
     public UnlockKeystoreHandler() {
-        super(UNLOCK_KEYSTORE_FOR_EDITING, "/WEB-INF/view/keystore/unlockKeystore.jsp");
+        super(UNLOCK_KEYSTORE_FOR_USAGE, "/WEB-INF/view/keystore/unlockKeystore.jsp");
     }
 
     public String actionBeforeView(ActionRequest request, ActionResponse response, MultiPageModel model) throws PortletException, IOException {
-        String id = request.getParameter("id");
-        if(id != null) {
-            response.setRenderParameter("id", id);
+        String keystore = request.getParameter("keystore");
+        if(keystore != null) {
+            response.setRenderParameter("keystore", keystore);
         } // else we hope this is after a failure and the actionAfterView took care of it below!
         return getMode();
     }
 
     public void renderView(RenderRequest request, RenderResponse response, MultiPageModel model) throws PortletException, IOException {
-        request.setAttribute("id", request.getParameter("id"));
+        String keystore = request.getParameter("keystore");
+        request.setAttribute("keystore", keystore);
+        request.setAttribute("mode", "unlockKeystore");
+        KeystoreData data = ((KeystoreData) request.getPortletSession(true).getAttribute(KEYSTORE_DATA_PREFIX + keystore));
+        request.setAttribute("keys", data.getKeys());
     }
 
     public String actionAfterView(ActionRequest request, ActionResponse response, MultiPageModel model) throws PortletException, IOException {
-        String id = request.getParameter("keystore");
+        String keystore = request.getParameter("keystore");
         String password = request.getParameter("password");
-        if(id == null || id.equals("")) {
+        String alias = request.getParameter("keyAlias");
+        String keyPassword = request.getParameter("keyPassword");
+        if(keystore == null || keystore.equals("")) {
             return getMode(); // todo: this is bad; if there's no ID, then the form on the page is just not valid!
         } else if(password == null) {
-            response.setRenderParameter("id", id);
+            response.setRenderParameter("keystore", keystore);
+            return getMode();
         }
-        KeystoreData data = ((KeystoreData) request.getPortletSession(true).getAttribute(KEYSTORE_DATA_PREFIX + id));
+        KeystoreData data = ((KeystoreData) request.getPortletSession(true).getAttribute(KEYSTORE_DATA_PREFIX + keystore));
         char[] storePass = password.toCharArray();
-        data.setPassword(storePass);
-        data.setCertificates(data.getInstance().listTrustCertificates(storePass));
-        data.setKeys(data.getInstance().listPrivateKeys(storePass));
+        data.getInstance().unlockKeystore(storePass);
+        if(data.getKeys() != null && data.getKeys().length > 0) {
+            try {
+                data.getInstance().unlockPrivateKey(alias, keyPassword.toCharArray());
+            } catch (KeystoreIsLocked e) {
+                throw new PortletException("Invalid password for keystore", e);
+            }
+        } else {
+            response.setRenderParameter("keystore", keystore);
+            response.setRenderParameter("password", password);
+            return UNLOCK_KEY+BEFORE_ACTION;
+        }
         return LIST_MODE+BEFORE_ACTION;
     }
 }

Modified: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/webmanager/ConnectorPortlet.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/webmanager/ConnectorPortlet.java?rev=389206&r1=389205&r2=389206&view=diff
==============================================================================
--- geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/webmanager/ConnectorPortlet.java (original)
+++ geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/webmanager/ConnectorPortlet.java Mon Mar 27 09:43:21 2006
@@ -27,6 +27,8 @@
 import org.apache.geronimo.management.geronimo.WebConnector;
 import org.apache.geronimo.management.geronimo.WebContainer;
 import org.apache.geronimo.management.geronimo.WebManager;
+import org.apache.geronimo.security.keystore.KeystoreManager;
+import org.apache.geronimo.security.keystore.KeystoreIsLocked;
 
 import javax.management.MalformedObjectNameException;
 import javax.management.ObjectName;
@@ -42,6 +44,8 @@
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.Map;
+import java.util.HashMap;
 
 /**
  * A portlet that lets you list, add, remove, start, stop, and edit web
@@ -62,7 +66,7 @@
     protected PortletRequestDispatcher editHttpsView;
 
     public void processAction(ActionRequest actionRequest,
-            ActionResponse actionResponse) throws PortletException, IOException {
+                              ActionResponse actionResponse) throws PortletException, IOException {
         String mode = actionRequest.getParameter("mode");
         String managerName = actionRequest.getParameter("managerObjectName");
         String containerName = actionRequest.getParameter("containerObjectName");
@@ -101,11 +105,9 @@
                 if(minThreads != null) {
                     setProperty(connector, "minThreads", minThreads);
                 }
-            }
-            else if (server.equals(WEB_SERVER_TOMCAT)) {
+            } else if (server.equals(WEB_SERVER_TOMCAT)) {
                 //todo:   Any Tomcat specific processing?
-            }
-            else {
+            } else {
                 //todo:   Handle "should not occur" condition
             }
             if(protocol.equals(WebManager.PROTOCOL_HTTPS)) {
@@ -128,13 +130,25 @@
                 secure.setClientAuthRequired(clientAuth);
                 if(server.equals(WEB_SERVER_JETTY)) {
                     if(isValid(privateKeyPass)) {setProperty(secure, "keyPassword", privateKeyPass);}
-                }
-                else if (server.equals(WEB_SERVER_TOMCAT)) {
+                    String keyStore = actionRequest.getParameter("unlockKeyStore");
+                    setProperty(secure, "keyStore", keyStore);
+                    try {
+                        String[] keys = PortletManager.getKeystoreManager(actionRequest).getKeystore(keyStore).getUnlockedKeys();
+                        if(keys.length == 1) {
+                            setProperty(secure, "keyAlias", keys[0]);
+                        } else {
+                            throw new PortletException("Cannot handle keystores with anything but 1 unlocked private key");
+                        }
+                    } catch (KeystoreIsLocked locked) {
+                        throw new PortletException(locked.getMessage());
+                    }
+                    String trustStore = actionRequest.getParameter("unlockTrustStore");
+                    if(isValid(trustStore)) {setProperty(secure, "trustStore", trustStore);}
+                } else if (server.equals(WEB_SERVER_TOMCAT)) {
                     if(isValid(truststoreType)) {setProperty(secure, "truststoreType", truststoreType);}
                     if(isValid(truststoreFile)) {setProperty(secure, "truststoreFileName", truststoreFile);}
                     if(isValid(truststorePass)) {setProperty(secure, "truststorePassword", truststorePass);}
-                }
-                else {
+                } else {
                     //todo:   Handle "should not occur" condition
                 }
             }
@@ -279,7 +293,7 @@
     }
 
     protected void doView(RenderRequest renderRequest,
-            RenderResponse renderResponse) throws IOException, PortletException {
+                          RenderResponse renderResponse) throws IOException, PortletException {
         if (WindowState.MINIMIZED.equals(renderRequest.getWindowState())) {
             return;
         }
@@ -307,6 +321,18 @@
                 renderRequest.setAttribute("maxThreads", "50");
                 if(server.equals(WEB_SERVER_JETTY)) {
                     renderRequest.setAttribute("minThreads", "10");
+                    KeystoreManager mgr = PortletManager.getKeystoreManager(renderRequest);
+                    String[] stores = mgr.getUnlockedKeyStores();
+                    renderRequest.setAttribute("keyStores", stores);
+                    renderRequest.setAttribute("trustStores", mgr.getUnlockedTrustStores());
+                    Map aliases = new HashMap();
+                    for (int i = 0; i < stores.length; i++) {
+                        String store = stores[i];
+                        try {
+                            aliases.put(store, mgr.getKeystore(store).getUnlockedKeys());
+                        } catch (KeystoreIsLocked locked) {}
+                    }
+                    renderRequest.setAttribute("unlockedKeys", aliases);
                 }
                 else if (server.equals(WEB_SERVER_TOMCAT)) {
                     //todo:   Any Tomcat specific processing?
@@ -494,7 +520,7 @@
     }
 
     protected void doHelp(RenderRequest renderRequest,
-            RenderResponse renderResponse) throws PortletException, IOException {
+                          RenderResponse renderResponse) throws PortletException, IOException {
         helpView.include(renderRequest, renderResponse);
     }
 

Modified: geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/view/keystore/index.jsp
URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/view/keystore/index.jsp?rev=389206&r1=389205&r2=389206&view=diff
==============================================================================
--- geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/view/keystore/index.jsp (original)
+++ geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/view/keystore/index.jsp Mon Mar 27 09:43:21 2006
@@ -53,21 +53,31 @@
         <c:when test="${keystore.locked}">
           <a href="<portlet:actionURL portletMode="view">
             <portlet:param name="mode" value="unlockEdit-before" />
-            <portlet:param name="id" value="${keystore.instance.keystoreName}" />
+            <portlet:param name="keystore" value="${keystore.instance.keystoreName}" />
             </portlet:actionURL>"><img src="<%=consoleServletPath%>/../images/ico_lock_16x16.gif" alt="Locked" /></a>
         </c:when>
         <c:otherwise>
-          <img src="<%=consoleServletPath%>/../images/ico_unlock3_16x16.gif" alt="Unlocked" />
+          <a href="<portlet:actionURL portletMode="view">
+            <portlet:param name="mode" value="lockEdit-before" />
+            <portlet:param name="keystore" value="${keystore.instance.keystoreName}" />
+            </portlet:actionURL>"><img src="<%=consoleServletPath%>/../images/ico_unlock3_16x16.gif" alt="Unlocked" /></a>
         </c:otherwise>
       </c:choose>
     </td>
     <td>
       <c:choose>
         <c:when test="${keystore.instance.keystoreLocked}">
-          <img src="<%=consoleServletPath%>/../images/ico_lock_16x16.gif" alt="Locked" />
+          <a href="<portlet:actionURL portletMode="view">
+            <portlet:param name="mode" value="unlockKeystore-before" />
+            <portlet:param name="keystore" value="${keystore.instance.keystoreName}" />
+            </portlet:actionURL>"><img src="<%=consoleServletPath%>/../images/ico_lock_16x16.gif" alt="Locked" /></a>
         </c:when>
         <c:otherwise>
-          <img src="<%=consoleServletPath%>/../images/ico_unlock3_16x16.gif" alt="Unlocked" />
+          <a href="<portlet:actionURL portletMode="view">
+            <portlet:param name="mode" value="lockKeystore-before" />
+            <portlet:param name="keystore" value="${keystore.instance.keystoreName}" />
+            </portlet:actionURL>"><img src="<%=consoleServletPath%>/../images/ico_unlock3_16x16.gif" alt="Unlocked" /></a>
+            ${keys[keystore.instance.keystoreName]}
         </c:otherwise>
       </c:choose>
     </td>

Added: geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/view/keystore/unlockKey.jsp
URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/view/keystore/unlockKey.jsp?rev=389206&view=auto
==============================================================================
--- geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/view/keystore/unlockKey.jsp (added)
+++ geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/view/keystore/unlockKey.jsp Mon Mar 27 09:43:21 2006
@@ -0,0 +1,29 @@
+<%@ page import="org.apache.geronimo.console.util.PortletManager"%>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+<%@ taglib uri="http://java.sun.com/portlet" prefix="portlet"%>
+<portlet:defineObjects/>
+
+<p>The keystore has been unlocked.  However, a private key within the keystore
+also needs to be unlocked in order for SSL to work properly.  Please specify
+the password for the private key within the keystore.</p>
+
+<form name="<portlet:namespace/>KeystoreForm" action="<portlet:actionURL/>">
+    <input type="hidden" name="keystore" value="${keystore}" />
+    <input type="hidden" name="mode" value="unlockKey-after" />
+    <b>Unlock Private Key:</b>
+    <select name="keyAlias">
+        <c:forEach var="alias" items="${keys}">
+            <option>${alias}</option>
+        </c:forEach>
+    </select>
+    Password:
+    <input type="password" name="keyPassword" size="20" maxlength="200" />
+    <br />
+
+    <input type="submit" value="Unlock Private Key" />
+</form>
+
+
+<p><a href="<portlet:actionURL portletMode="view">
+              <portlet:param name="mode" value="list-before" />
+            </portlet:actionURL>">Cancel</a></p>

Propchange: geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/view/keystore/unlockKey.jsp
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/view/keystore/unlockKeystore.jsp
URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/view/keystore/unlockKeystore.jsp?rev=389206&r1=389205&r2=389206&view=diff
==============================================================================
--- geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/view/keystore/unlockKeystore.jsp (original)
+++ geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/view/keystore/unlockKeystore.jsp Mon Mar 27 09:43:21 2006
@@ -4,11 +4,24 @@
 <portlet:defineObjects/>
 
 <form name="<portlet:namespace/>KeystoreForm" action="<portlet:actionURL/>">
-    <input type="hidden" name="keystore" value="${id}" />
-    <input type="hidden" name="mode" value="unlockEdit-after" />
+    <input type="hidden" name="keystore" value="${keystore}" />
+    <input type="hidden" name="mode" value="${mode}-after" />
     <b>Enter keystore password:</b>
     <input type="password" name="password" size="20" maxlength="200" />
     <br />
+
+    <c:if test="${mode eq 'unlockKeystore' && !empty keys}">
+        <b>Unlock Private Key:</b>
+        <select name="keyAlias">
+            <c:forEach var="alias" items="${keys}">
+                <option>${alias}</option>
+            </c:forEach>
+        </select>
+        Password:
+        <input type="password" name="keyPassword" size="20" maxlength="200" />
+        <br />
+    </c:if>
+
     <input type="submit" value="Unlock Keystore" />
 </form>
 

Modified: geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/view/webmanager/connector/editHTTPS.jsp
URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/view/webmanager/connector/editHTTPS.jsp?rev=389206&r1=389205&r2=389206&view=diff
==============================================================================
--- geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/view/webmanager/connector/editHTTPS.jsp (original)
+++ geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/view/webmanager/connector/editHTTPS.jsp Mon Mar 27 09:43:21 2006
@@ -88,6 +88,46 @@
     <th colspan="2"><div align="left">SSL Settings</div></th>
   </tr>
 
+<!-- ====================================== JETTY ONLY ====================================== -->
+<c:if test="${server eq 'jetty'}">
+    <!-- Key Store Field -->
+      <tr>
+        <td><div align="right">Key Store: </div></td>
+        <td>
+          <select name="unlockKeyStore">
+              <c:forEach var="store" items="${keyStores}">
+                  <option>${store}</option>
+              </c:forEach>
+          </select>
+        </td>
+      </tr>
+      <tr>
+        <td><div align="right"></div></td>
+        <td>The keystore to use for accessing the server's private key</td>
+      </tr>
+
+    <!-- Trust Store Field -->
+      <tr>
+        <td><div align="right">Trust Store: </div></td>
+        <td>
+          <select name="unlockTrustStore">
+              <option />
+              <c:forEach var="store" items="${trustStores}">
+                  <option>${store}</option>
+              </c:forEach>
+          </select>
+        </td>
+      </tr>
+      <tr>
+        <td><div align="right"></div></td>
+        <td>The keystore to use for accessing the server's private key</td>
+      </tr>
+
+</c:if>
+
+
+<!-- ========================== TOMCAT ONLY ====================================== -->
+<c:if test="${server eq 'tomcat'}">
 <!-- Keystore File Field -->
   <tr>
     <td><div align="right">Keystore File: </div></td>
@@ -116,41 +156,23 @@
       this empty if you don't want to change the current password.</c:if></td>
   </tr>
 
-<!-- Key Password Field (Jetty only) -->
-<c:if test="${server eq 'jetty'}">
-  <tr>
-    <td><div align="right"><c:if test="${mode eq 'save'}">Change </c:if>Server Key Password: </div></td>
-    <td>
-      <input name="privateKeyPassword" type="password" size="10">
-	</td>
-  </tr>
-  <tr>
-    <td><div align="right"></div></td>
-    <td><c:choose><c:when test="${mode eq 'save'}">Change</c:when><c:otherwise>Set</c:otherwise></c:choose>
-      the password used to access the private key in the keystore.<c:if test="${mode eq 'save'}">  Leave
-      this empty if you don't want to change the current password.</c:if></td>
-  </tr>
-</c:if>
-
-<!-- Keystore Type Field -->
-  <tr>
-    <td><div align="right">Keystore Type: </div></td>
-    <td>
-      <select name="keystoreType">
-        <option<c:if test="${keystoreType eq 'JKS' || logLevel eq ''}"> selected</c:if>>JKS</option>
-        <option<c:if test="${keystoreType eq 'PKCS12'}"> selected</c:if>>PKCS12</option>
-      </select>
-	</td>
-  </tr>
-  <tr>
-    <td><div align="right"></div></td>
-    <td><c:choose><c:when test="${mode eq 'save'}">Change</c:when><c:otherwise>Set</c:otherwise></c:choose>
-      the keystore type.  There is normally no reason not to use the default (<tt>JKS</tt>).</td>
-  </tr>
+    <!-- Keystore Type Field -->
+      <tr>
+        <td><div align="right">Keystore Type: </div></td>
+        <td>
+          <select name="keystoreType">
+            <option<c:if test="${keystoreType eq 'JKS' || logLevel eq ''}"> selected</c:if>>JKS</option>
+            <option<c:if test="${keystoreType eq 'PKCS12'}"> selected</c:if>>PKCS12</option>
+          </select>
+        </td>
+      </tr>
+      <tr>
+        <td><div align="right"></div></td>
+        <td><c:choose><c:when test="${mode eq 'save'}">Change</c:when><c:otherwise>Set</c:otherwise></c:choose>
+          the keystore type.  There is normally no reason not to use the default (<tt>JKS</tt>).</td>
+      </tr>
 
-<!-- Trust material (Tomcat only) -->
-<c:if test="${server eq 'tomcat'}">
-<!-- Truststore File Field -->
+  <!-- Truststore File Field -->
   <tr>
     <td><div align="right">Truststore File: </div></td>
     <td>

Modified: geronimo/trunk/assemblies/j2ee-installer/src/var/config/config.xml
URL: http://svn.apache.org/viewcvs/geronimo/trunk/assemblies/j2ee-installer/src/var/config/config.xml?rev=389206&r1=389205&r2=389206&view=diff
==============================================================================
--- geronimo/trunk/assemblies/j2ee-installer/src/var/config/config.xml (original)
+++ geronimo/trunk/assemblies/j2ee-installer/src/var/config/config.xml Mon Mar 27 09:43:21 2006
@@ -30,6 +30,15 @@
         <gbean name="JMXService">
             <attribute name="url">service:jmx:rmi://${PlanServerHostname}:${PlanJMXPort}/jndi/rmi://${PlanServerHostname}:${PlanNamingPort}/JMXConnector</attribute>
         </gbean>
+        <gbean name="geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2ee-security/1.2-SNAPSHOT/car,J2EEServer=geronimo,j2eeType=Keystore,name=geronimo-default" gbeanInfo="org.apache.geronimo.security.keystore.FileKeystoreInstance">
+            <attribute name="keystoreName">geronimo-default</attribute>
+            <attribute name="keystorePassword">{Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAEArVToThqcjvbXFD5C2uUmpwdAADQUVT</attribute>
+            <attribute name="keyPasswords">{Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAIGdUCEvsw3HNoD82HNiAiTo5m8E/c8pnljroPhWCnB89cHQAA0FFUw==</attribute>
+            <attribute name="keystorePath">var/security/keystores/geronimo-default</attribute>
+            <reference name="ServerInfo">
+                <pattern><gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2ee-system/1.2-SNAPSHOT/car,J2EEServer=geronimo,j2eeType=GBean,name=ServerInfo</gbean-name></pattern>
+            </reference>
+        </gbean>
     </configuration>
     <configuration name="geronimo/j2ee-corba/${pom.currentVersion}/car" load="${CORBA.Features.enable}">
         <gbean name="NameServer">

Modified: geronimo/trunk/assemblies/j2ee-jetty-server/src/var/config/config.xml
URL: http://svn.apache.org/viewcvs/geronimo/trunk/assemblies/j2ee-jetty-server/src/var/config/config.xml?rev=389206&r1=389205&r2=389206&view=diff
==============================================================================
--- geronimo/trunk/assemblies/j2ee-jetty-server/src/var/config/config.xml (original)
+++ geronimo/trunk/assemblies/j2ee-jetty-server/src/var/config/config.xml Mon Mar 27 09:43:21 2006
@@ -25,6 +25,15 @@
         <gbean name="JMXService">
             <attribute name="url">service:jmx:rmi://${PlanServerHostname}:${PlanJMXPort}/jndi/rmi://${PlanServerHostname}:${PlanNamingPort}/JMXConnector</attribute>
         </gbean>
+        <gbean name="geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2ee-security/1.2-SNAPSHOT/car,J2EEServer=geronimo,j2eeType=Keystore,name=geronimo-default" gbeanInfo="org.apache.geronimo.security.keystore.FileKeystoreInstance">
+            <attribute name="keystoreName">geronimo-default</attribute>
+            <attribute name="keystorePassword">{Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAEArVToThqcjvbXFD5C2uUmpwdAADQUVT</attribute>
+            <attribute name="keyPasswords">{Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAIGdUCEvsw3HNoD82HNiAiTo5m8E/c8pnljroPhWCnB89cHQAA0FFUw==</attribute>
+            <attribute name="keystorePath">var/security/keystores/geronimo-default</attribute>
+            <reference name="ServerInfo">
+                <pattern><gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2ee-system/1.2-SNAPSHOT/car,J2EEServer=geronimo,j2eeType=GBean,name=ServerInfo</gbean-name></pattern>
+            </reference>
+        </gbean>
     </configuration>
     <configuration name="geronimo/axis/${pom.currentVersion}/car"/>
     <configuration name="geronimo/openejb/${pom.currentVersion}/car">

Modified: geronimo/trunk/assemblies/j2ee-tomcat-server/src/var/config/config.xml
URL: http://svn.apache.org/viewcvs/geronimo/trunk/assemblies/j2ee-tomcat-server/src/var/config/config.xml?rev=389206&r1=389205&r2=389206&view=diff
==============================================================================
--- geronimo/trunk/assemblies/j2ee-tomcat-server/src/var/config/config.xml (original)
+++ geronimo/trunk/assemblies/j2ee-tomcat-server/src/var/config/config.xml Mon Mar 27 09:43:21 2006
@@ -25,6 +25,15 @@
         <gbean name="JMXService">
             <attribute name="url">service:jmx:rmi://${PlanServerHostname}:${PlanJMXPort}/jndi/rmi://${PlanServerHostname}:${PlanNamingPort}/JMXConnector</attribute>
         </gbean>
+        <gbean name="geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2ee-security/1.2-SNAPSHOT/car,J2EEServer=geronimo,j2eeType=Keystore,name=geronimo-default" gbeanInfo="org.apache.geronimo.security.keystore.FileKeystoreInstance">
+            <attribute name="keystoreName">geronimo-default</attribute>
+            <attribute name="keystorePassword">{Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAEArVToThqcjvbXFD5C2uUmpwdAADQUVT</attribute>
+            <attribute name="keyPasswords">{Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAIGdUCEvsw3HNoD82HNiAiTo5m8E/c8pnljroPhWCnB89cHQAA0FFUw==</attribute>
+            <attribute name="keystorePath">var/security/keystores/geronimo-default</attribute>
+            <reference name="ServerInfo">
+                <pattern><gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2ee-system/1.2-SNAPSHOT/car,J2EEServer=geronimo,j2eeType=GBean,name=ServerInfo</gbean-name></pattern>
+            </reference>
+        </gbean>
     </configuration>
     <configuration name="geronimo/axis/${pom.currentVersion}/car"/>
     <configuration name="geronimo/openejb/${pom.currentVersion}/car">

Modified: geronimo/trunk/assemblies/minimal-tomcat-server/src/var/config/config.xml
URL: http://svn.apache.org/viewcvs/geronimo/trunk/assemblies/minimal-tomcat-server/src/var/config/config.xml?rev=389206&r1=389205&r2=389206&view=diff
==============================================================================
--- geronimo/trunk/assemblies/minimal-tomcat-server/src/var/config/config.xml (original)
+++ geronimo/trunk/assemblies/minimal-tomcat-server/src/var/config/config.xml Mon Mar 27 09:43:21 2006
@@ -25,6 +25,15 @@
         <gbean name="JMXConnector">
             <attribute name="url">service:jmx:rmi://${PlanServerHostname}/jndi/rmi:/JMXConnector</attribute>
         </gbean>
+        <gbean name="geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2ee-security/1.2-SNAPSHOT/car,J2EEServer=geronimo,j2eeType=Keystore,name=geronimo-default" gbeanInfo="org.apache.geronimo.security.keystore.FileKeystoreInstance">
+            <attribute name="keystoreName">geronimo-default</attribute>
+            <attribute name="keystorePassword">{Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAEArVToThqcjvbXFD5C2uUmpwdAADQUVT</attribute>
+            <attribute name="keyPasswords">{Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAIGdUCEvsw3HNoD82HNiAiTo5m8E/c8pnljroPhWCnB89cHQAA0FFUw==</attribute>
+            <attribute name="keystorePath">var/security/keystores/geronimo-default</attribute>
+            <reference name="ServerInfo">
+                <pattern><gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2ee-system/1.2-SNAPSHOT/car,J2EEServer=geronimo,j2eeType=GBean,name=ServerInfo</gbean-name></pattern>
+            </reference>
+        </gbean>
     </configuration>
 
     <configuration name="geronimo/tomcat/${pom.currentVersion}/car">

Modified: geronimo/trunk/assemblies/web-jms-tomcat-server/src/var/config/config.xml
URL: http://svn.apache.org/viewcvs/geronimo/trunk/assemblies/web-jms-tomcat-server/src/var/config/config.xml?rev=389206&r1=389205&r2=389206&view=diff
==============================================================================
--- geronimo/trunk/assemblies/web-jms-tomcat-server/src/var/config/config.xml (original)
+++ geronimo/trunk/assemblies/web-jms-tomcat-server/src/var/config/config.xml Mon Mar 27 09:43:21 2006
@@ -25,6 +25,15 @@
         <gbean name="JMXConnector">
             <attribute name="url">service:jmx:rmi://${PlanServerHostname}/jndi/rmi:/JMXConnector</attribute>
         </gbean>
+        <gbean name="geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2ee-security/1.2-SNAPSHOT/car,J2EEServer=geronimo,j2eeType=Keystore,name=geronimo-default" gbeanInfo="org.apache.geronimo.security.keystore.FileKeystoreInstance">
+            <attribute name="keystoreName">geronimo-default</attribute>
+            <attribute name="keystorePassword">{Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAEArVToThqcjvbXFD5C2uUmpwdAADQUVT</attribute>
+            <attribute name="keyPasswords">{Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAIGdUCEvsw3HNoD82HNiAiTo5m8E/c8pnljroPhWCnB89cHQAA0FFUw==</attribute>
+            <attribute name="keystorePath">var/security/keystores/geronimo-default</attribute>
+            <reference name="ServerInfo">
+                <pattern><gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2ee-system/1.2-SNAPSHOT/car,J2EEServer=geronimo,j2eeType=GBean,name=ServerInfo</gbean-name></pattern>
+            </reference>
+        </gbean>
     </configuration>
 
     <configuration name="geronimo/activemq-broker/${pom.currentVersion}/car">

Modified: geronimo/trunk/configs/jetty/project.xml
URL: http://svn.apache.org/viewcvs/geronimo/trunk/configs/jetty/project.xml?rev=389206&r1=389205&r2=389206&view=diff
==============================================================================
--- geronimo/trunk/configs/jetty/project.xml (original)
+++ geronimo/trunk/configs/jetty/project.xml Mon Mar 27 09:43:21 2006
@@ -41,7 +41,7 @@
         <!-- parent config -->
         <dependency>
             <groupId>geronimo</groupId>
-            <artifactId>rmi-naming</artifactId>
+            <artifactId>j2ee-security</artifactId>
             <version>${geronimo_version}</version>
             <type>car</type>
             <properties>

Modified: geronimo/trunk/configs/jetty/src/plan/plan.xml
URL: http://svn.apache.org/viewcvs/geronimo/trunk/configs/jetty/src/plan/plan.xml?rev=389206&r1=389205&r2=389206&view=diff
==============================================================================
--- geronimo/trunk/configs/jetty/src/plan/plan.xml (original)
+++ geronimo/trunk/configs/jetty/src/plan/plan.xml Mon Mar 27 09:43:21 2006
@@ -93,10 +93,9 @@
     <gbean name="JettySSLConnector" class="org.apache.geronimo.jetty.connector.HTTPSConnector">
         <attribute name="host">${PlanServerHostname}</attribute>
         <attribute name="port">${PlanHTTPSPort}</attribute>
-        <attribute name="keystoreFileName">var/security/keystores/geronimo-default</attribute>
-        <attribute name="keystoreType">JKS</attribute>
-        <attribute name="keystorePassword">secret</attribute>
-        <attribute name="keyPassword">secret</attribute>
+        <attribute name="keyStore">geronimo-default</attribute>
+        <attribute name="keyAlias">geronimo</attribute>
+        <attribute name="trustStore">geronimo-default</attribute>
         <attribute name="clientAuthRequired">false</attribute>
         <attribute name="algorithm">Default</attribute>
         <attribute name="secureProtocol">TLS</attribute>
@@ -105,9 +104,9 @@
         <reference name="JettyContainer">
             <name>JettyWebContainer</name>
         </reference>
-        <reference name="ServerInfo">
-            <module>geronimo/j2ee-system/${pom.currentVersion}/car</module>
-            <name>ServerInfo</name>
+        <reference name="KeystoreManager">
+            <module>geronimo/j2ee-security/${pom.currentVersion}/car</module>
+            <name>KeystoreManager</name>
         </reference>
     </gbean>
 

Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyManagerImpl.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyManagerImpl.java?rev=389206&r1=389205&r2=389206&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyManagerImpl.java (original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyManagerImpl.java Mon Mar 27 09:43:21 2006
@@ -43,6 +43,7 @@
 import org.apache.geronimo.system.serverinfo.ServerInfo;
 import org.apache.geronimo.j2ee.management.impl.Util;
 import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
+import org.apache.geronimo.security.keystore.KeystoreManager;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
@@ -82,9 +83,9 @@
             connector = new GBeanData(name, HTTPConnector.GBEAN_INFO);
         } else if (protocol.equals(PROTOCOL_HTTPS)) {
             connector = new GBeanData(name, HTTPSConnector.GBEAN_INFO);
-            GBeanQuery query = new GBeanQuery(null, ServerInfo.class.getName());
+            GBeanQuery query = new GBeanQuery(null, KeystoreManager.class.getName());
             Set set = kernel.listGBeans(query);
-            connector.setReferencePattern("ServerInfo", (ObjectName) set.iterator().next());
+            connector.setReferencePattern("KeystoreManager", (ObjectName) set.iterator().next());
             //todo: default HTTPS settings
         } else if (protocol.equals(PROTOCOL_AJP)) {
             connector = new GBeanData(name, AJP13Connector.GBEAN_INFO);

Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettySecureConnector.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettySecureConnector.java?rev=389206&r1=389205&r2=389206&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettySecureConnector.java (original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettySecureConnector.java Mon Mar 27 09:43:21 2006
@@ -22,9 +22,9 @@
  * @version $Rev$ $Date$
  */
 public interface JettySecureConnector extends SecureConnector {
-    /**
-     * Sets the password used to access the server private key inside the
-     * keystore.
-     */
-    public void setKeyPassword(String password);
+    public void setKeyStore(String keyStore);
+
+    public void setTrustStore(String trustStore);
+
+    public void setKeyAlias(String keyAlias);
 }

Added: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/connector/GeronimoSSLListener.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/connector/GeronimoSSLListener.java?rev=389206&view=auto
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/connector/GeronimoSSLListener.java (added)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/connector/GeronimoSSLListener.java Mon Mar 27 09:43:21 2006
@@ -0,0 +1,66 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.jetty.connector;
+
+import org.mortbay.http.SslListener;
+import org.apache.geronimo.security.keystore.KeystoreManager;
+
+import javax.net.ssl.SSLServerSocketFactory;
+
+/**
+ * SSL listener that hooks into the Geronimo keystore infrastructure.
+ *
+ * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $
+ */
+public class GeronimoSSLListener extends SslListener {
+    private KeystoreManager manager;
+    private String keyStore;
+    private String trustStore;
+    private String keyAlias;
+
+    public GeronimoSSLListener(KeystoreManager manager) {
+        this.manager = manager;
+    }
+
+    protected SSLServerSocketFactory createFactory() throws Exception {
+        return manager.createSSLFactory(null, getProtocol(), getAlgorithm(), keyStore, keyAlias, trustStore, SslListener.class.getClassLoader());
+    }
+
+    public String getKeyStore() {
+        return keyStore;
+    }
+
+    public void setKeyStore(String keyStore) {
+        this.keyStore = keyStore;
+    }
+
+    public String getTrustStore() {
+        return trustStore;
+    }
+
+    public void setTrustStore(String trustStore) {
+        this.trustStore = trustStore;
+    }
+
+    public String getKeyAlias() {
+        return keyAlias;
+    }
+
+    public void setKeyAlias(String keyAlias) {
+        this.keyAlias = keyAlias;
+    }
+}

Propchange: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/connector/GeronimoSSLListener.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/connector/HTTPSConnector.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/connector/HTTPSConnector.java?rev=389206&r1=389205&r2=389206&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/connector/HTTPSConnector.java (original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/connector/HTTPSConnector.java Mon Mar 27 09:43:21 2006
@@ -18,6 +18,8 @@
 package org.apache.geronimo.jetty.connector;
 
 import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLServerSocketFactory;
+import javax.net.ssl.SSLContext;
 
 import org.mortbay.http.SslListener;
 
@@ -28,6 +30,7 @@
 import org.apache.geronimo.jetty.JettyContainer;
 import org.apache.geronimo.jetty.JettySecureConnector;
 import org.apache.geronimo.system.serverinfo.ServerInfo;
+import org.apache.geronimo.security.keystore.KeystoreManager;
 
 /**
  * Implementation of a HTTPS connector based on Jetty's SslConnector (which uses pure JSSE).
@@ -35,15 +38,12 @@
  * @version $Rev$ $Date$
  */
 public class HTTPSConnector extends JettyConnector implements JettySecureConnector {
-    private final SslListener https;
-    private final ServerInfo serverInfo;
-    private String keystore;
+    private final GeronimoSSLListener https;
     private String algorithm;
 
-    public HTTPSConnector(JettyContainer container, ServerInfo serverInfo) {
-        super(container, new SslListener());
-        this.serverInfo = serverInfo;
-        https = (SslListener) listener;
+    public HTTPSConnector(JettyContainer container, KeystoreManager keystoreManager) {
+        super(container, new GeronimoSSLListener(keystoreManager));
+        https = (GeronimoSSLListener) listener;
     }
 
     public int getDefaultPort() {
@@ -54,16 +54,6 @@
         return WebManager.PROTOCOL_HTTPS;
     }
 
-    public String getKeystoreFileName() {
-        // this does not delegate to https as it needs to be resolved against ServerInfo
-        return keystore;
-    }
-
-    public void setKeystoreFileName(String keystore) {
-        // this does not delegate to https as it needs to be resolved against ServerInfo
-        this.keystore = keystore;
-    }
-
     public String getAlgorithm() {
         return algorithm;
     }
@@ -83,14 +73,6 @@
         https.setAlgorithm(algorithm);
     }
 
-    public void setKeystorePassword(String password) {
-        https.setPassword(password);
-    }
-
-    public void setKeyPassword(String password) {
-        https.setKeyPassword(password);
-    }
-
     public String getSecureProtocol() {
         return https.getProtocol();
     }
@@ -99,14 +81,6 @@
         https.setProtocol(protocol);
     }
 
-    public String getKeystoreType() {
-        return https.getKeystoreType();
-    }
-
-    public void setKeystoreType(String keystoreType) {
-        https.setKeystoreType(keystoreType);
-    }
-
     public void setClientAuthRequired(boolean needClientAuth) {
         https.setNeedClientAuth(needClientAuth);
     }
@@ -123,30 +97,68 @@
         return https.getWantClientAuth();
     }
 
-    public void doStart() throws Exception {
-        https.setKeystore(serverInfo.resolveServerPath(keystore));
-        super.doStart();
+    public void setKeyStore(String keyStore) {
+        https.setKeyStore(keyStore);
+    }
+
+    public String getKeyStore() {
+        return https.getKeyStore();
+    }
+
+    public void setTrustStore(String trustStore) {
+        https.setTrustStore(trustStore);
+    }
+
+    public String getTrustStore() {
+        return https.getTrustStore();
+    }
+
+    public void setKeyAlias(String keyAlias) {
+        https.setKeyAlias(keyAlias);
+    }
+
+    public String getKeyAlias() {
+        return https.getKeyAlias();
     }
 
     public static final GBeanInfo GBEAN_INFO;
 
     static {
         GBeanInfoBuilder infoFactory = GBeanInfoBuilder.createStatic("Jetty Connector HTTPS", HTTPSConnector.class, JettyConnector.GBEAN_INFO);
-        infoFactory.addAttribute("keystoreFileName", String.class, true, true);
         infoFactory.addAttribute("algorithm", String.class, true, true);
-        infoFactory.addAttribute("keystorePassword", String.class, true, true);
-        infoFactory.addAttribute("keyPassword", String.class, true, true);
         infoFactory.addAttribute("secureProtocol", String.class, true, true);
-        infoFactory.addAttribute("keystoreType", String.class, true, true);
+        infoFactory.addAttribute("keyStore", String.class, true, true);
+        infoFactory.addAttribute("keyAlias", String.class, true, true);
+        infoFactory.addAttribute("trustStore", String.class, true, true);
         infoFactory.addAttribute("clientAuthRequired", boolean.class, true, true);
         infoFactory.addAttribute("clientAuthRequested", boolean.class, true, true);
-        infoFactory.addReference("ServerInfo", ServerInfo.class, NameFactory.GERONIMO_SERVICE);
+        infoFactory.addReference("KeystoreManager", KeystoreManager.class, NameFactory.GERONIMO_SERVICE);
         infoFactory.addInterface(JettySecureConnector.class);
-        infoFactory.setConstructor(new String[]{"JettyContainer", "ServerInfo"});
+        infoFactory.setConstructor(new String[]{"JettyContainer", "KeystoreManager"});
         GBEAN_INFO = infoFactory.getBeanInfo();
     }
 
     public static GBeanInfo getGBeanInfo() {
         return GBEAN_INFO;
+    }
+
+    // ================= NO LONGER USED!!! =====================
+    // todo: remove these from the SSL interface
+
+    public String getKeystoreFileName() {
+        return null;
+    }
+
+    public void setKeystoreFileName(String name) {
+    }
+
+    public void setKeystorePassword(String password) {
+    }
+
+    public String getKeystoreType() {
+        return null;
+    }
+
+    public void setKeystoreType(String type) {
     }
 }

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreInstance.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreInstance.java?rev=389206&r1=389205&r2=389206&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreInstance.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreInstance.java Mon Mar 27 09:43:21 2006
@@ -18,16 +18,21 @@
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.apache.geronimo.gbean.DynamicGBean;
 import org.apache.geronimo.gbean.GBeanInfo;
 import org.apache.geronimo.gbean.GBeanInfoBuilder;
+import org.apache.geronimo.gbean.GBeanLifecycle;
 import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
 import org.apache.geronimo.kernel.Kernel;
 import org.apache.geronimo.util.jce.X509Principal;
 import org.apache.geronimo.util.jce.X509V1CertificateGenerator;
+import org.apache.geronimo.system.serverinfo.ServerInfo;
 
 import javax.management.MalformedObjectNameException;
 import javax.management.ObjectName;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
 import java.io.BufferedInputStream;
 import java.io.BufferedOutputStream;
 import java.io.File;
@@ -45,6 +50,7 @@
 import java.security.PrivateKey;
 import java.security.PublicKey;
 import java.security.SignatureException;
+import java.security.UnrecoverableKeyException;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
@@ -53,9 +59,11 @@
 import java.util.Enumeration;
 import java.util.HashMap;
 import java.util.Hashtable;
+import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 import java.util.Vector;
+import java.net.URI;
 
 /**
  * Implementation of KeystoreInstance that accesses a keystore file on the
@@ -64,27 +72,52 @@
  *
  * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $
  */
-public class FileKeystoreInstance implements KeystoreInstance, DynamicGBean {
+public class FileKeystoreInstance implements KeystoreInstance, GBeanLifecycle {
     private static final Log log = LogFactory.getLog(FileKeystoreInstance.class);
-    private final static String MAGIC_KEYSTORE_PWD_KEY = "#KeystorePW";
     final static String JKS = "JKS";
-    private File keystoreFile;
+    private URI keystorePath; // relative path
+    private ServerInfo serverInfo; // used to decode relative path
+    private File keystoreFile; // Only valid after startup
     private String keystoreName;
-    private Map unlockKeyPasswords = new HashMap();
+    private char[] keystorePassword; // Used to "unlock" the keystore for other services
+    private Map keyPasswords = new HashMap();
     private Kernel kernel;
     private ObjectName objectName;
-    private char[] openPassword;
+    private char[] openPassword; // The password last used to open the keystore for editing
     // The following variables are the state of the keystore, which should be chucked if the file on disk changes
     private List privateKeys = new ArrayList();
     private List trustCerts = new ArrayList();
     private KeyStore keystore;
     private long keystoreReadDate = Long.MIN_VALUE;
 
-    public FileKeystoreInstance(File keystoreFile, String keystoreName, Kernel kernel, String objectName) throws MalformedObjectNameException {
-        this.keystoreFile = keystoreFile;
+    public FileKeystoreInstance(ServerInfo serverInfo, URI keystorePath, String keystoreName, String keystorePassword, String keyPasswords, Kernel kernel, String objectName) throws MalformedObjectNameException {
+        this.serverInfo = serverInfo;
+        this.keystorePath = keystorePath;
         this.keystoreName = keystoreName;
         this.kernel = kernel;
         this.objectName = ObjectName.getInstance(objectName);
+        this.keystorePassword = keystorePassword == null ? null : keystorePassword.toCharArray();
+        if(keyPasswords != null) {
+            String[] keys = keyPasswords.split("\\]\\!\\[");
+            for (int i = 0; i < keys.length; i++) {
+                String key = keys[i];
+                int pos = key.indexOf('=');
+                this.keyPasswords.put(key.substring(0, pos), key.substring(pos+1).toCharArray());
+            }
+        }
+    }
+
+    public void doStart() throws Exception {
+        keystoreFile = new File(serverInfo.resolve(keystorePath));
+        if(!keystoreFile.exists() || !keystoreFile.canRead()) {
+            throw new IllegalArgumentException("Invalid keystore file ("+keystorePath+" = "+keystoreFile.getAbsolutePath()+")");
+        }
+    }
+
+    public void doStop() throws Exception {
+    }
+
+    public void doFail() {
     }
 
     public String getKeystoreName() {
@@ -93,25 +126,16 @@
 
     public boolean unlockKeystore(char[] password) {
         //todo: test whether password is correct and if not return false
-        try {
-            kernel.setAttribute(objectName, MAGIC_KEYSTORE_PWD_KEY, password);
-        } catch (Exception e) {
-            log.error("Unable to save keystore password for keystore '"+keystoreName+"'", e);
-            return false;
-        }
+        keystorePassword = password;
         return true;
     }
 
     public void lockKeystore() {
-        try {
-            kernel.setAttribute(objectName, MAGIC_KEYSTORE_PWD_KEY, null);
-        } catch (Exception e) {
-            log.error("Unable to clear keystore password for keystore '"+keystoreName+"'", e);
-        }
+        keystorePassword = null;
     }
 
     public boolean isKeystoreLocked() {
-        return unlockKeyPasswords.get(MAGIC_KEYSTORE_PWD_KEY) == null;
+        return keystorePassword == null;
     }
 
     public String[] listPrivateKeys(char[] storePassword) {
@@ -128,25 +152,56 @@
             throw new KeystoreIsLocked("Keystore '"+keystoreName+"' is locked!");
         }
         //todo: test whether password is correct and if not return false
-        try {
-            kernel.setAttribute(objectName, alias, password);
-        } catch (Exception e) {
-            log.error("Unable to save key password for key '"+alias+"' in keystore '"+keystoreName+"'", e);
-            return false;
-        }
+        keyPasswords.put(alias, password);
+        storePasswords();
         return true;
     }
 
+    public String[] getUnlockedKeys() throws KeystoreIsLocked {
+        if(isKeystoreLocked()) {
+            throw new KeystoreIsLocked("Keystore '"+keystoreName+"' is locked; please unlock it in the console.");
+        }
+        if(keystore == null || keystoreReadDate < keystoreFile.lastModified()) {
+            loadKeystoreData(keystorePassword);
+        }
+        return (String[]) keyPasswords.keySet().toArray(new String[keyPasswords.size()]);
+    }
+
+    public boolean isTrustStore() throws KeystoreIsLocked {
+        if(isKeystoreLocked()) {
+            throw new KeystoreIsLocked("Keystore '"+keystoreName+"' is locked; please unlock it in the console.");
+        }
+        if(keystore == null || keystoreReadDate < keystoreFile.lastModified()) {
+            loadKeystoreData(keystorePassword);
+        }
+        return trustCerts.size() > 0;
+    }
+
     public void lockPrivateKey(String alias) {
+        storePasswords();
+        keyPasswords.remove(alias);
+    }
+
+    private void storePasswords() {
+        StringBuffer buf = new StringBuffer();
+        for (Iterator it = keyPasswords.entrySet().iterator(); it.hasNext();) {
+            if(buf.length() > 0) {
+                buf.append("]![");
+            }
+            Map.Entry entry = (Map.Entry) it.next();
+            buf.append(entry.getKey()).append("=").append(entry.getValue());
+        }
         try {
-            kernel.setAttribute(objectName, alias, null);
+            kernel.setAttribute(objectName, "keyPasswords", buf.toString());
         } catch (Exception e) {
-            log.error("Unable to clear keystore password for keystore '"+keystoreName+"'", e);
+            log.error("Unable to save key passwords in keystore '"+keystoreName+"'", e);
         }
     }
 
+    public void setKeyPasswords(String passwords) {} // Just so the kernel sees the new value
+
     public boolean isKeyUnlocked(String alias) {
-        return unlockKeyPasswords.get(alias) == null;
+        return keyPasswords.get(alias) == null;
     }
 
     public String[] listTrustCertificates(char[] storePassword) {
@@ -211,6 +266,29 @@
         return false;
     }
 
+    public KeyManager[] getKeyManager(String algorithm, String alias) throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, KeystoreIsLocked {
+        if(isKeystoreLocked()) {
+            throw new KeystoreIsLocked("Keystore '"+keystoreName+"' is locked; please unlock it in the console.");
+        }
+        if(keystore == null || keystoreReadDate < keystoreFile.lastModified()) {
+            loadKeystoreData(keystorePassword);
+        }
+        KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(algorithm);
+        keyFactory.init(keystore, (char[]) keyPasswords.get(alias));
+        return keyFactory.getKeyManagers();
+    }
+
+    public TrustManager[] getTrustManager(String algorithm) throws KeyStoreException, NoSuchAlgorithmException, KeystoreIsLocked {
+        if(isKeystoreLocked()) {
+            throw new KeystoreIsLocked("Keystore '"+keystoreName+"' is locked; please unlock it in the console.");
+        }
+        if(keystore == null || keystoreReadDate < keystoreFile.lastModified()) {
+            loadKeystoreData(keystorePassword);
+        }
+        TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(algorithm);
+        trustFactory.init(keystore);
+        return trustFactory.getTrustManagers();
+    }
 
     private boolean saveKeystore(char[] password) {
         try {
@@ -232,30 +310,19 @@
         return false;
     }
 
-    // ==================== Should only be accessed by the Kernel =================
-
-    public Object getAttribute(String name) throws Exception {
-        return unlockKeyPasswords.get(name);
-    }
-
-    public void setAttribute(String name, Object value) throws Exception {
-        unlockKeyPasswords.put(name, value);
-    }
-
-    public Object invoke(String name, Object[] arguments, String[] types) throws Exception {
-        throw new UnsupportedOperationException();
-    }
-
     public static final GBeanInfo GBEAN_INFO;
 
     static {
         GBeanInfoBuilder infoFactory = GBeanInfoBuilder.createStatic(FileKeystoreInstance.class, NameFactory.KEYSTORE_INSTANCE);
-        infoFactory.addAttribute("keystoreFile", File.class, true, false);
+        infoFactory.addAttribute("keystorePath", URI.class, true, false);
         infoFactory.addAttribute("keystoreName", String.class, true, false);
+        infoFactory.addAttribute("keystorePassword", String.class, true, true);
+        infoFactory.addAttribute("keyPasswords", String.class, true, true);
         infoFactory.addAttribute("kernel", Kernel.class, false);
         infoFactory.addAttribute("objectName", String.class, false);
+        infoFactory.addReference("ServerInfo", ServerInfo.class, NameFactory.GERONIMO_SERVICE);
         infoFactory.addInterface(KeystoreInstance.class);
-        infoFactory.setConstructor(new String[]{"keystoreFile", "keystoreName", "kernel", "objectName"});
+        infoFactory.setConstructor(new String[]{"ServerInfo","keystorePath", "keystoreName", "keystorePassword", "keyPasswords", "kernel", "objectName"});
 
         GBEAN_INFO = infoFactory.getBeanInfo();
     }
@@ -298,10 +365,6 @@
             log.error("Unable to open keystore with provided password", e);
         }
         return false;
-    }
-
-    private char[] getKeystorePassword() {
-        return (char[])unlockKeyPasswords.get(MAGIC_KEYSTORE_PWD_KEY);
     }
 
     private boolean isLoaded(char[] password) {

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreManager.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreManager.java?rev=389206&r1=389205&r2=389206&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreManager.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreManager.java Mon Mar 27 09:43:21 2006
@@ -16,53 +16,54 @@
  */
 package org.apache.geronimo.security.keystore;
 
-import org.apache.geronimo.system.serverinfo.ServerInfo;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.geronimo.gbean.GBeanData;
 import org.apache.geronimo.gbean.GBeanInfo;
 import org.apache.geronimo.gbean.GBeanInfoBuilder;
 import org.apache.geronimo.gbean.GBeanLifecycle;
-import org.apache.geronimo.gbean.GBeanData;
 import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
 import org.apache.geronimo.j2ee.management.impl.Util;
-import org.apache.geronimo.kernel.config.EditableConfigurationManager;
-import org.apache.geronimo.kernel.config.ConfigurationUtil;
+import org.apache.geronimo.kernel.Kernel;
 import org.apache.geronimo.kernel.config.Configuration;
+import org.apache.geronimo.kernel.config.ConfigurationUtil;
+import org.apache.geronimo.kernel.config.EditableConfigurationManager;
 import org.apache.geronimo.kernel.config.InvalidConfigException;
-import org.apache.geronimo.kernel.Kernel;
-import org.apache.geronimo.util.jce.*;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
+import org.apache.geronimo.system.serverinfo.ServerInfo;
+import org.apache.geronimo.util.jce.X509Principal;
+import org.apache.geronimo.util.jce.X509V1CertificateGenerator;
 
-import javax.net.ServerSocketFactory;
-import javax.management.ObjectName;
 import javax.management.MalformedObjectNameException;
-import java.io.File;
-import java.io.OutputStream;
+import javax.management.ObjectName;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLServerSocketFactory;
 import java.io.BufferedOutputStream;
+import java.io.File;
 import java.io.FileOutputStream;
 import java.io.IOException;
+import java.io.OutputStream;
+import java.math.BigInteger;
 import java.net.URI;
 import java.net.URISyntaxException;
-import java.util.List;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Iterator;
-import java.util.Map;
-import java.util.Hashtable;
-import java.util.Vector;
-import java.util.Date;
+import java.security.KeyManagementException;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
-import java.security.KeyPairGenerator;
-import java.security.KeyPair;
-import java.security.PublicKey;
+import java.security.NoSuchProviderException;
 import java.security.PrivateKey;
-import java.security.SignatureException;
-import java.security.InvalidKeyException;
+import java.security.PublicKey;
+import java.security.UnrecoverableKeyException;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
-import java.security.cert.Certificate;
-import java.math.BigInteger;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Date;
+import java.util.Hashtable;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Vector;
+import java.lang.reflect.InvocationTargetException;
 
 /**
  * An implementation of KeystoreManager that assumes every file in a specified
@@ -144,7 +145,16 @@
             throw new IllegalArgumentException("Invalid keystore name '"+name+"' ("+e.getMessage()+")");
         }
         GBeanData data = new GBeanData(oName, FileKeystoreInstance.getGBeanInfo());
-        data.setAttribute("keystoreFile", test);
+        try {
+            String path = configuredDir.toString();
+            if(!path.endsWith("/")) {
+                path += "/";
+            }
+            data.setAttribute("keystorePath", new URI(path +name));
+        } catch (URISyntaxException e) {
+            throw new IllegalStateException("Can't resolve keystore path: "+e.getMessage());
+        }
+        data.setReferencePattern("ServerInfo", kernel.getObjectNameFor(serverInfo));
         data.setAttribute("keystoreName", name);
         EditableConfigurationManager mgr = ConfigurationUtil.getEditableConfigurationManager(kernel);
         if(mgr != null) {
@@ -167,8 +177,35 @@
         }
     }
 
-    public ServerSocketFactory createSSLFactory(String keyStore, String keyAlias, String trustStore) throws KeystoreIsLocked, KeyIsLocked {
-        throw new UnsupportedOperationException();
+    public SSLServerSocketFactory createSSLFactory(String provider, String protocol, String algorithm, String keyStore, String keyAlias, String trustStore, ClassLoader loader) throws KeystoreIsLocked, KeyIsLocked, NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, KeyManagementException, NoSuchProviderException {
+        KeystoreInstance keyInstance = getKeystore(keyStore);
+        if(keyInstance.isKeystoreLocked()) {
+            throw new KeystoreIsLocked("Keystore '"+keyStore+"' is locked; please use the keystore page in the admin console to unlock it");
+        }
+        if(keyInstance.isKeyUnlocked(keyAlias)) {
+            throw new KeystoreIsLocked("Key '"+keyAlias+"' in keystore '"+keyStore+"' is locked; please use the keystore page in the admin console to unlock it");
+        }
+        KeystoreInstance trustInstance = trustStore == null ? null : getKeystore(trustStore);
+        if(trustInstance != null && trustInstance.isKeystoreLocked()) {
+            throw new KeystoreIsLocked("Keystore '"+trustStore+"' is locked; please use the keystore page in the admin console to unlock it");
+        }
+
+        // OMG this hurts, but it causes ClassCastExceptions elsewhere unless done this way!
+        try {
+            Class cls = loader.loadClass("javax.net.ssl.SSLContext");
+            Object ctx = cls.getMethod("getInstance", new Class[] {String.class}).invoke(null, new Object[]{protocol});
+            Class kmc = loader.loadClass("[Ljavax.net.ssl.KeyManager;");
+            Class tmc = loader.loadClass("[Ljavax.net.ssl.TrustManager;");
+            Class src = loader.loadClass("java.security.SecureRandom");
+            cls.getMethod("init", new Class[]{kmc, tmc, src}).invoke(ctx, new Object[]{keyInstance.getKeyManager(algorithm, keyAlias),
+                                                                            trustInstance == null ? null : trustInstance.getTrustManager(algorithm),
+                                                                            new java.security.SecureRandom()});
+            Object result = cls.getMethod("getServerSocketFactory", new Class[0]).invoke(ctx, new Object[0]);
+            return (SSLServerSocketFactory) result;
+        } catch (Exception e) {
+            log.error("Unable to dynamically load", e);
+            return null;
+        }
     }
 
     public KeystoreInstance createKeystore(String name, char[] password) {
@@ -194,6 +231,32 @@
             log.error("Unable to create keystore", e);
         }
         return null;
+    }
+
+    public String[] getUnlockedKeyStores() {
+        List results = new ArrayList();
+        for (Iterator it = keystores.iterator(); it.hasNext();) {
+            KeystoreInstance instance = (KeystoreInstance) it.next();
+            try {
+                if(!instance.isKeystoreLocked() && instance.getUnlockedKeys().length > 0) {
+                    results.add(instance.getKeystoreName());
+                }
+            } catch (KeystoreIsLocked locked) {}
+        }
+        return (String[]) results.toArray(new String[results.size()]);
+    }
+
+    public String[] getUnlockedTrustStores() {
+        List results = new ArrayList();
+        for (Iterator it = keystores.iterator(); it.hasNext();) {
+            KeystoreInstance instance = (KeystoreInstance) it.next();
+            try {
+                if(!instance.isKeystoreLocked() && instance.isTrustStore()) {
+                    results.add(instance.getKeystoreName());
+                }
+            } catch (KeystoreIsLocked locked) {}
+        }
+        return (String[]) results.toArray(new String[results.size()]);
     }
 
     public static final GBeanInfo GBEAN_INFO;



Mime
View raw message