geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rickmcgu...@apache.org
Subject svn commit: r406106 - /geronimo/branches/1.1/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreManager.java
Date Sat, 13 May 2006 14:00:45 GMT
Author: rickmcguire
Date: Sat May 13 07:00:44 2006
New Revision: 406106

URL: http://svn.apache.org/viewcvs?rev=406106&view=rev
Log:
GERONIMO-2019 -- add ability to create client-side SSLSocketFactories to KeystoreManager API.


Modified:
    geronimo/branches/1.1/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreManager.java

Modified: geronimo/branches/1.1/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreManager.java
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.1/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreManager.java?rev=406106&r1=406105&r2=406106&view=diff
==============================================================================
--- geronimo/branches/1.1/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreManager.java
(original)
+++ geronimo/branches/1.1/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreManager.java
Sat May 13 07:00:44 2006
@@ -42,6 +42,7 @@
 import java.util.List;
 import java.util.Vector;
 import javax.net.ssl.SSLServerSocketFactory;
+import javax.net.ssl.SSLSocketFactory;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.geronimo.gbean.AbstractName;
@@ -173,7 +174,101 @@
         }
     }
 
-    public SSLServerSocketFactory createSSLFactory(String provider, String protocol, String
algorithm, String keyStore, String keyAlias, String trustStore, ClassLoader loader) throws
KeystoreIsLocked, KeyIsLocked, NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException,
KeyManagementException, NoSuchProviderException {
+    /**
+     * Gets a SocketFactory using one Keystore to access the private key
+     * and another to provide the list of trusted certificate authorities.
+     * @param provider The SSL provider to use, or null for the default
+     * @param protocol The SSL protocol to use
+     * @param algorithm The SSL algorithm to use
+     * @param keyStore The key keystore name as provided by listKeystores.  The
+     *                 KeystoreInstance for this keystore must be unlocked.
+     * @param keyAlias The name of the private key in the keystore.  The
+     *                 KeystoreInstance for this keystore must have unlocked
+     *                 this key.
+     * @param trustStore The trust keystore name as provided by listKeystores.
+     *                   The KeystoreInstance for this keystore must have
+     *                   unlocked this key.
+     *
+     * @throws KeystoreIsLocked Occurs when the requested key keystore cannot
+     *                          be used because it has not been unlocked.
+     * @throws KeyIsLocked Occurs when the requested private key in the key
+     *                     keystore cannot be used because it has not been
+     *                     unlocked.
+     */
+    public SSLSocketFactory createSSLFactory(String provider, String protocol, String algorithm,
String keyStore, String keyAlias, String trustStore, ClassLoader loader) throws KeystoreIsLocked,
KeyIsLocked, NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, KeyManagementException,
NoSuchProviderException {
+        KeystoreInstance keyInstance = getKeystore(keyStore);
+        if(keyInstance.isKeystoreLocked()) {
+            throw new KeystoreIsLocked("Keystore '"+keyStore+"' is locked; please use the
keystore page in the admin console to unlock it");
+        }
+        if(keyInstance.isKeyUnlocked(keyAlias)) {
+            throw new KeystoreIsLocked("Key '"+keyAlias+"' in keystore '"+keyStore+"' is
locked; please use the keystore page in the admin console to unlock it");
+        }
+        KeystoreInstance trustInstance = trustStore == null ? null : getKeystore(trustStore);
+        if(trustInstance != null && trustInstance.isKeystoreLocked()) {
+            throw new KeystoreIsLocked("Keystore '"+trustStore+"' is locked; please use the
keystore page in the admin console to unlock it");
+        }
+
+        // OMG this hurts, but it causes ClassCastExceptions elsewhere unless done this way!
+        try {
+            Class cls = loader.loadClass("javax.net.ssl.SSLContext");
+            Object ctx = cls.getMethod("getInstance", new Class[] {String.class}).invoke(null,
new Object[]{protocol});
+            Class kmc = loader.loadClass("[Ljavax.net.ssl.KeyManager;");
+            Class tmc = loader.loadClass("[Ljavax.net.ssl.TrustManager;");
+            Class src = loader.loadClass("java.security.SecureRandom");
+            cls.getMethod("init", new Class[]{kmc, tmc, src}).invoke(ctx, new Object[]{keyInstance.getKeyManager(algorithm,
keyAlias),
+                                                                            trustInstance
== null ? null : trustInstance.getTrustManager(algorithm),
+                                                                            new java.security.SecureRandom()});
+            Object result = cls.getMethod("getSocketFactory", new Class[0]).invoke(ctx, new
Object[0]);
+            return (SSLSocketFactory) result;
+        } catch (Exception e) {
+            log.error("Unable to dynamically load", e);
+            return null;
+        }
+    }
+
+    /**
+     * Gets a ServerSocketFactory using one Keystore to access the private key
+     * and another to provide the list of trusted certificate authorities.
+     * @param provider The SSL provider to use, or null for the default
+     * @param protocol The SSL protocol to use
+     * @param algorithm The SSL algorithm to use
+     * @param keyStore The key keystore name as provided by listKeystores.  The
+     *                 KeystoreInstance for this keystore must be unlocked.
+     * @param keyAlias The name of the private key in the keystore.  The
+     *                 KeystoreInstance for this keystore must have unlocked
+     *                 this key.
+     * @param trustStore The trust keystore name as provided by listKeystores.
+     *                   The KeystoreInstance for this keystore must have
+     *                   unlocked this key.
+     *
+     * @throws KeystoreIsLocked Occurs when the requested key keystore cannot
+     *                          be used because it has not been unlocked.
+     * @throws KeyIsLocked Occurs when the requested private key in the key
+     *                     keystore cannot be used because it has not been
+     *                     unlocked.
+     */
+    /**
+     * Create an SSLServerSocketFactory configured from the
+     * appropriate characteristics.
+     *
+     * @param provider   The JSSE provider to use (optional).
+     * @param protocol   The protocol we need a factory for.
+     * @param algorithm  A particular algoritm to use.
+     * @param keyStore   The keystore the factory should be configured with.
+     * @param keyAlias
+     * @param trustStore The trustStore to use for managing trust certificates.
+     * @param loader     The ClassLoader instance for loading the factory.
+     *
+     * @return An SSLServerSocketFactory instance.
+     * @exception KeystoreIsLocked
+     * @exception KeyIsLocked
+     * @exception NoSuchAlgorithmException
+     * @exception UnrecoverableKeyException
+     * @exception KeyStoreException
+     * @exception KeyManagementException
+     * @exception NoSuchProviderException
+     */
+    public SSLServerSocketFactory createSSLServerFactory(String provider, String protocol,
String algorithm, String keyStore, String keyAlias, String trustStore, ClassLoader loader)
throws KeystoreIsLocked, KeyIsLocked, NoSuchAlgorithmException, UnrecoverableKeyException,
KeyStoreException, KeyManagementException, NoSuchProviderException {
         KeystoreInstance keyInstance = getKeystore(keyStore);
         if(keyInstance.isKeystoreLocked()) {
             throw new KeystoreIsLocked("Keystore '"+keyStore+"' is locked; please use the
keystore page in the admin console to unlock it");



Mime
View raw message