geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rickmcgu...@apache.org
Subject svn commit: r406135 - in /geronimo/branches/1.1/modules: jetty/src/java/org/apache/geronimo/jetty/connector/ management/src/java/org/apache/geronimo/management/geronimo/ security/src/java/org/apache/geronimo/security/keystore/
Date Sat, 13 May 2006 18:02:29 GMT
Author: rickmcguire
Date: Sat May 13 11:02:28 2006
New Revision: 406135

URL: http://svn.apache.org/viewcvs?rev=406135&view=rev
Log:
Fix -1 comments from Aaron Mulder on first commit.  Also correct the isKeyUnlocked() methods
of KeyInstance. 


Modified:
    geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/connector/GeronimoSSLListener.java
    geronimo/branches/1.1/modules/management/src/java/org/apache/geronimo/management/geronimo/KeystoreInstance.java
    geronimo/branches/1.1/modules/management/src/java/org/apache/geronimo/management/geronimo/KeystoreManager.java
    geronimo/branches/1.1/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreInstance.java
    geronimo/branches/1.1/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreManager.java

Modified: geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/connector/GeronimoSSLListener.java
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/connector/GeronimoSSLListener.java?rev=406135&r1=406134&r2=406135&view=diff
==============================================================================
--- geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/connector/GeronimoSSLListener.java
(original)
+++ geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/connector/GeronimoSSLListener.java
Sat May 13 11:02:28 2006
@@ -37,6 +37,7 @@
     }
 
     protected SSLServerSocketFactory createFactory() throws Exception {
+        // we need the server factory version.
         return manager.createSSLServerFactory(null, getProtocol(), getAlgorithm(), keyStore,
keyAlias, trustStore, SslListener.class.getClassLoader());
     }
 

Modified: geronimo/branches/1.1/modules/management/src/java/org/apache/geronimo/management/geronimo/KeystoreInstance.java
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.1/modules/management/src/java/org/apache/geronimo/management/geronimo/KeystoreInstance.java?rev=406135&r1=406134&r2=406135&view=diff
==============================================================================
--- geronimo/branches/1.1/modules/management/src/java/org/apache/geronimo/management/geronimo/KeystoreInstance.java
(original)
+++ geronimo/branches/1.1/modules/management/src/java/org/apache/geronimo/management/geronimo/KeystoreInstance.java
Sat May 13 11:02:28 2006
@@ -97,11 +97,11 @@
     public void lockPrivateKey(String alias);
 
     /**
-     * Checks whether the specified private key is unlocked, which is to say,
+     * Checks whether the specified private key is locked, which is to say,
      * available for other components to use to generate socket factories.
      * Does not check whether the unlock password is actually correct.
      */
-    public boolean isKeyUnlocked(String alias);
+    public boolean isKeyLocked(String alias);
 
     /**
      * Gets the aliases of all trusted certificate entries in the keystore.

Modified: geronimo/branches/1.1/modules/management/src/java/org/apache/geronimo/management/geronimo/KeystoreManager.java
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.1/modules/management/src/java/org/apache/geronimo/management/geronimo/KeystoreManager.java?rev=406135&r1=406134&r2=406135&view=diff
==============================================================================
--- geronimo/branches/1.1/modules/management/src/java/org/apache/geronimo/management/geronimo/KeystoreManager.java
(original)
+++ geronimo/branches/1.1/modules/management/src/java/org/apache/geronimo/management/geronimo/KeystoreManager.java
Sat May 13 11:02:28 2006
@@ -54,6 +54,7 @@
      * @param trustStore The trust keystore name as provided by listKeystores.
      *                   The KeystoreInstance for this keystore must have
      *                   unlocked this key.
+     * @param loader     The class loader used to resolve factory classes.
      *
      * @throws KeystoreIsLocked Occurs when the requested key keystore cannot
      *                          be used because it has not been unlocked.
@@ -80,6 +81,7 @@
      * @param trustStore The trust keystore name as provided by listKeystores.
      *                   The KeystoreInstance for this keystore must have
      *                   unlocked this key.
+     * @param loader     The class loader used to resolve factory classes.
      *
      * @throws KeystoreIsLocked Occurs when the requested key keystore cannot
      *                          be used because it has not been unlocked.
@@ -89,6 +91,28 @@
      */
     public SSLSocketFactory createSSLFactory(String provider, String protocol, String algorithm,
                                                    String keyStore, String keyAlias, String
trustStore, ClassLoader loader)
+            throws KeystoreIsLocked, KeyIsLocked, NoSuchAlgorithmException, UnrecoverableKeyException,
KeyStoreException, KeyManagementException, NoSuchProviderException;
+
+
+    /**
+     * Gets a SocketFactory using one Keystore to access the private key
+     * and another to provide the list of trusted certificate authorities.
+     * @param provider The SSL provider to use, or null for the default
+     * @param protocol The SSL protocol to use
+     * @param algorithm The SSL algorithm to use
+     * @param trustStore The trust keystore name as provided by listKeystores.
+     *                   The KeystoreInstance for this keystore must have
+     *                   unlocked this key.
+     * @param loader     The class loader used to resolve factory classes.
+     *
+     * @throws KeystoreIsLocked Occurs when the requested key keystore cannot
+     *                          be used because it has not been unlocked.
+     * @throws KeyIsLocked Occurs when the requested private key in the key
+     *                     keystore cannot be used because it has not been
+     *                     unlocked.
+     */
+    public SSLSocketFactory createSSLFactory(String provider, String protocol, String algorithm,
+                                                   String trustStore, ClassLoader loader)
             throws KeystoreIsLocked, KeyIsLocked, NoSuchAlgorithmException, UnrecoverableKeyException,
KeyStoreException, KeyManagementException, NoSuchProviderException;
 
     /**

Modified: geronimo/branches/1.1/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreInstance.java
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.1/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreInstance.java?rev=406135&r1=406134&r2=406135&view=diff
==============================================================================
--- geronimo/branches/1.1/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreInstance.java
(original)
+++ geronimo/branches/1.1/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreInstance.java
Sat May 13 11:02:28 2006
@@ -200,7 +200,12 @@
 
     public void setKeyPasswords(String passwords) {} // Just so the kernel sees the new value
 
-    public boolean isKeyUnlocked(String alias) {
+    /**
+     * Checks whether the specified private key is locked, which is to say,
+     * available for other components to use to generate socket factories.
+     * Does not check whether the unlock password is actually correct.
+     */
+    public boolean isKeyLocked(String alias) {
         return keyPasswords.get(alias) == null;
     }
 

Modified: geronimo/branches/1.1/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreManager.java
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.1/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreManager.java?rev=406135&r1=406134&r2=406135&view=diff
==============================================================================
--- geronimo/branches/1.1/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreManager.java
(original)
+++ geronimo/branches/1.1/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreManager.java
Sat May 13 11:02:28 2006
@@ -177,31 +177,76 @@
     /**
      * Gets a SocketFactory using one Keystore to access the private key
      * and another to provide the list of trusted certificate authorities.
-     * @param provider The SSL provider to use, or null for the default
-     * @param protocol The SSL protocol to use
-     * @param algorithm The SSL algorithm to use
-     * @param keyStore The key keystore name as provided by listKeystores.  The
-     *                 KeystoreInstance for this keystore must be unlocked.
-     * @param keyAlias The name of the private key in the keystore.  The
-     *                 KeystoreInstance for this keystore must have unlocked
-     *                 this key.
+     *
+     * @param provider   The SSL provider to use, or null for the default
+     * @param protocol   The SSL protocol to use
+     * @param algorithm  The SSL algorithm to use
      * @param trustStore The trust keystore name as provided by listKeystores.
      *                   The KeystoreInstance for this keystore must have
      *                   unlocked this key.
+     * @param loader     The class loader used to resolve factory classes.
      *
-     * @throws KeystoreIsLocked Occurs when the requested key keystore cannot
-     *                          be used because it has not been unlocked.
-     * @throws KeyIsLocked Occurs when the requested private key in the key
-     *                     keystore cannot be used because it has not been
-     *                     unlocked.
+     * @return A created SSLSocketFactory item created from the KeystoreManager.
+     * @throws KeystoreIsLocked
+     *                Occurs when the requested key keystore cannot
+     *                be used because it has not been unlocked.
+     * @throws KeyIsLocked
+     *                Occurs when the requested private key in the key
+     *                keystore cannot be used because it has not been
+     *                unlocked.
+     * @throws NoSuchAlgorithmException
+     * @throws UnrecoverableKeyException
+     * @throws KeyStoreException
+     * @throws KeyManagementException
+     * @throws NoSuchProviderException
+     */
+    public SSLSocketFactory createSSLFactory(String provider, String protocol, String algorithm,
String trustStore, ClassLoader loader) throws KeystoreIsLocked, KeyIsLocked, NoSuchAlgorithmException,
UnrecoverableKeyException, KeyStoreException, KeyManagementException, NoSuchProviderException
{
+        // typically, the keyStore and the keyAlias are not required if authentication is
also not required.
+        return createSSLFactory(provider, protocol, algorithm, null, null, trustStore, loader);
+    }
+
+    /**
+     * Gets a SocketFactory using one Keystore to access the private key
+     * and another to provide the list of trusted certificate authorities.
+     *
+     * @param provider   The SSL provider to use, or null for the default
+     * @param protocol   The SSL protocol to use
+     * @param algorithm  The SSL algorithm to use
+     * @param keyStore   The key keystore name as provided by listKeystores.  The
+     *                   KeystoreInstance for this keystore must be unlocked.
+     * @param keyAlias   The name of the private key in the keystore.  The
+     *                   KeystoreInstance for this keystore must have unlocked
+     *                   this key.
+     * @param trustStore The trust keystore name as provided by listKeystores.
+     *                   The KeystoreInstance for this keystore must have
+     *                   unlocked this key.
+     * @param loader     The class loader used to resolve factory classes.
+     *
+     * @return A created SSLSocketFactory item created from the KeystoreManager.
+     * @throws KeystoreIsLocked
+     *                Occurs when the requested key keystore cannot
+     *                be used because it has not been unlocked.
+     * @throws KeyIsLocked
+     *                Occurs when the requested private key in the key
+     *                keystore cannot be used because it has not been
+     *                unlocked.
+     * @throws NoSuchAlgorithmException
+     * @throws UnrecoverableKeyException
+     * @throws KeyStoreException
+     * @throws KeyManagementException
+     * @throws NoSuchProviderException
      */
     public SSLSocketFactory createSSLFactory(String provider, String protocol, String algorithm,
String keyStore, String keyAlias, String trustStore, ClassLoader loader) throws KeystoreIsLocked,
KeyIsLocked, NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, KeyManagementException,
NoSuchProviderException {
-        KeystoreInstance keyInstance = getKeystore(keyStore);
-        if(keyInstance.isKeystoreLocked()) {
-            throw new KeystoreIsLocked("Keystore '"+keyStore+"' is locked; please use the
keystore page in the admin console to unlock it");
-        }
-        if(keyInstance.isKeyUnlocked(keyAlias)) {
-            throw new KeystoreIsLocked("Key '"+keyAlias+"' in keystore '"+keyStore+"' is
locked; please use the keystore page in the admin console to unlock it");
+        // the keyStore is optional.
+        KeystoreInstance keyInstance = null;
+        if (keyStore != null) {
+            keyInstance = getKeystore(keyStore);
+            if(keyInstance.isKeystoreLocked()) {
+                throw new KeystoreIsLocked("Keystore '"+keyStore+"' is locked; please use
the keystore page in the admin console to unlock it");
+            }
+            if(keyInstance.isKeyLocked(keyAlias)) {
+                throw new KeystoreIsLocked("Key '"+keyAlias+"' in keystore '"+keyStore+"'
is locked; please use the keystore page in the admin console to unlock it");
+            }
         }
         KeystoreInstance trustInstance = trustStore == null ? null : getKeystore(trustStore);
         if(trustInstance != null && trustInstance.isKeystoreLocked()) {
@@ -215,7 +260,8 @@
             Class kmc = loader.loadClass("[Ljavax.net.ssl.KeyManager;");
             Class tmc = loader.loadClass("[Ljavax.net.ssl.TrustManager;");
             Class src = loader.loadClass("java.security.SecureRandom");
-            cls.getMethod("init", new Class[]{kmc, tmc, src}).invoke(ctx, new Object[]{keyInstance.getKeyManager(algorithm,
keyAlias),
+            cls.getMethod("init", new Class[]{kmc, tmc, src}).invoke(ctx, new Object[]{
+                                                                            keyInstance ==
null ? null : keyInstance.getKeyManager(algorithm, keyAlias),
                                                                             trustInstance
== null ? null : trustInstance.getTrustManager(algorithm),
                                                                             new java.security.SecureRandom()});
             Object result = cls.getMethod("getSocketFactory", new Class[0]).invoke(ctx, new
Object[0]);
@@ -240,6 +286,7 @@
      * @param trustStore The trust keystore name as provided by listKeystores.
      *                   The KeystoreInstance for this keystore must have
      *                   unlocked this key.
+     * @param loader     The class loader used to resolve factory classes.
      *
      * @throws KeystoreIsLocked Occurs when the requested key keystore cannot
      *                          be used because it has not been unlocked.
@@ -247,33 +294,12 @@
      *                     keystore cannot be used because it has not been
      *                     unlocked.
      */
-    /**
-     * Create an SSLServerSocketFactory configured from the
-     * appropriate characteristics.
-     *
-     * @param provider   The JSSE provider to use (optional).
-     * @param protocol   The protocol we need a factory for.
-     * @param algorithm  A particular algoritm to use.
-     * @param keyStore   The keystore the factory should be configured with.
-     * @param keyAlias
-     * @param trustStore The trustStore to use for managing trust certificates.
-     * @param loader     The ClassLoader instance for loading the factory.
-     *
-     * @return An SSLServerSocketFactory instance.
-     * @exception KeystoreIsLocked
-     * @exception KeyIsLocked
-     * @exception NoSuchAlgorithmException
-     * @exception UnrecoverableKeyException
-     * @exception KeyStoreException
-     * @exception KeyManagementException
-     * @exception NoSuchProviderException
-     */
     public SSLServerSocketFactory createSSLServerFactory(String provider, String protocol,
String algorithm, String keyStore, String keyAlias, String trustStore, ClassLoader loader)
throws KeystoreIsLocked, KeyIsLocked, NoSuchAlgorithmException, UnrecoverableKeyException,
KeyStoreException, KeyManagementException, NoSuchProviderException {
         KeystoreInstance keyInstance = getKeystore(keyStore);
         if(keyInstance.isKeystoreLocked()) {
             throw new KeystoreIsLocked("Keystore '"+keyStore+"' is locked; please use the
keystore page in the admin console to unlock it");
         }
-        if(keyInstance.isKeyUnlocked(keyAlias)) {
+        if(keyInstance.isKeyLocked(keyAlias)) {
             throw new KeystoreIsLocked("Key '"+keyAlias+"' in keystore '"+keyStore+"' is
locked; please use the keystore page in the admin console to unlock it");
         }
         KeystoreInstance trustInstance = trustStore == null ? null : getKeystore(trustStore);



Mime
View raw message