geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vamsic...@apache.org
Subject svn commit: r476229 [4/5] - in /geronimo/server/trunk: applications/ applications/console/geronimo-console-core/src/main/java/org/apache/geronimo/console/util/ applications/console/geronimo-console-framework/src/main/webapp/WEB-INF/data/ applications/c...
Date Fri, 17 Nov 2006 17:48:06 GMT
Added: geronimo/server/trunk/configs/ca-helper-tomcat/src/main/resources/META-INF/geronimo-plugin.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/configs/ca-helper-tomcat/src/main/resources/META-INF/geronimo-plugin.xml?view=auto&rev=476229
==============================================================================
--- geronimo/server/trunk/configs/ca-helper-tomcat/src/main/resources/META-INF/geronimo-plugin.xml (added)
+++ geronimo/server/trunk/configs/ca-helper-tomcat/src/main/resources/META-INF/geronimo-plugin.xml Fri Nov 17 09:48:02 2006
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+    Licensed to the Apache Software Foundation (ASF) under one or more
+    contributor license agreements.  See the NOTICE file distributed with
+    this work for additional information regarding copyright ownership.
+    The ASF licenses this file to You under the Apache License, Version 2.0
+    (the "License"); you may not use this file except in compliance with
+    the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+-->
+
+<!-- $Rev$ $Date$ -->
+
+<geronimo-plugin xmlns="http://geronimo.apache.org/xml/ns/plugins-1.1">
+    <name>Geronimo CA Helper Web App (Tomcat)</name>
+    <module-id>${pom.groupId}/${pom.artifactId}/${pom.currentVersion}/car</module-id>
+    <category>Core Geronimo</category>
+    <description>
+        This is a helper application for CA to enable receiving CSR's through
+        and uploading certificates to web browsers.
+    </description>
+    <url>http://geronimo.apache.org/</url>
+    <author>The Apache Geronimo development community</author>
+    <license osi-approved="true">BSD -- Apache Software License (ASL) 2.0</license>
+    <geronimo-version>${pom.currentVersion}</geronimo-version>
+    <prerequisite>
+        <id>org.apache.geronimo.configs/tomcat//car</id>
+        <resource-type>Web Container</resource-type>
+        <description>
+            This version of the CA Helper application works with the Geronimo/Tomcat distribution.
+            It is not intended to run in the Geronimo/Jetty distribution.  There is a separate version of the
+            CA Helper application that works with Jetty.  Please install the version appropriate to your Geronimo
+            distribution.
+        </description>
+    </prerequisite>
+    <dependency>org.apache.geronimo.configs/j2ee-server//car</dependency>
+    <source-repository>http://www.geronimoplugins.com/repository/geronimo-1.1/</source-repository>
+    <source-repository>http://www.ibiblio.org/maven2/</source-repository>
+</geronimo-plugin>

Added: geronimo/server/trunk/configs/ca-helper-tomcat/src/plan/plan.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/configs/ca-helper-tomcat/src/plan/plan.xml?view=auto&rev=476229
==============================================================================
--- geronimo/server/trunk/configs/ca-helper-tomcat/src/plan/plan.xml (added)
+++ geronimo/server/trunk/configs/ca-helper-tomcat/src/plan/plan.xml Fri Nov 17 09:48:02 2006
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+    Licensed to the Apache Software Foundation (ASF) under one or more
+    contributor license agreements.  See the NOTICE file distributed with
+    this work for additional information regarding copyright ownership.
+    The ASF licenses this file to You under the Apache License, Version 2.0
+    (the "License"); you may not use this file except in compliance with
+    the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+-->
+
+<!-- $Rev$ $Date$ -->
+
+<web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web/tomcat-1.1">
+    <context-root>/CAHelper</context-root>
+</web-app>

Added: geronimo/server/trunk/configs/ca-helper-tomcat/src/site/site.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/configs/ca-helper-tomcat/src/site/site.xml?view=auto&rev=476229
==============================================================================
--- geronimo/server/trunk/configs/ca-helper-tomcat/src/site/site.xml (added)
+++ geronimo/server/trunk/configs/ca-helper-tomcat/src/site/site.xml Fri Nov 17 09:48:02 2006
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+    Licensed to the Apache Software Foundation (ASF) under one or more
+    contributor license agreements.  See the NOTICE file distributed with
+    this work for additional information regarding copyright ownership.
+    The ASF licenses this file to You under the Apache License, Version 2.0
+    (the "License"); you may not use this file except in compliance with
+    the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+-->
+
+<!-- $Rev$ $Date$ -->
+
+<project name="${project.name}">
+    
+    <body>
+        
+        ${parentProject}
+        
+        ${modules}
+        
+        ${reports}
+        
+    </body>
+
+</project>
+
+

Modified: geronimo/server/trunk/configs/pom.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/configs/pom.xml?view=diff&rev=476229&r1=476228&r2=476229
==============================================================================
--- geronimo/server/trunk/configs/pom.xml (original)
+++ geronimo/server/trunk/configs/pom.xml Fri Nov 17 09:48:02 2006
@@ -173,7 +173,8 @@
         <module>welcome-tomcat</module>
         <module>dojo-jetty</module>
         <module>dojo-tomcat</module>
-
+        <module>ca-helper-jetty</module>
+        <module>ca-helper-tomcat</module>
         <!-- jee5 configs -->
         <module>transformer-agent</module>
         <module>persistence-jpa10-deployer</module>

Modified: geronimo/server/trunk/modules/geronimo-j2ee/src/main/java/org/apache/geronimo/j2ee/j2eeobjectnames/NameFactory.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-j2ee/src/main/java/org/apache/geronimo/j2ee/j2eeobjectnames/NameFactory.java?view=diff&rev=476229&r1=476228&r2=476229
==============================================================================
--- geronimo/server/trunk/modules/geronimo-j2ee/src/main/java/org/apache/geronimo/j2ee/j2eeobjectnames/NameFactory.java (original)
+++ geronimo/server/trunk/modules/geronimo-j2ee/src/main/java/org/apache/geronimo/j2ee/j2eeobjectnames/NameFactory.java Fri Nov 17 09:48:02 2006
@@ -114,4 +114,9 @@
     public static final String WEB_SERVICE_LINK = "WSLink";
     public static final String KEY_GENERATOR = "KeyGenerator";
     public static final String KEYSTORE_INSTANCE = "Keystore";
+
+    // Added for CertificationAuthority
+    public static final String CERTIFICATION_AUTHORITY = "CertificationAuthority";
+    public static final String CERTIFICATE_STORE = "CertificateStore";
+    public static final String CERTIFICATE_REQUEST_STORE = "CertificateRequestStore";
 }

Added: geronimo/server/trunk/modules/geronimo-management/src/main/java/org/apache/geronimo/management/geronimo/CertificateRequestStore.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-management/src/main/java/org/apache/geronimo/management/geronimo/CertificateRequestStore.java?view=auto&rev=476229
==============================================================================
--- geronimo/server/trunk/modules/geronimo-management/src/main/java/org/apache/geronimo/management/geronimo/CertificateRequestStore.java (added)
+++ geronimo/server/trunk/modules/geronimo-management/src/main/java/org/apache/geronimo/management/geronimo/CertificateRequestStore.java Fri Nov 17 09:48:02 2006
@@ -0,0 +1,95 @@
+/**
+ *
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.management.geronimo;
+
+import java.math.BigInteger;
+
+/**
+ * Management interface for dealing with a specific CertificateRequestStore
+ *
+ * @version $Rev$ $Date$
+ */
+public interface CertificateRequestStore {
+    /**
+     * This method returns the ids of all certificate requests in the store.
+     */
+    public String[] getAllRequestIds();
+
+    /**
+     * This method returns the ids of all certificate requests with verification due.
+     */
+    public String[] getVerificatonDueRequestIds();
+
+    /**
+     * This method returns the ids of all certificate requests that are verified.
+     */
+    public String[] getVerifiedRequestIds();
+
+    /**
+     * This method returns the certificate request text corresponding to a specified id.
+     * @param id Id of the certificate request.
+     */
+    public String getRequest(String id);
+
+    /**
+     * This method deletes a certificate request with the specified id.
+     * @param id Id of the certificate request to be deleted.
+     * @return True if the request is deleted succssfully
+     */
+    public boolean deleteRequest(String id);
+
+    /**
+     * This method stores the given certificate request under the given id.  If a request with the id
+     * exists in the store, it will generate a new id and store the request under that id.
+     * @param id Id under which the certificate request is to be stored
+     * @param csrText Certificate Request text
+     * @return Id under which the certificate request is stored
+     */
+    public String storeRequest(String id, String csrText);
+
+    /**
+     * This method sets the status of the specifed certificate request as verified.
+     * @param id Id of the certificate request
+     * @return True if the status is set successfully.
+     */
+    public boolean setRequestVerified(String id);
+
+    /**
+     * This method sets the status of a certificate request as fulfilled.
+     * @param id Id of the certificate request
+     * @param sNo Serial number of the certificate issued against the certificate request.
+     * @return True if the operation is successfull.
+     */
+    public boolean setRequestFulfilled(String id, BigInteger sNo);
+
+    /**
+     * This method returns the Serial number of the certificate issued against the certificate request
+     * specified by the given id.
+     * @param id Id of the certificate request
+     * @return Serial number of the certificate issued.
+     * @return null if there is no such certificate request or the certificate request is not fulfilled.
+     */
+    public BigInteger getSerialNumberForRequest(String id);
+
+    /**
+     * This method removes the certificate request id from the status list.
+     * @param id Id of the certificate request to be removed.
+     * @param sNo Serial number of certificate issued against the certificate request whose Id is to be removed.
+     */
+    public void removeRequestStatus(String id, BigInteger sNo);
+}

Added: geronimo/server/trunk/modules/geronimo-management/src/main/java/org/apache/geronimo/management/geronimo/CertificateStore.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-management/src/main/java/org/apache/geronimo/management/geronimo/CertificateStore.java?view=auto&rev=476229
==============================================================================
--- geronimo/server/trunk/modules/geronimo-management/src/main/java/org/apache/geronimo/management/geronimo/CertificateStore.java (added)
+++ geronimo/server/trunk/modules/geronimo-management/src/main/java/org/apache/geronimo/management/geronimo/CertificateStore.java Fri Nov 17 09:48:02 2006
@@ -0,0 +1,85 @@
+/**
+ *
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.management.geronimo;
+
+import java.math.BigInteger;
+import java.security.cert.Certificate;
+
+/**
+ * Management interface for dealing with a specific Certificate Store
+ *
+ * @version $Rev$ $Date$
+ */
+public interface CertificateStore {
+    /**
+     * This method stores a given certificate.
+     * 
+     * @param cert Certificate to be stored
+     */
+    public void storeCertificate(Certificate cert) throws CertificateStoreException;
+
+    /**
+     * This method returns a Certificate with a given serial number (if it exists in the store)
+     * 
+     * @param sNo Serial Number of the certificate to be retrieved.
+     */
+    public Certificate getCertificate(BigInteger sNo) throws CertificateStoreException;
+
+    /**
+     * This method returns base64 encoded certificate with a given serial number (if it exists in the store)
+     * 
+     * @param sNo Serial Number of the certificate to be retrieved.
+     */
+    public String getCertificateBase64Text(BigInteger sNo) throws CertificateStoreException;
+
+    /**
+     * This method returns the highest certificate serial number in the store.
+     */
+    public BigInteger getHighestSerialNumber() throws CertificateStoreException;
+
+    /**
+     * This method returns the 'highest certificate serial number plus ONE' and increments the highest
+     * serial number in the store.
+     */
+    public BigInteger getNextSerialNumber() throws CertificateStoreException;
+
+    /**
+     * This method checks if a certificate with a given serial number exists in the store.
+     * 
+     * @param sNo Serial number of the certificate to be checked
+     */
+    public boolean containsCertificate(BigInteger sNo);
+
+    /**
+     * This method stores the CA's certificate in the store.
+     * @param cert CA's certificate
+     */
+    public boolean storeCACertificate(Certificate cert) throws CertificateStoreException;
+
+    /**
+     * This method returns the CA's certificate stored in the store.
+     */
+    public Certificate getCACertificate() throws CertificateStoreException;
+
+    /**
+     * This method stores the challenge phrase against the specified certificate serial number
+     * @param sNo  Serial number of the certificate
+     * @param challenge Challenge phrase
+     */
+    public boolean setCertificateChallenge(BigInteger sNo, String challenge) throws CertificateStoreException;
+}

Added: geronimo/server/trunk/modules/geronimo-management/src/main/java/org/apache/geronimo/management/geronimo/CertificateStoreException.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-management/src/main/java/org/apache/geronimo/management/geronimo/CertificateStoreException.java?view=auto&rev=476229
==============================================================================
--- geronimo/server/trunk/modules/geronimo-management/src/main/java/org/apache/geronimo/management/geronimo/CertificateStoreException.java (added)
+++ geronimo/server/trunk/modules/geronimo-management/src/main/java/org/apache/geronimo/management/geronimo/CertificateStoreException.java Fri Nov 17 09:48:02 2006
@@ -0,0 +1,33 @@
+/**
+ *
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.management.geronimo;
+
+/**
+ * Exception indicating that a CertificateStore operation was unsuccessful.
+ *
+ * @version $Rev$ $Date$
+ */
+public class CertificateStoreException extends Exception {
+    public CertificateStoreException(String message) {
+        super(message);
+    }
+
+    public CertificateStoreException(String message, Throwable cause) {
+        super(message, cause);
+    }
+}

Added: geronimo/server/trunk/modules/geronimo-management/src/main/java/org/apache/geronimo/management/geronimo/CertificationAuthority.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-management/src/main/java/org/apache/geronimo/management/geronimo/CertificationAuthority.java?view=auto&rev=476229
==============================================================================
--- geronimo/server/trunk/modules/geronimo-management/src/main/java/org/apache/geronimo/management/geronimo/CertificationAuthority.java (added)
+++ geronimo/server/trunk/modules/geronimo-management/src/main/java/org/apache/geronimo/management/geronimo/CertificationAuthority.java Fri Nov 17 09:48:02 2006
@@ -0,0 +1,120 @@
+/**
+ *
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.management.geronimo;
+
+import java.math.BigInteger;
+import java.security.PublicKey;
+import java.security.cert.Certificate;
+import java.util.Date;
+
+import javax.security.auth.x500.X500Principal;
+
+import org.apache.geronimo.management.geronimo.CertificationAuthorityException;
+
+/**
+ * Management interface for dealing with a specific CertificationAuthority.
+ *
+ * @version $Rev$ $Date$
+ */
+public interface CertificationAuthority {
+
+    /**
+     * This method checks if the CA is locked.
+     * @return true if CA is locked, false otherwise.
+     */
+    public abstract boolean isLocked();
+
+    /**
+     * This method locks the CA.
+     */
+    public abstract void lock();
+
+    /**
+     * This method unlocks the CA.
+     * @param password Password to unlock the CA.
+     */
+    public abstract void unlock(char[] password) throws CertificationAuthorityException;
+
+    /**
+     * This method returns CA's name.
+     * @throws Exception if CA is locked.
+     */
+    public abstract X500Principal getName() throws CertificationAuthorityException;
+
+    /**
+     * This method returns CA's own certificate.
+     * @throws Exception if CA is locked.
+     */
+    public abstract Certificate getCertificate() throws CertificationAuthorityException;
+
+    /**
+     * This method makes the CA issue a self-signed certificate with given details.  This method is usually
+     * called while initializing the CA.
+     * 
+     * @param sNo Serial number for self-signed certificate
+     * @param validFromDate Certificate validity period start date
+     * @param validToDate Certificate validity period end date
+     * @param algorithm Signature algorithm for self-signed certificate
+     */
+    public abstract void issueOwnCertificate(BigInteger sNo, Date validFromDate, Date validToDate, String algorithm) throws CertificationAuthorityException;
+
+    /**
+     * This method issues a certificate.
+     * 
+     * @param subject Subject name
+     * @param publicKey Subject's public key 
+     * @param sNo Serial number for the certificate to be issued
+     * @param validFromDate Certificate validity period start date
+     * @param validToDate Certificate validity period end date
+     * @param algorithm Signature algorithm for the certificate
+     * @return newly issued certificate
+     */
+    public abstract Certificate issueCertificate(X500Principal subject, PublicKey publicKey, BigInteger sNo, Date validFromDate, Date validToDate, String algorithm) throws CertificationAuthorityException;
+
+    /**
+     * This method returns the highest serial number used by the CA.
+     */
+    public abstract BigInteger getHighestSerialNumber() throws CertificationAuthorityException;
+
+    /**
+     * This method checks if a Certificate with a given serial number is already issued.
+     * @param sNo The serial number of the the certificate to be looked for
+     * @return true if a certificate with the specified serial number has already been issued
+     */
+    public abstract boolean isCertificateIssued(BigInteger sNo) throws CertificationAuthorityException;
+
+    /**
+     * This method returns the next serial number that can be used to issue a certificate and increments the
+     * highest serial number.
+     */
+    public abstract BigInteger getNextSerialNumber() throws CertificationAuthorityException;
+
+    /**
+     * This method retrieves a certificate with the specified serial number.
+     * @param sNo The serial number of the certificate to be retrieved
+     * @return java.security.cert.Certificate instance of the certificate
+     */
+    public abstract Certificate getCertificate(BigInteger sNo) throws CertificationAuthorityException;
+
+    /**
+     * This method retrieves a certificate with the specified serial number.
+     * @param sNo The serial number of the certificate to be retrieved
+     * @return base64 encoded certificate text
+     */
+    public abstract String getCertificateBase64Text(BigInteger sNo) throws CertificationAuthorityException;
+}

Added: geronimo/server/trunk/modules/geronimo-management/src/main/java/org/apache/geronimo/management/geronimo/CertificationAuthorityException.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-management/src/main/java/org/apache/geronimo/management/geronimo/CertificationAuthorityException.java?view=auto&rev=476229
==============================================================================
--- geronimo/server/trunk/modules/geronimo-management/src/main/java/org/apache/geronimo/management/geronimo/CertificationAuthorityException.java (added)
+++ geronimo/server/trunk/modules/geronimo-management/src/main/java/org/apache/geronimo/management/geronimo/CertificationAuthorityException.java Fri Nov 17 09:48:02 2006
@@ -0,0 +1,33 @@
+/**
+ *
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.management.geronimo;
+
+/**
+ * Exception indicating that a CertificationAuthority operation was unsuccessful.
+ *
+ * @version $Rev$ $Date$
+ */
+public class CertificationAuthorityException extends Exception {
+    public CertificationAuthorityException(String message) {
+        super(message);
+    }
+
+    public CertificationAuthorityException(String message, Throwable cause) {
+        super(message, cause);
+    }
+}

Modified: geronimo/server/trunk/modules/geronimo-management/src/main/java/org/apache/geronimo/management/geronimo/KeystoreInstance.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-management/src/main/java/org/apache/geronimo/management/geronimo/KeystoreInstance.java?view=diff&rev=476229&r1=476228&r2=476229
==============================================================================
--- geronimo/server/trunk/modules/geronimo-management/src/main/java/org/apache/geronimo/management/geronimo/KeystoreInstance.java (original)
+++ geronimo/server/trunk/modules/geronimo-management/src/main/java/org/apache/geronimo/management/geronimo/KeystoreInstance.java Fri Nov 17 09:48:02 2006
@@ -215,4 +215,13 @@
      * @return PrivateKey with the alias specified
      */
     public PrivateKey getPrivateKey(String alias, char[] storePassword, char[] keyPassword)  throws KeystoreException;
+
+    /**
+     * Gets a particular certificate from the keystore.  This may be a trust
+     * certificate or the certificate corresponding to a particular private
+     * key.
+     * This only works if the keystore is unlocked.
+     * @param alias Alias of the certificate
+     */
+    public Certificate getCertificate(String alias);
 }

Added: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ca/FileCertificateRequestStore.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ca/FileCertificateRequestStore.java?view=auto&rev=476229
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ca/FileCertificateRequestStore.java (added)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ca/FileCertificateRequestStore.java Fri Nov 17 09:48:02 2006
@@ -0,0 +1,323 @@
+/**
+ *
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.security.ca;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.FilenameFilter;
+import java.math.BigInteger;
+import java.net.URI;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Properties;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.geronimo.gbean.AbstractName;
+import org.apache.geronimo.gbean.GBeanInfo;
+import org.apache.geronimo.gbean.GBeanInfoBuilder;
+import org.apache.geronimo.gbean.GBeanLifecycle;
+import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
+import org.apache.geronimo.kernel.Kernel;
+import org.apache.geronimo.management.geronimo.CertificateRequestStore;
+import org.apache.geronimo.system.serverinfo.ServerInfo;
+
+/**
+ * A certificate request store implementation using disk files.
+ *
+ * @version $Rev$ $Date$
+ */
+public class FileCertificateRequestStore implements CertificateRequestStore, GBeanLifecycle {
+    private final static Log log = LogFactory.getLog(FileCertificateRequestStore.class);
+    
+    // File name to store certificate request status
+    private static final String CSR_STATUS_FILENAME = "csr-status.properties";
+    // File header for certificate request status file
+    private static final String CSR_STATUS_FILE_HEADER = "CSR Status File";
+    // Status showing the request as received
+    private static final String STATUS_RECEIVED = "R";
+    // Status showing the request as verified
+    private static final String STATUS_VERIFIED = "V";
+    // Prefix for certificate request files
+    private static final String CERT_REQ_FILE_PREFIX = "csr";
+    // Extension for certificate request files
+    private static final String CERT_REQ_FILE_SUFFIX = ".txt";
+    
+    private ServerInfo serverInfo;
+    private Kernel kernel;
+    private AbstractName abstractName;
+    private URI directoryPath;
+    private File dir;
+    private Properties requestStatus;
+
+    /**
+     * Constructor
+     */
+    public FileCertificateRequestStore(ServerInfo serverInfo, URI directoryPath, Kernel kernel, AbstractName abstractName) {
+        this.serverInfo = serverInfo;
+        this.kernel = kernel;
+        this.abstractName = abstractName;
+        this.directoryPath = directoryPath;
+    }
+
+    /**
+     * This method deletes a certificate request with the specified id.
+     * @param id Id of the certificate request to be deleted.
+     * @return True if the request is deleted succssfully
+     */
+    public boolean deleteRequest(String id) {
+        if(requestStatus.containsKey(id)) {
+            requestStatus.remove(id);
+            storeRequestStatusFile();
+        }
+        return new File(dir, id+CERT_REQ_FILE_SUFFIX).delete();
+    }
+
+    /**
+     * This method returns the ids of all certificate requests in the store.
+     */
+    public String[] getAllRequestIds() {
+        File[] results = dir.listFiles(new FilenameFilter(){
+                            public boolean accept(File dir, String name) {
+                                return name.endsWith(CERT_REQ_FILE_SUFFIX);
+                            }});
+        String[] reqIds = new String[results.length];
+        int suffixLength = CERT_REQ_FILE_SUFFIX.length();
+        for(int i = 0; i < results.length; ++i) {
+            String name = results[i].getName();
+            reqIds[i] = name.substring(0, name.length() - suffixLength);
+        }
+        return reqIds;
+    }
+
+    /**
+     * This method returns the ids of all certificate requests with verification due.
+     */
+    public String[] getVerificatonDueRequestIds() {
+        ArrayList ids = new ArrayList();
+        for(Iterator itr = requestStatus.entrySet().iterator(); itr.hasNext();) {
+            Map.Entry entry = (Map.Entry) itr.next();
+            if(entry.getValue().equals(STATUS_RECEIVED)) {
+                ids.add(entry.getKey());
+            }
+        }
+        
+        return (String[]) ids.toArray(new String[0]);
+    }
+
+    /**
+     * This method returns the ids of all certificate requests that are verified.
+     */
+    public String[] getVerifiedRequestIds() {
+        ArrayList ids = new ArrayList();
+        for(Iterator itr = requestStatus.entrySet().iterator(); itr.hasNext();) {
+            Map.Entry entry = (Map.Entry) itr.next();
+            if(entry.getValue().equals(STATUS_VERIFIED)) {
+                ids.add(entry.getKey());
+            }
+        }
+        
+        return (String[]) ids.toArray(new String[0]);
+    }
+    
+    /**
+     * This method sets the status of the specifed certificate request as verified.
+     * @param id Id of the certificate request
+     * @return True if the status is set successfully.
+     */
+    public boolean setRequestVerified(String id) {
+        if(requestStatus.containsKey(id)) {
+            requestStatus.setProperty(id, STATUS_VERIFIED);
+            storeRequestStatusFile();
+            return true;
+        } else {
+            return false;
+        }
+    }
+    
+    /**
+     * This method sets the status of a certificate request as fulfilled.
+     * @param id Id of the certificate request
+     * @param sNo Serial number of the certificate issued against the certificate request.
+     * @return True if the operation is successfull.
+     */
+    public boolean setRequestFulfilled(String id, BigInteger sNo) {
+        if(requestStatus.containsKey(id)) {
+            deleteRequest(id);
+            requestStatus.setProperty(id, sNo.toString());
+            storeRequestStatusFile();
+            return true;
+        } else {
+            return false;
+        }
+    }
+
+    /**
+     * This method returns the certificate request text corresponding to a specified id.
+     * @param id Id of the certificate request.
+     */
+    public String getRequest(String id) {
+        try {
+            FileInputStream fin = new FileInputStream(new File(dir, id+CERT_REQ_FILE_SUFFIX));
+            byte[] data = new byte[fin.available()];
+            fin.read(data);
+            fin.close();
+            return new String(data);
+        } catch (Exception e) {
+            log.error("Error reading CSR. id = "+id, e);
+        }
+        return null;
+    }
+
+    /**
+     * This method stores the given certificate request under the given id.  If a request with the id
+     * exists in the store, it will generate a new id and store the request under that id.
+     * @param id Id under which the certificate request is to be stored
+     * @param csrText Certificate Request text
+     * @return Id under which the certificate request is stored
+     */
+    public String storeRequest(String id, String csr) {
+        try {
+            File csrFile = null;
+            if(id == null || new File(dir, id+CERT_REQ_FILE_SUFFIX).exists()) {
+                csrFile = File.createTempFile(CERT_REQ_FILE_PREFIX, CERT_REQ_FILE_SUFFIX, dir);
+                id = csrFile.getName().substring(0, csrFile.getName().length() - CERT_REQ_FILE_SUFFIX.length());
+            } else {
+                csrFile = new File(dir, id+CERT_REQ_FILE_SUFFIX);
+            }
+            FileOutputStream fout = new FileOutputStream(csrFile);
+            fout.write(csr.getBytes());
+            requestStatus.setProperty(id, STATUS_RECEIVED);
+            storeRequestStatusFile();
+            fout.close();
+            return id;
+        } catch(Exception e) {
+            log.error("Error storing CSR. id = "+id, e);
+        }
+        return null;
+    }
+    
+    /**
+     * This method returns the Serial number of the certificate issued against the certificate request
+     * specified by the given id.
+     * @param id Id of the certificate request
+     * @return Serial number of the certificate issued.
+     * @return null if there is no such certificate request or the certificate request is not fulfilled.
+     */
+    public BigInteger getSerialNumberForRequest(String id) {
+        BigInteger sNo = null;
+        try {
+            sNo = new BigInteger(requestStatus.getProperty(id));
+        } catch(NumberFormatException e) {
+            // happens if the certificate request is not fulfilled
+        }
+        return sNo;
+    }
+
+    /**
+     * This method removes the certificate request id from the status list.
+     * @param id Id of the certificate request to be removed.
+     * @param sNo Serial number of certificate issued against the certificate request whose Id is to be removed.
+     */
+    public void removeRequestStatus(String id, BigInteger sNo) {
+        if(id != null && requestStatus.containsKey(id)) {
+            requestStatus.remove(id);
+            storeRequestStatusFile();
+        } else if(sNo != null && requestStatus.containsValue(sNo.toString())) {
+            String sNoTemp = sNo.toString();
+            for(Iterator itr = requestStatus.entrySet().iterator(); itr.hasNext(); ) {
+                Map.Entry entry = (Map.Entry)itr.next();
+                if(sNoTemp.equals(entry.getValue())) {
+                    requestStatus.remove(entry.getKey());
+                    break;
+                }
+            }
+            storeRequestStatusFile();
+        }
+    }
+
+    public void doFail() {
+    }
+
+    public void doStart() throws Exception {
+        serverInfo.resolveServer(directoryPath);
+        URI dirURI;
+        if (serverInfo != null) {
+            dirURI = serverInfo.resolve(directoryPath);
+        } else {
+            dirURI = directoryPath;
+        }
+        if (!dirURI.getScheme().equals("file")) {
+            throw new IllegalStateException("FileCertificateRequestStore must have a root that's a local directory (not " + dirURI + ")");
+        }
+        dir = new File(dirURI);
+        if(!dir.exists()) {
+            dir.mkdirs();
+            log.debug("Created directory "+dir.getAbsolutePath());
+        } else if(!dir.isDirectory() || !dir.canRead()) {
+            throw new IllegalStateException("FileCertificateRequestStore must have a root that's a valid readable directory (not " + dir.getAbsolutePath() + ")");
+        }
+        log.debug("CertificateRequestStore directory is " + dir.getAbsolutePath());
+        File statusFile = new File(dir, CSR_STATUS_FILENAME);
+        if(!statusFile.exists()) {
+            statusFile.createNewFile();
+            log.debug("Created request status file "+statusFile.getAbsolutePath());
+        }
+        requestStatus = new Properties();
+        FileInputStream fin = new FileInputStream(statusFile);
+        requestStatus.load(fin);
+        fin.close();
+    }
+
+    public void doStop() throws Exception {
+    }
+    public static final GBeanInfo GBEAN_INFO;
+
+    static {
+        GBeanInfoBuilder infoFactory = GBeanInfoBuilder.createStatic(FileCertificateRequestStore.class, "CertificateRequestStore");
+        infoFactory.addAttribute("directoryPath", URI.class, true, false);
+        infoFactory.addAttribute("kernel", Kernel.class, false);
+        infoFactory.addAttribute("abstractName", AbstractName.class, false);
+        infoFactory.addReference("ServerInfo", ServerInfo.class, NameFactory.GERONIMO_SERVICE);
+        infoFactory.addInterface(CertificateRequestStore.class);
+        infoFactory.setConstructor(new String[]{"ServerInfo", "directoryPath", "kernel", "abstractName"});
+
+        GBEAN_INFO = infoFactory.getBeanInfo();
+    }
+    
+    public static GBeanInfo getGBeanInfo() {
+        return GBEAN_INFO;
+    }
+
+    /**
+     * This methods stores the certificate request status file to disk.
+     */
+    private void storeRequestStatusFile() {
+        File statusFile = new File(dir, CSR_STATUS_FILENAME);
+        FileOutputStream fout = null;
+        try {
+            fout = new FileOutputStream(statusFile);
+            requestStatus.store(fout, CSR_STATUS_FILE_HEADER);
+            fout.close();
+        } catch (Exception e) {
+            log.error("Errors while storing request status file "+statusFile.getAbsolutePath(), e);
+        }
+    }
+}

Added: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ca/FileCertificateStore.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ca/FileCertificateStore.java?view=auto&rev=476229
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ca/FileCertificateStore.java (added)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ca/FileCertificateStore.java Fri Nov 17 09:48:02 2006
@@ -0,0 +1,351 @@
+/**
+ *
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.security.ca;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.net.URI;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.Properties;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.geronimo.gbean.AbstractName;
+import org.apache.geronimo.gbean.GBeanInfo;
+import org.apache.geronimo.gbean.GBeanInfoBuilder;
+import org.apache.geronimo.gbean.GBeanLifecycle;
+import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
+import org.apache.geronimo.kernel.Kernel;
+import org.apache.geronimo.management.geronimo.CertificateStore;
+import org.apache.geronimo.management.geronimo.CertificateStoreException;
+import org.apache.geronimo.system.serverinfo.ServerInfo;
+import org.apache.geronimo.util.CaUtils;
+
+/**
+ * A certificate store implementation using disk files.
+ *
+ * @version $Rev$ $Date$
+ */
+
+public class FileCertificateStore implements CertificateStore, GBeanLifecycle {
+    private static final Log log = LogFactory.getLog(FileCertificateStore.class);
+
+    private ServerInfo serverInfo;
+    private Kernel kernel;
+    private AbstractName abstractName;
+    private URI directoryPath;
+    
+    // File name for storing the highest serial number in the store
+    private static final String SERIAL_NUMBER_FILE = "highest-serial-number.txt";
+    // Extension for certificate files.  Filename would be <serial-number>+CERT_FILE_SUFFIX
+    private static final String CERT_FILE_SUFFIX = ".txt";
+    // File name for storing CA's certificate
+    private static final String CA_CERT_FILE = "ca-cert.txt";
+    // File name for storing Certificate Challenges
+    private static final String CHALLENGE_FILENAME = "challenge.properties";
+    private static final String CHALLENGE_FILE_HEADER = "Challenge File";
+    
+    // directory for the certificate store
+    private File storeDir = null;
+    
+    // File object of SERIAL_NUMBER_FILE cached
+    private File highestSerialFile = null;
+    // highest serial number cached
+    private BigInteger highestSerialNumber = null;
+    // Cerificate Challenges
+    private Properties challenges = null;
+    
+    /**
+     * Constructor
+     * @param storeDir directory for the certificate store
+     */
+    public FileCertificateStore(ServerInfo serverInfo, URI directoryPath, Kernel kernel, AbstractName abstractName) {
+        this.serverInfo = serverInfo;
+        this.kernel = kernel;
+        this.abstractName = abstractName;
+        this.directoryPath = directoryPath;
+    }
+    /**
+     * This method stores a given certificate.
+     * 
+     * @param cert Certificate to be stored
+     */
+    public void storeCertificate(Certificate cert) throws CertificateStoreException {
+        BigInteger sNo = ((X509Certificate)cert).getSerialNumber();
+        File certFile = new File(storeDir, sNo+CERT_FILE_SUFFIX);
+        try {
+            // Check if the highest serial number is less than the serial number of certificate to be stored.
+            if(sNo.compareTo(getHighestSerialNumber()) == 1) {
+                // store the current serial number so that getNextSerialNumber() will not result in duplicate
+                // serial number
+                setHighestSerialNumber(sNo);
+            }
+            
+            // Store the certificate to disk in base64 format
+            FileOutputStream fout = new FileOutputStream(certFile);
+            CaUtils.storeInBase64(fout, cert.getEncoded(), CaUtils.CERT_HEADER, CaUtils.CERT_FOOTER, CaUtils.B64_LINE_SIZE);
+            fout.close();
+        } catch (Exception e) {
+            throw new CertificateStoreException("Error while storing certificate.", e);
+        }
+    }
+
+    /**
+     * This method returns a Certificate with a given serial number (if it exists in the store)
+     * 
+     * @param sNo Serial Number of the certificate to be retrieved.
+     */
+    public Certificate getCertificate(BigInteger sNo) throws CertificateStoreException {
+        File certFile = new File(storeDir, sNo+CERT_FILE_SUFFIX);
+        if(!certFile.exists()) {
+            // No such certificate in the store.
+            throw new CertificateStoreException("No certificate with serial number "+sNo+" found.");
+        }
+        
+        // Read the certificate from disk and generate a java.security.cert.Certificate
+        try {
+            FileInputStream fin = new FileInputStream(certFile);
+            CertificateFactory certFac = CertificateFactory.getInstance("X.509");
+            Certificate cert = certFac.generateCertificate(fin);
+            fin.close();
+            return cert;
+        } catch (Exception e) {
+            throw new CertificateStoreException("Error while retrieving certificate.", e);
+        }
+    }
+
+    /**
+     * This method returns base64 encoded certificate with a given serial number (if it exists in the store)
+     * 
+     * @param sNo Serial Number of the certificate to be retrieved.
+     */
+    public String getCertificateBase64Text(BigInteger sNo) throws CertificateStoreException {
+        File certFile = new File(storeDir, sNo+CERT_FILE_SUFFIX);
+        if(!certFile.exists()) {
+            throw new CertificateStoreException("No certificate with serial number "+sNo+" found.");
+        }
+        FileInputStream fin;
+        try {
+            fin = new FileInputStream(certFile);
+            byte[] data = new byte[fin.available()];
+            fin.read(data);
+            fin.close();
+            return new String(data);
+        } catch (Exception e) {
+            throw new CertificateStoreException("Error while retrieving certificate.", e);
+        }
+    }
+    
+    /**
+     * This method returns the highest certificate serial number in the store.
+     */
+    public BigInteger getHighestSerialNumber() throws CertificateStoreException{
+        if(highestSerialNumber == null) {
+            // Value has not been cached.  Read from the disk.
+            try {
+                FileInputStream finp = new FileInputStream(highestSerialFile);
+                byte[] data = new byte[finp.available()];
+                finp.read(data);
+                finp.close();
+                highestSerialNumber = new BigInteger(new String(data).trim());
+            } catch (Exception e) {
+                throw new CertificateStoreException("Error while getting serial number.", e);
+            }
+        }
+        return highestSerialNumber;
+    }
+
+    /**
+     * This method returns the 'highest certificate serial number plus ONE' and increments the highest
+     * serial number in the store.
+     */
+    public BigInteger getNextSerialNumber() throws CertificateStoreException{
+        setHighestSerialNumber(getHighestSerialNumber().add(BigInteger.ONE));
+        return highestSerialNumber;
+    }
+
+    /**
+     * This method checks if a certificate with a given serial number exists in the store.
+     * 
+     * @param sNo Serial number of the certificate to be checked
+     */
+    public boolean containsCertificate(BigInteger sNo) {
+        File certFile = new File(storeDir, sNo+CERT_FILE_SUFFIX);
+        return certFile.exists();
+    }
+    
+    /**
+     * This method sets the highest serial number to a given value and updates the same to disk.
+     * @param sNo The serial number to be set
+     */
+    private void setHighestSerialNumber(BigInteger sNo) throws CertificateStoreException{
+        try {
+            highestSerialNumber = sNo;
+            FileOutputStream fout = new FileOutputStream(highestSerialFile);
+            fout.write(highestSerialNumber.toString().getBytes());
+            fout.close();
+        } catch (Exception e) {
+            throw new CertificateStoreException("Error while setting highest serial number.", e);
+        }
+    }
+    
+    /**
+     * This method stores the CA's certificate in the store.
+     * @param cert CA's certificate
+     */
+    public boolean storeCACertificate(Certificate cert) throws CertificateStoreException{
+        FileOutputStream fout = null;
+        try {
+            fout = new FileOutputStream(new File(storeDir, CA_CERT_FILE));
+            CaUtils.storeInBase64(fout, cert.getEncoded(), CaUtils.CERT_HEADER, CaUtils.CERT_FOOTER, CaUtils.B64_LINE_SIZE);
+            fout.close();
+            return true;
+        } catch (Exception e) {
+            throw new CertificateStoreException("Exception in storing CA certificate", e);
+        }
+    }
+
+    /**
+     * This method returns the CA's certificate stored in the store.
+     */
+    public Certificate getCACertificate() throws CertificateStoreException {
+        FileInputStream fin = null;
+        try {
+            fin = new FileInputStream(new File(storeDir, CA_CERT_FILE));
+            CertificateFactory certFac = CertificateFactory.getInstance("X.509");
+            Certificate cert = certFac.generateCertificate(fin);
+            fin.close();
+            return cert;
+        } catch (Exception e) {
+            throw new CertificateStoreException("Exception in getting CA certificate", e);
+        }
+    }
+    
+    /**
+     * This method stores the challenge phrase against the specified certificate serial number
+     * @param sNo  Serial number of the certificate
+     * @param challenge Challenge phrase
+     */
+    public boolean setCertificateChallenge(BigInteger sNo, String challenge) {
+        if(challenges == null) {
+            loadChallenges();
+        }
+        if(!challenges.containsKey(sNo.toString())) {
+            challenges.setProperty(sNo.toString(), challenge);
+            storeChallenges();
+            return true;
+        }
+        return false;
+    }
+
+    /**
+     * This methods stores the challenges map to disk
+     */
+    private void storeChallenges() {
+        if(challenges == null) loadChallenges();
+        File chFile = new File(storeDir, CHALLENGE_FILENAME);
+        FileOutputStream fout = null;
+        try {
+            fout = new FileOutputStream(chFile);
+            challenges.store(fout, CHALLENGE_FILE_HEADER);
+            fout.close();
+        } catch (Exception e) {
+            log.error("Exceptions while storing challenges file. File = "+chFile.getAbsolutePath(), e);
+        }
+        
+    }
+    
+    /**
+     * This method loads the challenges map from disk.
+     */
+    private void loadChallenges() {
+        File chFile = new File(storeDir, CHALLENGE_FILENAME);
+        FileInputStream fin = null;
+        try {
+            if(!chFile.exists())
+                chFile.createNewFile();
+            fin = new FileInputStream(chFile);
+            challenges = new Properties();
+            challenges.load(fin);
+            fin.close();
+        } catch (IOException e) {
+            log.error("Exceptions while loading challenges file. File = "+chFile.getAbsolutePath(), e);
+        }
+    }
+    
+    public void doFail() {
+    }
+
+    public void doStart() throws Exception {
+        serverInfo.resolveServer(directoryPath);
+        URI dirURI;
+        if (serverInfo != null) {
+            dirURI = serverInfo.resolve(directoryPath);
+        } else {
+            dirURI = directoryPath;
+        }
+        if (!dirURI.getScheme().equals("file")) {
+            throw new IllegalStateException("FileCertificateStore must have a root that's a local directory (not " + dirURI + ")");
+        }
+        storeDir = new File(dirURI);
+        if(!storeDir.exists()) {
+            storeDir.mkdirs();
+            log.debug("Created directory "+storeDir.getAbsolutePath());
+        } else if(!storeDir.isDirectory() || !storeDir.canRead()) {
+            throw new IllegalStateException("FileCertificateStore must have a root that's a valid readable directory (not " + storeDir.getAbsolutePath() + ")");
+        }
+        log.debug("CertificateStore directory is " + storeDir.getAbsolutePath());
+        highestSerialFile = new File(storeDir, SERIAL_NUMBER_FILE);
+        if(!highestSerialFile.exists()) {
+            // If the file does not exist, it means the certificate store is a new one.
+            // Start with ZERO
+            try {
+                setHighestSerialNumber(BigInteger.ZERO);
+            } catch(CertificateStoreException e) {
+                log.error("Error initializing certificate store. storeDir="+storeDir, e);
+            }
+        }
+        loadChallenges();
+    }
+
+    public void doStop() throws Exception {
+    }
+
+    public static final GBeanInfo GBEAN_INFO;
+
+    static {
+        GBeanInfoBuilder infoFactory = GBeanInfoBuilder.createStatic(FileCertificateStore.class, "CertificateStore");
+        infoFactory.addAttribute("directoryPath", URI.class, true, false);
+        infoFactory.addAttribute("kernel", Kernel.class, false);
+        infoFactory.addAttribute("abstractName", AbstractName.class, false);
+        infoFactory.addReference("ServerInfo", ServerInfo.class, NameFactory.GERONIMO_SERVICE);
+        infoFactory.addInterface(CertificateStore.class);
+        infoFactory.setConstructor(new String[]{"ServerInfo", "directoryPath", "kernel", "abstractName"});
+
+        GBEAN_INFO = infoFactory.getBeanInfo();
+    }
+    
+    public static GBeanInfo getGBeanInfo() {
+        return GBEAN_INFO;
+    }
+}

Added: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ca/GeronimoCertificationAuthority.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ca/GeronimoCertificationAuthority.java?view=auto&rev=476229
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ca/GeronimoCertificationAuthority.java (added)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ca/GeronimoCertificationAuthority.java Fri Nov 17 09:48:02 2006
@@ -0,0 +1,391 @@
+/**
+ *
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.security.ca;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.Signature;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateFactory;
+import java.util.Date;
+
+import javax.security.auth.x500.X500Principal;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.geronimo.gbean.AbstractName;
+import org.apache.geronimo.gbean.GBeanInfo;
+import org.apache.geronimo.gbean.GBeanInfoBuilder;
+import org.apache.geronimo.gbean.GBeanLifecycle;
+import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
+import org.apache.geronimo.kernel.Kernel;
+import org.apache.geronimo.management.geronimo.CertificateRequestStore;
+import org.apache.geronimo.management.geronimo.CertificateStore;
+import org.apache.geronimo.management.geronimo.CertificateStoreException;
+import org.apache.geronimo.management.geronimo.CertificationAuthority;
+import org.apache.geronimo.management.geronimo.CertificationAuthorityException;
+import org.apache.geronimo.management.geronimo.KeystoreException;
+import org.apache.geronimo.management.geronimo.KeystoreInstance;
+import org.apache.geronimo.system.serverinfo.ServerInfo;
+import org.apache.geronimo.util.CaUtils;
+import org.apache.geronimo.util.asn1.ASN1InputStream;
+import org.apache.geronimo.util.asn1.DERBitString;
+import org.apache.geronimo.util.asn1.DEREncodableVector;
+import org.apache.geronimo.util.asn1.DERInteger;
+import org.apache.geronimo.util.asn1.DERObject;
+import org.apache.geronimo.util.asn1.DERSequence;
+import org.apache.geronimo.util.asn1.pkcs.PKCSObjectIdentifiers;
+import org.apache.geronimo.util.asn1.x509.AlgorithmIdentifier;
+import org.apache.geronimo.util.asn1.x509.SubjectPublicKeyInfo;
+import org.apache.geronimo.util.asn1.x509.TBSCertificateStructure;
+import org.apache.geronimo.util.asn1.x509.Time;
+import org.apache.geronimo.util.asn1.x509.V3TBSCertificateGenerator;
+import org.apache.geronimo.util.asn1.x509.X509Name;
+
+/**
+ * A Certification Authority implementation using KeystoreInstance to store CA's private key, 
+ * CertificateStore to store issued certificates and CertificateRequestStore to store certificate requests
+ *
+ * @version $Rev$ $Date$
+ */
+public class GeronimoCertificationAuthority implements CertificationAuthority, GBeanLifecycle {
+    private final static Log log = LogFactory.getLog(GeronimoCertificationAuthority.class);
+
+    private ServerInfo serverInfo;
+    private Kernel kernel;
+    private AbstractName abstractName;
+
+    // KeystoreInstance with CA's private key and certificate
+    private KeystoreInstance caKeystore = null;
+    // CertificateStore used to store all certificates issued by the CA
+    private CertificateStore certStore = null;
+    // Password for CA's keystore and private-key
+    private char[] password;
+    // CertificateRequestStore used to store certificate requests
+    private CertificateRequestStore certReqStore = null;
+    
+    // Cache variables
+    // Key alias
+    private String alias;
+    // CA's private key
+    private PrivateKey caPrivateKey;
+    // CA's public key
+    private PublicKey caPublicKey;
+    // CA's own certificate
+    private Certificate caCert;
+    // CA's name
+    private X509Name caName;
+    
+    /**
+     * Constructor
+     * 
+     * @param instance KeystoreInstance containing CA's private-key and certificate
+     * @param certStore CertificateStore for storing certificates issued by this CA
+     * @param certReqStore CeetificateRequestStore for storing certificates requests
+     */
+    public GeronimoCertificationAuthority(ServerInfo serverInfo, KeystoreInstance caKeystore, CertificateStore certStore, CertificateRequestStore certReqStore, Kernel kernel, AbstractName abstractName) {
+        if(caKeystore == null) throw new IllegalArgumentException("caKeystore is null.");
+        if(certStore == null) throw new IllegalArgumentException("certStore is null");
+        if(certReqStore == null) throw new IllegalArgumentException("certReqStore is null");
+        this.serverInfo = serverInfo;
+        this.kernel = kernel;
+        this.abstractName = abstractName;
+        this.caKeystore = caKeystore;
+        this.certStore = certStore;
+        this.certReqStore = certReqStore;
+    }
+
+    /**
+     * This method checks if the CA is locked.
+     * @return true if CA is locked, false otherwise.
+     */
+    public boolean isLocked() {
+        return password == null;
+    }
+    
+    /**
+     * This method locks the CA.
+     */
+     public void lock() {
+        try {
+            caKeystore.lockKeystore(password);
+        } catch (KeystoreException e) {
+            log.error("Error locking CA.", e);
+        }
+        password = null;
+        caName = null;
+        caCert = null;
+        caPrivateKey = null;
+        alias = null;
+    }
+    
+     /**
+      * This method unlocks the CA.
+      * @param password Password to unlock the CA.
+      */
+    public void unlock(char[] password) throws CertificationAuthorityException{
+        try {
+            this.password = password;
+            caKeystore.unlockKeystore(password);
+            alias = caKeystore.listPrivateKeys(password)[0];
+            caKeystore.unlockPrivateKey(alias, password, password);
+            caCert = caKeystore.getCertificate(alias, password);
+            caName = CaUtils.getSubjectX509Name(caCert);
+            caPrivateKey = caKeystore.getPrivateKey(alias, password, password);
+            caPublicKey = caCert.getPublicKey();
+        } catch(Exception e) {
+            throw new CertificationAuthorityException("Errors in unlocking CA.", e);
+        }
+    }
+    
+    /**
+     * This method returns CA's name.
+     * @throws Exception if CA is locked.
+     */
+    public X500Principal getName() throws CertificationAuthorityException {
+        if(isLocked()) throw new CertificationAuthorityException("CA is locked.");
+        try {
+            return new X500Principal(caName.getEncoded());
+        } catch (IOException e) {
+            throw new CertificationAuthorityException("Error in getting CA name.", e);
+        }
+    }
+
+    /**
+     * This method returns CA's own certificate.
+     * @throws Exception if CA is locked.
+     */
+    public Certificate getCertificate() throws CertificationAuthorityException {
+        if(caCert == null) throw new CertificationAuthorityException("CA Certificate is null. CA may be locked.");
+        try {
+            return caCert = caKeystore.getCertificate(alias, password);
+        } catch (KeystoreException e) {
+            log.error("Error getting CA's certificate.", e);
+        }
+        return null;
+    }
+    
+    /**
+     * This method makes the CA issue a self-signed certificate with given details.  This method is usually
+     * called while initializing the CA.
+     * 
+     * @param sNo Serial number for self-signed certificate
+     * @param validFromDate Certificate validity period start date
+     * @param validToDate Certificate validity period end date
+     * @param algorithm Signature algorithm for self-signed certificate
+     */
+    public void issueOwnCertificate(BigInteger sNo, Date validFromDate, Date validToDate, String algorithm) throws CertificationAuthorityException{
+        if(isLocked()) throw new CertificationAuthorityException("CA is locked.");
+        try {
+            PublicKey publicKey = caCert.getPublicKey();
+            Certificate cert = issueCertificate(getName(), publicKey, sNo, validFromDate, validToDate, algorithm);
+            caKeystore.importPKCS7Certificate(alias, CaUtils.base64Certificate(cert), password);
+            caCert = cert;
+        } catch(Exception e) {
+            throw new CertificationAuthorityException("Error in issuing own certificate.", e);
+        }
+    }
+    
+    /**
+     * This method issues a certificate.
+     * 
+     * @param subject Subject X500Principal
+     * @param publicKey Subject's public key 
+     * @param sNo Serial number for the certificate to be issued
+     * @param validFromDate Certificate validity period start date
+     * @param validToDate Certificate validity period end date
+     * @param algorithm Signature algorithm for the certificate
+     * @return newly issued certificate
+     */
+    public Certificate issueCertificate(X500Principal subject, PublicKey publicKey, BigInteger sNo, Date validFromDate, Date validToDate, String algorithm) throws CertificationAuthorityException{
+        if(isLocked()) throw new CertificationAuthorityException("CA is locked.");
+        try {
+            X509Name subName = CaUtils.getX509Name(subject);
+            Certificate cert = issueCertificate(subName, caName, sNo, publicKey, caPrivateKey, validFromDate, validToDate, algorithm);
+            cert.verify(caPublicKey);
+            certStore.storeCertificate(cert);
+            return cert;
+        } catch(Exception e) {
+            throw new CertificationAuthorityException("Error in issuing certificate.", e);
+        }
+    }
+    
+    /**
+     * This method returns the highest serial number used by the CA.
+     */
+    public BigInteger getHighestSerialNumber() throws CertificationAuthorityException {
+        if(isLocked()) throw new CertificationAuthorityException("CA is locked.");
+        try {
+            return certStore.getHighestSerialNumber();
+        } catch (CertificateStoreException e) {
+            throw new CertificationAuthorityException("Error in getting highest serial number for CA.", e);
+        }
+    }
+    
+    /**
+     * This method checks if a Certificate with a given serial number is already issued.
+     * @param sNo The serial number of the the certificate to be looked for
+     * @return true if a certificate with the specified serial number has already been issued
+     */
+    public boolean isCertificateIssued(BigInteger sNo) throws CertificationAuthorityException {
+        if(isLocked()) throw new CertificationAuthorityException("CA is locked.");
+        return certStore.containsCertificate(sNo);
+    }
+    
+    /**
+     * This method returns the next serial number that can be used to issue a certificate and increments the
+     * highest serial number.
+     */
+    public BigInteger getNextSerialNumber() throws CertificationAuthorityException {
+        if(isLocked()) throw new CertificationAuthorityException("CA is locked.");
+        try {
+            return certStore.getNextSerialNumber();
+        } catch (CertificateStoreException e) {
+            throw new CertificationAuthorityException("Error in getting next serial number for CA.", e);
+        }
+    }
+    
+    /**
+     * This method retrieves a certificate with the specified serial number.
+     * @param sNo The serial number of the certificate to be retrieved
+     * @return java.security.cert.Certificate instance of the certificate
+     */
+    public Certificate getCertificate(BigInteger sNo) throws CertificationAuthorityException {
+        if(isLocked()) throw new CertificationAuthorityException("CA is locked.");
+        try {
+            return certStore.getCertificate(sNo);
+        } catch (CertificateStoreException e) {
+            throw new CertificationAuthorityException("Error getting certificate. serial number = "+sNo, e);
+        }
+    }
+
+    /**
+     * This method retrieves a certificate with the specified serial number.
+     * @param sNo The serial number of the certificate to be retrieved
+     * @return base64 encoded certificate text
+     */
+     public String getCertificateBase64Text(BigInteger sNo) throws CertificationAuthorityException {
+        if(isLocked()) throw new CertificationAuthorityException("CA is locked.");
+        try {
+            return certStore.getCertificateBase64Text(sNo);
+        } catch (CertificateStoreException e) {
+            throw new CertificationAuthorityException("Error getting certificate. serial number = "+sNo, e);
+        }
+    }
+    
+    /**
+     * This method issues a certificate.
+     * @param subName Subject's name
+     * @param caName Issuer's name
+     * @param serialNum Serial number for the certificate
+     * @param subPubKey Subject's public key
+     * @param caPriKey Issuer's private key
+     * @param validFromDate Certificate validity period start date
+     * @param validToDate Certificate validity period end date
+     * @param algorithm Signature algorithm for the certificate
+     * @return issued certificate
+     */
+    private Certificate issueCertificate(X509Name subName, X509Name caName, BigInteger serialNum, PublicKey subPubKey, PrivateKey caPriKey, Date validFromDate, Date validToDate, String algorithm) throws Exception {
+        AlgorithmIdentifier algId = null;
+        if("MD2withRSA".equalsIgnoreCase(algorithm))
+            algId = new AlgorithmIdentifier(PKCSObjectIdentifiers.md2WithRSAEncryption);
+        else if("MD5withRSA".equalsIgnoreCase(algorithm))
+            algId = new AlgorithmIdentifier(PKCSObjectIdentifiers.md5WithRSAEncryption);
+        else if("SHA1withRSA".equalsIgnoreCase(algorithm))
+            algId = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1WithRSAEncryption);
+        else
+            throw new CertificationAuthorityException("Signature algorithm "+algorithm+" is not supported.");
+        
+        ASN1InputStream ais = new ASN1InputStream(subPubKey.getEncoded());
+        DERObject subPubkeyDerObj = ais.readObject();
+        SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(subPubkeyDerObj);
+        
+        // Create certificate generator and initialize fields
+        // Certificate version is v3
+        V3TBSCertificateGenerator v3certGen = new V3TBSCertificateGenerator();
+        // Subject info
+        v3certGen.setSubject(subName);
+        v3certGen.setSubjectPublicKeyInfo(subPubKeyInfo);
+        // Issuer info
+        v3certGen.setIssuer(caName);
+        // serial number
+        v3certGen.setSerialNumber(new DERInteger(serialNum));
+        // validity
+        v3certGen.setStartDate(new Time(validFromDate));
+        v3certGen.setEndDate(new Time(validToDate));
+        // signature algorithm
+        v3certGen.setSignature(algId);
+        
+        // Get the certificate info to be signed
+        TBSCertificateStructure tbsCert = v3certGen.generateTBSCertificate();
+        byte[] tobesigned = tbsCert.getEncoded();
+        
+        // Create the signature
+        Signature signatureObj = Signature.getInstance(algorithm);
+        signatureObj.initSign(caPriKey);
+        signatureObj.update(tobesigned);
+        byte[] signature = signatureObj.sign();
+        
+        // Compose tbsCert, algId and signature into a DER sequence.
+        // This will be the certificate in DER encoded form
+        DEREncodableVector certDerVec = new DEREncodableVector();
+        certDerVec.add(tbsCert);
+        certDerVec.add(algId);
+        certDerVec.add(new DERBitString(signature));
+        DERSequence certDerSeq = new DERSequence(certDerVec);
+        byte[] certData = certDerSeq.getEncoded();
+        
+        // Create a java.security.cert.Certificate object
+        Certificate certificate = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(certData));
+
+        return certificate;
+    }
+
+    public void doFail() {
+    }
+
+    public void doStart() throws Exception {
+        if(caKeystore.isKeystoreLocked()) {
+            lock();
+        }
+    }
+
+    public void doStop() throws Exception {
+    }
+    public static final GBeanInfo GBEAN_INFO;
+
+    static {
+        GBeanInfoBuilder infoFactory = GBeanInfoBuilder.createStatic(GeronimoCertificationAuthority.class, "CertificationAuthority");
+        infoFactory.addAttribute("kernel", Kernel.class, false);
+        infoFactory.addAttribute("abstractName", AbstractName.class, false);
+        infoFactory.addReference("ServerInfo", ServerInfo.class, NameFactory.GERONIMO_SERVICE);
+        infoFactory.addReference("KeystoreInstance", KeystoreInstance.class, NameFactory.KEYSTORE_INSTANCE);
+        infoFactory.addReference("CertificateStore", CertificateStore.class, "CertificateStore");
+        infoFactory.addReference("CertificateRequestStore", CertificateRequestStore.class, "CertificateRequestStore");
+        infoFactory.addInterface(CertificationAuthority.class);
+        infoFactory.setConstructor(new String[]{"ServerInfo", "KeystoreInstance", "CertificateStore", "CertificateRequestStore", "kernel", "abstractName"});
+
+        GBEAN_INFO = infoFactory.getBeanInfo();
+    }
+    public static GBeanInfo getGBeanInfo() {
+        return GBEAN_INFO;
+    }
+}

Modified: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/keystore/FileKeystoreInstance.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/keystore/FileKeystoreInstance.java?view=diff&rev=476229&r1=476228&r2=476229
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/keystore/FileKeystoreInstance.java (original)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/keystore/FileKeystoreInstance.java Fri Nov 17 09:48:02 2006
@@ -559,6 +559,25 @@
         }
     }
     
+    /**
+     * Gets a particular certificate from the keystore.  This may be a trust
+     * certificate or the certificate corresponding to a particular private
+     * key.
+     * This only works if the keystore is unlocked.
+     * @param alias The certificate to look at
+     */
+    public Certificate getCertificate(String alias) {
+        if(isKeystoreLocked()) {
+            return null;
+        }
+        try {
+            return keystore.getCertificate(alias);
+        } catch (KeyStoreException e) {
+            log.error("Unable to read certificate from keystore", e);
+        }
+        return null;
+    }
+
     // ==================== Internals =====================
 
     private void loadKeystoreData(char[] password) throws KeystoreException {



Mime
View raw message