geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vamsic...@apache.org
Subject svn commit: r476291 [8/9] - in /geronimo/server/trunk: applications/console/geronimo-console-standard/src/main/java/org/apache/geronimo/console/ca/ applications/console/geronimo-console-standard/src/main/webapp/WEB-INF/view/ca/ applications/geronimo-ca...
Date Fri, 17 Nov 2006 20:05:29 GMT
Modified: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ca/FileCertificateStore.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ca/FileCertificateStore.java?view=diff&rev=476291&r1=476290&r2=476291
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ca/FileCertificateStore.java (original)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ca/FileCertificateStore.java Fri Nov 17 12:05:24 2006
@@ -1,351 +1,351 @@
-/**
- *
- *  Licensed to the Apache Software Foundation (ASF) under one or more
- *  contributor license agreements.  See the NOTICE file distributed with
- *  this work for additional information regarding copyright ownership.
- *  The ASF licenses this file to You under the Apache License, Version 2.0
- *  (the "License"); you may not use this file except in compliance with
- *  the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-package org.apache.geronimo.security.ca;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.math.BigInteger;
-import java.net.URI;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.util.Properties;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.geronimo.gbean.AbstractName;
-import org.apache.geronimo.gbean.GBeanInfo;
-import org.apache.geronimo.gbean.GBeanInfoBuilder;
-import org.apache.geronimo.gbean.GBeanLifecycle;
-import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
-import org.apache.geronimo.kernel.Kernel;
-import org.apache.geronimo.management.geronimo.CertificateStore;
-import org.apache.geronimo.management.geronimo.CertificateStoreException;
-import org.apache.geronimo.system.serverinfo.ServerInfo;
-import org.apache.geronimo.util.CaUtils;
-
-/**
- * A certificate store implementation using disk files.
- *
- * @version $Rev$ $Date$
- */
-
-public class FileCertificateStore implements CertificateStore, GBeanLifecycle {
-    private static final Log log = LogFactory.getLog(FileCertificateStore.class);
-
-    private ServerInfo serverInfo;
-    private Kernel kernel;
-    private AbstractName abstractName;
-    private URI directoryPath;
-    
-    // File name for storing the highest serial number in the store
-    private static final String SERIAL_NUMBER_FILE = "highest-serial-number.txt";
-    // Extension for certificate files.  Filename would be <serial-number>+CERT_FILE_SUFFIX
-    private static final String CERT_FILE_SUFFIX = ".txt";
-    // File name for storing CA's certificate
-    private static final String CA_CERT_FILE = "ca-cert.txt";
-    // File name for storing Certificate Challenges
-    private static final String CHALLENGE_FILENAME = "challenge.properties";
-    private static final String CHALLENGE_FILE_HEADER = "Challenge File";
-    
-    // directory for the certificate store
-    private File storeDir = null;
-    
-    // File object of SERIAL_NUMBER_FILE cached
-    private File highestSerialFile = null;
-    // highest serial number cached
-    private BigInteger highestSerialNumber = null;
-    // Cerificate Challenges
-    private Properties challenges = null;
-    
-    /**
-     * Constructor
-     * @param storeDir directory for the certificate store
-     */
-    public FileCertificateStore(ServerInfo serverInfo, URI directoryPath, Kernel kernel, AbstractName abstractName) {
-        this.serverInfo = serverInfo;
-        this.kernel = kernel;
-        this.abstractName = abstractName;
-        this.directoryPath = directoryPath;
-    }
-    /**
-     * This method stores a given certificate.
-     * 
-     * @param cert Certificate to be stored
-     */
-    public void storeCertificate(Certificate cert) throws CertificateStoreException {
-        BigInteger sNo = ((X509Certificate)cert).getSerialNumber();
-        File certFile = new File(storeDir, sNo+CERT_FILE_SUFFIX);
-        try {
-            // Check if the highest serial number is less than the serial number of certificate to be stored.
-            if(sNo.compareTo(getHighestSerialNumber()) == 1) {
-                // store the current serial number so that getNextSerialNumber() will not result in duplicate
-                // serial number
-                setHighestSerialNumber(sNo);
-            }
-            
-            // Store the certificate to disk in base64 format
-            FileOutputStream fout = new FileOutputStream(certFile);
-            CaUtils.storeInBase64(fout, cert.getEncoded(), CaUtils.CERT_HEADER, CaUtils.CERT_FOOTER, CaUtils.B64_LINE_SIZE);
-            fout.close();
-        } catch (Exception e) {
-            throw new CertificateStoreException("Error while storing certificate.", e);
-        }
-    }
-
-    /**
-     * This method returns a Certificate with a given serial number (if it exists in the store)
-     * 
-     * @param sNo Serial Number of the certificate to be retrieved.
-     */
-    public Certificate getCertificate(BigInteger sNo) throws CertificateStoreException {
-        File certFile = new File(storeDir, sNo+CERT_FILE_SUFFIX);
-        if(!certFile.exists()) {
-            // No such certificate in the store.
-            throw new CertificateStoreException("No certificate with serial number "+sNo+" found.");
-        }
-        
-        // Read the certificate from disk and generate a java.security.cert.Certificate
-        try {
-            FileInputStream fin = new FileInputStream(certFile);
-            CertificateFactory certFac = CertificateFactory.getInstance("X.509");
-            Certificate cert = certFac.generateCertificate(fin);
-            fin.close();
-            return cert;
-        } catch (Exception e) {
-            throw new CertificateStoreException("Error while retrieving certificate.", e);
-        }
-    }
-
-    /**
-     * This method returns base64 encoded certificate with a given serial number (if it exists in the store)
-     * 
-     * @param sNo Serial Number of the certificate to be retrieved.
-     */
-    public String getCertificateBase64Text(BigInteger sNo) throws CertificateStoreException {
-        File certFile = new File(storeDir, sNo+CERT_FILE_SUFFIX);
-        if(!certFile.exists()) {
-            throw new CertificateStoreException("No certificate with serial number "+sNo+" found.");
-        }
-        FileInputStream fin;
-        try {
-            fin = new FileInputStream(certFile);
-            byte[] data = new byte[fin.available()];
-            fin.read(data);
-            fin.close();
-            return new String(data);
-        } catch (Exception e) {
-            throw new CertificateStoreException("Error while retrieving certificate.", e);
-        }
-    }
-    
-    /**
-     * This method returns the highest certificate serial number in the store.
-     */
-    public BigInteger getHighestSerialNumber() throws CertificateStoreException{
-        if(highestSerialNumber == null) {
-            // Value has not been cached.  Read from the disk.
-            try {
-                FileInputStream finp = new FileInputStream(highestSerialFile);
-                byte[] data = new byte[finp.available()];
-                finp.read(data);
-                finp.close();
-                highestSerialNumber = new BigInteger(new String(data).trim());
-            } catch (Exception e) {
-                throw new CertificateStoreException("Error while getting serial number.", e);
-            }
-        }
-        return highestSerialNumber;
-    }
-
-    /**
-     * This method returns the 'highest certificate serial number plus ONE' and increments the highest
-     * serial number in the store.
-     */
-    public BigInteger getNextSerialNumber() throws CertificateStoreException{
-        setHighestSerialNumber(getHighestSerialNumber().add(BigInteger.ONE));
-        return highestSerialNumber;
-    }
-
-    /**
-     * This method checks if a certificate with a given serial number exists in the store.
-     * 
-     * @param sNo Serial number of the certificate to be checked
-     */
-    public boolean containsCertificate(BigInteger sNo) {
-        File certFile = new File(storeDir, sNo+CERT_FILE_SUFFIX);
-        return certFile.exists();
-    }
-    
-    /**
-     * This method sets the highest serial number to a given value and updates the same to disk.
-     * @param sNo The serial number to be set
-     */
-    private void setHighestSerialNumber(BigInteger sNo) throws CertificateStoreException{
-        try {
-            highestSerialNumber = sNo;
-            FileOutputStream fout = new FileOutputStream(highestSerialFile);
-            fout.write(highestSerialNumber.toString().getBytes());
-            fout.close();
-        } catch (Exception e) {
-            throw new CertificateStoreException("Error while setting highest serial number.", e);
-        }
-    }
-    
-    /**
-     * This method stores the CA's certificate in the store.
-     * @param cert CA's certificate
-     */
-    public boolean storeCACertificate(Certificate cert) throws CertificateStoreException{
-        FileOutputStream fout = null;
-        try {
-            fout = new FileOutputStream(new File(storeDir, CA_CERT_FILE));
-            CaUtils.storeInBase64(fout, cert.getEncoded(), CaUtils.CERT_HEADER, CaUtils.CERT_FOOTER, CaUtils.B64_LINE_SIZE);
-            fout.close();
-            return true;
-        } catch (Exception e) {
-            throw new CertificateStoreException("Exception in storing CA certificate", e);
-        }
-    }
-
-    /**
-     * This method returns the CA's certificate stored in the store.
-     */
-    public Certificate getCACertificate() throws CertificateStoreException {
-        FileInputStream fin = null;
-        try {
-            fin = new FileInputStream(new File(storeDir, CA_CERT_FILE));
-            CertificateFactory certFac = CertificateFactory.getInstance("X.509");
-            Certificate cert = certFac.generateCertificate(fin);
-            fin.close();
-            return cert;
-        } catch (Exception e) {
-            throw new CertificateStoreException("Exception in getting CA certificate", e);
-        }
-    }
-    
-    /**
-     * This method stores the challenge phrase against the specified certificate serial number
-     * @param sNo  Serial number of the certificate
-     * @param challenge Challenge phrase
-     */
-    public boolean setCertificateChallenge(BigInteger sNo, String challenge) {
-        if(challenges == null) {
-            loadChallenges();
-        }
-        if(!challenges.containsKey(sNo.toString())) {
-            challenges.setProperty(sNo.toString(), challenge);
-            storeChallenges();
-            return true;
-        }
-        return false;
-    }
-
-    /**
-     * This methods stores the challenges map to disk
-     */
-    private void storeChallenges() {
-        if(challenges == null) loadChallenges();
-        File chFile = new File(storeDir, CHALLENGE_FILENAME);
-        FileOutputStream fout = null;
-        try {
-            fout = new FileOutputStream(chFile);
-            challenges.store(fout, CHALLENGE_FILE_HEADER);
-            fout.close();
-        } catch (Exception e) {
-            log.error("Exceptions while storing challenges file. File = "+chFile.getAbsolutePath(), e);
-        }
-        
-    }
-    
-    /**
-     * This method loads the challenges map from disk.
-     */
-    private void loadChallenges() {
-        File chFile = new File(storeDir, CHALLENGE_FILENAME);
-        FileInputStream fin = null;
-        try {
-            if(!chFile.exists())
-                chFile.createNewFile();
-            fin = new FileInputStream(chFile);
-            challenges = new Properties();
-            challenges.load(fin);
-            fin.close();
-        } catch (IOException e) {
-            log.error("Exceptions while loading challenges file. File = "+chFile.getAbsolutePath(), e);
-        }
-    }
-    
-    public void doFail() {
-    }
-
-    public void doStart() throws Exception {
-        serverInfo.resolveServer(directoryPath);
-        URI dirURI;
-        if (serverInfo != null) {
-            dirURI = serverInfo.resolve(directoryPath);
-        } else {
-            dirURI = directoryPath;
-        }
-        if (!dirURI.getScheme().equals("file")) {
-            throw new IllegalStateException("FileCertificateStore must have a root that's a local directory (not " + dirURI + ")");
-        }
-        storeDir = new File(dirURI);
-        if(!storeDir.exists()) {
-            storeDir.mkdirs();
-            log.debug("Created directory "+storeDir.getAbsolutePath());
-        } else if(!storeDir.isDirectory() || !storeDir.canRead()) {
-            throw new IllegalStateException("FileCertificateStore must have a root that's a valid readable directory (not " + storeDir.getAbsolutePath() + ")");
-        }
-        log.debug("CertificateStore directory is " + storeDir.getAbsolutePath());
-        highestSerialFile = new File(storeDir, SERIAL_NUMBER_FILE);
-        if(!highestSerialFile.exists()) {
-            // If the file does not exist, it means the certificate store is a new one.
-            // Start with ZERO
-            try {
-                setHighestSerialNumber(BigInteger.ZERO);
-            } catch(CertificateStoreException e) {
-                log.error("Error initializing certificate store. storeDir="+storeDir, e);
-            }
-        }
-        loadChallenges();
-    }
-
-    public void doStop() throws Exception {
-    }
-
-    public static final GBeanInfo GBEAN_INFO;
-
-    static {
-        GBeanInfoBuilder infoFactory = GBeanInfoBuilder.createStatic(FileCertificateStore.class, "CertificateStore");
-        infoFactory.addAttribute("directoryPath", URI.class, true, false);
-        infoFactory.addAttribute("kernel", Kernel.class, false);
-        infoFactory.addAttribute("abstractName", AbstractName.class, false);
-        infoFactory.addReference("ServerInfo", ServerInfo.class, NameFactory.GERONIMO_SERVICE);
-        infoFactory.addInterface(CertificateStore.class);
-        infoFactory.setConstructor(new String[]{"ServerInfo", "directoryPath", "kernel", "abstractName"});
-
-        GBEAN_INFO = infoFactory.getBeanInfo();
-    }
-    
-    public static GBeanInfo getGBeanInfo() {
-        return GBEAN_INFO;
-    }
-}
+/**
+ *
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.security.ca;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.net.URI;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.Properties;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.geronimo.gbean.AbstractName;
+import org.apache.geronimo.gbean.GBeanInfo;
+import org.apache.geronimo.gbean.GBeanInfoBuilder;
+import org.apache.geronimo.gbean.GBeanLifecycle;
+import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
+import org.apache.geronimo.kernel.Kernel;
+import org.apache.geronimo.management.geronimo.CertificateStore;
+import org.apache.geronimo.management.geronimo.CertificateStoreException;
+import org.apache.geronimo.system.serverinfo.ServerInfo;
+import org.apache.geronimo.util.CaUtils;
+
+/**
+ * A certificate store implementation using disk files.
+ *
+ * @version $Rev$ $Date$
+ */
+
+public class FileCertificateStore implements CertificateStore, GBeanLifecycle {
+    private static final Log log = LogFactory.getLog(FileCertificateStore.class);
+
+    private ServerInfo serverInfo;
+    private Kernel kernel;
+    private AbstractName abstractName;
+    private URI directoryPath;
+    
+    // File name for storing the highest serial number in the store
+    private static final String SERIAL_NUMBER_FILE = "highest-serial-number.txt";
+    // Extension for certificate files.  Filename would be <serial-number>+CERT_FILE_SUFFIX
+    private static final String CERT_FILE_SUFFIX = ".txt";
+    // File name for storing CA's certificate
+    private static final String CA_CERT_FILE = "ca-cert.txt";
+    // File name for storing Certificate Challenges
+    private static final String CHALLENGE_FILENAME = "challenge.properties";
+    private static final String CHALLENGE_FILE_HEADER = "Challenge File";
+    
+    // directory for the certificate store
+    private File storeDir = null;
+    
+    // File object of SERIAL_NUMBER_FILE cached
+    private File highestSerialFile = null;
+    // highest serial number cached
+    private BigInteger highestSerialNumber = null;
+    // Cerificate Challenges
+    private Properties challenges = null;
+    
+    /**
+     * Constructor
+     * @param storeDir directory for the certificate store
+     */
+    public FileCertificateStore(ServerInfo serverInfo, URI directoryPath, Kernel kernel, AbstractName abstractName) {
+        this.serverInfo = serverInfo;
+        this.kernel = kernel;
+        this.abstractName = abstractName;
+        this.directoryPath = directoryPath;
+    }
+    /**
+     * This method stores a given certificate.
+     * 
+     * @param cert Certificate to be stored
+     */
+    public void storeCertificate(Certificate cert) throws CertificateStoreException {
+        BigInteger sNo = ((X509Certificate)cert).getSerialNumber();
+        File certFile = new File(storeDir, sNo+CERT_FILE_SUFFIX);
+        try {
+            // Check if the highest serial number is less than the serial number of certificate to be stored.
+            if(sNo.compareTo(getHighestSerialNumber()) == 1) {
+                // store the current serial number so that getNextSerialNumber() will not result in duplicate
+                // serial number
+                setHighestSerialNumber(sNo);
+            }
+            
+            // Store the certificate to disk in base64 format
+            FileOutputStream fout = new FileOutputStream(certFile);
+            CaUtils.storeInBase64(fout, cert.getEncoded(), CaUtils.CERT_HEADER, CaUtils.CERT_FOOTER, CaUtils.B64_LINE_SIZE);
+            fout.close();
+        } catch (Exception e) {
+            throw new CertificateStoreException("Error while storing certificate.", e);
+        }
+    }
+
+    /**
+     * This method returns a Certificate with a given serial number (if it exists in the store)
+     * 
+     * @param sNo Serial Number of the certificate to be retrieved.
+     */
+    public Certificate getCertificate(BigInteger sNo) throws CertificateStoreException {
+        File certFile = new File(storeDir, sNo+CERT_FILE_SUFFIX);
+        if(!certFile.exists()) {
+            // No such certificate in the store.
+            throw new CertificateStoreException("No certificate with serial number "+sNo+" found.");
+        }
+        
+        // Read the certificate from disk and generate a java.security.cert.Certificate
+        try {
+            FileInputStream fin = new FileInputStream(certFile);
+            CertificateFactory certFac = CertificateFactory.getInstance("X.509");
+            Certificate cert = certFac.generateCertificate(fin);
+            fin.close();
+            return cert;
+        } catch (Exception e) {
+            throw new CertificateStoreException("Error while retrieving certificate.", e);
+        }
+    }
+
+    /**
+     * This method returns base64 encoded certificate with a given serial number (if it exists in the store)
+     * 
+     * @param sNo Serial Number of the certificate to be retrieved.
+     */
+    public String getCertificateBase64Text(BigInteger sNo) throws CertificateStoreException {
+        File certFile = new File(storeDir, sNo+CERT_FILE_SUFFIX);
+        if(!certFile.exists()) {
+            throw new CertificateStoreException("No certificate with serial number "+sNo+" found.");
+        }
+        FileInputStream fin;
+        try {
+            fin = new FileInputStream(certFile);
+            byte[] data = new byte[fin.available()];
+            fin.read(data);
+            fin.close();
+            return new String(data);
+        } catch (Exception e) {
+            throw new CertificateStoreException("Error while retrieving certificate.", e);
+        }
+    }
+    
+    /**
+     * This method returns the highest certificate serial number in the store.
+     */
+    public BigInteger getHighestSerialNumber() throws CertificateStoreException{
+        if(highestSerialNumber == null) {
+            // Value has not been cached.  Read from the disk.
+            try {
+                FileInputStream finp = new FileInputStream(highestSerialFile);
+                byte[] data = new byte[finp.available()];
+                finp.read(data);
+                finp.close();
+                highestSerialNumber = new BigInteger(new String(data).trim());
+            } catch (Exception e) {
+                throw new CertificateStoreException("Error while getting serial number.", e);
+            }
+        }
+        return highestSerialNumber;
+    }
+
+    /**
+     * This method returns the 'highest certificate serial number plus ONE' and increments the highest
+     * serial number in the store.
+     */
+    public BigInteger getNextSerialNumber() throws CertificateStoreException{
+        setHighestSerialNumber(getHighestSerialNumber().add(BigInteger.ONE));
+        return highestSerialNumber;
+    }
+
+    /**
+     * This method checks if a certificate with a given serial number exists in the store.
+     * 
+     * @param sNo Serial number of the certificate to be checked
+     */
+    public boolean containsCertificate(BigInteger sNo) {
+        File certFile = new File(storeDir, sNo+CERT_FILE_SUFFIX);
+        return certFile.exists();
+    }
+    
+    /**
+     * This method sets the highest serial number to a given value and updates the same to disk.
+     * @param sNo The serial number to be set
+     */
+    private void setHighestSerialNumber(BigInteger sNo) throws CertificateStoreException{
+        try {
+            highestSerialNumber = sNo;
+            FileOutputStream fout = new FileOutputStream(highestSerialFile);
+            fout.write(highestSerialNumber.toString().getBytes());
+            fout.close();
+        } catch (Exception e) {
+            throw new CertificateStoreException("Error while setting highest serial number.", e);
+        }
+    }
+    
+    /**
+     * This method stores the CA's certificate in the store.
+     * @param cert CA's certificate
+     */
+    public boolean storeCACertificate(Certificate cert) throws CertificateStoreException{
+        FileOutputStream fout = null;
+        try {
+            fout = new FileOutputStream(new File(storeDir, CA_CERT_FILE));
+            CaUtils.storeInBase64(fout, cert.getEncoded(), CaUtils.CERT_HEADER, CaUtils.CERT_FOOTER, CaUtils.B64_LINE_SIZE);
+            fout.close();
+            return true;
+        } catch (Exception e) {
+            throw new CertificateStoreException("Exception in storing CA certificate", e);
+        }
+    }
+
+    /**
+     * This method returns the CA's certificate stored in the store.
+     */
+    public Certificate getCACertificate() throws CertificateStoreException {
+        FileInputStream fin = null;
+        try {
+            fin = new FileInputStream(new File(storeDir, CA_CERT_FILE));
+            CertificateFactory certFac = CertificateFactory.getInstance("X.509");
+            Certificate cert = certFac.generateCertificate(fin);
+            fin.close();
+            return cert;
+        } catch (Exception e) {
+            throw new CertificateStoreException("Exception in getting CA certificate", e);
+        }
+    }
+    
+    /**
+     * This method stores the challenge phrase against the specified certificate serial number
+     * @param sNo  Serial number of the certificate
+     * @param challenge Challenge phrase
+     */
+    public boolean setCertificateChallenge(BigInteger sNo, String challenge) {
+        if(challenges == null) {
+            loadChallenges();
+        }
+        if(!challenges.containsKey(sNo.toString())) {
+            challenges.setProperty(sNo.toString(), challenge);
+            storeChallenges();
+            return true;
+        }
+        return false;
+    }
+
+    /**
+     * This methods stores the challenges map to disk
+     */
+    private void storeChallenges() {
+        if(challenges == null) loadChallenges();
+        File chFile = new File(storeDir, CHALLENGE_FILENAME);
+        FileOutputStream fout = null;
+        try {
+            fout = new FileOutputStream(chFile);
+            challenges.store(fout, CHALLENGE_FILE_HEADER);
+            fout.close();
+        } catch (Exception e) {
+            log.error("Exceptions while storing challenges file. File = "+chFile.getAbsolutePath(), e);
+        }
+        
+    }
+    
+    /**
+     * This method loads the challenges map from disk.
+     */
+    private void loadChallenges() {
+        File chFile = new File(storeDir, CHALLENGE_FILENAME);
+        FileInputStream fin = null;
+        try {
+            if(!chFile.exists())
+                chFile.createNewFile();
+            fin = new FileInputStream(chFile);
+            challenges = new Properties();
+            challenges.load(fin);
+            fin.close();
+        } catch (IOException e) {
+            log.error("Exceptions while loading challenges file. File = "+chFile.getAbsolutePath(), e);
+        }
+    }
+    
+    public void doFail() {
+    }
+
+    public void doStart() throws Exception {
+        serverInfo.resolveServer(directoryPath);
+        URI dirURI;
+        if (serverInfo != null) {
+            dirURI = serverInfo.resolve(directoryPath);
+        } else {
+            dirURI = directoryPath;
+        }
+        if (!dirURI.getScheme().equals("file")) {
+            throw new IllegalStateException("FileCertificateStore must have a root that's a local directory (not " + dirURI + ")");
+        }
+        storeDir = new File(dirURI);
+        if(!storeDir.exists()) {
+            storeDir.mkdirs();
+            log.debug("Created directory "+storeDir.getAbsolutePath());
+        } else if(!storeDir.isDirectory() || !storeDir.canRead()) {
+            throw new IllegalStateException("FileCertificateStore must have a root that's a valid readable directory (not " + storeDir.getAbsolutePath() + ")");
+        }
+        log.debug("CertificateStore directory is " + storeDir.getAbsolutePath());
+        highestSerialFile = new File(storeDir, SERIAL_NUMBER_FILE);
+        if(!highestSerialFile.exists()) {
+            // If the file does not exist, it means the certificate store is a new one.
+            // Start with ZERO
+            try {
+                setHighestSerialNumber(BigInteger.ZERO);
+            } catch(CertificateStoreException e) {
+                log.error("Error initializing certificate store. storeDir="+storeDir, e);
+            }
+        }
+        loadChallenges();
+    }
+
+    public void doStop() throws Exception {
+    }
+
+    public static final GBeanInfo GBEAN_INFO;
+
+    static {
+        GBeanInfoBuilder infoFactory = GBeanInfoBuilder.createStatic(FileCertificateStore.class, "CertificateStore");
+        infoFactory.addAttribute("directoryPath", URI.class, true, false);
+        infoFactory.addAttribute("kernel", Kernel.class, false);
+        infoFactory.addAttribute("abstractName", AbstractName.class, false);
+        infoFactory.addReference("ServerInfo", ServerInfo.class, NameFactory.GERONIMO_SERVICE);
+        infoFactory.addInterface(CertificateStore.class);
+        infoFactory.setConstructor(new String[]{"ServerInfo", "directoryPath", "kernel", "abstractName"});
+
+        GBEAN_INFO = infoFactory.getBeanInfo();
+    }
+    
+    public static GBeanInfo getGBeanInfo() {
+        return GBEAN_INFO;
+    }
+}

Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ca/FileCertificateStore.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ca/FileCertificateStore.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ca/FileCertificateStore.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ca/GeronimoCertificationAuthority.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ca/GeronimoCertificationAuthority.java?view=diff&rev=476291&r1=476290&r2=476291
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ca/GeronimoCertificationAuthority.java (original)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ca/GeronimoCertificationAuthority.java Fri Nov 17 12:05:24 2006
@@ -1,391 +1,391 @@
-/**
- *
- *  Licensed to the Apache Software Foundation (ASF) under one or more
- *  contributor license agreements.  See the NOTICE file distributed with
- *  this work for additional information regarding copyright ownership.
- *  The ASF licenses this file to You under the Apache License, Version 2.0
- *  (the "License"); you may not use this file except in compliance with
- *  the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-package org.apache.geronimo.security.ca;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.Signature;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateFactory;
-import java.util.Date;
-
-import javax.security.auth.x500.X500Principal;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.geronimo.gbean.AbstractName;
-import org.apache.geronimo.gbean.GBeanInfo;
-import org.apache.geronimo.gbean.GBeanInfoBuilder;
-import org.apache.geronimo.gbean.GBeanLifecycle;
-import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
-import org.apache.geronimo.kernel.Kernel;
-import org.apache.geronimo.management.geronimo.CertificateRequestStore;
-import org.apache.geronimo.management.geronimo.CertificateStore;
-import org.apache.geronimo.management.geronimo.CertificateStoreException;
-import org.apache.geronimo.management.geronimo.CertificationAuthority;
-import org.apache.geronimo.management.geronimo.CertificationAuthorityException;
-import org.apache.geronimo.management.geronimo.KeystoreException;
-import org.apache.geronimo.management.geronimo.KeystoreInstance;
-import org.apache.geronimo.system.serverinfo.ServerInfo;
-import org.apache.geronimo.util.CaUtils;
-import org.apache.geronimo.util.asn1.ASN1InputStream;
-import org.apache.geronimo.util.asn1.DERBitString;
-import org.apache.geronimo.util.asn1.DEREncodableVector;
-import org.apache.geronimo.util.asn1.DERInteger;
-import org.apache.geronimo.util.asn1.DERObject;
-import org.apache.geronimo.util.asn1.DERSequence;
-import org.apache.geronimo.util.asn1.pkcs.PKCSObjectIdentifiers;
-import org.apache.geronimo.util.asn1.x509.AlgorithmIdentifier;
-import org.apache.geronimo.util.asn1.x509.SubjectPublicKeyInfo;
-import org.apache.geronimo.util.asn1.x509.TBSCertificateStructure;
-import org.apache.geronimo.util.asn1.x509.Time;
-import org.apache.geronimo.util.asn1.x509.V3TBSCertificateGenerator;
-import org.apache.geronimo.util.asn1.x509.X509Name;
-
-/**
- * A Certification Authority implementation using KeystoreInstance to store CA's private key, 
- * CertificateStore to store issued certificates and CertificateRequestStore to store certificate requests
- *
- * @version $Rev$ $Date$
- */
-public class GeronimoCertificationAuthority implements CertificationAuthority, GBeanLifecycle {
-    private final static Log log = LogFactory.getLog(GeronimoCertificationAuthority.class);
-
-    private ServerInfo serverInfo;
-    private Kernel kernel;
-    private AbstractName abstractName;
-
-    // KeystoreInstance with CA's private key and certificate
-    private KeystoreInstance caKeystore = null;
-    // CertificateStore used to store all certificates issued by the CA
-    private CertificateStore certStore = null;
-    // Password for CA's keystore and private-key
-    private char[] password;
-    // CertificateRequestStore used to store certificate requests
-    private CertificateRequestStore certReqStore = null;
-    
-    // Cache variables
-    // Key alias
-    private String alias;
-    // CA's private key
-    private PrivateKey caPrivateKey;
-    // CA's public key
-    private PublicKey caPublicKey;
-    // CA's own certificate
-    private Certificate caCert;
-    // CA's name
-    private X509Name caName;
-    
-    /**
-     * Constructor
-     * 
-     * @param instance KeystoreInstance containing CA's private-key and certificate
-     * @param certStore CertificateStore for storing certificates issued by this CA
-     * @param certReqStore CeetificateRequestStore for storing certificates requests
-     */
-    public GeronimoCertificationAuthority(ServerInfo serverInfo, KeystoreInstance caKeystore, CertificateStore certStore, CertificateRequestStore certReqStore, Kernel kernel, AbstractName abstractName) {
-        if(caKeystore == null) throw new IllegalArgumentException("caKeystore is null.");
-        if(certStore == null) throw new IllegalArgumentException("certStore is null");
-        if(certReqStore == null) throw new IllegalArgumentException("certReqStore is null");
-        this.serverInfo = serverInfo;
-        this.kernel = kernel;
-        this.abstractName = abstractName;
-        this.caKeystore = caKeystore;
-        this.certStore = certStore;
-        this.certReqStore = certReqStore;
-    }
-
-    /**
-     * This method checks if the CA is locked.
-     * @return true if CA is locked, false otherwise.
-     */
-    public boolean isLocked() {
-        return password == null;
-    }
-    
-    /**
-     * This method locks the CA.
-     */
-     public void lock() {
-        try {
-            caKeystore.lockKeystore(password);
-        } catch (KeystoreException e) {
-            log.error("Error locking CA.", e);
-        }
-        password = null;
-        caName = null;
-        caCert = null;
-        caPrivateKey = null;
-        alias = null;
-    }
-    
-     /**
-      * This method unlocks the CA.
-      * @param password Password to unlock the CA.
-      */
-    public void unlock(char[] password) throws CertificationAuthorityException{
-        try {
-            this.password = password;
-            caKeystore.unlockKeystore(password);
-            alias = caKeystore.listPrivateKeys(password)[0];
-            caKeystore.unlockPrivateKey(alias, password, password);
-            caCert = caKeystore.getCertificate(alias, password);
-            caName = CaUtils.getSubjectX509Name(caCert);
-            caPrivateKey = caKeystore.getPrivateKey(alias, password, password);
-            caPublicKey = caCert.getPublicKey();
-        } catch(Exception e) {
-            throw new CertificationAuthorityException("Errors in unlocking CA.", e);
-        }
-    }
-    
-    /**
-     * This method returns CA's name.
-     * @throws Exception if CA is locked.
-     */
-    public X500Principal getName() throws CertificationAuthorityException {
-        if(isLocked()) throw new CertificationAuthorityException("CA is locked.");
-        try {
-            return new X500Principal(caName.getEncoded());
-        } catch (IOException e) {
-            throw new CertificationAuthorityException("Error in getting CA name.", e);
-        }
-    }
-
-    /**
-     * This method returns CA's own certificate.
-     * @throws Exception if CA is locked.
-     */
-    public Certificate getCertificate() throws CertificationAuthorityException {
-        if(caCert == null) throw new CertificationAuthorityException("CA Certificate is null. CA may be locked.");
-        try {
-            return caCert = caKeystore.getCertificate(alias, password);
-        } catch (KeystoreException e) {
-            log.error("Error getting CA's certificate.", e);
-        }
-        return null;
-    }
-    
-    /**
-     * This method makes the CA issue a self-signed certificate with given details.  This method is usually
-     * called while initializing the CA.
-     * 
-     * @param sNo Serial number for self-signed certificate
-     * @param validFromDate Certificate validity period start date
-     * @param validToDate Certificate validity period end date
-     * @param algorithm Signature algorithm for self-signed certificate
-     */
-    public void issueOwnCertificate(BigInteger sNo, Date validFromDate, Date validToDate, String algorithm) throws CertificationAuthorityException{
-        if(isLocked()) throw new CertificationAuthorityException("CA is locked.");
-        try {
-            PublicKey publicKey = caCert.getPublicKey();
-            Certificate cert = issueCertificate(getName(), publicKey, sNo, validFromDate, validToDate, algorithm);
-            caKeystore.importPKCS7Certificate(alias, CaUtils.base64Certificate(cert), password);
-            caCert = cert;
-        } catch(Exception e) {
-            throw new CertificationAuthorityException("Error in issuing own certificate.", e);
-        }
-    }
-    
-    /**
-     * This method issues a certificate.
-     * 
-     * @param subject Subject X500Principal
-     * @param publicKey Subject's public key 
-     * @param sNo Serial number for the certificate to be issued
-     * @param validFromDate Certificate validity period start date
-     * @param validToDate Certificate validity period end date
-     * @param algorithm Signature algorithm for the certificate
-     * @return newly issued certificate
-     */
-    public Certificate issueCertificate(X500Principal subject, PublicKey publicKey, BigInteger sNo, Date validFromDate, Date validToDate, String algorithm) throws CertificationAuthorityException{
-        if(isLocked()) throw new CertificationAuthorityException("CA is locked.");
-        try {
-            X509Name subName = CaUtils.getX509Name(subject);
-            Certificate cert = issueCertificate(subName, caName, sNo, publicKey, caPrivateKey, validFromDate, validToDate, algorithm);
-            cert.verify(caPublicKey);
-            certStore.storeCertificate(cert);
-            return cert;
-        } catch(Exception e) {
-            throw new CertificationAuthorityException("Error in issuing certificate.", e);
-        }
-    }
-    
-    /**
-     * This method returns the highest serial number used by the CA.
-     */
-    public BigInteger getHighestSerialNumber() throws CertificationAuthorityException {
-        if(isLocked()) throw new CertificationAuthorityException("CA is locked.");
-        try {
-            return certStore.getHighestSerialNumber();
-        } catch (CertificateStoreException e) {
-            throw new CertificationAuthorityException("Error in getting highest serial number for CA.", e);
-        }
-    }
-    
-    /**
-     * This method checks if a Certificate with a given serial number is already issued.
-     * @param sNo The serial number of the the certificate to be looked for
-     * @return true if a certificate with the specified serial number has already been issued
-     */
-    public boolean isCertificateIssued(BigInteger sNo) throws CertificationAuthorityException {
-        if(isLocked()) throw new CertificationAuthorityException("CA is locked.");
-        return certStore.containsCertificate(sNo);
-    }
-    
-    /**
-     * This method returns the next serial number that can be used to issue a certificate and increments the
-     * highest serial number.
-     */
-    public BigInteger getNextSerialNumber() throws CertificationAuthorityException {
-        if(isLocked()) throw new CertificationAuthorityException("CA is locked.");
-        try {
-            return certStore.getNextSerialNumber();
-        } catch (CertificateStoreException e) {
-            throw new CertificationAuthorityException("Error in getting next serial number for CA.", e);
-        }
-    }
-    
-    /**
-     * This method retrieves a certificate with the specified serial number.
-     * @param sNo The serial number of the certificate to be retrieved
-     * @return java.security.cert.Certificate instance of the certificate
-     */
-    public Certificate getCertificate(BigInteger sNo) throws CertificationAuthorityException {
-        if(isLocked()) throw new CertificationAuthorityException("CA is locked.");
-        try {
-            return certStore.getCertificate(sNo);
-        } catch (CertificateStoreException e) {
-            throw new CertificationAuthorityException("Error getting certificate. serial number = "+sNo, e);
-        }
-    }
-
-    /**
-     * This method retrieves a certificate with the specified serial number.
-     * @param sNo The serial number of the certificate to be retrieved
-     * @return base64 encoded certificate text
-     */
-     public String getCertificateBase64Text(BigInteger sNo) throws CertificationAuthorityException {
-        if(isLocked()) throw new CertificationAuthorityException("CA is locked.");
-        try {
-            return certStore.getCertificateBase64Text(sNo);
-        } catch (CertificateStoreException e) {
-            throw new CertificationAuthorityException("Error getting certificate. serial number = "+sNo, e);
-        }
-    }
-    
-    /**
-     * This method issues a certificate.
-     * @param subName Subject's name
-     * @param caName Issuer's name
-     * @param serialNum Serial number for the certificate
-     * @param subPubKey Subject's public key
-     * @param caPriKey Issuer's private key
-     * @param validFromDate Certificate validity period start date
-     * @param validToDate Certificate validity period end date
-     * @param algorithm Signature algorithm for the certificate
-     * @return issued certificate
-     */
-    private Certificate issueCertificate(X509Name subName, X509Name caName, BigInteger serialNum, PublicKey subPubKey, PrivateKey caPriKey, Date validFromDate, Date validToDate, String algorithm) throws Exception {
-        AlgorithmIdentifier algId = null;
-        if("MD2withRSA".equalsIgnoreCase(algorithm))
-            algId = new AlgorithmIdentifier(PKCSObjectIdentifiers.md2WithRSAEncryption);
-        else if("MD5withRSA".equalsIgnoreCase(algorithm))
-            algId = new AlgorithmIdentifier(PKCSObjectIdentifiers.md5WithRSAEncryption);
-        else if("SHA1withRSA".equalsIgnoreCase(algorithm))
-            algId = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1WithRSAEncryption);
-        else
-            throw new CertificationAuthorityException("Signature algorithm "+algorithm+" is not supported.");
-        
-        ASN1InputStream ais = new ASN1InputStream(subPubKey.getEncoded());
-        DERObject subPubkeyDerObj = ais.readObject();
-        SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(subPubkeyDerObj);
-        
-        // Create certificate generator and initialize fields
-        // Certificate version is v3
-        V3TBSCertificateGenerator v3certGen = new V3TBSCertificateGenerator();
-        // Subject info
-        v3certGen.setSubject(subName);
-        v3certGen.setSubjectPublicKeyInfo(subPubKeyInfo);
-        // Issuer info
-        v3certGen.setIssuer(caName);
-        // serial number
-        v3certGen.setSerialNumber(new DERInteger(serialNum));
-        // validity
-        v3certGen.setStartDate(new Time(validFromDate));
-        v3certGen.setEndDate(new Time(validToDate));
-        // signature algorithm
-        v3certGen.setSignature(algId);
-        
-        // Get the certificate info to be signed
-        TBSCertificateStructure tbsCert = v3certGen.generateTBSCertificate();
-        byte[] tobesigned = tbsCert.getEncoded();
-        
-        // Create the signature
-        Signature signatureObj = Signature.getInstance(algorithm);
-        signatureObj.initSign(caPriKey);
-        signatureObj.update(tobesigned);
-        byte[] signature = signatureObj.sign();
-        
-        // Compose tbsCert, algId and signature into a DER sequence.
-        // This will be the certificate in DER encoded form
-        DEREncodableVector certDerVec = new DEREncodableVector();
-        certDerVec.add(tbsCert);
-        certDerVec.add(algId);
-        certDerVec.add(new DERBitString(signature));
-        DERSequence certDerSeq = new DERSequence(certDerVec);
-        byte[] certData = certDerSeq.getEncoded();
-        
-        // Create a java.security.cert.Certificate object
-        Certificate certificate = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(certData));
-
-        return certificate;
-    }
-
-    public void doFail() {
-    }
-
-    public void doStart() throws Exception {
-        if(caKeystore.isKeystoreLocked()) {
-            lock();
-        }
-    }
-
-    public void doStop() throws Exception {
-    }
-    public static final GBeanInfo GBEAN_INFO;
-
-    static {
-        GBeanInfoBuilder infoFactory = GBeanInfoBuilder.createStatic(GeronimoCertificationAuthority.class, "CertificationAuthority");
-        infoFactory.addAttribute("kernel", Kernel.class, false);
-        infoFactory.addAttribute("abstractName", AbstractName.class, false);
-        infoFactory.addReference("ServerInfo", ServerInfo.class, NameFactory.GERONIMO_SERVICE);
-        infoFactory.addReference("KeystoreInstance", KeystoreInstance.class, NameFactory.KEYSTORE_INSTANCE);
-        infoFactory.addReference("CertificateStore", CertificateStore.class, "CertificateStore");
-        infoFactory.addReference("CertificateRequestStore", CertificateRequestStore.class, "CertificateRequestStore");
-        infoFactory.addInterface(CertificationAuthority.class);
-        infoFactory.setConstructor(new String[]{"ServerInfo", "KeystoreInstance", "CertificateStore", "CertificateRequestStore", "kernel", "abstractName"});
-
-        GBEAN_INFO = infoFactory.getBeanInfo();
-    }
-    public static GBeanInfo getGBeanInfo() {
-        return GBEAN_INFO;
-    }
-}
+/**
+ *
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.security.ca;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.Signature;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateFactory;
+import java.util.Date;
+
+import javax.security.auth.x500.X500Principal;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.geronimo.gbean.AbstractName;
+import org.apache.geronimo.gbean.GBeanInfo;
+import org.apache.geronimo.gbean.GBeanInfoBuilder;
+import org.apache.geronimo.gbean.GBeanLifecycle;
+import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
+import org.apache.geronimo.kernel.Kernel;
+import org.apache.geronimo.management.geronimo.CertificateRequestStore;
+import org.apache.geronimo.management.geronimo.CertificateStore;
+import org.apache.geronimo.management.geronimo.CertificateStoreException;
+import org.apache.geronimo.management.geronimo.CertificationAuthority;
+import org.apache.geronimo.management.geronimo.CertificationAuthorityException;
+import org.apache.geronimo.management.geronimo.KeystoreException;
+import org.apache.geronimo.management.geronimo.KeystoreInstance;
+import org.apache.geronimo.system.serverinfo.ServerInfo;
+import org.apache.geronimo.util.CaUtils;
+import org.apache.geronimo.util.asn1.ASN1InputStream;
+import org.apache.geronimo.util.asn1.DERBitString;
+import org.apache.geronimo.util.asn1.DEREncodableVector;
+import org.apache.geronimo.util.asn1.DERInteger;
+import org.apache.geronimo.util.asn1.DERObject;
+import org.apache.geronimo.util.asn1.DERSequence;
+import org.apache.geronimo.util.asn1.pkcs.PKCSObjectIdentifiers;
+import org.apache.geronimo.util.asn1.x509.AlgorithmIdentifier;
+import org.apache.geronimo.util.asn1.x509.SubjectPublicKeyInfo;
+import org.apache.geronimo.util.asn1.x509.TBSCertificateStructure;
+import org.apache.geronimo.util.asn1.x509.Time;
+import org.apache.geronimo.util.asn1.x509.V3TBSCertificateGenerator;
+import org.apache.geronimo.util.asn1.x509.X509Name;
+
+/**
+ * A Certification Authority implementation using KeystoreInstance to store CA's private key, 
+ * CertificateStore to store issued certificates and CertificateRequestStore to store certificate requests
+ *
+ * @version $Rev$ $Date$
+ */
+public class GeronimoCertificationAuthority implements CertificationAuthority, GBeanLifecycle {
+    private final static Log log = LogFactory.getLog(GeronimoCertificationAuthority.class);
+
+    private ServerInfo serverInfo;
+    private Kernel kernel;
+    private AbstractName abstractName;
+
+    // KeystoreInstance with CA's private key and certificate
+    private KeystoreInstance caKeystore = null;
+    // CertificateStore used to store all certificates issued by the CA
+    private CertificateStore certStore = null;
+    // Password for CA's keystore and private-key
+    private char[] password;
+    // CertificateRequestStore used to store certificate requests
+    private CertificateRequestStore certReqStore = null;
+    
+    // Cache variables
+    // Key alias
+    private String alias;
+    // CA's private key
+    private PrivateKey caPrivateKey;
+    // CA's public key
+    private PublicKey caPublicKey;
+    // CA's own certificate
+    private Certificate caCert;
+    // CA's name
+    private X509Name caName;
+    
+    /**
+     * Constructor
+     * 
+     * @param instance KeystoreInstance containing CA's private-key and certificate
+     * @param certStore CertificateStore for storing certificates issued by this CA
+     * @param certReqStore CeetificateRequestStore for storing certificates requests
+     */
+    public GeronimoCertificationAuthority(ServerInfo serverInfo, KeystoreInstance caKeystore, CertificateStore certStore, CertificateRequestStore certReqStore, Kernel kernel, AbstractName abstractName) {
+        if(caKeystore == null) throw new IllegalArgumentException("caKeystore is null.");
+        if(certStore == null) throw new IllegalArgumentException("certStore is null");
+        if(certReqStore == null) throw new IllegalArgumentException("certReqStore is null");
+        this.serverInfo = serverInfo;
+        this.kernel = kernel;
+        this.abstractName = abstractName;
+        this.caKeystore = caKeystore;
+        this.certStore = certStore;
+        this.certReqStore = certReqStore;
+    }
+
+    /**
+     * This method checks if the CA is locked.
+     * @return true if CA is locked, false otherwise.
+     */
+    public boolean isLocked() {
+        return password == null;
+    }
+    
+    /**
+     * This method locks the CA.
+     */
+     public void lock() {
+        try {
+            caKeystore.lockKeystore(password);
+        } catch (KeystoreException e) {
+            log.error("Error locking CA.", e);
+        }
+        password = null;
+        caName = null;
+        caCert = null;
+        caPrivateKey = null;
+        alias = null;
+    }
+    
+     /**
+      * This method unlocks the CA.
+      * @param password Password to unlock the CA.
+      */
+    public void unlock(char[] password) throws CertificationAuthorityException{
+        try {
+            this.password = password;
+            caKeystore.unlockKeystore(password);
+            alias = caKeystore.listPrivateKeys(password)[0];
+            caKeystore.unlockPrivateKey(alias, password, password);
+            caCert = caKeystore.getCertificate(alias, password);
+            caName = CaUtils.getSubjectX509Name(caCert);
+            caPrivateKey = caKeystore.getPrivateKey(alias, password, password);
+            caPublicKey = caCert.getPublicKey();
+        } catch(Exception e) {
+            throw new CertificationAuthorityException("Errors in unlocking CA.", e);
+        }
+    }
+    
+    /**
+     * This method returns CA's name.
+     * @throws Exception if CA is locked.
+     */
+    public X500Principal getName() throws CertificationAuthorityException {
+        if(isLocked()) throw new CertificationAuthorityException("CA is locked.");
+        try {
+            return new X500Principal(caName.getEncoded());
+        } catch (IOException e) {
+            throw new CertificationAuthorityException("Error in getting CA name.", e);
+        }
+    }
+
+    /**
+     * This method returns CA's own certificate.
+     * @throws Exception if CA is locked.
+     */
+    public Certificate getCertificate() throws CertificationAuthorityException {
+        if(caCert == null) throw new CertificationAuthorityException("CA Certificate is null. CA may be locked.");
+        try {
+            return caCert = caKeystore.getCertificate(alias, password);
+        } catch (KeystoreException e) {
+            log.error("Error getting CA's certificate.", e);
+        }
+        return null;
+    }
+    
+    /**
+     * This method makes the CA issue a self-signed certificate with given details.  This method is usually
+     * called while initializing the CA.
+     * 
+     * @param sNo Serial number for self-signed certificate
+     * @param validFromDate Certificate validity period start date
+     * @param validToDate Certificate validity period end date
+     * @param algorithm Signature algorithm for self-signed certificate
+     */
+    public void issueOwnCertificate(BigInteger sNo, Date validFromDate, Date validToDate, String algorithm) throws CertificationAuthorityException{
+        if(isLocked()) throw new CertificationAuthorityException("CA is locked.");
+        try {
+            PublicKey publicKey = caCert.getPublicKey();
+            Certificate cert = issueCertificate(getName(), publicKey, sNo, validFromDate, validToDate, algorithm);
+            caKeystore.importPKCS7Certificate(alias, CaUtils.base64Certificate(cert), password);
+            caCert = cert;
+        } catch(Exception e) {
+            throw new CertificationAuthorityException("Error in issuing own certificate.", e);
+        }
+    }
+    
+    /**
+     * This method issues a certificate.
+     * 
+     * @param subject Subject X500Principal
+     * @param publicKey Subject's public key 
+     * @param sNo Serial number for the certificate to be issued
+     * @param validFromDate Certificate validity period start date
+     * @param validToDate Certificate validity period end date
+     * @param algorithm Signature algorithm for the certificate
+     * @return newly issued certificate
+     */
+    public Certificate issueCertificate(X500Principal subject, PublicKey publicKey, BigInteger sNo, Date validFromDate, Date validToDate, String algorithm) throws CertificationAuthorityException{
+        if(isLocked()) throw new CertificationAuthorityException("CA is locked.");
+        try {
+            X509Name subName = CaUtils.getX509Name(subject);
+            Certificate cert = issueCertificate(subName, caName, sNo, publicKey, caPrivateKey, validFromDate, validToDate, algorithm);
+            cert.verify(caPublicKey);
+            certStore.storeCertificate(cert);
+            return cert;
+        } catch(Exception e) {
+            throw new CertificationAuthorityException("Error in issuing certificate.", e);
+        }
+    }
+    
+    /**
+     * This method returns the highest serial number used by the CA.
+     */
+    public BigInteger getHighestSerialNumber() throws CertificationAuthorityException {
+        if(isLocked()) throw new CertificationAuthorityException("CA is locked.");
+        try {
+            return certStore.getHighestSerialNumber();
+        } catch (CertificateStoreException e) {
+            throw new CertificationAuthorityException("Error in getting highest serial number for CA.", e);
+        }
+    }
+    
+    /**
+     * This method checks if a Certificate with a given serial number is already issued.
+     * @param sNo The serial number of the the certificate to be looked for
+     * @return true if a certificate with the specified serial number has already been issued
+     */
+    public boolean isCertificateIssued(BigInteger sNo) throws CertificationAuthorityException {
+        if(isLocked()) throw new CertificationAuthorityException("CA is locked.");
+        return certStore.containsCertificate(sNo);
+    }
+    
+    /**
+     * This method returns the next serial number that can be used to issue a certificate and increments the
+     * highest serial number.
+     */
+    public BigInteger getNextSerialNumber() throws CertificationAuthorityException {
+        if(isLocked()) throw new CertificationAuthorityException("CA is locked.");
+        try {
+            return certStore.getNextSerialNumber();
+        } catch (CertificateStoreException e) {
+            throw new CertificationAuthorityException("Error in getting next serial number for CA.", e);
+        }
+    }
+    
+    /**
+     * This method retrieves a certificate with the specified serial number.
+     * @param sNo The serial number of the certificate to be retrieved
+     * @return java.security.cert.Certificate instance of the certificate
+     */
+    public Certificate getCertificate(BigInteger sNo) throws CertificationAuthorityException {
+        if(isLocked()) throw new CertificationAuthorityException("CA is locked.");
+        try {
+            return certStore.getCertificate(sNo);
+        } catch (CertificateStoreException e) {
+            throw new CertificationAuthorityException("Error getting certificate. serial number = "+sNo, e);
+        }
+    }
+
+    /**
+     * This method retrieves a certificate with the specified serial number.
+     * @param sNo The serial number of the certificate to be retrieved
+     * @return base64 encoded certificate text
+     */
+     public String getCertificateBase64Text(BigInteger sNo) throws CertificationAuthorityException {
+        if(isLocked()) throw new CertificationAuthorityException("CA is locked.");
+        try {
+            return certStore.getCertificateBase64Text(sNo);
+        } catch (CertificateStoreException e) {
+            throw new CertificationAuthorityException("Error getting certificate. serial number = "+sNo, e);
+        }
+    }
+    
+    /**
+     * This method issues a certificate.
+     * @param subName Subject's name
+     * @param caName Issuer's name
+     * @param serialNum Serial number for the certificate
+     * @param subPubKey Subject's public key
+     * @param caPriKey Issuer's private key
+     * @param validFromDate Certificate validity period start date
+     * @param validToDate Certificate validity period end date
+     * @param algorithm Signature algorithm for the certificate
+     * @return issued certificate
+     */
+    private Certificate issueCertificate(X509Name subName, X509Name caName, BigInteger serialNum, PublicKey subPubKey, PrivateKey caPriKey, Date validFromDate, Date validToDate, String algorithm) throws Exception {
+        AlgorithmIdentifier algId = null;
+        if("MD2withRSA".equalsIgnoreCase(algorithm))
+            algId = new AlgorithmIdentifier(PKCSObjectIdentifiers.md2WithRSAEncryption);
+        else if("MD5withRSA".equalsIgnoreCase(algorithm))
+            algId = new AlgorithmIdentifier(PKCSObjectIdentifiers.md5WithRSAEncryption);
+        else if("SHA1withRSA".equalsIgnoreCase(algorithm))
+            algId = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1WithRSAEncryption);
+        else
+            throw new CertificationAuthorityException("Signature algorithm "+algorithm+" is not supported.");
+        
+        ASN1InputStream ais = new ASN1InputStream(subPubKey.getEncoded());
+        DERObject subPubkeyDerObj = ais.readObject();
+        SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(subPubkeyDerObj);
+        
+        // Create certificate generator and initialize fields
+        // Certificate version is v3
+        V3TBSCertificateGenerator v3certGen = new V3TBSCertificateGenerator();
+        // Subject info
+        v3certGen.setSubject(subName);
+        v3certGen.setSubjectPublicKeyInfo(subPubKeyInfo);
+        // Issuer info
+        v3certGen.setIssuer(caName);
+        // serial number
+        v3certGen.setSerialNumber(new DERInteger(serialNum));
+        // validity
+        v3certGen.setStartDate(new Time(validFromDate));
+        v3certGen.setEndDate(new Time(validToDate));
+        // signature algorithm
+        v3certGen.setSignature(algId);
+        
+        // Get the certificate info to be signed
+        TBSCertificateStructure tbsCert = v3certGen.generateTBSCertificate();
+        byte[] tobesigned = tbsCert.getEncoded();
+        
+        // Create the signature
+        Signature signatureObj = Signature.getInstance(algorithm);
+        signatureObj.initSign(caPriKey);
+        signatureObj.update(tobesigned);
+        byte[] signature = signatureObj.sign();
+        
+        // Compose tbsCert, algId and signature into a DER sequence.
+        // This will be the certificate in DER encoded form
+        DEREncodableVector certDerVec = new DEREncodableVector();
+        certDerVec.add(tbsCert);
+        certDerVec.add(algId);
+        certDerVec.add(new DERBitString(signature));
+        DERSequence certDerSeq = new DERSequence(certDerVec);
+        byte[] certData = certDerSeq.getEncoded();
+        
+        // Create a java.security.cert.Certificate object
+        Certificate certificate = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(certData));
+
+        return certificate;
+    }
+
+    public void doFail() {
+    }
+
+    public void doStart() throws Exception {
+        if(caKeystore.isKeystoreLocked()) {
+            lock();
+        }
+    }
+
+    public void doStop() throws Exception {
+    }
+    public static final GBeanInfo GBEAN_INFO;
+
+    static {
+        GBeanInfoBuilder infoFactory = GBeanInfoBuilder.createStatic(GeronimoCertificationAuthority.class, "CertificationAuthority");
+        infoFactory.addAttribute("kernel", Kernel.class, false);
+        infoFactory.addAttribute("abstractName", AbstractName.class, false);
+        infoFactory.addReference("ServerInfo", ServerInfo.class, NameFactory.GERONIMO_SERVICE);
+        infoFactory.addReference("KeystoreInstance", KeystoreInstance.class, NameFactory.KEYSTORE_INSTANCE);
+        infoFactory.addReference("CertificateStore", CertificateStore.class, "CertificateStore");
+        infoFactory.addReference("CertificateRequestStore", CertificateRequestStore.class, "CertificateRequestStore");
+        infoFactory.addInterface(CertificationAuthority.class);
+        infoFactory.setConstructor(new String[]{"ServerInfo", "KeystoreInstance", "CertificateStore", "CertificateRequestStore", "kernel", "abstractName"});
+
+        GBEAN_INFO = infoFactory.getBeanInfo();
+    }
+    public static GBeanInfo getGBeanInfo() {
+        return GBEAN_INFO;
+    }
+}

Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ca/GeronimoCertificationAuthority.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ca/GeronimoCertificationAuthority.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ca/GeronimoCertificationAuthority.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain



Mime
View raw message