KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > com > sun > enterprise > security > NSSSocketFactory


1 /*
2  * The contents of this file are subject to the terms
3  * of the Common Development and Distribution License
4  * (the License). You may not use this file except in
5  * compliance with the License.
6  *
7  * You can obtain a copy of the license at
8  * https://glassfish.dev.java.net/public/CDDLv1.0.html or
9  * glassfish/bootstrap/legal/CDDLv1.0.txt.
10  * See the License for the specific language governing
11  * permissions and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL
14  * Header Notice in each file and include the License file
15  * at glassfish/bootstrap/legal/CDDLv1.0.txt.
16  * If applicable, add the following below the CDDL Header,
17  * with the fields enclosed by brackets [] replaced by
18  * you own identifying information:
19  * "Portions Copyrighted [year] [name of copyright owner]"
20  *
21  * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
22  */
23 package com.sun.enterprise.security;
24
25 import com.sun.enterprise.security.SecurityUtil;
26 import com.sun.enterprise.server.pluggable.SecuritySupport;
27
28 import java.io.IOException JavaDoc;
29 import java.security.KeyStore JavaDoc;
30 import java.security.KeyStoreException JavaDoc;
31 import java.util.Enumeration JavaDoc;
32 import javax.net.ssl.KeyManagerFactory;
33 import javax.net.ssl.TrustManagerFactory;
34 import javax.net.ssl.KeyManager;
35 import javax.net.ssl.TrustManager;
36 import javax.net.ssl.X509KeyManager;
37
38 import org.apache.tomcat.util.net.jsse.JSSE14SocketFactory;
39 import org.apache.tomcat.util.net.jsse.JSSEKeyManager;
40
41 /**
42  * NSS Socket Factory.
43  *
44  * @author Jean-Francois Arcand
45  */
46 public class NSSSocketFactory extends JSSE14SocketFactory {
47
48     final public static String JavaDoc INTERNAL_TOKEN = "NSS Certificate DB";
49     
50     public NSSSocketFactory() {
51         super();
52     }
53        
54     
55     /*
56      * Gets the SSL server's keystore.
57      */
58     protected KeyStore JavaDoc getKeystore(String JavaDoc type, String JavaDoc pass) throws IOException JavaDoc {
59         String JavaDoc keyAlias = (String JavaDoc)attributes.get("keyAlias");
60         String JavaDoc token = getTokenFromKeyAlias(keyAlias);
61         SecuritySupport secSupp = SecurityUtil.getSecuritySupport();
62         KeyStore JavaDoc ks = secSupp.getKeyStore(token);
63         if (ks==null) {
64             throw new IOException JavaDoc("keystore not found for token " + token);
65         }
66         return ks;
67     }
68     
69     
70     /*
71      * Gets the SSL server's truststore. JDK 1.5 provider has
72      * issues in loading some of the NSStrust certs. In is case, we have our native
73      * code to load all trust certs and put it into a keystore. That is why we
74      * will have more than one keyStores even in flat file NSS. In General,
75      * we even cannot assume there is only one keystores. In case of hardware
76      * accelerators, there will be multiple (one for earch HW).
77      */
78     protected KeyStore JavaDoc getTrustStore(String JavaDoc keystoreType) throws IOException JavaDoc {
79         try {
80             return SSLUtils.mergingTrustStores(
81                            SecurityUtil.getSecuritySupport().getTrustStores());
82         } catch (Exception JavaDoc ex) {
83             throw new IOException JavaDoc(ex.getMessage());
84         }
85     }
86
87     /**
88      * Gets the initialized key managers.
89      */
90     protected KeyManager[] getKeyManagers(String JavaDoc keystoreType,
91                                           String JavaDoc algorithm,
92                                           String JavaDoc keyAlias)
93                 throws Exception JavaDoc {
94         KeyManager[] kms = null;
95         SecuritySupport secSupp = SecurityUtil.getSecuritySupport();
96         String JavaDoc token=getTokenFromKeyAlias(keyAlias);
97         String JavaDoc certAlias = getCertAliasFromKeyAlias(keyAlias);
98         String JavaDoc keystorePass = secSupp.getKeyStorePassword(token);
99         KeyStore JavaDoc ks = secSupp.getKeyStore(token);
100         if (ks==null) {
101             throw new IOException JavaDoc("keystore not found for token " + token);
102         }
103         KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
104         kmf.init(ks, keystorePass.toCharArray());
105         kms = kmf.getKeyManagers();
106         for(int i=0; certAlias!=null && i<kms.length; i++) {
107             kms[i] = new JSSEKeyManager((X509KeyManager)kms[i], certAlias);
108         }
109         return kms;
110     }
111     
112     private static String JavaDoc getTokenFromKeyAlias(String JavaDoc keyAlias) {
113         String JavaDoc token = null;
114         if (keyAlias!=null) {
115             int idx = keyAlias.indexOf(':');
116             if (idx != -1) {
117                 token = keyAlias.substring(0, idx);
118             }
119         }
120         if (token==null) {
121             token = INTERNAL_TOKEN;
122         } else {
123             token = token.trim();
124         }
125         return token;
126     }
127
128     /**
129      * @param keyAlias format is "token:certAlias" or "certAlias"
130      *
131      * in Appserver design, the "token" name part serves two purposes
132      * (1) identify the token in NSS DB
133      * e.g. ./modutil -list -dbdir /export/sonia/appserver/domains/domain1/config/
134      * (2) "token:certAlias" WHOLE string is the cert alias in NSS
135      * for example ("nobody@test" is the token name):
136      * ./certutil -L -h nobody@test -d /export/sonia/appserver/domains/domain1/config
137      * Enter Password or Pin for "nobody@test":
138      * nobody@test:mps u,u,u
139      * nobody@test:J2EESQECA u,u,u
140      * nobody@test:AppServer1 u,u,u
141      * nobody@test:Server-Cert u,u,u
142      *
143      * JDK5 KeyStore of type "SunPKCS11" identifies cert by "certAlias" part of "token:certAlias"
144      */
145     private static String JavaDoc getCertAliasFromKeyAlias(String JavaDoc keyAlias) {
146         String JavaDoc certAlias = null;
147         if (keyAlias!=null) {
148             int idx = keyAlias.indexOf(':');
149             if (idx == -1) {
150                 certAlias = keyAlias;
151             } else {
152                 idx++;
153                 if (idx < keyAlias.length()-1 ) {
154                     certAlias = keyAlias.substring(idx);
155                 }
156             }
157         }
158         if (certAlias!=null)
159             certAlias = certAlias.trim();
160         return certAlias;
161     }
162
163 }
164
Popular Tags