1 23 package com.sun.enterprise.security.auth.login; 24 25 import java.util.Map ; 26 import java.util.Enumeration ; 27 import java.security.KeyStore ; 28 import java.security.cert.X509Certificate ; 29 import javax.net.ssl.*; 30 import javax.security.auth.*; 31 import javax.security.auth.callback.*; 32 import javax.security.auth.login.LoginException ; 33 import javax.security.auth.spi.LoginModule ; 34 import com.sun.enterprise.config.clientbeans.Ssl; 35 import com.sun.enterprise.deployment.PrincipalImpl; 36 import com.sun.enterprise.security.SSLUtils; 37 import com.sun.enterprise.util.LocalStringManagerImpl; 38 import com.sun.enterprise.security.auth.LoginContextDriver; 39 import java.util.logging.*; 40 import com.sun.logging.*; 41 42 43 56 57 public class ClientCertificateLoginModule implements LoginModule { 58 59 private static Logger _logger=null; 60 static { 61 _logger=LogDomains.getLogger(LogDomains.SECURITY_LOGGER); 62 } 63 64 private static LocalStringManagerImpl localStrings = 65 new LocalStringManagerImpl(ClientCertificateLoginModule.class); 66 67 private static KeyStore ks = null; 68 69 private Subject subject; 71 private CallbackHandler callbackHandler; 72 private Map sharedState; 73 private Map options; 74 75 private boolean debug = false; 78 private boolean succeeded = false; 80 private boolean commitSucceeded = false; 81 82 private String alias; 83 private X509Certificate certificate; 84 85 private PrincipalImpl userPrincipal; 87 88 105 public void initialize(Subject subject, CallbackHandler callbackHandler, 106 Map sharedState, Map options) { 107 108 109 this.subject = subject; 110 this.callbackHandler = callbackHandler; 111 this.sharedState = sharedState; 112 this.options = options; 113 114 debug = "true".equalsIgnoreCase((String )options.get("debug")); 116 117 init(); 118 } 119 120 123 private void init() { 124 try { 125 if(ks == null) { 126 SSLUtils.initStoresAtStartup(); 127 } 128 129 } catch(Exception e) { 130 _logger.log(Level.SEVERE,"java_security.initkeystore_exception",e); 131 } 132 } 133 134 135 148 public boolean login() throws LoginException { 149 150 if (callbackHandler == null){ 152 throw new LoginException ("Error: no CallbackHandler available " + 153 "to garner authentication information from the user"); 154 } 155 156 try { 157 String [] as = new String [ks.size()]; 158 String [] aliasString = new String [ks.size()]; 159 Enumeration aliases = ks.aliases(); 160 for(int i = 0; i < ks.size(); i++) { 161 aliasString[i] = (String ) aliases.nextElement(); 162 as[i] = ((X509Certificate )ks.getCertificate(aliasString[i])).getSubjectDN().getName(); 163 } 164 165 Callback[] callbacks = new Callback[1]; 166 callbacks[0] = new ChoiceCallback(localStrings.getLocalString("login.certificate", "Choose from list of certificates: "), as, 0, false); 167 168 callbackHandler.handle(callbacks); 169 String [] choices = ((ChoiceCallback)callbacks[0]).getChoices(); 170 int[] idx = ((ChoiceCallback)callbacks[0]).getSelectedIndexes(); 171 if (choices == null) { 172 } 174 if (idx == null) { 175 throw new LoginException ("No certificate selected!"); 176 } else if (idx[0] == -1){ 177 throw new LoginException ("Incorrect keystore password"); 178 } 179 if (debug) { 181 if(_logger.isLoggable(Level.FINE)){ 182 _logger.log(Level.FINE,"\t\t[ClientCertificateLoginModule] " + 183 "user entered certificate: "); 184 for (int i = 0; i < idx.length; i++){ 185 _logger.log(Level.FINE,aliasString[idx[i]]); 186 } 187 } 188 } 189 190 this.alias = aliasString[idx[0]]; 195 certificate = (X509Certificate ) ks.getCertificate(alias); 196 if (debug){ 198 if(_logger.isLoggable(Level.FINE)){ 199 _logger.log(Level.FINE,"\t\t[ClientCertificateLoginModule] " + 200 "authentication succeeded"); 201 } 202 } 203 succeeded = true; 204 return true; 205 } catch (java.io.IOException ioe) { 206 throw new LoginException (ioe.toString()); 207 } catch (UnsupportedCallbackException uce) { 208 throw new LoginException ("Error: " + uce.getCallback().toString() + 209 " not available to garner authentication information " + 210 "from the user"); 211 } catch (Exception e) { 212 throw new LoginException (e.toString()); 213 } 214 } 215 237 public boolean commit() throws LoginException { 238 if (succeeded == false) { 239 return false; 240 } else { 241 244 userPrincipal = new PrincipalImpl(alias); 246 if (!subject.getPrincipals().contains(userPrincipal)){ 247 subject.getPrincipals().add(userPrincipal); 248 } 249 250 if (debug) { 251 if(_logger.isLoggable(Level.FINE)){ 252 _logger.log(Level.FINE,"\t\t[ClientCertificateLoginModule] " + 253 "added PrincipalImpl to Subject"); 254 } 255 } 256 Ssl ssl = new Ssl(); 257 ssl.setCertNickname(this.alias); 258 SSLUtils.setAppclientSsl(ssl); 259 String realm = LoginContextDriver.CERT_REALMNAME; 260 X509Certificate [] certChain = new X509Certificate [1]; 261 certChain[0] = certificate; 262 X509CertificateCredential pc = 263 new X509CertificateCredential(certChain, alias, realm); 264 if(!subject.getPrivateCredentials().contains(pc)) { 265 subject.getPrivateCredentials().add(pc); 266 } 267 268 commitSucceeded = true; 269 return true; 270 } 271 } 272 273 291 public boolean abort() throws LoginException { 292 if (succeeded == false) { 293 return false; 294 } else if (succeeded == true && commitSucceeded == false) { 295 succeeded = false; 297 alias = null; 298 userPrincipal = null; 299 } else { 300 logout(); 303 } 304 return true; 305 } 306 307 320 public boolean logout() throws LoginException { 321 SSLUtils.setAppclientSsl(null); 323 324 subject.getPrincipals().remove(userPrincipal); 325 succeeded = false; 326 succeeded = commitSucceeded; 327 alias = null; 328 userPrincipal = null; 329 return true; 330 } 331 332 public static void setKeyStore(KeyStore keyStore) { 333 ks = keyStore; 334 } 335 } 336 | Popular Tags |