KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > com > sun > enterprise > security > ssl > J2EEKeyManager


1 /*
2  * The contents of this file are subject to the terms
3  * of the Common Development and Distribution License
4  * (the License). You may not use this file except in
5  * compliance with the License.
6  *
7  * You can obtain a copy of the license at
8  * https://glassfish.dev.java.net/public/CDDLv1.0.html or
9  * glassfish/bootstrap/legal/CDDLv1.0.txt.
10  * See the License for the specific language governing
11  * permissions and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL
14  * Header Notice in each file and include the License file
15  * at glassfish/bootstrap/legal/CDDLv1.0.txt.
16  * If applicable, add the following below the CDDL Header,
17  * with the fields enclosed by brackets [] replaced by
18  * you own identifying information:
19  * "Portions Copyrighted [year] [name of copyright owner]"
20  *
21  * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
22  */
23 package com.sun.enterprise.security.ssl;
24
25 import java.net.Socket JavaDoc;
26 import java.util.HashMap JavaDoc;
27 import java.util.Iterator JavaDoc;
28 import java.util.Map JavaDoc;
29 import java.security.Principal JavaDoc;
30 import java.security.PrivateKey JavaDoc;
31 import java.security.cert.X509Certificate JavaDoc;
32 import javax.net.ssl.X509KeyManager;
33 import javax.security.auth.Subject JavaDoc;
34
35 import com.sun.enterprise.Switch;
36 import com.sun.enterprise.InvocationManager;
37 import com.sun.enterprise.ComponentInvocation;
38 import com.sun.enterprise.appclient.AppContainer;
39 import com.sun.enterprise.security.ClientSecurityContext;
40 import com.sun.enterprise.security.auth.login.X509CertificateCredential;
41 import com.sun.enterprise.security.auth.LoginContextDriver;
42 import com.sun.enterprise.InvocationException;
43 import java.util.logging.*;
44 import com.sun.logging.*;
45
46 /**
47  * This a J2EE specific Key Manager class that is used to select
48  * user certificates for SSL client authentication. It delegates most
49  * of the functionality to the provider specific KeyManager class.
50  * @author Vivek Nagar
51  * @author Harpreet Singh
52  */
53 public final class J2EEKeyManager implements X509KeyManager {
54
55     private static Logger _logger=null;
56     static {
57         _logger=LogDomains.getLogger(LogDomains.SECURITY_LOGGER);
58     }
59
60     private X509KeyManager mgr = null; // delegate
61
62     private String JavaDoc alias = null;
63
64     private Map JavaDoc tokenName2MgrMap = null;
65     private boolean supportTokenAlias = false;
66
67     public J2EEKeyManager(X509KeyManager mgr, String JavaDoc alias) {
68     this.mgr = mgr;
69     this.alias = alias;
70
71         if (mgr instanceof UnifiedX509KeyManager) {
72             UnifiedX509KeyManager umgr = (UnifiedX509KeyManager)mgr;
73             X509KeyManager[] mgrs = umgr.getX509KeyManagers();
74             String JavaDoc[] tokenNames = umgr.getTokenNames();
75
76             tokenName2MgrMap = new HashMap JavaDoc();
77             for (int i = 0; i < mgrs.length; i++) {
78                 if (tokenNames[i] != null) {
79                     tokenName2MgrMap.put(tokenNames[i], mgrs[i]);
80                 }
81             }
82             supportTokenAlias = (tokenName2MgrMap.size() > 0);
83         }
84     }
85
86     /**
87      * Choose the client alias that will be used to select the client
88      * certificate for SSL client auth.
89      * @param the keytype
90      * @param the certificate issuers.
91      * @param the socket used for this connection. This parameter can be null,
92      * in which case the method will return the most generic alias to use.
93      * @return the alias.
94      */
95     public String JavaDoc chooseClientAlias(String JavaDoc[] keyType, Principal JavaDoc[] issuers,
96     Socket JavaDoc socket) {
97         
98         String JavaDoc alias = null;
99         
100         if(this.alias == null){
101             InvocationManager im = Switch.getSwitch().getInvocationManager();
102             if(im == null) {
103                 // standalone client
104 alias = mgr.chooseClientAlias(keyType, issuers, socket);
105             } else {
106                 ComponentInvocation ci = im.getCurrentInvocation();
107                 
108                 if (ci == null) { // 4646060
109 throw new InvocationException();
110                 }
111                 
112                 Object JavaDoc containerContext = ci.getContainerContext();
113                 if(containerContext != null &&
114                 (containerContext instanceof AppContainer)) {
115                     
116                     ClientSecurityContext ctx = ClientSecurityContext.getCurrent();
117                     Subject JavaDoc s = ctx.getSubject();
118                     if(s == null) {
119                         // pass the handler and do the login
120 LoginContextDriver.doClientLogin(AppContainer.CERTIFICATE,
121                         AppContainer.getCallbackHandler());
122                         s = ctx.getSubject();
123                     }
124                     Iterator JavaDoc itr = s.getPrivateCredentials().iterator();
125                     while(itr.hasNext()) {
126                         Object JavaDoc o = itr.next();
127                         if(o instanceof X509CertificateCredential) {
128                             X509CertificateCredential crt =
129                             (X509CertificateCredential) o;
130                             alias = crt.getAlias();
131                             break;
132                         }
133                     }
134                 }
135             }
136         }else{
137             alias = this.alias;
138         }
139         if(_logger.isLoggable(Level.FINE)){
140             _logger.log(Level.FINE,
141             "Choose client Alias :" + alias);
142         }
143         return alias;
144     }
145
146     /**
147      * Choose the server alias that will be used to select the server
148      * certificate for SSL server auth.
149      * @param the keytype
150      * @param the certificate issuers.
151      * @param the socket used for this connection. This parameter can be null,
152      * in which case the method will return the most generic alias to use.
153      * @return the alias
154      */
155     public String JavaDoc chooseServerAlias(String JavaDoc keyType, Principal JavaDoc[] issuers,
156             Socket JavaDoc socket) {
157
158         String JavaDoc alias = null;
159         if(this.alias != null){
160             alias = this.alias;
161         }else{
162             alias = mgr.chooseServerAlias(keyType, issuers, socket);
163     }
164         if(_logger.isLoggable(Level.FINE)){
165             _logger.log(Level.FINE,"Choosing server alias :"+ alias);
166         }
167         return alias;
168     }
169
170     /**
171      * Return the certificate chain for the specified alias.
172      * @param the alias.
173      * @return the chain of X509 Certificates.
174      */
175     public X509Certificate JavaDoc[] getCertificateChain(String JavaDoc alias) {
176         if(_logger.isLoggable(Level.FINE)){
177             _logger.log(Level.FINE,"Getting certificate chain");
178         }
179         X509KeyManager keyMgr = getManagerFromToken(alias);
180         if (keyMgr != null) {
181             String JavaDoc aliasName = alias.substring(alias.indexOf(':') + 1);
182             return keyMgr.getCertificateChain(aliasName);
183         } else {
184             return mgr.getCertificateChain(alias);
185         }
186     }
187
188     /**
189      * Return all the available client aliases for the specified key type.
190      * @param the keytype
191      * @param the certificate issuers.
192      * @return the array of aliases.
193      */
194     public String JavaDoc[] getClientAliases(String JavaDoc keyType, Principal JavaDoc[] issuers) {
195         if(_logger.isLoggable(Level.FINE)){
196         _logger.log(Level.FINE,"Getting client aliases");
197         }
198     return mgr.getClientAliases(keyType, issuers);
199     }
200
201     /**
202      * Return all the available server aliases for the specified key type.
203      * @param the keytype
204      * @param the certificate issuers.
205      * @return the array of aliases.
206      */
207     public String JavaDoc[] getServerAliases(String JavaDoc keyType, Principal JavaDoc[] issuers) {
208         if(_logger.isLoggable(Level.FINE)){
209             _logger.log(Level.FINE,"Getting server aliases");
210         }
211         return mgr.getServerAliases(keyType, issuers);
212     }
213
214     /**
215      * Return the private key for the specified alias.
216      * @param the alias.
217      * @return the private key.
218      */
219     public PrivateKey JavaDoc getPrivateKey(String JavaDoc alias) {
220         if(_logger.isLoggable(Level.FINE)){
221         _logger.log(Level.FINE,"Getting private key for alias:" + alias);
222     }
223         X509KeyManager keyMgr = getManagerFromToken(alias);
224         if (keyMgr != null) {
225             String JavaDoc aliasName = alias.substring(alias.indexOf(':') + 1);
226             return keyMgr.getPrivateKey(aliasName);
227         } else {
228             return mgr.getPrivateKey(alias);
229         }
230     }
231
232     
233     /**
234      * Find the corresponding X509KeyManager associated to token in alias.
235      * It returns null if there is n
236      * @param tokenAlias of the form &lt;tokenName&gt;:&lt;aliasName&gt;
237      */
238     private X509KeyManager getManagerFromToken(String JavaDoc tokenAlias) {
239         X509KeyManager keyMgr = null;
240         int ind = -1;
241         if (supportTokenAlias && tokenAlias != null && (ind = tokenAlias.indexOf(':')) != -1) {
242             String JavaDoc tokenName = alias.substring(0, ind);
243             keyMgr = (X509KeyManager)tokenName2MgrMap.get(tokenName);
244         }
245         return keyMgr;
246     }
247 }
248
249
Popular Tags