Java > Open Source Codes > com > sun > enterprise > tools > upgrade > certconversion > CertificateTransfer


1 /*
2  * The contents of this file are subject to the terms
3  * of the Common Development and Distribution License
4  * (the License). You may not use this file except in
5  * compliance with the License.
6  *
7  * You can obtain a copy of the license at
8  * https://glassfish.dev.java.net/public/CDDLv1.0.html or
9  * glassfish/bootstrap/legal/CDDLv1.0.txt.
10  * See the License for the specific language governing
11  * permissions and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL
14  * Header Notice in each file and include the License file
15  * at glassfish/bootstrap/legal/CDDLv1.0.txt.
16  * If applicable, add the following below the CDDL Header,
17  * with the fields enclosed by brackets [] replaced by
18  * you own identifying information:
19  * "Portions Copyrighted [year] [name of copyright owner]"
20  *
21  * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
22  */
23
24 /*
25  * CertificateTransfer.java
26  *
27  * Created on June 13, 2005, 11:40 AM
28  */
29
30 package com.sun.enterprise.tools.upgrade.certconversion;
31
32 import com.sun.enterprise.tools.upgrade.common.BaseModule;
33 import com.sun.enterprise.tools.upgrade.common.CommonInfoModel;
34 import com.sun.enterprise.tools.upgrade.common.UpgradeConstants;
35 import com.sun.enterprise.tools.upgrade.common.UpgradeUtils;
36 import com.sun.enterprise.util.i18n.StringManager;
37 import java.io.File ;
38 import java.io.IOException ;
39 import java.util.Enumeration ;
40 import java.util.Vector ;
41 import java.util.logging.Level ;
42 import java.util.logging.Logger ;
43
44 /**
45  * This class is for future use when the server supports the use of both
46  * NSS and JKS keystore types.
47  * The CertificateTransfer class copies the source certificate databases to the target server
48  * and configure the target to use the appropriate keystore type JKS/NSS
49  *
50  * @author Hans Hrasna
51  */
52 public class CertificateTransfer implements BaseModule {
53     
54     private StringManager stringManager = StringManager.getManager("com.sun.enterprise.tools.upgrade.certconversion");
55     private Logger logger = CommonInfoModel.getDefaultLogger();
56     private Vector recoveryList = new Vector ();
57     private UpgradeUtils utils;
58     private String JAVA_HOME;
59     private CommonInfoModel cim;
60     private String targetJksPath;
61     private String sourceJksPath;
62     private String targetCaJksPath;
63     private String sourceCaJksPath;
64     private String targetNssPath;
65     private String sourceNssPath;
66     private String targetCaNssPath;
67     private String sourceCaNssPath;
68     
69     private static String JKS_CERTS = "keystore.jks";
70     private static String CA_JKS_CERTS = "cacerts.jks";
71     private static String NSS_CERTS = "key3.db";
72     private static String CA_NSS_CERTS = "cert8.db";
73     private static String CA_70_CERTS = "cert7.db";
74     
75     /** Creates a new instance of CertificateTransfer */
76     public CertificateTransfer() {
77         JAVA_HOME = System.getProperty("com.sun.aas.java.home");
78     }
79     
80     public String getName() {
81         return stringManager.getString("enterprise.tools.upgrade.certconversion.moduleName");
82     }
83     
84     public boolean upgrade(CommonInfoModel cmi) {
85         cim = cmi;
86         logger.log(Level.INFO, stringManager.getString("enterprise.tools.upgrade.certconversion.start_certificate_migration",cmi.getCurrentDomain()));
87         targetJksPath = cim.getTargetJKSKeyStorePath();
88         sourceJksPath = cim.getSourceJKSKeyStorePath();
89         targetCaJksPath = cim.getTargetTrustedJKSKeyStorePath();
90         sourceCaJksPath = cim.getSourceTrustedJKSKeyStorePath();
91         String sourceConfigPath = cim.getSourceDomainPath()+ File.separator + "config";
92         String targetConfigPath = cim.getTargetConfig();
93         targetNssPath = targetConfigPath + File.separator + NSS_CERTS;
94         sourceNssPath = sourceConfigPath + File.separator + NSS_CERTS;
95         targetCaNssPath = targetConfigPath + File.separator + CA_NSS_CERTS;
96         if (cim.getSourceVersionAndEdition().equals(UpgradeConstants.VERSION_AS7X_PE)) {
97             sourceCaNssPath = sourceConfigPath + File.separator + CA_70_CERTS;
98         } else {
99             sourceCaNssPath = sourceConfigPath + File.separator + CA_NSS_CERTS;
100         }
101         utils = UpgradeUtils.getUpgradeUtils(cim);
102         String tv = cim.getTargetVersionAndEdition();
103         String sv = cim.getSourceVersionAndEdition();
104         
105         //8.0PE and 8.1PE have JKS certs
106 if(sv.equals(UpgradeConstants.VERSION_AS80_PE) || sv.equals(UpgradeConstants.VERSION_AS81_PE)) {
107             if(tv.equals(UpgradeConstants.VERSION_AS90_PE)) {
108                 return jksToJks();
109             } else if ( tv.equals(UpgradeConstants.VERSION_AS90_EE) ){
110                 return jksToNss();
111             }
112         }
113         //7.0PE, 7.1SE, 7.1EE, 8.0EE and 8.1EE have NSS certs
114 if(cim.getSourceVersion().equals(UpgradeConstants.VERSION_7X) ||
115                 sv.equals(UpgradeConstants.VERSION_AS81_EE)) {
116             if(tv.equals(UpgradeConstants.VERSION_AS90_PE)) {
117                 return nssToJks();
118             } else if ( tv.equals(UpgradeConstants.VERSION_AS90_EE) ){
119                 return nssToNss();
120             }
121         }
122         return false;
123     }
124     
125     /* Configure the appserver JDK java.security and the appserver to use JKS
126      * 1) Set the default provider in the Java Security properties file ($JAVA_HOME/lib/security/java.security)
127      * to sun.security.provider.Sun: security.provider.1=sun.security.provider.Sun
128      *
129      * 2) Set keystore.type=jks
130      *
131      * 3) Configure the appserver to use JKS certs
132       <jvm-options>
133         -Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.jks
134       </jvm-options>
135       <jvm-options>
136         -Djavax.net.ssl.trustStore=${com.sun.aas.instanceRoot}/config/cacerts.jks
137       </jvm-options>
138      */
139     private void configureJks() {
140         
141         //set keystore.type=jks
142 String securityFile = JAVA_HOME + File.separator + "lib" + File.separator + "security" + File.separator + "java.security";
143         File security = getSecurityFile();
144         if(!security.exists()){
145             logger.warning(stringManager.getString("enterprise.tools.upgrade.certconversion.errorConfiguringJKS"));
146             return;
147         }
148         
149         //TODO
150
151     }
152     
153     /* Configure the appserver JDK java.policy and the appserver to use PKCS#11
154      * Install the Sun PKCS#11 provider statically
155      *
156      * 1) Find/Create pkcs11.cfg
157      *
158      * 2) Set the default provider in the Java Security properties file ($JAVA_HOME/lib/security/java.security)
159      * to sun.security.pkcs11.SunPKCS11: security.provider.1=sun.security.pkcs11.SunPKCS11 /opt/bar/cfg/pkcs11.cfg
160      *
161      * 3) Set keystore.type=pkcs11
162      * security.provider.1=sun.security.pkcs11.SunPKCS11 /opt/bar/cfg/pkcs11.cfg
163      *
164      * Configure the appserver to use NSS certs
165       <jvm-options>
166         -Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/key3.db
167       </jvm-options>
168       <jvm-options>
169         -Djavax.net.ssl.trustStore=${com.sun.aas.instanceRoot}/config/certs8.db
170       </jvm-options>
171      */
172     
173     private void configureNss() {
174         File security = getSecurityFile();
175         if(!security.exists()){
176             logger.warning(stringManager.getString("enterprise.tools.upgrade.certconversion.errorConfiguringNSS"));
177             return;
178         }
179         //TODO
180
181     }
182     
183     /* Transfer and configure JKS certs to a target originally configured with NSS certs
184      **/
185     private boolean jksToNss() {
186         configureJks();
187         return copyJksCerts();
188     }
189     
190      /* Transfer and configure NSS certs to a target originally configured with JKS certs
191       **/
192     private boolean nssToJks() {
193         configureNss();
194         return copyNssCerts();
195         
196     }
197     
198     private boolean jksToJks() {
199         backupJksCerts();
200         return copyJksCerts();
201     }
202     
203     private boolean nssToNss() {
204         backupNssCerts();
205         return copyNssCerts();
206     }
207     
208     private boolean copyJksCerts() {
209         try {
210             utils.copyFile(sourceJksPath, targetJksPath);
211             utils.copyFile(sourceCaJksPath, targetCaJksPath);
212         } catch (Exception e) {
213             logger.log(Level.SEVERE, stringManager.getString("enterprise.tools.upgrade.certconversion.could_not_migrate_certificates",e));
214             return false;
215         }
216         return true;
217     }
218     
219     private boolean backupJksCerts() {
220         try {
221             backup(targetJksPath);
222             backup(targetCaJksPath);
223         } catch (Exception e) {
224             logger.log(Level.SEVERE, stringManager.getString("enterprise.tools.upgrade.certconversion.could_not_migrate_certificates",e));
225             return false;
226         }
227         return true;
228     }
229     
230     private boolean copyNssCerts() {
231         
232         try {
233             utils.copyFile(sourceNssPath, targetNssPath);
234             utils.copyFile(sourceCaNssPath, targetCaNssPath);
235         } catch (Exception e) {
236             logger.log(Level.SEVERE, stringManager.getString("enterprise.tools.upgrade.certconversion.could_not_migrate_certificates",e));
237             return false;
238         }
239         return true;
240     }
241     
242     private boolean backupNssCerts() {
243         try {
244             backup(targetNssPath);
245             backup(targetCaNssPath);
246         } catch (Exception e) {
247             logger.log(Level.SEVERE, stringManager.getString("enterprise.tools.upgrade.certconversion.could_not_migrate_certificates",e));
248             return false;
249         }
250         return true;
251     }
252     
253     private void backup(String filePath) throws IOException {
254         String backupFilePath = filePath + ".bak";
255         utils.copyFile(filePath, backupFilePath);
256         recoveryList.add(filePath);
257     }
258     
259     public void recovery(CommonInfoModel commonInfo) {
260         Enumeration e = recoveryList.elements();
261         while(e.hasMoreElements()){
262             String recoverPath = (String )e.nextElement();
263             String backupPath = recoverPath + ".bak";
264             try {
265                 utils.copyFile(backupPath, recoverPath);
266                 new File (backupPath).delete();
267             } catch (IOException ioe) {
268                 logger.log(Level.SEVERE, stringManager.getString("enterprise.tools.upgrade.certconversion.could_not_migrate_certificates",ioe.getMessage()),new Object []{recoverPath,ioe});
269             }
270         }
271     }
272     
273     /* @returns $JAVA_HOME/lib/security/java.security */
274     private File getSecurityFile(){
275         String securityFile = JAVA_HOME + File.separator + "lib" + File.separator + "security" + File.separator + "java.security";
276         return new File (securityFile);
277     }
278 }
279

A to Z: JavaDoc & Examples

---

Daily Java News & Articles

---

Open Source Projects

---

Open Source Codes

---

Free Computer Books

---

Remove Frame

---

Popular Tags