KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > net > sf > jguard > ext > authentication > loginmodules > CertificateLoginModule


1 /*
2  jGuard is a security framework based on top of jaas (java authentication and authorization security).
3  it is written for web applications, to resolve simply, access control problems.
4  version $Name$
5  http://sourceforge.net/projects/jguard/
6
7  Copyright (C) 2004 Charles GAY
8
9  This library is free software; you can redistribute it and/or
10  modify it under the terms of the GNU Lesser General Public
11  License as published by the Free Software Foundation; either
12  version 2.1 of the License, or (at your option) any later version.
13
14  This library is distributed in the hope that it will be useful,
15  but WITHOUT ANY WARRANTY; without even the implied warranty of
16  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17  Lesser General Public License for more details.
18
19  You should have received a copy of the GNU Lesser General Public
20  License along with this library; if not, write to the Free Software
21  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22
23
24  jGuard project home page:
25  http://sourceforge.net/projects/jguard/
26
27  */
28 package net.sf.jguard.ext.authentication.loginmodules;
29
30 import java.lang.reflect.Array JavaDoc;
31 import java.security.cert.CertificateParsingException JavaDoc;
32 import java.security.cert.X509Certificate JavaDoc;
33 import java.util.Arrays JavaDoc;
34 import java.util.Collection JavaDoc;
35 import java.util.Iterator JavaDoc;
36 import java.util.List JavaDoc;
37 import java.util.Set JavaDoc;
38 import java.util.logging.Logger JavaDoc;
39
40 import javax.security.auth.Subject JavaDoc;
41 import javax.security.auth.login.LoginException JavaDoc;
42 import javax.security.auth.spi.LoginModule JavaDoc;
43
44 import net.sf.jguard.core.authentication.credentials.JGuardCredential;
45 import net.sf.jguard.ext.SecurityConstants;
46
47 /**
48  * Base class for LoginModules related to certificate.
49  * @author <a HREF="mailto:diabolo512@users.sourceforge.net">Charles Gay</a>
50  * @see CRLLoginModule
51  * @see OCSPLoginModule
52  * @since 1.0.0
53  */
54 public abstract class CertificateLoginModule implements LoginModule JavaDoc {
55
56     
57     private static final Logger JavaDoc logger = Logger.getLogger(CertificateLoginModule.class.getName());
58     protected Subject JavaDoc subject;
59     protected boolean loginOK = true;
60     protected X509Certificate JavaDoc[] certChainToCheck;
61     /**
62      *
63      * @see javax.security.auth.spi.LoginModule#abort()
64      */
65     public boolean abort() throws LoginException JavaDoc {
66         if(subject!= null){
67               subject.getPrincipals().clear();
68               subject.getPrivateCredentials().clear();
69               subject.getPublicCredentials().clear();
70         }
71         return true;
72     }
73     public boolean commit() throws LoginException JavaDoc {
74         if(loginOK){
75             return certificateCommit();
76         }else{
77             return false;
78         }
79     }
80
81     
82
83     /**
84      *
85      * @see javax.security.auth.spi.LoginModule#logout()
86      */
87     public boolean logout() throws LoginException JavaDoc {
88         subject.getPrincipals().clear();
89         subject.getPublicCredentials().clear();
90         subject.getPrivateCredentials().clear();
91         return true;
92     }
93
94
95     
96     protected boolean certificateCommit() throws LoginException JavaDoc {
97         Set JavaDoc publicCredentials = this.subject.getPublicCredentials();
98         List JavaDoc certs = Arrays.asList(this.certChainToCheck);
99         //we only use the first certificate which is the one assigned to user
100 X509Certificate JavaDoc cert = (X509Certificate JavaDoc)certs.get(0);
101         subject.getPrincipals().add(cert.getSubjectX500Principal());
102         
103         
104         if(cert.getSubjectUniqueID()!=null){
105             JGuardCredential credential1 = new JGuardCredential();
106             credential1.setId(SecurityConstants.UNIQUE_ID);
107             credential1.setValue(cert.getSubjectUniqueID());
108             publicCredentials.add(credential1);
109         }
110         
111         Collection JavaDoc altNames=null;
112         try {
113             altNames = cert.getSubjectAlternativeNames();
114         } catch (CertificateParsingException JavaDoc e) {
115             logger.severe(" certificate cannot be parsed ");
116             //alternativeNames must be valid unless they don't exist
117 throw new LoginException JavaDoc(e.getMessage());
118         }
119         if(altNames==null){
120             return true;
121         }
122         int count = 0;
123         //populate alternativeNames
124 Iterator JavaDoc itAltNames = altNames.iterator();
125         while(itAltNames.hasNext()){
126             List JavaDoc extensionEntry = (List JavaDoc)itAltNames.next();
127             Integer JavaDoc nameType = (Integer JavaDoc) extensionEntry.get(0);
128             Object JavaDoc name = extensionEntry.get(1);
129             byte[] nameAsBytes = null;
130             JGuardCredential credential = new JGuardCredential();
131             credential.setId(SecurityConstants.ALTERNATIVE_NAME+"#"+count);
132             if(name instanceof Array JavaDoc){
133                 nameAsBytes = (byte[]) name;
134             }
135             if(nameAsBytes!= null){
136                 credential.setValue(nameType+"#"+new String JavaDoc(nameAsBytes));
137             }else{
138                 credential.setValue(nameType+"#"+(String JavaDoc)name);
139             }
140             publicCredentials.add(credential);
141             count++;
142         }
143
144         return true;
145     }
146 }
147
Popular Tags