1 17 18 package org.apache.geronimo.security.realm.providers; 19 20 import java.io.IOException ; 21 import java.security.cert.Certificate ; 22 import java.security.cert.X509Certificate ; 23 import java.util.Map ; 24 import java.util.Set ; 25 import javax.security.auth.Subject ; 26 import javax.security.auth.callback.Callback ; 27 import javax.security.auth.callback.CallbackHandler ; 28 import javax.security.auth.callback.UnsupportedCallbackException ; 29 import javax.security.auth.login.LoginException ; 30 import javax.security.auth.spi.LoginModule ; 31 import javax.security.auth.x500.X500Principal ; 32 33 import org.apache.commons.logging.Log; 34 import org.apache.commons.logging.LogFactory; 35 36 37 52 public class CertificateChainLoginModule implements LoginModule { 53 private static Log log = LogFactory.getLog(CertificateChainLoginModule.class); 54 55 Subject subject; 56 CallbackHandler handler; 57 X500Principal principal; 58 59 public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { 60 this.subject = subject; 61 this.handler = callbackHandler; 62 } 73 74 75 76 public boolean login() throws LoginException { 77 Callback [] callbacks = new Callback [1]; 78 79 callbacks[0] = new CertificateChainCallback(); 80 try { 81 handler.handle(callbacks); 82 } catch (IOException ioe) { 83 throw (LoginException ) new LoginException ().initCause(ioe); 84 } catch (UnsupportedCallbackException uce) { 85 throw (LoginException ) new LoginException ().initCause(uce); 86 } 87 assert callbacks.length == 1; 88 Certificate [] certificateChain = ((CertificateChainCallback)callbacks[0]).getCertificateChain(); 89 if (certificateChain == null || certificateChain.length == 0) { 90 return false; 91 } 92 if (!(certificateChain[0] instanceof X509Certificate )) { 93 return false; 94 } 95 principal = ((X509Certificate )certificateChain[0]).getSubjectX500Principal(); 97 98 return true; 99 } 100 101 public boolean commit() throws LoginException { 102 Set principals = subject.getPrincipals(); 103 104 principals.add(principal); 105 principals.add(new GeronimoUserPrincipal(principal.getName())); 106 107 return true; 108 } 109 110 public boolean abort() throws LoginException { 111 principal = null; 112 113 return true; 114 } 115 116 public boolean logout() throws LoginException { 117 principal = null; 118 119 return true; 120 } 121 122 126 public String [] getPrincipalClassNames() { 127 return new String []{GeronimoUserPrincipal.class.getName()}; 128 } 129 130 } 131 | Popular Tags |