KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > geronimo > tomcat > HttpsConnectorGBean


1 /**
2  * Licensed to the Apache Software Foundation (ASF) under one or more
3  * contributor license agreements. See the NOTICE file distributed with
4  * this work for additional information regarding copyright ownership.
5  * The ASF licenses this file to You under the Apache License, Version 2.0
6  * (the "License"); you may not use this file except in compliance with
7  * the License. You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  */

17 package org.apache.geronimo.tomcat;
18
19 import java.util.Map JavaDoc;
20 import javax.net.ssl.KeyManagerFactory;
21
22 import org.apache.geronimo.management.geronimo.WebManager;
23 import org.apache.geronimo.system.serverinfo.ServerInfo;
24 import org.apache.geronimo.gbean.GBeanInfo;
25 import org.apache.geronimo.gbean.GBeanInfoBuilder;
26
27 /**
28  * A wrapper around a connector for the HTTPS protocol for Tomcat. The
29  * functionality is not different than the standard ConnectorGBean, but
30  * there's an additional set of HTTPS attributes exposed.
31  *
32  * @version $Revision: 1.0$
33  */

34 public class HttpsConnectorGBean extends ConnectorGBean implements TomcatSecureConnector {
35     private final ServerInfo serverInfo;
36     private String JavaDoc keystoreFileName;
37     private String JavaDoc truststoreFileName;
38     private String JavaDoc algorithm;
39
40     public HttpsConnectorGBean(String JavaDoc name, String JavaDoc protocol, String JavaDoc host, int port, TomcatContainer container, ServerInfo serverInfo) throws Exception JavaDoc {
41         super(name, protocol, host, port, container);
42
43         if (serverInfo == null){
44             throw new IllegalArgumentException JavaDoc("serverInfo cannot be null.");
45         }
46
47         this.serverInfo = serverInfo;
48     }
49
50     /**
51      * Adds any special parameters before constructing the connector.
52      *
53      * @param protocol Should be one of the constants from WebContainer.
54      * @param params The map of parameters that will be used to initialize the connector.
55      */

56     protected void initializeParams(String JavaDoc protocol, Map JavaDoc params) {
57         super.initializeParams(protocol, params);
58         params.put("scheme", "https");
59         params.put("secure", "true");
60     }
61
62     /**
63      * Ensures that this implementation can handle the requested protocol.
64      *
65      * @param protocol
66      */

67     protected void validateProtocol(String JavaDoc protocol) {
68         if(protocol != null && !protocol.equals(WebManager.PROTOCOL_HTTPS)) {
69             throw new IllegalStateException JavaDoc("HttpsConnectorGBean only supports "+WebManager.PROTOCOL_HTTPS);
70         }
71     }
72
73     /**
74      * Gets the name of the keystore file that holds the server certificate
75      * (and by default, the trusted CA certificates used for client certificate
76      * authentication). This is relative to the Geronimo home directory.
77      */

78     public String JavaDoc getKeystoreFileName() {
79         return keystoreFileName; // don't look it up as we need it to be relative
80
}
81
82     /**
83      * Sets the name of the keystore file that holds the server certificate
84      * (and by default, the trusted CA certificates used for client certificate
85      * authentication). This is relative to the Geronimo home directory.
86      */

87     public void setKeystoreFileName(String JavaDoc name) {
88         keystoreFileName = name;
89         connector.setAttribute("keystoreFile", serverInfo.resolveServerPath(keystoreFileName));
90     }
91
92     public String JavaDoc getTruststoreFileName() {
93         return truststoreFileName; // don't look it up as we need it to be relative
94
}
95
96     public void setTruststoreFileName(String JavaDoc name) {
97         truststoreFileName = name;
98         connector.setAttribute("truststoreFile", serverInfo.resolveServerPath(truststoreFileName));
99     }
100
101     /**
102      * Sets the password used to access the keystore, and by default, used to
103      * access the server private key inside the keystore. Not all connectors
104      * support configuring different passwords for those two features; if so,
105      * a separate PrivateKeyPassword should be defined in an
106      * implementation-specific connector interface.
107      */

108     public void setKeystorePassword(String JavaDoc password) {
109         connector.setAttribute("keystorePass", password);
110     }
111
112     public void setTruststorePassword(String JavaDoc password) {
113         connector.setAttribute("truststorePass", password);
114     }
115
116     /**
117      * Gets the format of the entries in the keystore. The default format for
118      * Java keystores is JKS, though some connector implementations support
119      * PCKS12 (and possibly other formats).
120      */

121     public String JavaDoc getKeystoreType() {
122         return (String JavaDoc)connector.getAttribute("keystoreType");
123     }
124
125     /**
126      * Sets the format of the entries in the keystore. The default format for
127      * Java keystores is JKS, though some connector implementations support
128      * PCKS12 (and possibly other formats).
129      */

130     public void setKeystoreType(String JavaDoc type) {
131         connector.setAttribute("keystoreType", type);
132     }
133
134     public String JavaDoc getTruststoreType() {
135         return (String JavaDoc)connector.getAttribute("truststoreType");
136     }
137
138     public void setTruststoreType(String JavaDoc type) {
139         connector.setAttribute("truststoreType", type);
140     }
141
142     /**
143      * Gets the certificate algorithm used to access the keystore. This may
144      * be different for different JVM vendors, but should not usually be
145      * changed otherwise.
146      */

147     public String JavaDoc getAlgorithm() {
148         return algorithm;
149     }
150
151     /**
152      * Sets the certificate algorithm used to access the keystore. This may
153      * be different for different JVM vendors, but should not usually be
154      * changed otherwise.
155      */

156     public void setAlgorithm(String JavaDoc algorithm) {
157         this.algorithm = algorithm;
158         if ("default".equalsIgnoreCase(algorithm)) {
159             algorithm = KeyManagerFactory.getDefaultAlgorithm();
160         }
161         connector.setAttribute("algorithm", algorithm);
162     }
163
164     /**
165      * Gets the protocol used for secure communication. This should usually
166      * be TLS, though some JVM implementations (particularly some of IBM's)
167      * may not be compatible with popular browsers unless this is changed to
168      * SSL.
169      */

170     public String JavaDoc getSecureProtocol() {
171         return (String JavaDoc)connector.getAttribute("sslProtocol");
172     }
173
174     /**
175      * Gets the protocol used for secure communication. This should usually
176      * be TLS, though some JVM implementations (particularly some of IBM's)
177      * may not be compatible with popular browsers unless this is changed to
178      * SSL. Don't change it if you're not having problems.
179      */

180     public void setSecureProtocol(String JavaDoc protocol) {
181         connector.setAttribute("sslProtocol", protocol);
182     }
183
184     /**
185      * Checks whether clients are required to authenticate using client
186      * certificates in order to connect using this connector. If enabled,
187      * client certificates are validated using the trust store, which defaults
188      * to the same keystore file, keystore type, and keystore password as the
189      * regular keystore. Some connector implementations may allow you to
190      * configure those 3 values separately to use a different trust store.
191      */

192     public boolean isClientAuthRequired() {
193         Object JavaDoc value = connector.getAttribute("clientAuth");
194         return value == null ? false : new Boolean JavaDoc(value.toString()).booleanValue();
195     }
196
197     /**
198      * Checks whether clients are required to authenticate using client
199      * certificates in order to connect using this connector. If enabled,
200      * client certificates are validated using the trust store, which defaults
201      * to the same keystore file, keystore type, and keystore password as the
202      * regular keystore. Some connector implementations may allow you to
203      * configure those 3 values separately to use a different trust store.
204      */

205     public void setClientAuthRequired(boolean clientCert) {
206         connector.setAttribute("clientAuth", new Boolean JavaDoc(clientCert));
207     }
208
209     /**
210      * Gets a comma seperated list of the encryption ciphers that may be used. If not
211      * specified, then any available cipher may be used.
212      */

213      public String JavaDoc getCiphers() {
214         return (String JavaDoc)connector.getAttribute("ciphers");
215     }
216
217     /**
218      * Sets a comma seperated list of the encryption ciphers that may be used. If not
219      * specified, then any available cipher may be used.
220      */

221      public void setCiphers(String JavaDoc ciphers) {
222         connector.setAttribute("ciphers", ciphers);
223     }
224
225     public static final GBeanInfo GBEAN_INFO;
226
227     static {
228         GBeanInfoBuilder infoFactory = GBeanInfoBuilder.createStatic("Tomcat Connector", HttpsConnectorGBean.class, ConnectorGBean.GBEAN_INFO);
229         infoFactory.addAttribute("keystoreFileName", String JavaDoc.class, true, true);
230         infoFactory.addAttribute("truststoreFileName", String JavaDoc.class, true, true);
231         infoFactory.addAttribute("algorithm", String JavaDoc.class, true, true);
232         infoFactory.addAttribute("keystorePassword", String JavaDoc.class, true, true);
233         infoFactory.addAttribute("truststorePassword", String JavaDoc.class, true, true);
234 // todo should we support this?
235
// infoFactory.addAttribute("keyPassword", String.class, true, true);
236
infoFactory.addAttribute("secureProtocol", String JavaDoc.class, true, true);
237         infoFactory.addAttribute("keystoreType", String JavaDoc.class, true, true);
238         infoFactory.addAttribute("truststoreType", String JavaDoc.class, true, true);
239         infoFactory.addAttribute("clientAuthRequired", boolean.class, true, true);
240         infoFactory.addAttribute("ciphers", String JavaDoc.class, true, true);
241         infoFactory.addInterface(TomcatSecureConnector.class);
242
243         infoFactory.addReference("ServerInfo", ServerInfo.class, "GBean");
244         infoFactory.setConstructor(new String JavaDoc[] { "name", "protocol", "host", "port", "TomcatContainer", "ServerInfo"});
245         GBEAN_INFO = infoFactory.getBeanInfo();
246     }
247
248     public static GBeanInfo getGBeanInfo() {
249         return GBEAN_INFO;
250     }
251 }
252
Popular Tags