BaseKeystoreManager


1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one or more
3    * contributor license agreements.  See the NOTICE file distributed with
4    * this work for additional information regarding copyright ownership.
5    * The ASF licenses this file to You under the Apache License, Version 2.0
6    * (the "License"); you may not use this file except in compliance with
7    * the License.  You may obtain a copy of the License at
8    *
9    *      http://www.apache.org/licenses/LICENSE-2.0
10   *
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  package org.apache.servicemix.jbi.security.keystore.impl;
18  
19  import java.security.KeyManagementException  ;
20  import java.security.KeyStoreException  ;
21  import java.security.NoSuchAlgorithmException  ;
22  import java.security.NoSuchProviderException  ;
23  import java.security.SecureRandom  ;
24  import java.security.UnrecoverableKeyException  ;
25  
26  import javax.net.ssl.SSLContext;
27  import javax.net.ssl.SSLServerSocketFactory;
28  import javax.net.ssl.SSLSocketFactory;
29  
30  import org.apache.commons.logging.Log;
31  import org.apache.commons.logging.LogFactory;
32  import org.apache.servicemix.jbi.security.keystore.KeyIsLocked;
33  import org.apache.servicemix.jbi.security.keystore.KeystoreInstance;
34  import org.apache.servicemix.jbi.security.keystore.KeystoreIsLocked;
35  import org.apache.servicemix.jbi.security.keystore.KeystoreManager;
36  
37  /**
38   * 
39   * @org.apache.xbean.XBean element="keystoreManager"
40   *
41   */
42  public class BaseKeystoreManager implements KeystoreManager {
43  
44      protected final Log log = LogFactory.getLog(getClass());
45      
46      protected KeystoreInstance[] keystores;
47  
48      /**
49       * @return the keystores
50       */
51      public KeystoreInstance[] getKeystores() {
52          return keystores;
53      }
54  
55      /**
56       * @param keystores the keystores to set
57       */
58      public void setKeystores(KeystoreInstance[] keystores) {
59          this.keystores = keystores;
60      }
61  
62      /**
63       * Gets a SocketFactory using one Keystore to access the private key and
64       * another to provide the list of trusted certificate authorities.
65       * 
66       * @param provider
67       *            The SSL provider to use, or null for the default
68       * @param protocol
69       *            The SSL protocol to use
70       * @param algorithm
71       *            The SSL algorithm to use
72       * @param keyStore
73       *            The key keystore name as provided by listKeystores. The
74       *            KeystoreInstance for this keystore must be unlocked.
75       * @param keyAlias
76       *            The name of the private key in the keystore. The
77       *            KeystoreInstance for this keystore must have unlocked this
78       *            key.
79       * @param trustStore
80       *            The trust keystore name as provided by listKeystores. The
81       *            KeystoreInstance for this keystore must have unlocked this
82       *            key.
83       * @param loader
84       *            The class loader used to resolve factory classes.
85       * 
86       * @return A created SSLSocketFactory item created from the KeystoreManager.
87       * @throws KeystoreIsLocked
88       *             Occurs when the requested key keystore cannot be used because
89       *             it has not been unlocked.
90       * @throws KeyIsLocked
91       *             Occurs when the requested private key in the key keystore
92       *             cannot be used because it has not been unlocked.
93       * @throws NoSuchAlgorithmException
94       * @throws UnrecoverableKeyException
95       * @throws KeyStoreException
96       * @throws KeyManagementException
97       * @throws NoSuchProviderException
98       */
99      public SSLSocketFactory createSSLFactory(
100                                 String   provider, 
101                                 String   protocol, 
102                                 String   algorithm, 
103                                 String   keyStore,
104                                 String   keyAlias, 
105                                 String   trustStore) throws KeystoreIsLocked, KeyIsLocked,
106                     NoSuchAlgorithmException  , UnrecoverableKeyException  , KeyStoreException  , KeyManagementException  ,
107                     NoSuchProviderException   {
108         // the keyStore is optional.
109         KeystoreInstance keyInstance = null;
110         if (keyStore != null) {
111             keyInstance = getKeystore(keyStore);
112             if (keyInstance.isKeystoreLocked()) {
113                 throw new KeystoreIsLocked("Keystore '" + keyStore
114                                 + "' is locked; please use the keystore page in the admin console to unlock it");
115             }
116             if (keyInstance.isKeyLocked(keyAlias)) {
117                 throw new KeystoreIsLocked("Key '" + keyAlias + "' in keystore '" + keyStore
118                                 + "' is locked; please use the keystore page in the admin console to unlock it");
119             }
120         }
121         KeystoreInstance trustInstance = trustStore == null ? null : getKeystore(trustStore);
122         if (trustInstance != null && trustInstance.isKeystoreLocked()) {
123             throw new KeystoreIsLocked("Keystore '" + trustStore
124                             + "' is locked; please use the keystore page in the admin console to unlock it");
125         }
126 
127         // OMG this hurts, but it causes ClassCastExceptions elsewhere unless
128         // done this way!
129         try {
130             /*
131             Class cls = loader.loadClass("javax.net.ssl.SSLContext");
132             Object ctx = cls.getMethod("getInstance", new Class[] { String.class }).invoke(null,
133                             new Object[] { protocol });
134             Class kmc = loader.loadClass("[Ljavax.net.ssl.KeyManager;");
135             Class tmc = loader.loadClass("[Ljavax.net.ssl.TrustManager;");
136             Class src = loader.loadClass("java.security.SecureRandom");
137             cls.getMethod("init", new Class[] { kmc, tmc, src }).invoke(
138                             ctx,
139                             new Object[] { keyInstance == null ? null : keyInstance.getKeyManager(algorithm, keyAlias),
140                                             trustInstance == null ? null : trustInstance.getTrustManager(algorithm),
141                                             new java.security.SecureRandom() });
142             Object result = cls.getMethod("getSocketFactory", new Class[0]).invoke(ctx, new Object[0]);
143             return (SSLSocketFactory) result;
144             */
145             SSLContext context;
146             if (provider == null) {
147                 context = SSLContext.getInstance(protocol);
148             } else {
149                 context= SSLContext.getInstance(protocol, provider);
150             }
151             context.init(keyInstance == null ? null : keyInstance.getKeyManager(algorithm, keyAlias), 
152                          trustInstance == null ? null : trustInstance.getTrustManager(algorithm), 
153                                          new SecureRandom  ());
154             return context.getSocketFactory();
155         } catch (Exception   e) {
156             log.error("Unable to dynamically load", e);
157             return null;
158         }
159     }
160 
161     /**
162      * Gets a ServerSocketFactory using one Keystore to access the private key
163      * and another to provide the list of trusted certificate authorities.
164      * 
165      * @param provider
166      *            The SSL provider to use, or null for the default
167      * @param protocol
168      *            The SSL protocol to use
169      * @param algorithm
170      *            The SSL algorithm to use
171      * @param keyStore
172      *            The key keystore name as provided by listKeystores. The
173      *            KeystoreInstance for this keystore must be unlocked.
174      * @param keyAlias
175      *            The name of the private key in the keystore. The
176      *            KeystoreInstance for this keystore must have unlocked this
177      *            key.
178      * @param trustStore
179      *            The trust keystore name as provided by listKeystores. The
180      *            KeystoreInstance for this keystore must have unlocked this
181      *            key.
182      * @param loader
183      *            The class loader used to resolve factory classes.
184      * 
185      * @throws KeystoreIsLocked
186      *             Occurs when the requested key keystore cannot be used because
187      *             it has not been unlocked.
188      * @throws KeyIsLocked
189      *             Occurs when the requested private key in the key keystore
190      *             cannot be used because it has not been unlocked.
191      */
192     public SSLServerSocketFactory createSSLServerFactory(
193                                 String   provider, 
194                                 String   protocol, 
195                                 String   algorithm,
196                                 String   keyStore, 
197                                 String   keyAlias, 
198                                 String   trustStore) throws KeystoreIsLocked,
199                     KeyIsLocked, NoSuchAlgorithmException  , UnrecoverableKeyException  , KeyStoreException  ,
200                     KeyManagementException  , NoSuchProviderException   {
201         KeystoreInstance keyInstance = getKeystore(keyStore);
202         if (keyInstance.isKeystoreLocked()) {
203             throw new KeystoreIsLocked("Keystore '" + keyStore
204                             + "' is locked; please use the keystore page in the admin console to unlock it");
205         }
206         if (keyInstance.isKeyLocked(keyAlias)) {
207             throw new KeystoreIsLocked("Key '" + keyAlias + "' in keystore '" + keyStore
208                             + "' is locked; please use the keystore page in the admin console to unlock it");
209         }
210         KeystoreInstance trustInstance = trustStore == null ? null : getKeystore(trustStore);
211         if (trustInstance != null && trustInstance.isKeystoreLocked()) {
212             throw new KeystoreIsLocked("Keystore '" + trustStore
213                             + "' is locked; please use the keystore page in the admin console to unlock it");
214         }
215 
216         // OMG this hurts, but it causes ClassCastExceptions elsewhere unless
217         // done this way!
218         try {
219             /*
220             Class cls = loader.loadClass("javax.net.ssl.SSLContext");
221             Object ctx = cls.getMethod("getInstance", new Class[] { String.class }).invoke(null,
222                             new Object[] { protocol });
223             Class kmc = loader.loadClass("[Ljavax.net.ssl.KeyManager;");
224             Class tmc = loader.loadClass("[Ljavax.net.ssl.TrustManager;");
225             Class src = loader.loadClass("java.security.SecureRandom");
226             cls.getMethod("init", new Class[] { kmc, tmc, src }).invoke(
227                             ctx,
228                             new Object[] { keyInstance.getKeyManager(algorithm, keyAlias),
229                                             trustInstance == null ? null : trustInstance.getTrustManager(algorithm),
230                                             new java.security.SecureRandom() });
231             Object result = cls.getMethod("getServerSocketFactory", new Class[0]).invoke(ctx, new Object[0]);
232             return (SSLServerSocketFactory) result;
233             */
234             SSLContext context;
235             if (provider == null) {
236                 context = SSLContext.getInstance(protocol);
237             } else {
238                 context= SSLContext.getInstance(protocol, provider);
239             }
240             context.init(keyInstance == null ? null : keyInstance.getKeyManager(algorithm, keyAlias), 
241                          trustInstance == null ? null : trustInstance.getTrustManager(algorithm), 
242                                          new SecureRandom  ());
243             return context.getServerSocketFactory();
244         } catch (Exception   e) {
245             log.error("Unable to dynamically load", e);
246             return null;
247         }
248     }
249 
250     public KeystoreInstance getKeystore(String   name) {
251         if (keystores != null) {
252             for (int i = 0; i < keystores.length; i++) {
253                 if (name.equals(keystores[i].getName())) {
254                     return keystores[i];
255                 }
256             }
257         }
258         return null;
259     }
260 
261 }
262
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags