PrincipalAuthenticatorImpl


1   package org.jacorb.security.level2;
2   
3   /*
4    *        JacORB - a free Java ORB
5    *
6    *   Copyright (C) 1999-2004 Gerald Brose
7    *
8    *   This library is free software; you can redistribute it and/or
9    *   modify it under the terms of the GNU Library General Public
10   *   License as published by the Free Software Foundation; either
11   *   version 2 of the License, or (at your option) any later version.
12   *
13   *   This library is distributed in the hope that it will be useful,
14   *   but WITHOUT ANY WARRANTY; without even the implied warranty of
15   *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
16   *   Library General Public License for more details.
17   *
18   *   You should have received a copy of the GNU Library General Public
19   *   License along with this library; if not, write to the Free
20   *   Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21   *
22   */
23  
24  import java.io.*;
25  import java.net.*;
26  import java.util.*;
27  
28  import java.security.*;
29  import java.security.cert.*;
30  
31  import org.omg.SecurityLevel2.*;
32  import org.omg.Security.*;
33  
34  import org.jacorb.util.*;
35  import org.jacorb.security.util.*;
36  
37  import org.apache.avalon.framework.logger.Logger;
38  import org.apache.avalon.framework.configuration.*;
39  
40  
41  /**
42   * PrincipalAuthenticatorImpl
43   * 
44   * This simple authenticator just retrieves X.509v3 certificates
45   * from a Java key store
46   *
47   * @author Gerald Brose
48   * $Id: PrincipalAuthenticatorImpl.java,v 1.15 2004/04/28 12:37:28 brose Exp $
49   */
50  
51  public class PrincipalAuthenticatorImpl
52      extends org.omg.CORBA.LocalObject  
53      implements org.omg.SecurityLevel2.PrincipalAuthenticator, Configurable
54  {  
55      private Logger logger;
56  
57      private String   keyStoreLocation;
58      private String   storePassphrase;
59  
60      public void configure(Configuration config)
61          throws ConfigurationException
62      {
63          logger = 
64              ((org.jacorb.config.Configuration)config).getNamedLogger("jacorb.security");
65          keyStoreLocation = 
66              config.getAttribute("jacorb.security.keystore", null );
67          
68          storePassphrase = 
69              config.getAttribute("jacorb.security.keystore_password", null);
70  
71      }  
72  
73      public int[] get_supported_authen_methods(java.lang.String   mechanism)
74      {
75      return new int[]{0};
76      }
77  
78      public AuthenticationStatus authenticate(int method, 
79                                               String   mechanism, 
80                                               String   security_name, //user name
81                                               byte[] auth_data, //  passwd
82                                               SecAttribute[] privileges, 
83                                               CredentialsHolder creds, 
84                                               OpaqueHolder continuation_data, 
85                                               OpaqueHolder auth_specific_data
86                                               )
87      {
88          if (logger.isInfoEnabled())
89              logger.info( "starting authentication" );
90  
91      try 
92      {   
93          registerProvider();
94  
95              String   alias = security_name;
96              String   password = null;
97              if ( auth_data != null )
98              {
99                  password = new String  ( auth_data );
100             }
101 
102             if (( keyStoreLocation == null ) || 
103                 ( storePassphrase == null ) ||
104                 ( alias == null ) || 
105                 ( password == null ))
106             {
107                 return AuthenticationStatus.SecAuthFailure;
108             }
109 
110             KeyStore keyStore = 
111                 KeyStoreUtil.getKeyStore( keyStoreLocation, 
112                                           storePassphrase.toCharArray() );
113 
114             X509Certificate[] cert_chain = 
115                 (X509Certificate[])keyStore.getCertificateChain( alias );
116 
117             if( cert_chain == null )
118             {
119                 if (logger.isErrorEnabled())
120                 {
121                     logger.error( "No keys found in keystore for alias \""+
122                               alias + "\"!" );
123                 }            
124                 return org.omg.Security.AuthenticationStatus.SecAuthFailure;
125             }
126             
127             PrivateKey priv_key = 
128                 (PrivateKey)keyStore.getKey(alias, password.toCharArray() );
129 
130 
131             KeyAndCert k_a_c = new KeyAndCert( priv_key, cert_chain );
132 
133             AttributeType type = 
134                 new AttributeType( new ExtensibleFamily((short)0,(short)1 ),
135                                    AccessId.value );
136 
137 
138 
139             SecAttributeManager attrib_mgr = SecAttributeManager.getInstance();
140             SecAttribute attrib = attrib_mgr.createAttribute( k_a_c,
141                                                               type );
142                 
143             CredentialsImpl credsImpl = 
144                 new CredentialsImpl( new SecAttribute[]{ attrib },
145                 AuthenticationStatus.SecAuthSuccess,
146                 InvocationCredentialsType.SecOwnCredentials);
147 
148             /*
149             credsImpl.accepting_options_supported( (short) Environment.getIntProperty( "jacorb.security.ssl.client.supported_options", 16 ));
150 
151             credsImpl.accepting_options_required( (short) Environment.getIntProperty( "jacorb.security.ssl.client.required_options", 16 ));
152 
153             credsImpl.invocation_options_supported( (short) Environment.getIntProperty( "jacorb.security.ssl.client.supported_options", 16 ));
154 
155             credsImpl.invocation_options_required( (short) Environment.getIntProperty( "jacorb.security.ssl.client.required_options", 16 ));
156             */
157             
158             creds.value = credsImpl;
159 
160             if (logger.isInfoEnabled())
161                 logger.info( "authentication succesfull" );
162 
163             return AuthenticationStatus.SecAuthSuccess;
164     }
165     catch (Exception   e) 
166     {
167             if (logger.isDebugEnabled())
168                 logger.debug( "Exception: " + e.getMessage());
169             
170             if (logger.isInfoEnabled())
171                 logger.info( "authentication failed" );
172 
173         return org.omg.Security.AuthenticationStatus.SecAuthFailure;
174     }
175     }
176 
177     /** 
178      * not implemented
179      */
180   
181     public AuthenticationStatus continue_authentication(byte[] response_data, 
182                             Credentials creds, 
183                             OpaqueHolder continuation_data, 
184                             OpaqueHolder auth_specific_data)
185     {
186         throw new org.omg.CORBA.NO_IMPLEMENT  ();
187     }
188 
189 
190     private void registerProvider()
191     {
192         iaik.security.provider.IAIK.addAsProvider();
193         if (logger.isDebugEnabled())
194             logger.debug( "Provider IAIK added" );
195     }
196 }
197 
198 
199 
200 
201 
202 
203 
204 
205 
206 
207
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags