|
1 package org.objectweb.celtix.bus.transports.https;
2
3 import java.lang.reflect.Method  ;
4 import java.util.List ;
5 import java.util.logging.Handler ;
6 import java.util.logging.Level ;
7 import java.util.logging.Logger ;
8
9 import javax.net.ssl.KeyManagerFactory;
10
11 import org.mortbay.http.SslListener;
12 import org.objectweb.celtix.bus.configuration.security.SSLServerPolicy;
13 import org.objectweb.celtix.common.logging.LogUtils;
14 import org.objectweb.celtix.configuration.Configuration;
15
16
17 public final class JettySslListenerConfigurer {
18 private static final long serialVersionUID = 1L;
19 private static final Logger LOG = LogUtils.getL7dLogger(JettySslListenerConfigurer.class);
20 private static final String DEFAUL_KEYSTORE_TYPE = "PKCS12";
21 private static final String DEFAULT_SECURE_SOCKET_PROTOCOL = "TLSv1";
22 private static final boolean DEFAULT_REQUIRE_CLIENT_AUTHENTICATION = false;
23 private static final boolean DEFAULT_WANT_CLIENT_AUTHENTICATION = true;
24
25
26 private Configuration config;
27 private SSLServerPolicy sslPolicy;
28 private SslListener secureListener;
29
30
31 public JettySslListenerConfigurer(Configuration configParam,
32 SSLServerPolicy sslPolicyParam,
33 SslListener secureListenerParam) {
34
35 this.config = configParam;
36 this.sslPolicy = sslPolicyParam;
37 this.secureListener = secureListenerParam;
38 }
39
40 public void configure() {
41 setupSecurityConfigurer();
42 setupKeystore();
43 setupKeystoreType();
44 setupKeystorePassword();
45 setupKeyPassword();
46 setupWantClientAuthentication();
47 setupRequireClientAuthentication();
48 setupKeystoreAlgorithm();
49 setupCiphersuites();
50 setupTrustStore();
51 setupTrustStoreType();
52 setupSecureSocketProtocol();
53 setupTrustStoreAlgorithm();
54 setupSessionCaching();
55 setupSessionCacheKey();
56 setupMaxChainLength();
57 setupCertValidator();
58
59 }
60
61 public boolean setupKeystore() {
62 String keyStoreLocation = null;
63 if (sslPolicy.isSetKeystore()) {
64 keyStoreLocation = sslPolicy.getKeystore();
65 secureListener.setKeystore(keyStoreLocation);
66 LogUtils.log(LOG, Level.INFO, "KEY_STORE_SET", new Object [] {keyStoreLocation});
67 return true;
68 }
69 keyStoreLocation = System.getProperty("javax.net.ssl.keyStore");
70 if (keyStoreLocation != null) {
71 LogUtils.log(LOG, Level.INFO, "KEY_STORE_SET", new Object [] {keyStoreLocation});
72 secureListener.setKeystore(keyStoreLocation);
73 return true;
74 }
75
76 keyStoreLocation = System.getProperty("user.home") + "/.keystore";
77 secureListener.setKeystore(keyStoreLocation);
78 LogUtils.log(LOG, Level.INFO, "KEY_STORE_NOT_SET", new Object [] {keyStoreLocation});
79 return true;
80
81 }
82
83 public boolean setupKeystoreType() {
84
85 if (!sslPolicy.isSetKeystoreType()) {
86 LogUtils.log(LOG, Level.INFO, "KEY_STORE_TYPE_NOT_SET", new Object [] {DEFAUL_KEYSTORE_TYPE});
87 secureListener.setKeystoreType(DEFAUL_KEYSTORE_TYPE);
89 return true;
90 }
91 String keyStoreType = sslPolicy.getKeystoreType();
92 LogUtils.log(LOG, Level.INFO, "KEY_STORE_TYPE_SET", new Object [] {keyStoreType});
93 secureListener.setKeystoreType(keyStoreType);
94 return true;
95 }
96
97 public boolean setupKeystorePassword() {
98 String keyStorePassword = null;
99 if (sslPolicy.isSetKeystorePassword()) {
100 keyStorePassword = sslPolicy.getKeystorePassword();
101 secureListener.setPassword(keyStorePassword);
102 return true;
103 }
104 keyStorePassword = System.getProperty("javax.net.ssl.keyStorePassword");
105 if (keyStorePassword != null) {
106 secureListener.setPassword(keyStorePassword);
107 return true;
108 }
109 LogUtils.log(LOG, Level.SEVERE, "KEY_STORE_PASSWORD_NOT_SET");
110 return false;
111
112 }
113
114 public void setupKeystoreAlgorithm() {
115 String keyManagerFactoryAlgorithm = null;
116 if (sslPolicy.isSetKeystoreAlgorithm()) {
117 keyManagerFactoryAlgorithm = sslPolicy.getKeystoreAlgorithm();
118 secureListener.setAlgorithm(keyManagerFactoryAlgorithm);
119 LogUtils.log(LOG, Level.INFO,
120 "KEY_STORE_ALGORITHM_SET",
121 new Object [] {keyManagerFactoryAlgorithm});
122 }
123 keyManagerFactoryAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
124 LogUtils.log(LOG, Level.INFO,
125 "KEY_STORE_ALGORITHM_NOT_SET",
126 new Object [] {keyManagerFactoryAlgorithm});
127 }
128
129 public void setupTrustStoreAlgorithm() {
130 if (sslPolicy.isSetTrustStoreAlgorithm()) {
131 LogUtils.log(LOG, Level.WARNING, "UNSUPPORTED_SSL_SERVER_POLICY_DATA",
132 new Object []{"TrustStoreAlgorithm"});
133 }
134 }
135
136 public boolean setupKeyPassword() {
137 String keyPassword = null;
138 if (sslPolicy.isSetKeyPassword()) {
139 keyPassword = sslPolicy.getKeyPassword();
140 secureListener.setKeyPassword(keyPassword);
141 return true;
142 }
143 keyPassword = System.getProperty("javax.net.ssl.keyStorePassword");
144 if (keyPassword == null) {
145 LogUtils.log(LOG, Level.INFO, "KEY_PASSWORD_NOT_SET");
146 }
147 secureListener.setKeyPassword(keyPassword);
148 return true;
149 }
150
151 public boolean setupRequireClientAuthentication() {
152 if (!sslPolicy.isSetRequireClientAuthentication()) {
153 LogUtils.log(LOG, Level.WARNING, "REQUIRE_CLIENT_AUTHENTICATION_NOT_SET");
154 secureListener.setNeedClientAuth(DEFAULT_REQUIRE_CLIENT_AUTHENTICATION);
155 return true;
156 }
157 Boolean holder = sslPolicy.isRequireClientAuthentication();
158 boolean setRequireClientAuthentication = holder.booleanValue();
159 LogUtils.log(LOG, Level.INFO, "REQUIRE_CLIENT_AUTHENTICATION_SET",
160 new Object []{setRequireClientAuthentication});
161 secureListener.setNeedClientAuth(setRequireClientAuthentication);
162 return true;
163 }
164
165 public boolean setupWantClientAuthentication() {
166 if (!sslPolicy.isSetWantClientAuthentication()) {
167 LogUtils.log(LOG, Level.WARNING, "WANT_CLIENT_AUTHENTICATION_NOT_SET");
168 secureListener.setWantClientAuth(DEFAULT_WANT_CLIENT_AUTHENTICATION);
169 return true;
170 }
171
172 Boolean holder = sslPolicy.isWantClientAuthentication();
173 boolean setWantClientAuthentication = holder.booleanValue();
174 LogUtils.log(LOG, Level.INFO, "WANT_CLIENT_AUTHENTICATION_SET",
175 new Object []{setWantClientAuthentication});
176 secureListener.setWantClientAuth(setWantClientAuthentication);
177 return true;
178 }
179
180 public boolean setupCiphersuites() {
181 if (sslPolicy.isSetCiphersuites()) {
182
183 List <String > cipherSuites = sslPolicy.getCiphersuites();
184 int numCipherSuites = cipherSuites.size();
185 String [] ciphs = new String [numCipherSuites];
186 String ciphsStr = null;
187 for (int i = 0; i < numCipherSuites; i++) {
188 ciphs[i] = cipherSuites.get(i);
189 if (ciphsStr == null) {
190 ciphsStr = ciphs[i];
191 } else {
192 ciphsStr += ", " + ciphs[i];
193 }
194
195 }
196 LogUtils.log(LOG, Level.INFO, "CIPHERSUITE_SET", new Object []{ciphsStr});
197 secureListener.setCipherSuites(ciphs);
198 }
199 LogUtils.log(LOG, Level.INFO, "CIPHERSUITE_NOT_SET");
200 return true;
201 }
202
203 public boolean setupTrustStore() {
204 String trustStore = null;
205 if (sslPolicy.isSetTrustStore()) {
206 trustStore = sslPolicy.getTrustStore();
207 LogUtils.log(LOG, Level.INFO, "TRUST_STORE_SET",
208 new Object []{trustStore});
209 }
210 if (trustStore == null) {
211 trustStore = System.getProperty("javax.net.ssl.trustStore");
212 }
213 if (trustStore == null) {
214
215 trustStore = System.getProperty("java.home") + "/lib/security/cacerts";
216 LogUtils.log(LOG, Level.INFO, "TRUST_STORE_NOT_SET", new Object []{trustStore});
217 }
218
219 System.setProperty("javax.net.ssl.trustStore", trustStore);
220 return true;
221 }
222
223 public boolean setupTrustStoreType() {
224 if (sslPolicy.isSetTrustStoreType()) {
225 LogUtils.log(LOG, Level.WARNING, "UNSUPPORTED_SSL_SERVER_POLICY_DATA",
226 new Object []{"TrustStoreType"});
227 return true;
228 }
229 return true;
230 }
231
232 public void setupSecureSocketProtocol() {
233 String secureSocketProtocol = null;
234 if (!sslPolicy.isSetSecureSocketProtocol()) {
235 LogUtils.log(LOG, Level.INFO, "SECURE_SOCKET_PROTOCOL_NOT_SET");
236 secureSocketProtocol = DEFAULT_SECURE_SOCKET_PROTOCOL;
237 return;
238 }
239 secureSocketProtocol = sslPolicy.getSecureSocketProtocol();
240 secureListener.setProtocol(secureSocketProtocol);
241 LogUtils.log(LOG, Level.INFO, "SECURE_SOCKET_PROTOCOL_SET", new Object [] {secureSocketProtocol});
242 }
243
244 public boolean setupSessionCaching() {
245 if (sslPolicy.isSetSessionCaching()) {
246 LogUtils.log(LOG, Level.WARNING, "UNSUPPORTED_SSL_SERVER_POLICY_DATA",
247 new Object []{"SessionCaching"});
248 }
249 return true;
250 }
251
252 public boolean setupSessionCacheKey() {
253 if (sslPolicy.isSetSessionCacheKey()) {
254 LogUtils.log(LOG, Level.WARNING, "UNSUPPORTED_SSL_SERVER_POLICY_DATA",
255 new Object []{"SessionCacheKey"});
256 }
257 return true;
258 }
259
260 public boolean setupMaxChainLength() {
261 if (sslPolicy.isSetMaxChainLength()) {
262 LogUtils.log(LOG, Level.WARNING, "UNSUPPORTED_SSL_SERVER_POLICY_DATA",
263 new Object []{"MaxChainLength"});
264 }
265 return true;
266 }
267
268 public boolean setupCertValidator() {
269 if (sslPolicy.isSetCertValidator()) {
270 LogUtils.log(LOG, Level.WARNING, "UNSUPPORTED_SSL_SERVER_POLICY_DATA",
271 new Object []{"CertValidator"});
272 }
273 return true;
274 }
275
276 public void setupSecurityConfigurer() {
277 String systemProperty = "celtix.security.configurer.celtix."
278 + config.getId();
279 String securityConfigurerName = System.getProperty(systemProperty);
280 if ((securityConfigurerName == null)
281 || (securityConfigurerName.equals(""))) {
282 return;
283 }
284 LogUtils.log(LOG, Level.WARNING, "UNOFFICIAL_SECURITY_CONFIGURER");
285 try {
286 Class clazz = Class.forName(securityConfigurerName);
287 Method configure = clazz.getDeclaredMethod("configure", SSLServerPolicy.class);
288 Object [] params = new Object []{sslPolicy};
289 Object configurer = clazz.newInstance();
290 configure.invoke(configurer, params);
291 LogUtils.log(LOG, Level.INFO, "SUCCESS_INVOKING_SECURITY_CONFIGURER",
292 new Object []{securityConfigurerName});
293
294 } catch (Exception e) {
295 LogUtils.log(LOG, Level.SEVERE, "ERROR_INVOKING_SECURITY_CONFIGURER",
296 new Object []{securityConfigurerName, e.getMessage()});
297 }
298 }
299
300
303 protected boolean testAllDataHasSetupMethod() {
304 Method [] sslPolicyMethods = sslPolicy.getClass().getDeclaredMethods();
305 Class [] classArgs = null;
306
307 for (int i = 0; i < sslPolicyMethods.length; i++) {
308 String sslPolicyMethodName = sslPolicyMethods[i].getName();
309 if (sslPolicyMethodName.startsWith("isSet")) {
310 String dataName =
311 sslPolicyMethodName.substring("isSet".length(), sslPolicyMethodName.length());
312 String thisMethodName = "setup" + dataName;
313 try {
314 this.getClass().getMethod(thisMethodName, classArgs);
315 } catch (Exception e) {
316 return false;
317 }
318
319 }
320 }
321 return true;
322 }
323
324 protected SslListener getSslListener() {
325 return secureListener;
326 }
327
328 protected void addLogHandler(Handler handler) {
329 LOG.addHandler(handler);
330 }
331 }
332 |
Popular Tags |
Java API By Example, From Geeks To Geeks.