1 14 15 package org.quickserver.security; 16 17 import java.io.*; 18 import java.util.logging.*; 19 import org.quickserver.util.xmlreader.*; 20 import org.quickserver.util.io.*; 21 import javax.net.ssl.*; 22 import java.security.*; 23 import org.quickserver.swing.*; 24 25 35 public class SecureStoreManager { 36 private static Logger logger = Logger.getLogger( 37 SecureStoreManager.class.getName()); 38 private SensitiveInput sensitiveInput = null; 39 40 45 public KeyManager[] loadKeyManagers(QuickServerConfig config) 46 throws GeneralSecurityException, IOException { 47 Secure secure = config.getSecure(); 48 SecureStore secureStore = secure.getSecureStore(); 49 50 if(secureStore==null) { 51 logger.fine("SecureStore configuration not set! "+ 52 "So returning null for KeyManager"); 53 return null; 54 } 55 56 KeyStoreInfo keyStoreInfo = secureStore.getKeyStoreInfo(); 57 if(keyStoreInfo==null) { 58 logger.fine("KeyStoreInfo configuration not set! "+ 59 "So returning null for KeyManager"); 60 return null; 61 } 62 63 logger.finest("Loading KeyManagers"); 64 KeyStore ks = getKeyStoreForKey(secureStore.getType(), 65 secureStore.getProvider()); 66 67 char storepass[] = null; 68 if(keyStoreInfo.getStorePassword()!=null) { 69 logger.finest("KeyStore: Store password was present!"); 70 storepass = keyStoreInfo.getStorePassword().toCharArray(); 71 } else { 72 logger.finest("KeyStore: Store password was not set.. so asking!"); 73 if(sensitiveInput==null) { 74 sensitiveInput = new SensitiveInput(config.getName()+" - Input Prompt"); 75 } 76 storepass = sensitiveInput.getInput("Store password for KeyStore"); 77 if(storepass==null) { 78 logger.finest("No password entered.. will pass null"); 79 } 80 } 81 82 InputStream keyStoreStream = null; 83 try { 84 if(keyStoreInfo.getStoreFile().equalsIgnoreCase("none")==false) { 85 logger.finest("KeyStore location: "+ 86 ConfigReader.makeAbsoluteToConfig(keyStoreInfo.getStoreFile(), 87 config)); 88 keyStoreStream = new FileInputStream( 89 ConfigReader.makeAbsoluteToConfig(keyStoreInfo.getStoreFile(), 90 config)); 91 } 92 93 ks.load(keyStoreStream, storepass); 94 logger.finest("KeyStore loaded"); 95 } finally { 96 if(keyStoreStream != null) { 97 keyStoreStream.close(); 98 keyStoreStream = null; 99 } 100 } 101 102 char keypass[] = null; 103 if(keyStoreInfo.getKeyPassword()!=null) { 104 logger.finest("KeyStore: key password was present!"); 105 keypass = keyStoreInfo.getKeyPassword().toCharArray(); 106 } else { 107 logger.finest("KeyStore: Key password was not set.. so asking!"); 108 if(sensitiveInput==null) { 109 sensitiveInput = new SensitiveInput(config.getName()+" - Input Prompt"); 110 } 111 keypass = sensitiveInput.getInput("Key password for KeyStore"); 112 if(keypass==null) { 113 logger.finest("No password entered.. will pass blank"); 114 keypass = "".toCharArray(); 115 } 116 } 117 118 KeyManagerFactory kmf = KeyManagerFactory.getInstance( 119 secureStore.getAlgorithm()); 120 kmf.init(ks, keypass); 121 122 storepass = " ".toCharArray(); 123 storepass = null; 124 keypass = " ".toCharArray(); 125 keypass = null; 126 127 return kmf.getKeyManagers(); 128 } 129 130 136 public TrustManager[] loadTrustManagers(QuickServerConfig config) 137 throws GeneralSecurityException, IOException { 138 Secure secure = config.getSecure(); 139 SecureStore secureStore = secure.getSecureStore(); 140 TrustStoreInfo trustStoreInfo = secureStore.getTrustStoreInfo(); 141 142 if(trustStoreInfo==null) { 143 return null; 144 } 145 146 logger.finest("Loading TrustManagers"); 147 148 String type = null; 149 if(trustStoreInfo.getType()!=null && trustStoreInfo.getType().trim().length()!=0) 150 type = trustStoreInfo.getType(); 151 else 152 type = secureStore.getType(); 153 154 String provider = null; 155 if(trustStoreInfo.getProvider()!=null && trustStoreInfo.getProvider().trim().length()!=0) 156 provider = trustStoreInfo.getProvider(); 157 else 158 provider = secureStore.getProvider(); 159 160 KeyStore ts = getKeyStoreForTrust(type, provider); 161 162 char trustpass[] = null; 163 if(trustStoreInfo.getStorePassword()!=null) { 164 logger.finest("TrustStore: Store password was present!"); 165 trustpass = trustStoreInfo.getStorePassword().toCharArray(); 166 } else { 167 logger.finest("TrustStore: Store password was not set.. so asking!"); 168 if(sensitiveInput==null) { 169 sensitiveInput = new SensitiveInput(config.getName()+" - Input Prompt"); 170 } 171 trustpass = sensitiveInput.getInput("Store password for TrustStore"); 172 if(trustpass==null) { 173 logger.finest("No password entered.. will pass null"); 174 } 175 } 176 177 InputStream trustStoreStream = null; 178 try { 179 if(trustStoreInfo.getStoreFile().equalsIgnoreCase("none")==false) { 180 logger.finest("TrustStore location: "+ 181 ConfigReader.makeAbsoluteToConfig( 182 trustStoreInfo.getStoreFile(), config)); 183 trustStoreStream = new FileInputStream( 184 ConfigReader.makeAbsoluteToConfig( 185 trustStoreInfo.getStoreFile(), config)); 186 } 187 188 ts.load(trustStoreStream, trustpass); 189 logger.finest("TrustStore loaded"); 190 } finally { 191 if(trustStoreStream!=null) { 192 trustStoreStream.close(); 193 trustStoreStream = null; 194 } 195 } 196 197 TrustManagerFactory tmf = TrustManagerFactory.getInstance( 198 secureStore.getAlgorithm()); 199 tmf.init(ts); 200 return tmf.getTrustManagers(); 201 } 202 203 207 public SSLContext getSSLContext(String protocol) 208 throws NoSuchAlgorithmException { 209 return SSLContext.getInstance(protocol); 210 } 211 212 220 protected KeyStore getKeyStoreForKey(String type, String provider) 221 throws KeyStoreException, NoSuchProviderException { 222 if(provider==null) 223 return KeyStore.getInstance(type); 224 return KeyStore.getInstance(type, provider); 225 } 226 227 236 protected KeyStore getKeyStoreForTrust(String type, String provider) 237 throws KeyStoreException, NoSuchProviderException { 238 if(provider==null) 239 return KeyStore.getInstance(type); 240 return KeyStore.getInstance(type, provider); 241 } 242 243 246 public SSLSocketFactory getSocketFactory(SSLContext context) { 247 return context.getSocketFactory(); 248 } 249 250 255 public void logSSLServerSocketInfo(SSLServerSocket sslServerSocket) { 256 if(logger.isLoggable(Level.FINEST)==false) { 257 return; 258 } 259 logger.finest("SecureServer Info: ClientAuth: "+ 260 sslServerSocket.getNeedClientAuth()); 261 logger.finest("SecureServer Info: ClientMode: "+ 262 sslServerSocket.getUseClientMode()); 263 264 String supportedSuites[] = sslServerSocket.getSupportedCipherSuites(); 265 logger.finest("SecureServer Info: Supported Cipher Suites --------"); 266 for(int i=0;i<supportedSuites.length;i++) 267 logger.finest(supportedSuites[i]); 268 logger.finest("---------------------------------------------------"); 269 270 String enabledSuites[] = sslServerSocket.getEnabledCipherSuites(); 271 logger.finest("SecureServer Info: Enabled Cipher Suites ----------"); 272 for(int i=0;i<enabledSuites.length;i++) 273 logger.finest(enabledSuites[i]); 274 logger.finest("---------------------------------------------------"); 275 276 277 String supportedProtocols[] = sslServerSocket.getSupportedProtocols(); 278 logger.finest("SecureServer Info: Supported Protocols ------------"); 279 for(int i=0;i<supportedProtocols.length;i++) 280 logger.finest(supportedProtocols[i]); 281 logger.finest("---------------------------------------------------"); 282 283 String enabledProtocols[] = sslServerSocket.getEnabledProtocols(); 284 logger.finest("SecureServer Info: Enabled Protocols --------------"); 285 for(int i=0;i<enabledProtocols.length;i++) 286 logger.finest(enabledProtocols[i]); 287 logger.finest("---------------------------------------------------"); 288 } 289 } 290 | Popular Tags |