Java > Open Source Codes > org > quickserver > security > SecureStoreManager


1 /*
2  * This file is part of the QuickServer library
3  * Copyright (C) QuickServer.org
4  *
5  * Use, modification, copying and distribution of this software is subject to
6  * the terms and conditions of the GNU Lesser General Public License.
7  * You should have received a copy of the GNU LGP License along with this
8  * library; if not, you can download a copy from <http://www.quickserver.org/>.
9  *
10  * For questions, suggestions, bug-reports, enhancement-requests etc.
11  * visit http://www.quickserver.org
12  *
13  */
14
15 package org.quickserver.security;
16
17 import java.io.*;
18 import java.util.logging.*;
19 import org.quickserver.util.xmlreader.*;
20 import org.quickserver.util.io.*;
21 import javax.net.ssl.*;
22 import java.security.*;
23 import org.quickserver.swing.*;
24
25 /**
26  * Class that loads Key Managers, Trust Managers, SSLContext and other secure
27  * objects from QuickServer configuration passed. See &lt;secure-store-manager&gt;
28  * in &lt;secure-store&gt; to set new manger to load your SecureStore. This
29  * class can be overridden to change the way QuickServer configures the
30  * secure mode.
31  * @see org.quickserver.util.xmlreader.SecureStore
32  * @author Akshathkumar Shetty
33  * @since 1.4
34  */
35 public class SecureStoreManager {
36     private static Logger logger = Logger.getLogger(
37         SecureStoreManager.class.getName());
38     private SensitiveInput sensitiveInput = null;
39
40     /**
41      * Loads KeyManagers. KeyManagers are responsible for managing
42      * the key material which is used to authenticate the local
43      * SSLSocket to its peer. Can return null.
44      */
45     public KeyManager[] loadKeyManagers(QuickServerConfig config)
46             throws GeneralSecurityException, IOException {
47         Secure secure = config.getSecure();
48         SecureStore secureStore = secure.getSecureStore();
49
50         if(secureStore==null) {
51             logger.fine("SecureStore configuration not set! "+
52                 "So returning null for KeyManager");
53             return null;
54         }
55
56         KeyStoreInfo keyStoreInfo = secureStore.getKeyStoreInfo();
57         if(keyStoreInfo==null) {
58             logger.fine("KeyStoreInfo configuration not set! "+
59                 "So returning null for KeyManager");
60             return null;
61         }
62
63         logger.finest("Loading KeyManagers");
64         KeyStore ks = getKeyStoreForKey(secureStore.getType(),
65                 secureStore.getProvider());
66
67         char storepass[] = null;
68         if(keyStoreInfo.getStorePassword()!=null) {
69             logger.finest("KeyStore: Store password was present!");
70             storepass = keyStoreInfo.getStorePassword().toCharArray();
71         } else {
72             logger.finest("KeyStore: Store password was not set.. so asking!");
73             if(sensitiveInput==null) {
74                 sensitiveInput = new SensitiveInput(config.getName()+" - Input Prompt");
75             }
76             storepass = sensitiveInput.getInput("Store password for KeyStore");
77             if(storepass==null) {
78                 logger.finest("No password entered.. will pass null");
79             }
80         }
81
82         InputStream keyStoreStream = null;
83         try {
84             if(keyStoreInfo.getStoreFile().equalsIgnoreCase("none")==false) {
85                 logger.finest("KeyStore location: "+
86                     ConfigReader.makeAbsoluteToConfig(keyStoreInfo.getStoreFile(),
87                     config));
88                 keyStoreStream = new FileInputStream(
89                     ConfigReader.makeAbsoluteToConfig(keyStoreInfo.getStoreFile(),
90                     config));
91             }
92
93             ks.load(keyStoreStream, storepass);
94             logger.finest("KeyStore loaded");
95         } finally {
96             if(keyStoreStream != null) {
97                 keyStoreStream.close();
98                 keyStoreStream = null;
99             }
100         }
101
102         char keypass[] = null;
103         if(keyStoreInfo.getKeyPassword()!=null) {
104             logger.finest("KeyStore: key password was present!");
105             keypass = keyStoreInfo.getKeyPassword().toCharArray();
106         } else {
107             logger.finest("KeyStore: Key password was not set.. so asking!");
108             if(sensitiveInput==null) {
109                 sensitiveInput = new SensitiveInput(config.getName()+" - Input Prompt");
110             }
111             keypass = sensitiveInput.getInput("Key password for KeyStore");
112             if(keypass==null) {
113                 logger.finest("No password entered.. will pass blank");
114                 keypass = "".toCharArray();
115             }
116         }
117
118         KeyManagerFactory kmf = KeyManagerFactory.getInstance(
119             secureStore.getAlgorithm());
120         kmf.init(ks, keypass);
121
122         storepass = " ".toCharArray();
123         storepass = null;
124         keypass = " ".toCharArray();
125         keypass = null;
126
127         return kmf.getKeyManagers();
128     }
129
130     /**
131      * Loads TrustManagers. TrustManagers are responsible for managing the
132      * trust material that is used when making trust decisions, and for
133      * deciding whether credentials presented by a peer should be accepted.
134      * Can return null.
135      */
136     public TrustManager[] loadTrustManagers(QuickServerConfig config)
137             throws GeneralSecurityException, IOException {
138         Secure secure = config.getSecure();
139         SecureStore secureStore = secure.getSecureStore();
140         TrustStoreInfo trustStoreInfo = secureStore.getTrustStoreInfo();
141
142         if(trustStoreInfo==null) {
143             return null;
144         }
145
146         logger.finest("Loading TrustManagers");
147
148         String type = null;
149         if(trustStoreInfo.getType()!=null && trustStoreInfo.getType().trim().length()!=0)
150             type = trustStoreInfo.getType();
151         else
152             type = secureStore.getType();
153
154         String provider = null;
155         if(trustStoreInfo.getProvider()!=null && trustStoreInfo.getProvider().trim().length()!=0)
156             provider = trustStoreInfo.getProvider();
157         else
158             provider = secureStore.getProvider();
159         
160         KeyStore ts = getKeyStoreForTrust(type, provider);
161
162         char trustpass[] = null;
163         if(trustStoreInfo.getStorePassword()!=null) {
164             logger.finest("TrustStore: Store password was present!");
165             trustpass = trustStoreInfo.getStorePassword().toCharArray();
166         } else {
167             logger.finest("TrustStore: Store password was not set.. so asking!");
168             if(sensitiveInput==null) {
169                 sensitiveInput = new SensitiveInput(config.getName()+" - Input Prompt");
170             }
171             trustpass = sensitiveInput.getInput("Store password for TrustStore");
172             if(trustpass==null) {
173                 logger.finest("No password entered.. will pass null");
174             }
175         }
176
177         InputStream trustStoreStream = null;
178         try {
179             if(trustStoreInfo.getStoreFile().equalsIgnoreCase("none")==false) {
180                 logger.finest("TrustStore location: "+
181                     ConfigReader.makeAbsoluteToConfig(
182                     trustStoreInfo.getStoreFile(), config));
183                 trustStoreStream = new FileInputStream(
184                     ConfigReader.makeAbsoluteToConfig(
185                     trustStoreInfo.getStoreFile(), config));
186             }
187
188             ts.load(trustStoreStream, trustpass);
189             logger.finest("TrustStore loaded");
190         } finally {
191             if(trustStoreStream!=null) {
192                 trustStoreStream.close();
193                 trustStoreStream = null;
194             }
195         }
196     
197         TrustManagerFactory tmf = TrustManagerFactory.getInstance(
198             secureStore.getAlgorithm());
199         tmf.init(ts);
200         return tmf.getTrustManagers();
201     }
202
203     /**
204      * Generates a SSLContext object that implements the specified secure
205      * socket protocol.
206      */
207     public SSLContext getSSLContext(String protocol)
208             throws NoSuchAlgorithmException {
209         return SSLContext.getInstance(protocol);
210     }
211
212     /**
213      * Generates a keystore object for the specified keystore type from
214      * the specified provider to be used for loading/storeing keys.
215      * @param type the type of keystore
216      * @param provider the name of the provider if <code>null</code> any
217      * provider package that implements this type of key may be given based
218      * on the priority.
219      */
220     protected KeyStore getKeyStoreForKey(String type, String provider)
221             throws KeyStoreException, NoSuchProviderException {
222         if(provider==null)
223             return KeyStore.getInstance(type);
224         return KeyStore.getInstance(type, provider);
225     }
226
227     /**
228      * Generates a keystore object for the specified keystore type from
229      * the specified provider to be used for loading/storing trusted
230      * keys/certificates.
231      * @param type the type of keystore
232      * @param provider the name of the provider if <code>null</code> any
233      * provider package that implements this type of key may be given based
234      * on the priority.
235      */
236     protected KeyStore getKeyStoreForTrust(String type, String provider)
237             throws KeyStoreException, NoSuchProviderException {
238         if(provider==null)
239             return KeyStore.getInstance(type);
240         return KeyStore.getInstance(type, provider);
241     }
242
243     /**
244      * Returns a SSLSocketFactory object to be used for creating SSLSockets.
245      */
246     public SSLSocketFactory getSocketFactory(SSLContext context) {
247         return context.getSocketFactory();
248     }
249
250     /**
251      * Can be used to log details about the SSLServerSocket used to
252      * create a secure server [SSL/TLS]. This method can also be
253      * overridden to change the enabled cipher suites and/or enabled protocols.
254      */
255     public void logSSLServerSocketInfo(SSLServerSocket sslServerSocket) {
256         if(logger.isLoggable(Level.FINEST)==false) {
257             return;
258         }
259         logger.finest("SecureServer Info: ClientAuth: "+
260             sslServerSocket.getNeedClientAuth());
261         logger.finest("SecureServer Info: ClientMode: "+
262             sslServerSocket.getUseClientMode());
263
264         String supportedSuites[] = sslServerSocket.getSupportedCipherSuites();
265         logger.finest("SecureServer Info: Supported Cipher Suites --------");
266         for(int i=0;i<supportedSuites.length;i++)
267             logger.finest(supportedSuites[i]);
268         logger.finest("---------------------------------------------------");
269
270         String enabledSuites[] = sslServerSocket.getEnabledCipherSuites();
271         logger.finest("SecureServer Info: Enabled Cipher Suites ----------");
272         for(int i=0;i<enabledSuites.length;i++)
273             logger.finest(enabledSuites[i]);
274         logger.finest("---------------------------------------------------");
275
276
277         String supportedProtocols[] = sslServerSocket.getSupportedProtocols();
278         logger.finest("SecureServer Info: Supported Protocols ------------");
279         for(int i=0;i<supportedProtocols.length;i++)
280             logger.finest(supportedProtocols[i]);
281         logger.finest("---------------------------------------------------");
282
283         String enabledProtocols[] = sslServerSocket.getEnabledProtocols();
284         logger.finest("SecureServer Info: Enabled Protocols --------------");
285         for(int i=0;i<enabledProtocols.length;i++)
286             logger.finest(enabledProtocols[i]);
287         logger.finest("---------------------------------------------------");
288     }
289 }
290

A to Z: JavaDoc & Examples

---

Daily Java News & Articles

---

Open Source Projects

---

Open Source Codes

---

Free Computer Books

---

Remove Frame

---

Popular Tags