[jboss-cvs] JBossAS SVN: r88157 - branches/JBPAPP_4_2_0_GA_CP/security/src/main/org/jboss/security/plugins.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon May 4 11:31:15 EDT 2009
Author: mmoyses
Date: 2009-05-04 11:31:15 -0400 (Mon, 04 May 2009)
New Revision: 88157
Added:
branches/JBPAPP_4_2_0_GA_CP/security/src/main/org/jboss/security/plugins/SecurityKeyManager.java
Modified:
branches/JBPAPP_4_2_0_GA_CP/security/src/main/org/jboss/security/plugins/JaasSecurityDomain.java
branches/JBPAPP_4_2_0_GA_CP/security/src/main/org/jboss/security/plugins/JaasSecurityDomainMBean.java
Log:
JBPAPP-1978: allow PKCS11 keystores to be used.
Modified: branches/JBPAPP_4_2_0_GA_CP/security/src/main/org/jboss/security/plugins/JaasSecurityDomain.java
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/security/src/main/org/jboss/security/plugins/JaasSecurityDomain.java 2009-05-04 15:25:09 UTC (rev 88156)
+++ branches/JBPAPP_4_2_0_GA_CP/security/src/main/org/jboss/security/plugins/JaasSecurityDomain.java 2009-05-04 15:31:15 UTC (rev 88157)
@@ -28,6 +28,7 @@
import java.net.URL;
import java.security.KeyStore;
import java.util.Arrays;
+
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
@@ -35,8 +36,10 @@
import javax.crypto.spec.PBEParameterSpec;
import javax.management.MBeanServer;
import javax.management.ObjectName;
+import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509KeyManager;
import javax.security.auth.callback.CallbackHandler;
import org.jboss.mx.util.MBeanServerLocator;
@@ -127,6 +130,8 @@
private URL keyStoreURL;
/** The keystore password for loading */
private char[] keyStorePassword;
+ /** The alias of the KeyStore to be used */
+ private String keyStoreAlias;
/** The secret key that corresponds to the keystore password */
private SecretKey cipherKey;
/** The encode/decode cipher algorigthm */
@@ -234,6 +239,16 @@
{
this.keyStorePassword = Util.loadPassword(password);
}
+
+ public String getKeyStoreAlias()
+ {
+ return this.keyStoreAlias;
+ }
+
+ public void setKeyStoreAlias(String alias)
+ {
+ this.keyStoreAlias = alias;
+ }
public String getTrustStoreType()
{
@@ -410,19 +425,39 @@
private void loadKeyAndTrustStore()
throws Exception
{
- if( keyStoreURL != null )
+ if( keyStorePassword != null )
{
keyStore = KeyStore.getInstance(keyStoreType);
- InputStream is = keyStoreURL.openStream();
+ InputStream is = null;
+ if (!"PKCS11".equalsIgnoreCase(keyStoreType))
+ {
+ is = keyStoreURL.openStream();
+ }
keyStore.load(is, keyStorePassword);
+ if (keyStoreAlias != null && !keyStore.isKeyEntry(keyStoreAlias))
+ {
+ throw new IOException("Cannot find key entry with alias " + keyStoreAlias + " in the keyStore");
+ }
String algorithm = KeyManagerFactory.getDefaultAlgorithm();
keyMgr = KeyManagerFactory.getInstance(algorithm);
keyMgr.init(keyStore, keyStorePassword);
+ if (keyStoreAlias != null)
+ {
+ KeyManager[] keyManagers = keyMgr.getKeyManagers();
+ for (int i = 0; i < keyManagers.length; i++)
+ {
+ keyManagers[i] = new SecurityKeyManager((X509KeyManager) keyManagers[i], keyStoreAlias);
+ }
+ }
}
- if( trustStoreURL != null )
+ if( trustStorePassword != null )
{
trustStore = KeyStore.getInstance(trustStoreType);
- InputStream is = trustStoreURL.openStream();
+ InputStream is = null;
+ if (!"PKCS11".equalsIgnoreCase(trustStoreType))
+ {
+ is = trustStoreURL.openStream();
+ }
trustStore.load(is, trustStorePassword);
String algorithm = TrustManagerFactory.getDefaultAlgorithm();
trustMgr = TrustManagerFactory.getInstance(algorithm);
Modified: branches/JBPAPP_4_2_0_GA_CP/security/src/main/org/jboss/security/plugins/JaasSecurityDomainMBean.java
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/security/src/main/org/jboss/security/plugins/JaasSecurityDomainMBean.java 2009-05-04 15:25:09 UTC (rev 88156)
+++ branches/JBPAPP_4_2_0_GA_CP/security/src/main/org/jboss/security/plugins/JaasSecurityDomainMBean.java 2009-05-04 15:31:15 UTC (rev 88157)
@@ -53,7 +53,12 @@
*/
public void setKeyStorePass(String password)
throws Exception;
-
+ /** Get the alias of the KeyStore.
+ */
+ public String getKeyStoreAlias();
+ /** Set the alias of the KeyStore.
+ */
+ public void setKeyStoreAlias(String alias);
/** Get the type of the trust store
* @return the type of the trust store
*/
Added: branches/JBPAPP_4_2_0_GA_CP/security/src/main/org/jboss/security/plugins/SecurityKeyManager.java
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/security/src/main/org/jboss/security/plugins/SecurityKeyManager.java (rev 0)
+++ branches/JBPAPP_4_2_0_GA_CP/security/src/main/org/jboss/security/plugins/SecurityKeyManager.java 2009-05-04 15:31:15 UTC (rev 88157)
@@ -0,0 +1,97 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.plugins;
+
+import java.net.Socket;
+import java.security.Principal;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+
+import javax.net.ssl.X509KeyManager;
+
+/**
+ * X509KeyManager that allows selection of a key entry to be used.
+ *
+ * @author <a href="mmoyses at redhat.com">Marcus Moyses</a>
+ * @version $Revision: 1.1 $
+ */
+public class SecurityKeyManager implements X509KeyManager
+{
+ private X509KeyManager delegate;
+
+ private String keyAlias;
+
+ public SecurityKeyManager(X509KeyManager keyManager, String alias)
+ {
+ this.delegate = keyManager;
+ this.keyAlias = alias;
+ }
+
+ /**
+ * @see X509KeyManager#chooseClientAlias(String[], Principal[], Socket)
+ */
+ public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket)
+ {
+ return keyAlias;
+ }
+
+ /**
+ * @see X509KeyManager#chooseServerAlias(String, Principal[], Socket)
+ */
+ public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket)
+ {
+ return delegate.chooseServerAlias(keyType, issuers, socket);
+ }
+
+ /**
+ * @see X509KeyManager#getCertificateChain(String)
+ */
+ public X509Certificate[] getCertificateChain(String alias)
+ {
+ return delegate.getCertificateChain(alias);
+ }
+
+ /**
+ * @see X509KeyManager#getClientAliases(String, Principal[])
+ */
+ public String[] getClientAliases(String keyType, Principal[] issuers)
+ {
+ return delegate.getClientAliases(keyType, issuers);
+ }
+
+ /**
+ * @see X509KeyManager#getPrivateKey(String)
+ */
+ public PrivateKey getPrivateKey(String alias)
+ {
+ return delegate.getPrivateKey(alias);
+ }
+
+ /**
+ * @see X509KeyManager#getServerAliases(String, Principal[])
+ */
+ public String[] getServerAliases(String keyType, Principal[] issuers)
+ {
+ return delegate.getServerAliases(keyType, issuers);
+ }
+
+}
More information about the jboss-cvs-commits
mailing list