[jboss-cvs] JBossAS SVN: r109832 - in branches/JBPAPP_4_3_0_GA_CP09_JBPAPP-5571/security/src/main/org/jboss/security: ssl and 1 other directory.

Fri Dec 10 14:37:25 EST 2010

Author: mmoyses
Date: 2010-12-10 14:37:25 -0500 (Fri, 10 Dec 2010)
New Revision: 109832

Modified:
   branches/JBPAPP_4_3_0_GA_CP09_JBPAPP-5571/security/src/main/org/jboss/security/plugins/JaasSecurityDomain.java
   branches/JBPAPP_4_3_0_GA_CP09_JBPAPP-5571/security/src/main/org/jboss/security/plugins/JaasSecurityDomainMBean.java
   branches/JBPAPP_4_3_0_GA_CP09_JBPAPP-5571/security/src/main/org/jboss/security/plugins/SecurityKeyManager.java
   branches/JBPAPP_4_3_0_GA_CP09_JBPAPP-5571/security/src/main/org/jboss/security/ssl/DomainServerSocketFactory.java
Log:
JBPAPP-5572: backporting additional options

Modified: branches/JBPAPP_4_3_0_GA_CP09_JBPAPP-5571/security/src/main/org/jboss/security/plugins/JaasSecurityDomain.java
===================================================================

--- branches/JBPAPP_4_3_0_GA_CP09_JBPAPP-5571/security/src/main/org/jboss/security/plugins/JaasSecurityDomain.java	2010-12-10 19:31:53 UTC (rev 109831)
+++ branches/JBPAPP_4_3_0_GA_CP09_JBPAPP-5571/security/src/main/org/jboss/security/plugins/JaasSecurityDomain.java	2010-12-10 19:37:25 UTC (rev 109832)
@@ -30,6 +30,7 @@
 import java.security.KeyStore;
 import java.security.Provider;
 import java.util.Arrays;
+import java.util.Properties;
 
 import javax.crypto.Cipher;
 import javax.crypto.SecretKey;
@@ -158,6 +159,10 @@
    private String trustMgrFactoryAlgorithm;
    private String keyStoreProviderArgument;
    private String trustStoreProviderArgument;
+   
+   private String clientAlias;
+   private Properties additionalOptions;
+   private boolean clientAuth;
 
    /** Creates a default JaasSecurityDomain for with a securityDomain
     name of 'other'.
@@ -472,7 +477,47 @@
    {
       this.trustStoreProviderArgument = argument;
    }
+   
+   public String getClientAlias()
+   {
+      return clientAlias;
+   }
 
+   public void setClientAlias(String clientAlias)
+   {
+      this.clientAlias = clientAlias;
+   }
+
+   public String getServerAlias()
+   {
+      return keyStoreAlias;
+   }
+
+   public void setServerAlias(String serverAlias)
+   {
+      this.keyStoreAlias = serverAlias;
+   }
+   
+   public Properties getAdditionalOptions()
+   {
+      return additionalOptions;
+   }
+
+   public void setAdditionalOptions(Properties additionalOptions)
+   {
+      this.additionalOptions = additionalOptions;
+   }
+
+   public boolean isClientAuth()
+   {
+      return clientAuth;
+   }
+
+   public void setClientAuth(boolean clientAuth)
+   {
+      this.clientAuth = clientAuth;
+   }
+
    /**
        Reload the key- and truststore
    */
@@ -575,7 +620,7 @@
             KeyManager[] keyManagers = keyMgr.getKeyManagers();
             for (int i = 0; i < keyManagers.length; i++)
             {
-               keyManagers[i] = new SecurityKeyManager((X509KeyManager) keyManagers[i], keyStoreAlias);
+               keyManagers[i] = new SecurityKeyManager((X509KeyManager) keyManagers[i], keyStoreAlias, clientAlias);
             }
          }
       }

Modified: branches/JBPAPP_4_3_0_GA_CP09_JBPAPP-5571/security/src/main/org/jboss/security/plugins/JaasSecurityDomainMBean.java
===================================================================
--- branches/JBPAPP_4_3_0_GA_CP09_JBPAPP-5571/security/src/main/org/jboss/security/plugins/JaasSecurityDomainMBean.java	2010-12-10 19:31:53 UTC (rev 109831)
+++ branches/JBPAPP_4_3_0_GA_CP09_JBPAPP-5571/security/src/main/org/jboss/security/plugins/JaasSecurityDomainMBean.java	2010-12-10 19:37:25 UTC (rev 109832)
@@ -22,6 +22,7 @@
 package org.jboss.security.plugins;
 
 import java.io.IOException;
+import java.util.Properties;
 
 import javax.management.ObjectName;
 
@@ -228,4 +229,58 @@
     * @param argument for the TrustStore provider
     */
    public void setTrustStoreProviderArgument(String argument);
+   
+   /**
+    * Gets the preferred client alias to be used in an eventual SSL connection
+    * @return client alias name
+    */
+   public String getClientAlias();
+
+   /**
+    * Sets the preferred client alias to be used in an eventual SSL connection
+    * @param clientAlias client alias name
+    */
+   public void setClientAlias(String clientAlias);
+
+   /**
+    * Gets the preferred server alias to be used in an eventual SSL connection
+    * @deprecated use getKeyStoreAlias() instead
+    * @return client alias name
+    */
+   public String getServerAlias();
+
+   /**
+    * Sets the preferred server alias to be used in an eventual SSL connection
+    * @deprecated use setKeyStoreAlias(String) instead
+    * @param clientAlias client alias name
+    */
+   public void setServerAlias(String serverAlias);
+
+   /**
+    * Gets the additionalOptions map
+    * 
+    * @return the map
+    */
+   public Properties getAdditionalOptions();
+
+   /**
+    * Sets the additionalOptions map
+    * 
+    * @param additionalOptions the map
+    */
+   public void setAdditionalOptions(Properties additionalOptions);
+
+   /**
+    * Gets the clientAuth flag
+    * 
+    * @return flag
+    */
+   public boolean isClientAuth();
+
+   /**
+    * Sets the clientAuth flag
+    * 
+    * @param clientAuth the flag
+    */
+   public void setClientAuth(boolean clientAuth);
 }

Modified: branches/JBPAPP_4_3_0_GA_CP09_JBPAPP-5571/security/src/main/org/jboss/security/plugins/SecurityKeyManager.java
===================================================================
--- branches/JBPAPP_4_3_0_GA_CP09_JBPAPP-5571/security/src/main/org/jboss/security/plugins/SecurityKeyManager.java	2010-12-10 19:31:53 UTC (rev 109831)
+++ branches/JBPAPP_4_3_0_GA_CP09_JBPAPP-5571/security/src/main/org/jboss/security/plugins/SecurityKeyManager.java	2010-12-10 19:37:25 UTC (rev 109832)
@@ -38,12 +38,15 @@
 {
    private X509KeyManager delegate;
    
-   private String keyAlias;
+   private String serverAlias;
    
-   public SecurityKeyManager(X509KeyManager keyManager, String alias)
+   private String clientAlias;
+   
+   public SecurityKeyManager(X509KeyManager keyManager, String serverAlias, String clientAlias)
    {
       this.delegate = keyManager;
-      this.keyAlias = alias;
+      this.serverAlias = serverAlias;
+      this.clientAlias  = clientAlias;
    }
 
    /**
@@ -51,7 +54,9 @@
     */
    public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket)
    {
-      return keyAlias;
+      if (clientAlias != null)
+         return clientAlias;
+      return delegate.chooseClientAlias(keyType, issuers, socket);
    }
 
    /**
@@ -59,6 +64,8 @@
     */
    public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket)
    {
+      if (serverAlias != null)
+         return serverAlias;
       return delegate.chooseServerAlias(keyType, issuers, socket);
    }
 

Modified: branches/JBPAPP_4_3_0_GA_CP09_JBPAPP-5571/security/src/main/org/jboss/security/ssl/DomainServerSocketFactory.java
===================================================================
--- branches/JBPAPP_4_3_0_GA_CP09_JBPAPP-5571/security/src/main/org/jboss/security/ssl/DomainServerSocketFactory.java	2010-12-10 19:31:53 UTC (rev 109831)
+++ branches/JBPAPP_4_3_0_GA_CP09_JBPAPP-5571/security/src/main/org/jboss/security/ssl/DomainServerSocketFactory.java	2010-12-10 19:37:25 UTC (rev 109832)
@@ -40,6 +40,7 @@
 
 import org.jboss.logging.Logger;
 import org.jboss.security.SecurityDomain;
+import org.jboss.security.plugins.JaasSecurityDomain;
 
 /** An implementation of ServerSocketFactory that creates SSL server sockets
  using the JSSE SSLContext and a JBossSX SecurityDomain for the KeyManagerFactory
@@ -148,7 +149,19 @@
 
    public boolean isNeedsClientAuth()
    {
-      return needsClientAuth;
+      boolean b;
+
+      if (securityDomain != null && securityDomain instanceof JaasSecurityDomain)
+      {
+          b = ((JaasSecurityDomain) securityDomain).isClientAuth();
+      }
+      else
+      {
+          b = needsClientAuth;
+      }
+
+      log.debug("server socket factory " + (b ? "wants" : "does NOT want") + " client authentication");
+      return b;
    }
    public void setNeedsClientAuth(boolean needsClientAuth)
    {
@@ -236,9 +249,11 @@
          String[] supportedCipherSuites = socket.getSupportedCipherSuites();
          log.debug("Supported CipherSuites: " + Arrays.asList(supportedCipherSuites));
       }
-      socket.setNeedClientAuth(needsClientAuth);
-      if (!needsClientAuth)
-         socket.setWantClientAuth(wantsClientAuth);
+      socket.setNeedClientAuth(isNeedsClientAuth());
+      if (!isNeedsClientAuth())
+      {
+        socket.setWantClientAuth(wantsClientAuth);
+      }
       if( protocols != null )
          socket.setEnabledProtocols(protocols);
       if( cipherSuites != null )
@@ -279,9 +294,11 @@
          String[] supportedCipherSuites = socket.getSupportedCipherSuites();
          log.debug("Supported CipherSuites: " + Arrays.asList(supportedCipherSuites));
       }
-      socket.setNeedClientAuth(needsClientAuth);
-      if (!needsClientAuth)
-         socket.setWantClientAuth(wantsClientAuth);
+      socket.setNeedClientAuth(isNeedsClientAuth());
+      if (!isNeedsClientAuth())
+      {
+        socket.setWantClientAuth(wantsClientAuth);
+      }
       if( protocols != null )
          socket.setEnabledProtocols(protocols);
       if( cipherSuites != null )

