[jboss-cvs] Picketbox SVN: r198 - in trunk: security-spi/spi/src/main/java/org/jboss/security and 1 other directory.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon Apr 18 15:36:29 EDT 2011
Author: mmoyses
Date: 2011-04-18 15:36:28 -0400 (Mon, 18 Apr 2011)
New Revision: 198
Modified:
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/JBossJSSESecurityDomain.java
trunk/security-spi/spi/src/main/java/org/jboss/security/JSSESecurityDomain.java
Log:
fixing alias aware KeyManager for JBossJSSESecurityDomain
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/JBossJSSESecurityDomain.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/JBossJSSESecurityDomain.java 2011-04-18 16:10:38 UTC (rev 197)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/JBossJSSESecurityDomain.java 2011-04-18 19:36:28 UTC (rev 198)
@@ -36,6 +36,7 @@
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
@@ -54,7 +55,9 @@
private KeyStore keyStore;
- private KeyManagerFactory keyManager;
+ private KeyManagerFactory keyManagerFactory;
+
+ private KeyManager[] keyManagers;
private String keyStoreType = "JKS";
@@ -62,8 +65,6 @@
private char[] keyStorePassword;
- private String keyStoreAlias;
-
private String keyStoreProvider;
private String keyStoreProviderArgument;
@@ -74,7 +75,9 @@
private KeyStore trustStore;
- private TrustManagerFactory trustManager;
+ private TrustManagerFactory trustManagerFactory;
+
+ private TrustManager[] trustManagers;
private String trustStoreType = "JKS";
@@ -91,6 +94,8 @@
private String trustManagerFactoryAlgorithm;
private String clientAlias;
+
+ private String serverAlias;
private boolean clientAuth;
@@ -126,16 +131,6 @@
this.keyStoreURL = validateStoreURL(keyStoreURL);
}
- public String getKeyStoreAlias()
- {
- return keyStoreAlias;
- }
-
- public void setKeyStoreAlias(String keyStoreAlias)
- {
- this.keyStoreAlias = keyStoreAlias;
- }
-
public String getKeyStoreProvider()
{
return keyStoreProvider;
@@ -253,12 +248,12 @@
@Override
public String getServerAlias()
{
- return keyStoreAlias;
+ return serverAlias;
}
public void setServerAlias(String serverAlias)
{
- this.keyStoreAlias = serverAlias;
+ this.serverAlias = serverAlias;
}
@Override
@@ -300,15 +295,15 @@
}
@Override
- public KeyManagerFactory getKeyManagerFactory() throws SecurityException
+ public KeyManager[] getKeyManagers() throws SecurityException
{
- return keyManager;
+ return keyManagers;
}
@Override
- public TrustManagerFactory getTrustManagerFactory() throws SecurityException
+ public TrustManager[] getTrustManagers() throws SecurityException
{
- return trustManager;
+ return trustManagers;
}
@Override
@@ -446,27 +441,20 @@
is = keyStoreURL.openStream();
}
keyStore.load(is, keyStorePassword);
- if (keyStoreAlias != null && !keyStore.isKeyEntry(keyStoreAlias))
- {
- throw new IOException("Cannot find key entry with alias " + keyStoreAlias + " in the keyStore");
- }
String algorithm = null;
if (keyManagerFactoryAlgorithm != null)
algorithm = keyManagerFactoryAlgorithm;
else
algorithm = KeyManagerFactory.getDefaultAlgorithm();
if (keyManagerFactoryProvider != null)
- keyManager = KeyManagerFactory.getInstance(algorithm, keyManagerFactoryProvider);
+ keyManagerFactory = KeyManagerFactory.getInstance(algorithm, keyManagerFactoryProvider);
else
- keyManager = KeyManagerFactory.getInstance(algorithm);
- keyManager.init(keyStore, keyStorePassword);
- if (keyStoreAlias != null)
+ keyManagerFactory = KeyManagerFactory.getInstance(algorithm);
+ keyManagerFactory.init(keyStore, keyStorePassword);
+ keyManagers = keyManagerFactory.getKeyManagers();
+ for (int i = 0; i < keyManagers.length; i++)
{
- KeyManager[] keyManagers = keyManager.getKeyManagers();
- for (int i = 0; i < keyManagers.length; i++)
- {
- keyManagers[i] = new SecurityKeyManager((X509KeyManager) keyManagers[i], keyStoreAlias, clientAlias);
- }
+ keyManagers[i] = new SecurityKeyManager((X509KeyManager) keyManagers[i], serverAlias, clientAlias);
}
}
if (trustStorePassword != null)
@@ -501,10 +489,11 @@
else
algorithm = TrustManagerFactory.getDefaultAlgorithm();
if (trustManagerFactoryProvider != null)
- trustManager = TrustManagerFactory.getInstance(algorithm, trustStoreProvider);
+ trustManagerFactory = TrustManagerFactory.getInstance(algorithm, trustStoreProvider);
else
- trustManager = TrustManagerFactory.getInstance(algorithm);
- trustManager.init(trustStore);
+ trustManagerFactory = TrustManagerFactory.getInstance(algorithm);
+ trustManagerFactory.init(trustStore);
+ trustManagers = trustManagerFactory.getTrustManagers();
}
else if (keyStore != null)
{
@@ -514,8 +503,9 @@
algorithm = trustManagerFactoryAlgorithm;
else
algorithm = TrustManagerFactory.getDefaultAlgorithm();
- trustManager = TrustManagerFactory.getInstance(algorithm);
- trustManager.init(trustStore);
+ trustManagerFactory = TrustManagerFactory.getInstance(algorithm);
+ trustManagerFactory.init(trustStore);
+ trustManagers = trustManagerFactory.getTrustManagers();
}
}
Modified: trunk/security-spi/spi/src/main/java/org/jboss/security/JSSESecurityDomain.java
===================================================================
--- trunk/security-spi/spi/src/main/java/org/jboss/security/JSSESecurityDomain.java 2011-04-18 16:10:38 UTC (rev 197)
+++ trunk/security-spi/spi/src/main/java/org/jboss/security/JSSESecurityDomain.java 2011-04-18 19:36:28 UTC (rev 198)
@@ -25,10 +25,10 @@
import java.security.Key;
import java.security.KeyStore;
import java.security.cert.Certificate;
-// JSSE key and trust managers
-import javax.net.ssl.KeyManagerFactory;
-import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.TrustManager;
+
/**
* Security domain used for configuring SSL.
*
@@ -44,11 +44,11 @@
public KeyStore getKeyStore() throws SecurityException;
/**
- * Get the KeyManagerFactory associated with the security domain
+ * Get the KeyManagers created by the configured KeyManagerFactory
*
- * @return the keystore manager factory
+ * @return the initialized KeyManagers
*/
- public KeyManagerFactory getKeyManagerFactory() throws SecurityException;
+ public KeyManager[] getKeyManagers() throws SecurityException;
/**
* Get the truststore associated with the security domain. This may be the same as the keystore
@@ -58,11 +58,11 @@
public KeyStore getTrustStore() throws SecurityException;
/**
- * Get the TrustManagerFactory associated with the security domain
+ * Get the TrustManagers created by the configured TrustManagerFactory
*
- * @return the truststore manager factory
+ * @return the initialized TrustManagers
*/
- public TrustManagerFactory getTrustManagerFactory() throws SecurityException;
+ public TrustManager[] getTrustManagers() throws SecurityException;
/**
* Reload/initialize keystore and truststore using the attributes set in the security domain
More information about the jboss-cvs-commits
mailing list