Project Report: fawkez

Packagesummary org.jcoderz.commons.connector.http.transport

org.jcoderz.commons.connector.http.transport.HttpsKeyManager

LineHitsNoteSource
1  /*
2   * $Id: HttpsKeyManager.java 1011 2008-06-16 17:57:36Z amandel $
3   *
4   * Copyright 2006, The jCoderZ.org Project. All rights reserved.
5   *
6   * Redistribution and use in source and binary forms, with or without
7   * modification, are permitted provided that the following conditions are
8   * met:
9   *
10   *    * Redistributions of source code must retain the above copyright
11   *      notice, this list of conditions and the following disclaimer.
12   *    * Redistributions in binary form must reproduce the above
13   *      copyright notice, this list of conditions and the following
14   *      disclaimer in the documentation and/or other materials
15   *      provided with the distribution.
16   *    * Neither the name of the jCoderZ.org Project nor the names of
17   *      its contributors may be used to endorse or promote products
18   *      derived from this software without specific prior written
19   *      permission.
20   *
21   * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS "AS IS" AND
22   * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
24   * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS AND CONTRIBUTORS
25   * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
26   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
28   * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
29   * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
30   * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
31   * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32   */
33  package org.jcoderz.commons.connector.http.transport;
34  
35  import java.net.Socket;
36  import java.security.GeneralSecurityException;
37  import java.security.KeyStore;
38  import java.security.KeyStoreException;
39  import java.security.Principal;
40  import java.security.PrivateKey;
41  import java.security.cert.Certificate;
42  import java.security.cert.X509Certificate;
43  import javax.net.ssl.X509KeyManager;
44  
45  import org.jcoderz.commons.connector.InitializingSslFailedException;
46  import org.jcoderz.commons.util.Assert;
47  
48  
49  /**
50   * This class implements the X509KeyManager interface and
51   * allows to select a specific key for client authentification.
52   *
53   */
54 (1)public class HttpsKeyManager
55        implements X509KeyManager
56  {
57     /** The parent X509KeyManager */
58     private final X509KeyManager mManager;
59     /** The KeyStore this KeyManager uses */
60     private final KeyStore mKeyStore;
61     private final String mKeyAlias;
62     private final String mKeyPassword;
63  
64     /** Lazy init cache for private key. */
65     private PrivateKey mPrivateKey;
66  
67     /**
68      * Constructor.
69      *
70      * @param parent the parent X509KeyManager
71      * @param keystore the KeyStore we derive our client certs and keys from
72      * @param keyAlias the alias for key in use
73      * @param keyPassword the password used for alias
74      */
75     public HttpsKeyManager (
76           X509KeyManager parent, KeyStore keystore,
77           String keyAlias, String keyPassword)
780    {
790       mManager = parent;
800       mKeyStore = keystore;
810       mKeyAlias = keyAlias;
820       mKeyPassword = keyPassword;
830    }
84  
85     /**
86      * Gets the one alias set in constructor.
87      * Currently,  keyType and issuers are both ignored.
88      *
89      * @param keyType the type of private key the server expects (RSA,
90      *                  DSA, etc.)
91      * @param issuers the CA certificates we are narrowing our selection
92      *                  on.
93      * @return the ClientAliases value
94      */
95     public String[] getClientAliases (String keyType, Principal[] issuers)
96     {
970       return new String[] {mKeyAlias};
98     }
99  
100     /**
101      * Gets the list of server aliases for the SSLServerSockets.
102      *
103      * @param keyType the type of private key the server expects (RSA,
104      *                  DSA, etc.)
105      * @param issuers the CA certificates we are narrowing our selection
106      *                  on.
107      * @return the ServerAliases value
108      */
109     public String[] getServerAliases (String keyType, Principal[] issuers)
110     {
1110       return mManager.getServerAliases(keyType, issuers);
112     }
113  
114     /**
115      * Gets the Certificate chain for a particular alias.
116      *
117      * @param alias the client alias
118      * @return the CertificateChain value
119      */
120     public X509Certificate[] getCertificateChain (String alias)
121     {
1220       assertAlias(alias);
123        final X509Certificate[] chain;
124        try
125        {
1260          final Certificate[] certs = mKeyStore.getCertificateChain(alias);
1270          Assert.notNull(certs, "certs");
1280          chain = new X509Certificate[certs.length];
1290          for (int i = 0; i < chain.length; i++)
130           {
1310             chain[i] = (X509Certificate) certs[i];
132           }
133           // chain = (X509Certificate[])mKeyStore.getCertificateChain(alias);
134  
135        }
1360       catch (KeyStoreException kse)
137        {
1380          final String reason
139                 = "Unable to obtain certificate chain for alias "
140                    + "<" + alias + ">";
1410          final InitializingSslFailedException sse
142                 = new InitializingSslFailedException(reason, kse);
1430          throw sse;
1440       }
1450       return chain;
146     }
147  
148     /**
149      * Gets the Private Key for a particular alias.
150      *
151      * @param alias the client alias
152      * @return the PrivateKey value
153      */
154     public PrivateKey getPrivateKey (String alias)
155     {
1560       assertAlias(alias);
1570       if (mPrivateKey == null)
158        {
159           try
160           {
1610             mPrivateKey = (PrivateKey) mKeyStore.getKey(
162                    alias, mKeyPassword.toCharArray());
163           }
1640          catch (GeneralSecurityException gse)
165           {
1660             final String reason
167                    = "Unable to obtain private key for alias "
168                       + "<" + alias + ">";
1690             final InitializingSslFailedException sse
170                    = new InitializingSslFailedException(reason, gse);
1710             throw sse;
1720          }
173        }
1740       return mPrivateKey;
175     }
176  
177     /** {@inheritDoc} */
178     public String chooseClientAlias (
179           String[] keyType, Principal[] issuers, Socket socket)
180     {
1810       return mKeyAlias;
182     }
183  
184     /** {@inheritDoc} */
185     public String chooseServerAlias (
186           String keyType, Principal[] issuers, Socket socket)
187     {
1880       return mManager.chooseServerAlias(keyType, issuers, socket);
189     }
190  
191     /**
192      * Asserts that the given alias is the one set for constructor.
193      * @param alias the alias to assert
194      */
195     private void assertAlias (String alias)
196     {
1970       if (!alias.equals(mKeyAlias))
198        {
1990          final String reason
200                 = "Unexpected alias <" + alias + ">";
2010          final InitializingSslFailedException sse
202                 = new InitializingSslFailedException(reason);
2030          throw sse;
204        }
2050    }
206  }

Findings in this File

c (1) 54 : 0 Type Javadoc comment is missing an @author tag.