root/trunk/src/java/org/jcoderz/commons/connector/http/transport/HttpsKeyManager.java

Revision 1011, 6.6 kB (checked in by amandel, 4 years ago)

Aligned svn keyword settings.
  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
Line 
1/*
2 * $Id$
3 *
4 * Copyright 2006, The jCoderZ.org Project. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions are
8 * met:
9 *
10 *    * Redistributions of source code must retain the above copyright
11 *      notice, this list of conditions and the following disclaimer.
12 *    * Redistributions in binary form must reproduce the above
13 *      copyright notice, this list of conditions and the following
14 *      disclaimer in the documentation and/or other materials
15 *      provided with the distribution.
16 *    * Neither the name of the jCoderZ.org Project nor the names of
17 *      its contributors may be used to endorse or promote products
18 *      derived from this software without specific prior written
19 *      permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS "AS IS" AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
24 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS AND CONTRIBUTORS
25 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
26 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
28 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
29 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
30 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
31 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 */
33package org.jcoderz.commons.connector.http.transport;
34
35import java.net.Socket;
36import java.security.GeneralSecurityException;
37import java.security.KeyStore;
38import java.security.KeyStoreException;
39import java.security.Principal;
40import java.security.PrivateKey;
41import java.security.cert.Certificate;
42import java.security.cert.X509Certificate;
43import javax.net.ssl.X509KeyManager;
44
45import org.jcoderz.commons.connector.InitializingSslFailedException;
46import org.jcoderz.commons.util.Assert;
47
48
49/**
50 * This class implements the X509KeyManager interface and
51 * allows to select a specific key for client authentification.
52 *
53 */
54public class HttpsKeyManager
55      implements X509KeyManager
56{
57   /** The parent X509KeyManager */
58   private final X509KeyManager mManager;
59   /** The KeyStore this KeyManager uses */
60   private final KeyStore mKeyStore;
61   private final String mKeyAlias;
62   private final String mKeyPassword;
63
64   /** Lazy init cache for private key. */
65   private PrivateKey mPrivateKey;
66
67   /**
68    * Constructor.
69    *
70    * @param  parent       the parent X509KeyManager
71    * @param  keystore     the KeyStore we derive our client certs and keys from
72    * @param  keyAlias     the alias for key in use
73    * @param  keyPassword  the password used for alias
74    */
75   public HttpsKeyManager (
76         X509KeyManager parent, KeyStore keystore,
77         String keyAlias, String keyPassword)
78   {
79      mManager = parent;
80      mKeyStore = keystore;
81      mKeyAlias = keyAlias;
82      mKeyPassword = keyPassword;
83   }
84
85   /**
86    * Gets the one alias set in constructor.
87    * Currently,  keyType and issuers are both ignored.
88    *
89    * @param  keyType  the type of private key the server expects (RSA,
90    *                  DSA, etc.)
91    * @param  issuers  the CA certificates we are narrowing our selection
92    *                  on.
93    * @return          the ClientAliases value
94    */
95   public String[] getClientAliases (String keyType, Principal[] issuers)
96   {
97      return new String[] {mKeyAlias};
98   }
99
100   /**
101    * Gets the list of server aliases for the SSLServerSockets.
102    *
103    * @param  keyType  the type of private key the server expects (RSA,
104    *                  DSA, etc.)
105    * @param  issuers  the CA certificates we are narrowing our selection
106    *                  on.
107    * @return          the ServerAliases value
108    */
109   public String[] getServerAliases (String keyType, Principal[] issuers)
110   {
111      return mManager.getServerAliases(keyType, issuers);
112   }
113
114   /**
115    * Gets the Certificate chain for a particular alias.
116    *
117    * @param  alias  the client alias
118    * @return        the CertificateChain value
119    */
120   public X509Certificate[] getCertificateChain (String alias)
121   {
122      assertAlias(alias);
123      final X509Certificate[] chain;
124      try
125      {
126         final Certificate[] certs = mKeyStore.getCertificateChain(alias);
127         Assert.notNull(certs, "certs");
128         chain = new X509Certificate[certs.length];
129         for (int i = 0; i < chain.length; i++)
130         {
131            chain[i] = (X509Certificate) certs[i];
132         }
133         // chain = (X509Certificate[])mKeyStore.getCertificateChain(alias);
134
135      }
136      catch (KeyStoreException kse)
137      {
138         final String reason
139               = "Unable to obtain certificate chain for alias "
140                  + "<" + alias + ">";
141         final InitializingSslFailedException sse
142               = new InitializingSslFailedException(reason, kse);
143         throw sse;
144      }
145      return chain;
146   }
147
148   /**
149    * Gets the Private Key for a particular alias.
150    *
151    * @param  alias  the client alias
152    * @return        the PrivateKey value
153    */
154   public PrivateKey getPrivateKey (String alias)
155   {
156      assertAlias(alias);
157      if (mPrivateKey == null)
158      {
159         try
160         {
161            mPrivateKey = (PrivateKey) mKeyStore.getKey(
162                  alias, mKeyPassword.toCharArray());
163         }
164         catch (GeneralSecurityException gse)
165         {
166            final String reason
167                  = "Unable to obtain private key for alias "
168                     + "<" + alias + ">";
169            final InitializingSslFailedException sse
170                  = new InitializingSslFailedException(reason, gse);
171            throw sse;
172         }
173      }
174      return mPrivateKey;
175   }
176
177   /** {@inheritDoc} */
178   public String chooseClientAlias (
179         String[] keyType, Principal[] issuers, Socket socket)
180   {
181      return mKeyAlias;
182   }
183
184   /** {@inheritDoc} */
185   public String chooseServerAlias (
186         String keyType, Principal[] issuers, Socket socket)
187   {
188      return mManager.chooseServerAlias(keyType, issuers, socket);
189   }
190
191   /**
192    * Asserts that the given alias is the one set for constructor.
193    * @param alias  the alias to assert
194    */
195   private void assertAlias (String alias)
196   {
197      if (!alias.equals(mKeyAlias))
198      {
199         final String reason
200               = "Unexpected alias <" + alias + ">";
201         final InitializingSslFailedException sse
202               = new InitializingSslFailedException(reason);
203         throw sse;
204      }
205   }
206}
Note: See TracBrowser for help on using the browser.