5362 |
16 Jun 10 |
nicklas |
1 |
/** |
5362 |
16 Jun 10 |
nicklas |
$Id$ |
5362 |
16 Jun 10 |
nicklas |
3 |
|
5362 |
16 Jun 10 |
nicklas |
Copyright (C) 2010 Nicklas Nordborg |
5362 |
16 Jun 10 |
nicklas |
5 |
|
5362 |
16 Jun 10 |
nicklas |
This file is part of BASE - BioArray Software Environment. |
5362 |
16 Jun 10 |
nicklas |
Available at http://base.thep.lu.se/ |
5362 |
16 Jun 10 |
nicklas |
8 |
|
5362 |
16 Jun 10 |
nicklas |
BASE is free software; you can redistribute it and/or |
5362 |
16 Jun 10 |
nicklas |
modify it under the terms of the GNU General Public License |
5362 |
16 Jun 10 |
nicklas |
as published by the Free Software Foundation; either version 3 |
5362 |
16 Jun 10 |
nicklas |
of the License, or (at your option) any later version. |
5362 |
16 Jun 10 |
nicklas |
13 |
|
5362 |
16 Jun 10 |
nicklas |
BASE is distributed in the hope that it will be useful, |
5362 |
16 Jun 10 |
nicklas |
but WITHOUT ANY WARRANTY; without even the implied warranty of |
5362 |
16 Jun 10 |
nicklas |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
5362 |
16 Jun 10 |
nicklas |
GNU General Public License for more details. |
5362 |
16 Jun 10 |
nicklas |
18 |
|
5362 |
16 Jun 10 |
nicklas |
You should have received a copy of the GNU General Public License |
5362 |
16 Jun 10 |
nicklas |
along with BASE. If not, see <http://www.gnu.org/licenses/>. |
5362 |
16 Jun 10 |
nicklas |
21 |
*/ |
5362 |
16 Jun 10 |
nicklas |
22 |
package net.sf.basedb.util.ssl; |
5362 |
16 Jun 10 |
nicklas |
23 |
|
5362 |
16 Jun 10 |
nicklas |
24 |
import java.net.Socket; |
5362 |
16 Jun 10 |
nicklas |
25 |
import java.security.KeyStore; |
5362 |
16 Jun 10 |
nicklas |
26 |
import java.security.KeyStoreException; |
5362 |
16 Jun 10 |
nicklas |
27 |
import java.security.Principal; |
5362 |
16 Jun 10 |
nicklas |
28 |
import java.security.PrivateKey; |
5362 |
16 Jun 10 |
nicklas |
29 |
import java.security.cert.Certificate; |
5362 |
16 Jun 10 |
nicklas |
30 |
import java.security.cert.X509Certificate; |
5362 |
16 Jun 10 |
nicklas |
31 |
|
5362 |
16 Jun 10 |
nicklas |
32 |
import javax.net.ssl.X509KeyManager; |
5362 |
16 Jun 10 |
nicklas |
33 |
|
5362 |
16 Jun 10 |
nicklas |
34 |
import net.sf.basedb.core.FileServer; |
5362 |
16 Jun 10 |
nicklas |
35 |
|
5362 |
16 Jun 10 |
nicklas |
36 |
/** |
5362 |
16 Jun 10 |
nicklas |
A key manager implementation that always selects a specified keystore entry. |
5362 |
16 Jun 10 |
nicklas |
We use it to make sure that a client certificate that has been registered |
5362 |
16 Jun 10 |
nicklas |
with a {@link FileServer} is always selected for authoriation independent of |
5362 |
16 Jun 10 |
nicklas |
other settings. |
5362 |
16 Jun 10 |
nicklas |
41 |
|
5362 |
16 Jun 10 |
nicklas |
@author Nicklas |
5362 |
16 Jun 10 |
nicklas |
@since 2.16 |
5362 |
16 Jun 10 |
nicklas |
@base.modified $Date$ |
5362 |
16 Jun 10 |
nicklas |
45 |
*/ |
5362 |
16 Jun 10 |
nicklas |
46 |
public class StaticKeyManager |
5362 |
16 Jun 10 |
nicklas |
47 |
implements X509KeyManager |
5362 |
16 Jun 10 |
nicklas |
48 |
{ |
5362 |
16 Jun 10 |
nicklas |
49 |
|
5362 |
16 Jun 10 |
nicklas |
50 |
private final KeyStore keyStore; |
5362 |
16 Jun 10 |
nicklas |
51 |
private final String alias; |
5362 |
16 Jun 10 |
nicklas |
52 |
private final char[] password; |
5362 |
16 Jun 10 |
nicklas |
53 |
|
5362 |
16 Jun 10 |
nicklas |
54 |
/** |
5362 |
16 Jun 10 |
nicklas |
Create a new key manager |
5362 |
16 Jun 10 |
nicklas |
@param keyStore The key-store containing the client certificate |
5362 |
16 Jun 10 |
nicklas |
@param alias The alias of the key-store entry to use, or null to use |
5362 |
16 Jun 10 |
nicklas |
the first entry in the key-store |
5362 |
16 Jun 10 |
nicklas |
@param password The password that is required to unlock the entry |
5362 |
16 Jun 10 |
nicklas |
60 |
*/ |
5362 |
16 Jun 10 |
nicklas |
61 |
public StaticKeyManager(KeyStore keyStore, String alias, String password) |
5362 |
16 Jun 10 |
nicklas |
62 |
throws KeyStoreException |
5362 |
16 Jun 10 |
nicklas |
63 |
{ |
5362 |
16 Jun 10 |
nicklas |
64 |
this.keyStore = keyStore; |
5362 |
16 Jun 10 |
nicklas |
65 |
this.alias = alias == null ? keyStore.aliases().nextElement() : alias; |
5362 |
16 Jun 10 |
nicklas |
66 |
this.password = password == null ? null : password.toCharArray(); |
5362 |
16 Jun 10 |
nicklas |
67 |
} |
5362 |
16 Jun 10 |
nicklas |
68 |
|
5362 |
16 Jun 10 |
nicklas |
69 |
/** |
5362 |
16 Jun 10 |
nicklas |
@return Always the alias specified in the constructor |
5362 |
16 Jun 10 |
nicklas |
71 |
*/ |
5362 |
16 Jun 10 |
nicklas |
72 |
@Override |
5362 |
16 Jun 10 |
nicklas |
73 |
public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) |
5362 |
16 Jun 10 |
nicklas |
74 |
{ |
5362 |
16 Jun 10 |
nicklas |
75 |
return alias; |
5362 |
16 Jun 10 |
nicklas |
76 |
} |
5362 |
16 Jun 10 |
nicklas |
77 |
|
5362 |
16 Jun 10 |
nicklas |
78 |
/** |
5362 |
16 Jun 10 |
nicklas |
@return Always null |
5362 |
16 Jun 10 |
nicklas |
80 |
*/ |
5362 |
16 Jun 10 |
nicklas |
81 |
@Override |
5362 |
16 Jun 10 |
nicklas |
82 |
public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) |
5362 |
16 Jun 10 |
nicklas |
83 |
{ |
5362 |
16 Jun 10 |
nicklas |
84 |
return null; |
5362 |
16 Jun 10 |
nicklas |
85 |
} |
5362 |
16 Jun 10 |
nicklas |
86 |
|
5362 |
16 Jun 10 |
nicklas |
87 |
@Override |
5362 |
16 Jun 10 |
nicklas |
88 |
public X509Certificate[] getCertificateChain(String alias) |
5362 |
16 Jun 10 |
nicklas |
89 |
{ |
5362 |
16 Jun 10 |
nicklas |
90 |
X509Certificate[] certificates = null; |
5362 |
16 Jun 10 |
nicklas |
91 |
try |
5362 |
16 Jun 10 |
nicklas |
92 |
{ |
5362 |
16 Jun 10 |
nicklas |
93 |
Certificate[] certs = keyStore.getCertificateChain(alias); |
5362 |
16 Jun 10 |
nicklas |
94 |
if (certs != null) |
5362 |
16 Jun 10 |
nicklas |
95 |
{ |
5362 |
16 Jun 10 |
nicklas |
96 |
certificates = new X509Certificate[certs.length]; |
5362 |
16 Jun 10 |
nicklas |
97 |
System.arraycopy(certs, 0, certificates, 0, certs.length); |
5362 |
16 Jun 10 |
nicklas |
98 |
} |
5362 |
16 Jun 10 |
nicklas |
99 |
} |
5362 |
16 Jun 10 |
nicklas |
100 |
catch (KeyStoreException ex) |
5362 |
16 Jun 10 |
nicklas |
101 |
{} |
5362 |
16 Jun 10 |
nicklas |
102 |
return certificates; |
5362 |
16 Jun 10 |
nicklas |
103 |
} |
5362 |
16 Jun 10 |
nicklas |
104 |
|
5362 |
16 Jun 10 |
nicklas |
105 |
/** |
5362 |
16 Jun 10 |
nicklas |
@return An array with the alias given in the constructor as the only element |
5362 |
16 Jun 10 |
nicklas |
107 |
*/ |
5362 |
16 Jun 10 |
nicklas |
108 |
@Override |
5362 |
16 Jun 10 |
nicklas |
109 |
public String[] getClientAliases(String keyType, Principal[] issuers) |
5362 |
16 Jun 10 |
nicklas |
110 |
{ |
5362 |
16 Jun 10 |
nicklas |
111 |
return new String[] { alias }; |
5362 |
16 Jun 10 |
nicklas |
112 |
} |
5362 |
16 Jun 10 |
nicklas |
113 |
|
5362 |
16 Jun 10 |
nicklas |
114 |
@Override |
5362 |
16 Jun 10 |
nicklas |
115 |
public PrivateKey getPrivateKey(String alias) |
5362 |
16 Jun 10 |
nicklas |
116 |
{ |
5362 |
16 Jun 10 |
nicklas |
117 |
PrivateKey key = null; |
5362 |
16 Jun 10 |
nicklas |
118 |
try |
5362 |
16 Jun 10 |
nicklas |
119 |
{ |
5362 |
16 Jun 10 |
nicklas |
120 |
key = (PrivateKey)keyStore.getKey(alias, password); |
5362 |
16 Jun 10 |
nicklas |
121 |
} |
5362 |
16 Jun 10 |
nicklas |
122 |
catch (Exception ex) |
5362 |
16 Jun 10 |
nicklas |
123 |
{} |
5362 |
16 Jun 10 |
nicklas |
124 |
return key; |
5362 |
16 Jun 10 |
nicklas |
125 |
} |
5362 |
16 Jun 10 |
nicklas |
126 |
|
5362 |
16 Jun 10 |
nicklas |
127 |
/** |
5362 |
16 Jun 10 |
nicklas |
@return Always null |
5362 |
16 Jun 10 |
nicklas |
129 |
*/ |
5362 |
16 Jun 10 |
nicklas |
130 |
@Override |
5362 |
16 Jun 10 |
nicklas |
131 |
public String[] getServerAliases(String keyType, Principal[] issuers) |
5362 |
16 Jun 10 |
nicklas |
132 |
{ |
5362 |
16 Jun 10 |
nicklas |
133 |
return null; |
5362 |
16 Jun 10 |
nicklas |
134 |
} |
5362 |
16 Jun 10 |
nicklas |
135 |
|
5362 |
16 Jun 10 |
nicklas |
136 |
} |