From: Scott S. <sco...@jb...> - 2005-04-30 04:50:48
|
User: starksm Date: 05/04/30 00:50:35 Modified: src/main/org/jboss/net/ssl JBossImplementation.java JBossSocketFactory.java Log: Update to subclass the org.apache.tomcat.util.net.jsse.JSSE14SocketFactory and pass the key and trust stores to the JSSE14SocketFactory. Revision Changes Path 1.2 +30 -19 jboss-tomcat/src/main/org/jboss/net/ssl/JBossImplementation.java (In the diff below, changes in quantity of whitespace are not shown.) Index: JBossImplementation.java =================================================================== RCS file: /cvsroot/jboss/jboss-tomcat/src/main/org/jboss/net/ssl/JBossImplementation.java,v retrieving revision 1.1 retrieving revision 1.2 diff -u -b -r1.1 -r1.2 --- JBossImplementation.java 4 Aug 2003 23:31:41 -0000 1.1 +++ JBossImplementation.java 30 Apr 2005 04:50:35 -0000 1.2 @@ -1,30 +1,41 @@ /* - * JBoss, the OpenSource EJB server + * JBoss, Home of Professional Open Source * * Distributable under LGPL license. * See terms of license at gnu.org. */ package org.jboss.net.ssl; -import java.net.Socket; -import javax.net.ssl.SSLSocket; - import org.apache.tomcat.util.net.ServerSocketFactory; import org.apache.tomcat.util.net.jsse.JSSEImplementation; +/** + * Extend the default tomcat JSSEImplementation to use the JBossSocketFactory + * for integration with the SecurityDomain based key/trust store configuration + * + * @see JSSEImplementation + * @see JBossSocketFactory + * @see org.jboss.security.SecurityDomain + * + * @author Sco...@jb... + * @version $Revision: 1.2 $ + */ public class JBossImplementation - extends JSSEImplementation { - + extends JSSEImplementation +{ public JBossImplementation() - throws ClassNotFoundException { + throws ClassNotFoundException + { super(); } - public String getImplementationName(){ + public String getImplementationName() + { return "JBoss"; } - public ServerSocketFactory getServerSocketFactory() { + public ServerSocketFactory getServerSocketFactory() + { return new JBossSocketFactory(); } 1.2 +121 -55 jboss-tomcat/src/main/org/jboss/net/ssl/JBossSocketFactory.java (In the diff below, changes in quantity of whitespace are not shown.) Index: JBossSocketFactory.java =================================================================== RCS file: /cvsroot/jboss/jboss-tomcat/src/main/org/jboss/net/ssl/JBossSocketFactory.java,v retrieving revision 1.1 retrieving revision 1.2 diff -u -b -r1.1 -r1.2 --- JBossSocketFactory.java 4 Aug 2003 23:31:41 -0000 1.1 +++ JBossSocketFactory.java 30 Apr 2005 04:50:35 -0000 1.2 @@ -1,5 +1,5 @@ /* - * JBoss, the OpenSource EJB server + * JBoss, Home of Professional Open Source * * Distributable under LGPL license. * See terms of license at gnu.org. @@ -7,65 +7,131 @@ package org.jboss.net.ssl; import java.io.IOException; -import java.net.InetAddress; -import java.net.ServerSocket; -import java.net.Socket; +import java.security.KeyStore; import javax.naming.InitialContext; import javax.naming.NamingException; -import javax.net.ServerSocketFactory; -import javax.net.ssl.SSLSocket; +import javax.net.ssl.TrustManager; +import javax.net.ssl.KeyManager; +import javax.net.ssl.TrustManagerFactory; +import javax.net.ssl.KeyManagerFactory; import org.jboss.security.SecurityDomain; -import org.jboss.security.ssl.DomainServerSocketFactory; +import org.apache.tomcat.util.net.jsse.JSSE14SocketFactory; +/** + * Extends the tomcat JSSE14SocketFactory to obtain the server key and trust + * stores from the SecurityDomain defined by the securityDomain attribute + * of the connector. + * + */ public class JBossSocketFactory - extends org.apache.tomcat.util.net.ServerSocketFactory { - - private DomainServerSocketFactory socketFactory; + extends JSSE14SocketFactory +{ + private SecurityDomain securityDomain; + + public JBossSocketFactory() + { + } - public void setAttribute(String name, Object value) { - if (name.equals("algorithm")) { - try { + public void setAttribute(String name, Object value) + { + if (name.equalsIgnoreCase("securityDomain")) + { + try + { setSecurityDomainName((String) value); - } catch (Exception e) { - throw new IllegalArgumentException(e.getMessage()); + } + catch (Exception e) + { + IllegalArgumentException ex = + new IllegalArgumentException("Failed to set security domain"); + ex.initCause(e); + throw ex; } } + super.setAttribute(name, value); } + /** + * Set the SecurityDomain to use for the key/trust stores + * + * @param jndiName - the jndi name of the SecurityDomain binding + * @throws NamingException + * @throws IOException + */ public void setSecurityDomainName(String jndiName) - throws NamingException, IOException { + throws NamingException, IOException + { InitialContext iniCtx = new InitialContext(); - SecurityDomain securityDomain = - (SecurityDomain) iniCtx.lookup(jndiName); - socketFactory = new DomainServerSocketFactory(securityDomain); + securityDomain = (SecurityDomain) iniCtx.lookup(jndiName); } - public ServerSocket createSocket(int port) - throws IOException { - return createSocket(port, 50, null); + /** + * Gets the SSL server's keystore from the SecurityDomain. + * + * @param type - ignored, this comes from the security domain config + * @param pass - ignore, this comes from the security domain config + * @return the KeyStore for the server cert + * @throws IOException + */ + protected KeyStore getKeystore(String type, String pass) + throws IOException + { + return securityDomain.getKeyStore(); } - public ServerSocket createSocket(int port, int backlog) - throws IOException { - return createSocket(port, backlog, null); - } + /* + * Gets the SSL server's truststore from the SecurityDomain. - public ServerSocket createSocket(int port, int backlog, - InetAddress ifAddress) - throws IOException { - return socketFactory.createServerSocket(port, backlog, ifAddress); + * @param type - ignored, this comes from the security domain config + * @return the KeyStore for the trusted signers store + */ + protected KeyStore getTrustStore(String type) throws IOException + { + return securityDomain.getTrustStore(); } - public Socket acceptSocket(ServerSocket socket) - throws IOException { - return socket.accept(); - } + /** + * Override to obtain the TrustManagers from the security domain. + * + * @param keystoreType - ignored, this comes from the security domain + * @param algorithm - ignored, this comes from the security domain + * @return the array of TrustManagers from the security domain + * @throws Exception + */ + protected TrustManager[] getTrustManagers(String keystoreType, String algorithm) + throws Exception + { + TrustManagerFactory tmf = securityDomain.getTrustManagerFactory(); + TrustManager[] trustMgrs = null; - public void handshake(Socket sock) - throws IOException { - ((SSLSocket)sock).startHandshake(); + if( tmf != null ) + { + trustMgrs = tmf.getTrustManagers(); + } + return trustMgrs; } + /** + * Override to obtain the KeyManagers from the security domain. + * + * @param keystoreType - ignored, this comes from the security domain + * @param algorithm - ignored, this comes from the security domain + * @param keyAlias - ignored + * @return the array of KeyManagers from the security domain + * @throws Exception + */ + protected KeyManager[] getKeyManagers(String keystoreType, String algorithm, + String keyAlias) + throws Exception + { + KeyManagerFactory kmf = securityDomain.getKeyManagerFactory(); + KeyManager[] keyMgrs = null; + if( kmf != null ) + { + keyMgrs = kmf.getKeyManagers(); + } + return keyMgrs; + } } |