[ebxmlms-commits] ebxmlms/src/hk/hku/cecid/phoenix/pki KeyStoreKeyManager.java,NONE,1.1

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/pki
In directory sc8-pr-cvs1:/tmp/cvs-serv2330/src/hk/hku/cecid/phoenix/pki

Added Files:
	KeyStoreKeyManager.java 
Log Message:
Implement SSL Client Authentication.
set SSL client cert map with URL.
however, currently don't know how to choose suitable client cert
upon certificate request from server.

--- NEW FILE: KeyStoreKeyManager.java ---
/*
 * Copyright(c) 2002 Center for E-Commerce Infrastructure Development, The
 * University of Hong Kong (HKU). All Rights Reserved.
 *
 * This software is licensed under the Academic Free License Version 1.0
 *
 * Academic Free License
 * Version 1.0
 *
 * This Academic Free License applies to any software and associated
 * documentation (the "Software") whose owner (the "Licensor") has placed the
 * statement "Licensed under the Academic Free License Version 1.0" immediately
 * after the copyright notice that applies to the Software.
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of the Software (1) to use, copy, modify, merge, publish, perform,
 * distribute, sublicense, and/or sell copies of the Software, and to permit
 * persons to whom the Software is furnished to do so, and (2) under patent
 * claims owned or controlled by the Licensor that are embodied in the Software
 * as furnished by the Licensor, to make, use, sell and offer for sale the
 * Software and derivative works thereof, subject to the following conditions:
 *
 * - Redistributions of the Software in source code form must retain all
 *   copyright notices in the Software as furnished by the Licensor, this list
 *   of conditions, and the following disclaimers.
 * - Redistributions of the Software in executable form must reproduce all
 *   copyright notices in the Software as furnished by the Licensor, this list
 *   of conditions, and the following disclaimers in the documentation and/or
 *   other materials provided with the distribution.
 * - Neither the names of Licensor, nor the names of any contributors to the
 *   Software, nor any of their trademarks or service marks, may be used to
 *   endorse or promote products derived from this Software without express
 *   prior written permission of the Licensor.
 *
 * DISCLAIMERS: LICENSOR WARRANTS THAT THE COPYRIGHT IN AND TO THE SOFTWARE IS
 * OWNED BY THE LICENSOR OR THAT THE SOFTWARE IS DISTRIBUTED BY LICENSOR UNDER
 * A VALID CURRENT LICENSE. EXCEPT AS EXPRESSLY STATED IN THE IMMEDIATELY
 * PRECEDING SENTENCE, THE SOFTWARE IS PROVIDED BY THE LICENSOR, CONTRIBUTORS
 * AND COPYRIGHT OWNERS "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
 * LICENSOR, CONTRIBUTORS OR COPYRIGHT OWNERS BE LIABLE FOR ANY CLAIM, DAMAGES
 * OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
 * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE.
 *
 * This license is Copyright (C) 2002 Lawrence E. Rosen. All rights reserved.
 * Permission is hereby granted to copy and distribute this license without
 * modification. This license may not be modified without the express written
 * permission of its copyright owner.
 */

/* =====
 *
 * $Header: /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/pki/KeyStoreKeyManager.java,v 1.1 2003/09/11 08:58:09 bobpykoon Exp $
 *
 * Code authored by:
 *
 * Bob Koon [2003-09-010]
 *
 * Code reviewed by:
 *
 * username [YYYY-MM-DD]
 *
 * Remarks:
 *
 * =====
 */

package hk.hku.cecid.phoenix.pki;
import java.io.IOException;
import java.io.InputStream;
import java.io.FileInputStream;
import java.io.File;
import java.net.Socket;
import java.util.Enumeration;
//import javax.net.ssl.X509KeyManager;
import com.sun.net.ssl.X509KeyManager;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.Principal;
import java.security.PrivateKey;
import org.apache.log4j.Logger;
/**
 * This class implements the com.sun.net.ssl.X509KeyManager, which Trust the
 * Certificate Chain if any of the certificate in the certificate chain is
 * stored in the KeyStore.
 *
 * @author bobpykoon
 * @version $Revision: 1.1 $
 */
public class KeyStoreKeyManager implements X509KeyManager {
    /**
     * Logger
     */
    protected static Logger logger = Logger.getLogger(
            KeyStoreTrustManager.class);
    
    private KeyStore keyStore;
    private char[] password;
    private String alias;
    /**
     construct the KeyManger using the KeyStore provided. The Keystore must
     be loaded before passed as parameter.
     */
    public KeyStoreKeyManager(File keystoreFile, String alias, char[] password)
            throws KeyStoreException {
        keyStore = KeyStore.getInstance("JKS");
        InputStream istream = null;
        try {
            istream = new FileInputStream(keystoreFile);
            keyStore.load(istream, password);
        } catch (Exception e) {
            throw new KeyStoreException("Cannot load keystore : "
                    + e.getMessage());
        } finally {
            if (istream != null) {
                try {
                    istream.close();
                } catch (Exception e) {
                    
                }
            }
        }
        this.password = password;
        this.alias = alias;
        logger.debug("Initial KeyStore Trust Manager with keyStore having "
                + keyStore.size() + " entries.");
    }
    
    /**
     implement com.sun.net.ssl.X509KeyManager. Return the alias if principal
     match
     */
    public String chooseClientAlias(String keyType, Principal[] issuers) {
        return getAlias(issuers);
    }

    /**
     implement com.sun.net.ssl.X509KeyManager and javax.net.ssl.X509KeyManager.
     Return the alias if principal match
     */
    public String[] getClientAliases(String keyType, Principal[] issuers) {
        return new String[]{getAlias(issuers)};
    }

    /**
     implement com.sun.net.ssl.X509KeyManager and javax.net.ssl.X509KeyManager.
     Return the alias if principal match
     */
    public String[] getServerAliases(String keyType, Principal[] issuers) {
        return new String[]{getAlias(issuers)};
    }

    /**
     implement com.sun.net.ssl.X509KeyManager. Return the alias if principal
     match
     */
    public String chooseServerAlias(String keyType, Principal[] issuers) {
        return getAlias(issuers);
        
    }

    private String getAlias(Principal[] issuers) {
        if (trustPrincipal(issuers)) {
            return alias;
        }
        return null;
    }

    private boolean trustPrincipal(Principal[] issuers) {
        X509Certificate[] certs = getCertificateChain(alias);
        for (int i = 0; i < certs.length; i++) {
            if (trustPrincipal(certs[i], issuers)) {
                return true;
            }
        }
        return false;
    }

    private boolean trustPrincipal(X509Certificate certificate,
            Principal[] issuers) {
        for (int i = 0; i < issuers.length; i++) {
            if (trustPrincipal(certificate, issuers[i])) {
                return true;
            }
        }
        return false;
    }

    private boolean trustPrincipal(X509Certificate certificate,
            Principal issuer) {
        /*
        logger.debug("Input issuer principal: " + issuer);
        logger.debug("Input issuer principal name: " + issuer.getName());
        logger.debug("Certificate subject principal: " + certificate.getSubjectDN());
        logger.debug("Certificate subject principal name: " + certificate.getSubjectDN().getName());
        logger.debug("Equal : " + issuer.getName().equals(certificate.getSubjectDN().getName()));
        return issuer.getName().equals(certificate.getSubjectDN().getName());
         */
        /*
         don't know how to check yet.
         */
        return true;
    }

    /**
     implement com.sun.net.ssl.X509KeyManager and javax.net.ssl.X509KeyManager.
     */
    public X509Certificate[] getCertificateChain(String alias) {
        try {
            Certificate[] certs = keyStore.getCertificateChain(alias);
            X509Certificate[] resultCerts = new X509Certificate[certs.length];
            for (int i = 0; i < resultCerts.length; i++) {
                resultCerts[i] = (X509Certificate) certs[i];
            }
            return resultCerts;
        } catch (KeyStoreException e) {
            throw new Error("Unexpected Error");
        }
    }

    /**
     implement com.sun.net.ssl.X509KeyManager and javax.net.ssl.X509KeyManager.
     */
    public PrivateKey getPrivateKey(String alias) {
        try {
            return (PrivateKey) keyStore.getKey(alias, password);
        } catch (Exception e) {
            throw new Error("Unexpected Error");
        }
    }

    /**
     implement javax.net.ssl.X509KeyManager. Return the alias if principal
     match
     */
    public String chooseClientAlias(String[] keyType, Principal[] issuers,
            Socket socket) {
        for (int i = 0; i < keyType.length; i++) {
            String alias = chooseClientAlias(keyType[i], issuers);
            if (alias != null) {
                return alias;
            }
        }
        return null;
    }

    /**
     implement javax.net.ssl.X509KeyManager. Return the alias if principal
     match
     */
    public String chooseServerAlias(String keyType, Principal[] issuers,
            Socket socket) {
        return chooseServerAlias(keyType, issuers);
    }

}