[Neuclear-develop] neuclear-commons/src/java/org/neuclear/commons/crypto/signers ServletSignerFactory.java,NONE,1.1 JCESigner.java,1.9,1.10 TestCaseSigner.java,1.7,1.8

[<pe...@us...>]

Update of /cvsroot/neuclear/neuclear-commons/src/java/org/neuclear/commons/crypto/signers
In directory sc8-pr-cvs1:/tmp/cvs-serv18566/src/java/org/neuclear/commons/crypto/signers

Modified Files:
	JCESigner.java TestCaseSigner.java 
Added Files:
	ServletSignerFactory.java 
Log Message:
Added ServletPassPhraseAgent which uses ThreadLocal to transfer the passphrase to the signer.
Added ServletSignerFactory, which builds Signers for use within servlets based on parameters in the Servlets
Init parameters in web.xml
Updated SQLContext to use ThreadLocal
Added jakarta cactus unit tests to neuclear-commons to test the 2 new features above.
Added use of the new features in neuclear-commons to the servilets within neuclear-id and added 
configuration parameters in web.xml

--- NEW FILE: ServletSignerFactory.java ---
package org.neuclear.commons.crypto.signers;

import org.neuclear.commons.Utility;
import org.neuclear.commons.NeuClearException;
import org.neuclear.commons.crypto.CryptoTools;
import org.neuclear.commons.crypto.passphraseagents.*;

import javax.servlet.ServletConfig;
import java.util.HashMap;
import java.util.Map;
import java.util.Collection;
import java.util.Collections;
import java.io.FileNotFoundException;
import java.security.GeneralSecurityException;

/**
 * Used to create Signers from servlet configuration parameters. It keeps a cache of Signers with similar parameters. Thus
 * if you have several Servlets with the same keystore parameters they will use the same instance of Signer<p>
 * The Configuration parameters are as follows:
 * <table border="2"><tr><th>parameter name</th><th>parameter value</th></tr>
 * <tr><td>keystore</td><td>The location of the JCE KeyStore. Defaults to the file .keystore in the users home directory
 * If you specify <tt>test</tt> the built in Test keystore will be used.</td></tr>
 * <tr><td>serviceid</td><td>The main service ID of the service. Ie. neu://superbux.com/ecurrency. This is only required (and used)
 * if you set <tt>keeppassphrase</tt> (see below)</td></tr>
 * <tr><td>passphraseagent</td><td>The type of passphraseagent to use. Valid options are <tt>servlet</tt>,
 * <tt>gui</tt> and <tt>console</tt>(default)</td></tr>
 * <tr><td>keeppassphrase</td><td>This asks for the service passphrase once at startup and remembers it through the lifetime of the servlet</td></tr>
 * </table>
 * <p>
 * To use the factory. Do as follows within your servlets init() method:
 * <code>Signer signer=ServletSignerFactory.getInstance().createSigner(config);</code>
 *
 * @see PassPhraseAgent
 * @see Signer
 */
public final class ServletSignerFactory {

    private ServletSignerFactory() {
        map=Collections.synchronizedMap(new HashMap());
    }

    public synchronized Signer createSigner(ServletConfig config) throws FileNotFoundException, GeneralSecurityException, NeuClearException {
        final String keystore=config.getInitParameter("keystore");
        final String keeppassphrase=config.getInitParameter("keeppassphrase");
        final String agenttype=config.getInitParameter("passphraseagent");
        final String serviceid = config.getInitParameter("serviceid");
        final String hash = getConfigHash(keystore, keeppassphrase, agenttype,serviceid);
        if (map.containsKey(hash))
            return (Signer)map.get(hash);

        final InteractiveAgent coreagent=getAgent(agenttype);
        final PassPhraseAgent agent=(!Utility.isEmpty(keeppassphrase)&&keeppassphrase.equals("1"))?(PassPhraseAgent)new AskAtStartupAgent(coreagent,serviceid):coreagent;
        // If keystore is "test" setup the TestCaseSigner otherwise use the JCESigner
        final Signer signer=createSigner(keystore, agent);
        map.put(hash,signer);
        return signer;
    }

    private JCESigner createSigner(final String keystore, final PassPhraseAgent agent) throws GeneralSecurityException, NeuClearException, FileNotFoundException {
        if (!Utility.isEmpty(keystore)){
            if (keystore.toLowerCase().equals("test"))
                return new TestCaseSigner(agent);
            if (!keystore.toLowerCase().equals("default"))
                return new JCESigner(keystore,"jks", "SUN",agent);
        }
        return new DefaultSigner(agent);
    }

    private InteractiveAgent getAgent(final String agenttype) {
        if (!Utility.isEmpty(agenttype)){
            if (agenttype.toLowerCase().equals("gui"))
                return new GuiDialogAgent();
            if (agenttype.toLowerCase().equals("servlet"))
                return new ServletPassPhraseAgent();
        }
        return new CommandLineAgent(); //The default DialogAgent
    }

    private static final String getConfigHash(final String keystore, final String keeppassphrase, final String agenttype,final String serviceid) {
        return new String(CryptoTools.digest((keystore+keeppassphrase+agenttype).getBytes()));
    }

    public synchronized static ServletSignerFactory getInstance(){
        if (instance==null)
            instance=new ServletSignerFactory();
        return instance;
    }

    private static ServletSignerFactory instance;
    final private Map map;
}

Index: JCESigner.java
===================================================================
RCS file: /cvsroot/neuclear/neuclear-commons/src/java/org/neuclear/commons/crypto/signers/JCESigner.java,v
retrieving revision 1.9
retrieving revision 1.10
diff -C2 -d -r1.9 -r1.10
*** JCESigner.java	10 Dec 2003 23:55:45 -0000	1.9
--- JCESigner.java	14 Dec 2003 20:52:54 -0000	1.10
***************
*** 2,5 ****
--- 2,14 ----
   * $Id$
   * $Log$
+  * Revision 1.10  2003/12/14 20:52:54  pelle
+  * Added ServletPassPhraseAgent which uses ThreadLocal to transfer the passphrase to the signer.
+  * Added ServletSignerFactory, which builds Signers for use within servlets based on parameters in the Servlets
+  * Init parameters in web.xml
+  * Updated SQLContext to use ThreadLocal
+  * Added jakarta cactus unit tests to neuclear-commons to test the 2 new features above.
+  * Added use of the new features in neuclear-commons to the servilets within neuclear-id and added
+  * configuration parameters in web.xml
+  *
   * Revision 1.9  2003/12/10 23:55:45  pelle
   * Did some cleaning up in the builders
***************
*** 135,147 ****
--- 144,205 ----
  public class JCESigner implements org.neuclear.commons.crypto.signers.Signer, PublicKeySource {
  
+     /**
+      * Constructs a JCESigner with the agent providing the keystore passphrase.
+      * @param filename
+      * @param type
+      * @param provider
+      * @param agent
+      * @throws NeuClearException
+      * @throws GeneralSecurityException
+      * @throws FileNotFoundException
+      */
      public JCESigner(final String filename, final String type, final String provider, final PassPhraseAgent agent) throws NeuClearException, GeneralSecurityException, FileNotFoundException {
          this(filename, new FileInputStream(new File(filename)), type, provider, agent);
      }
+     /**
+      * Constructs a JCESigner providing a initial passphrase in the parameters.
+      * @param filename
+      * @param type
+      * @param provider
+      * @param agent
+      * @param initialpassphrase
+      * @throws NeuClearException
+      * @throws GeneralSecurityException
+      * @throws FileNotFoundException
+      */
+     public JCESigner(final String filename, final String type, final String provider, final PassPhraseAgent agent,final char[] initialpassphrase) throws NeuClearException, GeneralSecurityException, FileNotFoundException {
+         this(filename, new FileInputStream(new File(filename)), type, provider, agent,initialpassphrase);
+     }
  
+     /**
+      * Constructs a JCESigner using the agent to provide the initial passphrase
+      * @param name
+      * @param in
+      * @param type
+      * @param provider
+      * @param agent
+      * @throws NeuClearException
+      */
      protected JCESigner(final String name, final InputStream in, final String type, final String provider, final PassPhraseAgent agent) throws NeuClearException {
          this(loadKeyStore(provider, type, in, agent, name), agent);
      }
+     /**
+      * Constructs a JCESigner using the provided Initial passphrase to load the keystore
+      * @param name
+      * @param in
+      * @param type
+      * @param provider
+      * @param agent
+      * @param initpassphrase
+      * @throws NeuClearException
+      */
+     protected JCESigner(final String name, final InputStream in, final String type, final String provider, final PassPhraseAgent agent, final char[] initpassphrase) throws NeuClearException {
+         this(loadKeyStore(provider, type, in, initpassphrase), agent);
+     }
  
      private static KeyStore loadKeyStore(final String provider, final String type, final InputStream in, final PassPhraseAgent agent, final String name) throws NeuClearException {
+         return loadKeyStore(provider,type,in,agent.getPassPhrase("Keystore password for: "+name));
+     }
+     private static KeyStore loadKeyStore(final String provider, final String type, final InputStream in, final char[] passphrase) throws NeuClearException {
          try {
              KeyStore ki = null;
***************
*** 150,154 ****
              else
                  ki = KeyStore.getInstance(type, provider);
!             ki.load(in, agent.getPassPhrase("KeyStore Passphrase for" + name));
  //            System.out.println("Successfully loaded JCESigner: " + name + " type: " + ki.getType() + " size: " + ki.size());
              return ki;
--- 208,212 ----
              else
                  ki = KeyStore.getInstance(type, provider);
!             ki.load(in, passphrase);
  //            System.out.println("Successfully loaded JCESigner: " + name + " type: " + ki.getType() + " size: " + ki.size());
              return ki;

Index: TestCaseSigner.java
===================================================================
RCS file: /cvsroot/neuclear/neuclear-commons/src/java/org/neuclear/commons/crypto/signers/TestCaseSigner.java,v
retrieving revision 1.7
retrieving revision 1.8
diff -C2 -d -r1.7 -r1.8
*** TestCaseSigner.java	22 Nov 2003 00:22:52 -0000	1.7
--- TestCaseSigner.java	14 Dec 2003 20:52:54 -0000	1.8
***************
*** 29,32 ****
--- 29,41 ----
  $Id$
  $Log$
+ Revision 1.8  2003/12/14 20:52:54  pelle
+ Added ServletPassPhraseAgent which uses ThreadLocal to transfer the passphrase to the signer.
+ Added ServletSignerFactory, which builds Signers for use within servlets based on parameters in the Servlets
+ Init parameters in web.xml
+ Updated SQLContext to use ThreadLocal
+ Added jakarta cactus unit tests to neuclear-commons to test the 2 new features above.
+ Added use of the new features in neuclear-commons to the servilets within neuclear-id and added
+ configuration parameters in web.xml
+ 
  Revision 1.7  2003/11/22 00:22:52  pelle
  All unit tests in commons, id and xmlsec now work.
***************
*** 104,108 ****
                  in,
                  "jks", "SUN",
!                 agent
          );
      }
--- 113,118 ----
                  in,
                  "jks", "SUN",
!                 agent,
!                 "neuclear".toCharArray()
          );
      }