import java.net.MalformedURLException;
import java.net.URL;
+import java.util.Properties;
import javax.xml.rpc.ServiceException;
-import org.apache.axis.AxisProperties;
+import javax.net.ssl.SSLContext;
+
+import org.apache.axis.SimpleTargetedChain;
+import org.apache.axis.Handler;
+import org.apache.axis.transport.http.HTTPTransport;
+import org.apache.axis.transport.http.SocketHolder;
+import org.apache.axis.SimpleChain;
+import org.apache.axis.configuration.SimpleProvider;
+
+import org.glite.security.trustmanager.ContextWrapper;
+import org.glite.security.trustmanager.axis.SSLConfigSender;
+
import org.glite.wsdl.services.lb.LoggingAndBookkeepingLocator;
import org.glite.wsdl.services.lb.LoggingAndBookkeepingPortType;
+
/**
*
*/
public class LBCredentials {
+ private String proxy;
+ private String caFiles;
+ private String key;
+ private String pass;
+ private String cert;
+
public LBCredentials(String proxy, String caFiles) {
if (proxy == null) throw new IllegalArgumentException("Proxy cannot be null");
- if (caFiles == null) throw new IllegalArgumentException("caFiles cannot be null");
- System.setProperty(org.glite.security.trustmanager.ContextWrapper.CREDENTIALS_PROXY_FILE, proxy);
- System.setProperty(org.glite.security.trustmanager.ContextWrapper.CA_FILES, caFiles);
- System.setProperty(org.glite.security.trustmanager.ContextWrapper.SSL_PROTOCOL, "SSLv3");
- AxisProperties.setProperty("axis.socketSecureFactory","org.glite.security.trustmanager.axis.AXISSocketFactory");
+ this.proxy = new String(proxy);
+ if (caFiles != null) {
+ this.caFiles = new String(caFiles);
+ }
}
public LBCredentials(String userCert, String userKey, String userPass, String caFiles) {
- if (userCert==null || userKey==null || userPass==null || caFiles==null)
- throw new IllegalArgumentException("One of the parameters was null");
-
- System.setProperty(org.glite.security.trustmanager.ContextWrapper.CREDENTIALS_CERT_FILE,userCert);
- System.setProperty(org.glite.security.trustmanager.ContextWrapper.CREDENTIALS_KEY_FILE,userKey);
- System.setProperty(org.glite.security.trustmanager.ContextWrapper.CREDENTIALS_KEY_PASSWD,userPass);
- System.setProperty(org.glite.security.trustmanager.ContextWrapper.CA_FILES, caFiles);
- System.setProperty(org.glite.security.trustmanager.ContextWrapper.SSL_PROTOCOL, "SSLv3");
- AxisProperties.setProperty("axis.socketSecureFactory","org.glite.security.trustmanager.axis.AXISSocketFactory");
+ if (userCert==null || userKey==null)
+ throw new IllegalArgumentException("key and cert must not be null");
+
+ key = new String(userKey);
+ cert = new String(userCert);
+ if (userPass != null) pass = new String(userPass);
+ if (caFiles != null) this.caFiles = new String(caFiles);
}
protected LoggingAndBookkeepingPortType getStub(String server) throws LBException {
if (!queryServerAddress.getProtocol().equals("https")) {
throw new IllegalArgumentException("wrong protocol");
}
- LoggingAndBookkeepingLocator loc = new LoggingAndBookkeepingLocator();
+
+ Handler transport = new SimpleTargetedChain(new SimpleChain(),
+ new SSLConfigSender(makeConfig()),
+ new SimpleChain());
+ SimpleProvider transportProvider = new SimpleProvider();
+ transportProvider.deployTransport(HTTPTransport.DEFAULT_TRANSPORT_NAME, transport);
+ LoggingAndBookkeepingLocator loc = new LoggingAndBookkeepingLocator(transportProvider);
return loc.getLoggingAndBookkeeping(queryServerAddress);
} catch (ServiceException ex) {
throw new LBException(ex);
} catch (MalformedURLException ex) {
throw new LBException(ex);
- }
+ } catch (org.apache.axis.AxisFault ex) {
+ throw new LBException(ex);
+ }
}
+ private Properties makeConfig() {
+ Properties cf = new java.util.Properties();
+
+ if (proxy != null) cf.put(ContextWrapper.CREDENTIALS_PROXY_FILE,proxy);
+ else {
+ cf.put(ContextWrapper.CREDENTIALS_CERT_FILE,cert);
+ cf.put(ContextWrapper.CREDENTIALS_KEY_FILE,key);
+ if (pass != null) cf.put(ContextWrapper.CREDENTIALS_KEY_PASSWD, pass);
+ }
+
+ if (caFiles != null) cf.put(ContextWrapper.CA_FILES,caFiles);
+ cf.put(ContextWrapper.SSL_PROTOCOL, "SSLv3");
+
+ return cf;
+ }
+
+ protected SSLContext getSSLContext() throws LBException {
+ ContextWrapper cw;
+
+ try {
+ cw = new ContextWrapper(makeConfig());
+ }
+ catch (java.io.IOException e) {
+ throw new LBException(e);
+ }
+ catch (java.security.GeneralSecurityException e) {
+ throw new LBException(e);
+ }
+ return cw.getContext();
+
+ }
}
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
-import org.globus.cog.security.cert.request.BouncyCastleOpenSSLKey;
-import org.globus.gsi.GlobusCredential;
-import org.globus.gsi.GlobusCredentialException;
-import org.gridforum.jgss.ExtendedGSSCredential;
-import org.gridforum.jgss.ExtendedGSSManager;
-import org.ietf.jgss.GSSCredential;
-import org.ietf.jgss.GSSException;
+import org.glite.security.trustmanager.CRLFileTrustManager;
+import org.glite.security.trustmanager.UpdatingKeyManager;
public class SSL {
static final String proxyProp = "X509UserProxy";
- /**
- * Implementation of abstract class X509KeyManager.
- * It is used to manage X509 certificates which are used to authenticate
- * the local side of a secure socket.
- */
- static class MyX509KeyManager implements X509KeyManager {
-
- private X509Certificate[] certchain;
- private PrivateKey key;
-
- public MyX509KeyManager(Certificate[] cchain, PrivateKey key) {
- this.certchain = new X509Certificate[cchain.length];
- System.arraycopy(cchain, 0, this.certchain, 0, cchain.length);
- this.key = key;
- }
-
- public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket
-socket) {
-/*
- System.out.println("MyX509KeyManager.chooseClientAlias()");
- for (int i = 0; i < keyType.length; i++) {
- System.out.println("MyX509KeyManager.chooseClientAlias() keyType[" + i +
-"]=" + keyType[i]);
- }
- for (int i = 0; i < issuers.length; i++) {
- System.out.println("MyX509KeyManager.chooseClientAlias() issuers[" + i +
-"]=" + issuers[i]);
- }
-*/
- return "";
- }
-
- public String chooseServerAlias(String keyType, Principal[] issuers, Socket
-socket) {
-/*
- System.out.println("MyX509KeyManager.chooseServerAlias(" + keyType + ")");
-
- if (issuers != null) for (int i=0; i<issuers.length; i++)
- System.out.println(" " + issuers[i]);
-*/
-
- return "";
- }
-
- public X509Certificate[] getCertificateChain(String alias) {
-// System.out.println("MyX509KeyManager.getCertificateChain(" + alias + ")");
- return certchain;
- }
-
- public String[] getClientAliases(String keyType, Principal[] issuers) {
-// System.out.println("MyX509KeyManager.getClientAliases(" + keyType + ")");
- return null;
- }
-
- public PrivateKey getPrivateKey(String alias) {
-// System.out.println("MyX509KeyManager.getPrivateKey(" + alias + ")");
- return key;
- }
-
- public String[] getServerAliases(String keyType, Principal[] issuers) {
-// System.out.println("MyX509KeyManager.getServerAliases(" + keyType + ")");
- return null;
- }
- }
-
- /**
- * Implementation of abstract class X509TrustManager.
- * It is used to authenticate the remote side of a secure socket.
- */
- static class MyX509TrustManager implements X509TrustManager {
-
- public X509Certificate[] getAcceptedIssuers() {
- return null;
- }
-
- public void checkClientTrusted(X509Certificate[] certs, String authType) {
- //System.out.println("X509TrustManager.checkClientTrusted(certs["+certs.length+"],"+authType+")");
- }
-
- public void checkServerTrusted(X509Certificate[] certs, String authType) throws
- CertificateException {
- //System.out.println("----X509TrustManager.checkServerTrusted-----");
- //System.out.println("number of certs: "+certs.length+", authType="+authType);
- //for(int i=0;i<certs.length;i++) {
- // System.out.println("cert["+i+"]="+certs[i].getSubjectDN());
- //}
- //System.out.println("--------------------------------------------");
- }
- }
SSLContext sctx;
SSLSocket client;
SSLServerSocket server;
SSLSession sess;
- String proxy;
+ LBCredentials creds;
- void init_ctx() throws KeyStoreException,NoSuchAlgorithmException,KeyManagementException {
+ void init_ctx() throws LBException {
if (sctx == null) {
+ if (creds == null) throw new NullPointerException("credentials must be specfied");
- if (proxy == null) proxy = System.getProperty(proxyProp);
-
- TrustManager[] trustAllCerts = new TrustManager[]{new MyX509TrustManager()};
- X509KeyManager[] myKeyManager = createX509KeyManager(proxy);
-
- if (myKeyManager == null) {
- throw new NullPointerException("myKeyManager is null");
- }
-
- sctx = SSLContext.getInstance("SSLv3");
- sctx.init(myKeyManager, trustAllCerts, null);
+ sctx = creds.getSSLContext();
}
}
- public void setProxy(String p) {
- proxy = p;
+ public void setCredentials(LBCredentials c) {
+ creds = c;
}
- public Socket connect(String host,int port,int timeout) throws KeyStoreException,NoSuchAlgorithmException,KeyManagementException,SocketException,IOException {
-
+ public Socket connect(String host,int port,int timeout) throws LBException {
init_ctx();
- client = (SSLSocket) sctx.getSocketFactory().createSocket();
-
- client.setEnabledProtocols(new String[]{"SSLv3"});
- client.setUseClientMode(true);
- client.setSoTimeout(timeout); //read timeout
-
- client.connect(new InetSocketAddress(host, port), timeout); //connect timeout
- client.startHandshake();
-
- sess = client.getSession();
- if (sess == null) {
- throw new NullPointerException("null session");
- }
+ try {
+ client = (SSLSocket) sctx.getSocketFactory().createSocket();
+
+ client.setEnabledProtocols(new String[]{"SSLv3"});
+ client.setUseClientMode(true);
+ client.setSoTimeout(timeout); //read timeout
+
+ client.connect(new InetSocketAddress(host, port), timeout); //connect timeout
+ client.startHandshake();
+
+ sess = client.getSession();
+ if (sess == null) {
+ throw new NullPointerException("null session");
+ }
+ }
+ catch (IOException e) { throw new LBException(e); }
return client;
//return new PrintStream(client.getOutputStream(),false);
}
- public Socket accept(int port,int timeout)
- throws KeyStoreException,IOException,SocketException,NoSuchAlgorithmException,KeyManagementException
+ public Socket accept(int port,int timeout) throws LBException
{
-
+ SSLSocket conn;
init_ctx();
- server = (SSLServerSocket) sctx.getServerSocketFactory().createServerSocket();
-
- server.setEnabledProtocols(new String[]{"SSLv3"});
- server.setSoTimeout(timeout);
-
- server.bind(new InetSocketAddress(port));
-
- SSLSocket conn = (SSLSocket) server.accept();
+ try {
+ server = (SSLServerSocket) sctx.getServerSocketFactory().createServerSocket();
+
+ server.setEnabledProtocols(new String[]{"SSLv3"});
+ server.setSoTimeout(timeout);
+
+ server.bind(new InetSocketAddress(port));
+
+ conn = (SSLSocket) server.accept();
+ }
+ catch (IOException e) { throw new LBException(e); }
return conn;
}
- public void close() throws IOException,SocketException {
+ public void close() throws LBException
+ {
+ try {
client.close();
+ }
+ catch (IOException e) { throw new LBException(e); }
}
- /**
- * This methods reads user's certificate
- *
- * @param ksfile path to certificate
- * @return instance of KeyStore with certificate
- * @throws java.security.KeyStoreException
- * @throws java.security.cert.CertificateException
- * @throws java.security.NoSuchAlgorithmException
- * @throws java.io.IOException
- */
- X509KeyManager[] createX509KeyManager(String ksfile) throws KeyStoreException {
-
- if (ksfile.endsWith(".pem") || !ksfile.contains(".")) {
- return readPEM(ksfile);
- }
-
- throw new KeyStoreException("Unknown key store");
- }
-
- X509KeyManager[] readPEM(String ksfile) {
- BufferedReader br = null;
- BufferedInputStream pemFile = null;
- ByteArrayInputStream bais = null;
-
- X509KeyManager[] myX509KeyManager = null;
-
- try {
- // read in the credential data
- File f = new File(ksfile);
- pemFile = new BufferedInputStream(new FileInputStream(f));
- byte [] data = new byte[(int)f.length()];
- pemFile.read(data);
-
- GlobusCredential gc = new GlobusCredential(ksfile);
- Certificate[] cert = gc.getCertificateChain();
-
- PrivateKey privateKey = gc.getPrivateKey();
- myX509KeyManager = new X509KeyManager[]{new MyX509KeyManager(cert, privateKey)};
- } catch (IOException ex) {
- System.err.println(ex);
- } catch (GlobusCredentialException ex) {
- System.err.println(ex);
- } finally {
- try {
- pemFile.close();
- } catch (IOException ex) {
- System.err.println(ex);
- }
- }
-
- return myX509KeyManager;
- }
}
git://scientific.zcu.cz / jra1mw.git / commitdiff