| /* |
| * This file is part of the QuickServer library |
| * Copyright (C) QuickServer.org |
| * |
| * Use, modification, copying and distribution of this software is subject to |
| * the terms and conditions of the GNU Lesser General Public License. |
| * You should have received a copy of the GNU LGP License along with this |
| * library; if not, you can download a copy from <http://www.quickserver.org/>. |
| * |
| * For questions, suggestions, bug-reports, enhancement-requests etc. |
| * visit http://www.quickserver.org |
| * |
| */ |
| |
| package org.quickserver.security; |
| |
| import java.io.*; |
| import java.util.logging.*; |
| import org.quickserver.util.xmlreader.*; |
| import org.quickserver.util.io.*; |
| import javax.net.ssl.*; |
| import java.security.*; |
| import org.quickserver.swing.*; |
| |
| /** |
| * Class that loads Key Managers, Trust Managers, SSLContext and other secure |
| * objects from QuickServer configuration passed. See <secure-store-manager> |
| * in <secure-store> to set new manger to load your SecureStore. This |
| * class can be overridden to change the way QuickServer configures the |
| * secure mode. |
| * @see org.quickserver.util.xmlreader.SecureStore |
| * @author Akshathkumar Shetty |
| * @since 1.4 |
| */ |
| public class SecureStoreManager { |
| private static Logger logger = Logger.getLogger( |
| SecureStoreManager.class.getName()); |
| private SensitiveInput sensitiveInput = null; |
| |
| /** |
| * Loads KeyManagers. KeyManagers are responsible for managing |
| * the key material which is used to authenticate the local |
| * SSLSocket to its peer. Can return null. |
| */ |
| public KeyManager[] loadKeyManagers(QuickServerConfig config) |
| throws GeneralSecurityException, IOException { |
| Secure secure = config.getSecure(); |
| SecureStore secureStore = secure.getSecureStore(); |
| |
| if(secureStore==null) { |
| logger.fine("SecureStore configuration not set! "+ |
| "So returning null for KeyManager"); |
| return null; |
| } |
| |
| KeyStoreInfo keyStoreInfo = secureStore.getKeyStoreInfo(); |
| if(keyStoreInfo==null) { |
| logger.fine("KeyStoreInfo configuration not set! "+ |
| "So returning null for KeyManager"); |
| return null; |
| } |
| |
| logger.finest("Loading KeyManagers"); |
| KeyStore ks = getKeyStoreForKey(secureStore.getType(), |
| secureStore.getProvider()); |
| |
| logger.info("KeyManager Provider: "+ks.getProvider()); |
| |
| char storepass[] = null; |
| if(keyStoreInfo.getStorePassword()!=null) { |
| logger.finest("KeyStore: Store password was present!"); |
| storepass = keyStoreInfo.getStorePassword().toCharArray(); |
| } else { |
| logger.finest("KeyStore: Store password was not set.. so asking!"); |
| if(sensitiveInput==null) { |
| sensitiveInput = new SensitiveInput(config.getName()+" - Input Prompt"); |
| } |
| storepass = sensitiveInput.getInput("Store password for KeyStore"); |
| if(storepass==null) { |
| logger.finest("No password entered.. will pass null"); |
| } |
| } |
| |
| InputStream keyStoreStream = null; |
| try { |
| if(keyStoreInfo.getStoreFile().equalsIgnoreCase("none")==false) { |
| logger.finest("KeyStore location: "+ |
| ConfigReader.makeAbsoluteToConfig(keyStoreInfo.getStoreFile(), |
| config)); |
| keyStoreStream = new FileInputStream( |
| ConfigReader.makeAbsoluteToConfig(keyStoreInfo.getStoreFile(), |
| config)); |
| } |
| |
| ks.load(keyStoreStream, storepass); |
| logger.finest("KeyStore loaded"); |
| } finally { |
| if(keyStoreStream != null) { |
| keyStoreStream.close(); |
| keyStoreStream = null; |
| } |
| } |
| |
| char keypass[] = null; |
| if(keyStoreInfo.getKeyPassword()!=null) { |
| logger.finest("KeyStore: key password was present!"); |
| keypass = keyStoreInfo.getKeyPassword().toCharArray(); |
| } else { |
| logger.finest("KeyStore: Key password was not set.. so asking!"); |
| if(sensitiveInput==null) { |
| sensitiveInput = new SensitiveInput(config.getName()+" - Input Prompt"); |
| } |
| keypass = sensitiveInput.getInput("Key password for KeyStore"); |
| if(keypass==null) { |
| logger.finest("No password entered.. will pass blank"); |
| keypass = "".toCharArray(); |
| } |
| } |
| |
| KeyManagerFactory kmf = KeyManagerFactory.getInstance( |
| secureStore.getAlgorithm()); |
| kmf.init(ks, keypass); |
| |
| storepass = " ".toCharArray(); |
| storepass = null; |
| keypass = " ".toCharArray(); |
| keypass = null; |
| |
| return kmf.getKeyManagers(); |
| } |
| |
| /** |
| * Loads TrustManagers. TrustManagers are responsible for managing the |
| * trust material that is used when making trust decisions, and for |
| * deciding whether credentials presented by a peer should be accepted. |
| * Can return null. |
| */ |
| public TrustManager[] loadTrustManagers(QuickServerConfig config) |
| throws GeneralSecurityException, IOException { |
| Secure secure = config.getSecure(); |
| SecureStore secureStore = secure.getSecureStore(); |
| TrustStoreInfo trustStoreInfo = secureStore.getTrustStoreInfo(); |
| |
| if(trustStoreInfo==null) { |
| return null; |
| } |
| |
| logger.finest("Loading TrustManagers"); |
| |
| String type = null; |
| if(trustStoreInfo.getType()!=null && trustStoreInfo.getType().trim().length()!=0) |
| type = trustStoreInfo.getType(); |
| else |
| type = secureStore.getType(); |
| |
| String provider = null; |
| if(trustStoreInfo.getProvider()!=null && trustStoreInfo.getProvider().trim().length()!=0) |
| provider = trustStoreInfo.getProvider(); |
| else |
| provider = secureStore.getProvider(); |
| |
| KeyStore ts = getKeyStoreForTrust(type, provider); |
| |
| char trustpass[] = null; |
| if(trustStoreInfo.getStorePassword()!=null) { |
| logger.finest("TrustStore: Store password was present!"); |
| trustpass = trustStoreInfo.getStorePassword().toCharArray(); |
| } else { |
| logger.finest("TrustStore: Store password was not set.. so asking!"); |
| if(sensitiveInput==null) { |
| sensitiveInput = new SensitiveInput(config.getName()+" - Input Prompt"); |
| } |
| trustpass = sensitiveInput.getInput("Store password for TrustStore"); |
| if(trustpass==null) { |
| logger.finest("No password entered.. will pass null"); |
| } |
| } |
| |
| InputStream trustStoreStream = null; |
| try { |
| if(trustStoreInfo.getStoreFile().equalsIgnoreCase("none")==false) { |
| logger.finest("TrustStore location: "+ |
| ConfigReader.makeAbsoluteToConfig( |
| trustStoreInfo.getStoreFile(), config)); |
| trustStoreStream = new FileInputStream( |
| ConfigReader.makeAbsoluteToConfig( |
| trustStoreInfo.getStoreFile(), config)); |
| } |
| |
| ts.load(trustStoreStream, trustpass); |
| logger.finest("TrustStore loaded"); |
| } finally { |
| if(trustStoreStream!=null) { |
| trustStoreStream.close(); |
| trustStoreStream = null; |
| } |
| } |
| |
| TrustManagerFactory tmf = TrustManagerFactory.getInstance( |
| secureStore.getAlgorithm()); |
| tmf.init(ts); |
| return tmf.getTrustManagers(); |
| } |
| |
| /** |
| * Generates a SSLContext object that implements the specified secure |
| * socket protocol. |
| */ |
| public SSLContext getSSLContext(String protocol) |
| throws NoSuchAlgorithmException { |
| return SSLContext.getInstance(protocol); |
| } |
| |
| public SSLContext getSSLContext(QuickServerConfig config) |
| throws NoSuchAlgorithmException, NoSuchProviderException { |
| |
| if(config.getSecure().getSecureStore().getProvider()!=null) { |
| return SSLContext.getInstance( |
| config.getSecure().getProtocol(), |
| config.getSecure().getSecureStore().getProvider()); |
| } else { |
| return SSLContext.getInstance(config.getSecure().getProtocol()); |
| } |
| |
| } |
| |
| /** |
| * Generates a keystore object for the specified keystore type from |
| * the specified provider to be used for loading/storeing keys. |
| * @param type the type of keystore |
| * @param provider the name of the provider if <code>null</code> any |
| * provider package that implements this type of key may be given based |
| * on the priority. |
| */ |
| protected KeyStore getKeyStoreForKey(String type, String provider) |
| throws KeyStoreException, NoSuchProviderException { |
| if(provider==null) |
| return KeyStore.getInstance(type); |
| return KeyStore.getInstance(type, provider); |
| } |
| |
| /** |
| * Generates a keystore object for the specified keystore type from |
| * the specified provider to be used for loading/storing trusted |
| * keys/certificates. |
| * @param type the type of keystore |
| * @param provider the name of the provider if <code>null</code> any |
| * provider package that implements this type of key may be given based |
| * on the priority. |
| */ |
| protected KeyStore getKeyStoreForTrust(String type, String provider) |
| throws KeyStoreException, NoSuchProviderException { |
| if(provider==null) |
| return KeyStore.getInstance(type); |
| return KeyStore.getInstance(type, provider); |
| } |
| |
| /** |
| * Returns a SSLSocketFactory object to be used for creating SSLSockets. |
| */ |
| public SSLSocketFactory getSocketFactory(SSLContext context) { |
| return context.getSocketFactory(); |
| } |
| |
| /** |
| * Can be used to log details about the SSLServerSocket used to |
| * create a secure server [SSL/TLS]. This method can also be |
| * overridden to change the enabled cipher suites and/or enabled protocols. |
| */ |
| public void logSSLServerSocketInfo(SSLServerSocket sslServerSocket) { |
| if(logger.isLoggable(Level.FINEST)==false) { |
| return; |
| } |
| logger.finest("SecureServer Info: ClientAuth: "+ |
| sslServerSocket.getNeedClientAuth()); |
| logger.finest("SecureServer Info: ClientMode: "+ |
| sslServerSocket.getUseClientMode()); |
| |
| String supportedSuites[] = sslServerSocket.getSupportedCipherSuites(); |
| logger.finest("SecureServer Info: Supported Cipher Suites --------"); |
| for(int i=0;i<supportedSuites.length;i++) |
| logger.finest(supportedSuites[i]); |
| logger.finest("---------------------------------------------------"); |
| |
| String enabledSuites[] = sslServerSocket.getEnabledCipherSuites(); |
| logger.finest("SecureServer Info: Enabled Cipher Suites ----------"); |
| for(int i=0;i<enabledSuites.length;i++) |
| logger.finest(enabledSuites[i]); |
| logger.finest("---------------------------------------------------"); |
| |
| |
| String supportedProtocols[] = sslServerSocket.getSupportedProtocols(); |
| logger.finest("SecureServer Info: Supported Protocols ------------"); |
| for(int i=0;i<supportedProtocols.length;i++) |
| logger.finest(supportedProtocols[i]); |
| logger.finest("---------------------------------------------------"); |
| |
| String enabledProtocols[] = sslServerSocket.getEnabledProtocols(); |
| logger.finest("SecureServer Info: Enabled Protocols --------------"); |
| for(int i=0;i<enabledProtocols.length;i++) |
| logger.finest(enabledProtocols[i]); |
| logger.finest("---------------------------------------------------"); |
| } |
| } |