001: /**
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */package org.apache.geronimo.corba.security.config.ssl;
017:
018: import org.apache.geronimo.management.geronimo.KeystoreManager;
019:
020: import javax.net.ssl.KeyManagerFactory;
021: import javax.net.ssl.SSLServerSocketFactory;
022: import javax.net.ssl.SSLSocketFactory;
023: import org.apache.geronimo.management.geronimo.KeystoreException;
024:
025: /**
026: * An active SSL configuration. The SSL configuration
027: * identifies the KeystoreManager instance to be used
028: * for SSL connections, as well as the specifics
029: * of the certificates to be used for the connections.
030: *
031: * The socket factories attached to the CORBA ORBs
032: * used the SSLConfig to retrieve SocketFactory instances
033: * for creating the secure sockets.
034: * @version $Rev: 484846 $ $Date: 2006-12-08 15:34:10 -0800 (Fri, 08 Dec 2006) $
035: */
036: public class SSLConfig {
037: private KeystoreManager manager;
038: private String provider;
039: private String keyStore;
040: private String trustStore;
041: private String keyAlias;
042: private String algorithm = "default";
043: private String protocol = "SSL";
044:
045: /**
046: * Default GBean constructor.
047: */
048: public SSLConfig() {
049: manager = null;
050: }
051:
052: /**
053: * "Normal" constructor for config items.
054: *
055: * @param keystoreManager
056: * The keystoreManager instance used to create SSL sockets
057: * for this configuration.
058: */
059: public SSLConfig(KeystoreManager keystoreManager) {
060: manager = keystoreManager;
061: }
062:
063: /**
064: * Create an SSLServerSocketFactory instance for creating
065: * server-side SSL connections.
066: *
067: * @param loader The class loader used to resolve classes required
068: * by the KeystoreManager.
069: *
070: * @return An SSLServerSocketFactory instance created with the
071: * SSLConfig specifices.
072: *
073: * @throws KeystoreException
074: * When a problem occurs while creating the factory.
075: */
076: public SSLSocketFactory createSSLFactory(ClassLoader loader)
077: throws KeystoreException {
078: if (manager != null) {
079: // fix up the default algorithm now.
080: if ("default".equalsIgnoreCase(algorithm)) {
081: this .algorithm = KeyManagerFactory
082: .getDefaultAlgorithm();
083: }
084: // the keystore manager does all of the heavy lifting
085: return manager.createSSLFactory(provider, protocol,
086: algorithm, keyStore, keyAlias, trustStore, loader);
087: } else {
088: return (SSLSocketFactory) SSLSocketFactory.getDefault();
089: }
090: }
091:
092: /**
093: * Create an SSLSocketFactory instance for creating
094: * client-side SSL connections.
095: *
096: * @param loader The class loader used to resolve classes required
097: * by the KeystoreManager.
098: *
099: * @return An SSLSocketFactory instance created with the
100: * SSLConfig specifices.
101: *
102: * @throws KeystoreException
103: * When a problem occurs while creating the factory.
104: */
105: public SSLServerSocketFactory createSSLServerFactory(
106: ClassLoader loader) throws KeystoreException {
107: if (manager != null) {
108: // fix up the default algorithm now.
109: if ("default".equalsIgnoreCase(algorithm)) {
110: this .algorithm = KeyManagerFactory
111: .getDefaultAlgorithm();
112: }
113: // the keystore manager does all of the heavy lifting
114: return manager.createSSLServerFactory(provider, protocol,
115: algorithm, keyStore, keyAlias, trustStore, loader);
116: } else {
117: return (SSLServerSocketFactory) SSLServerSocketFactory
118: .getDefault();
119: }
120: }
121:
122: /**
123: * Get the protocol to be used by this SSL configuration.
124: * Normally, this is just "SSL".
125: *
126: * @return The String name of the configuration protocol.
127: */
128: public String getProtocol() {
129: return protocol;
130: }
131:
132: /**
133: * Set the protocol to be used by this configuration.
134: *
135: * @param protocol The new protocol name.
136: */
137: public void setProtocol(String protocol) {
138: this .protocol = protocol;
139: }
140:
141: /**
142: * Retrieve the encryption provider to be used for
143: * these connnections.
144: *
145: * @return The current provider name.
146: */
147: public String getProvider() {
148: return provider;
149: }
150:
151: /**
152: * Set a new encryption provider for the SSL access.
153: *
154: * @param provider The new provider name.
155: */
156: public void setProvider(String provider) {
157: this .provider = provider;
158: }
159:
160: /**
161: * The encryption algorithm to use.
162: *
163: * @return The current encryption algorithm.
164: */
165: public String getAlgorithm() {
166: return algorithm;
167: }
168:
169: /**
170: * Algorithm to use.
171: * As different JVMs have different implementations available, the default algorithm can be used by supplying the value "Default".
172: *
173: * @param algorithm the algorithm to use, or "Default" to use the default from {@link javax.net.ssl.KeyManagerFactory#getDefaultAlgorithm()}
174: */
175: public void setAlgorithm(String algorithm) {
176: // cache the value so the null
177: this .algorithm = algorithm;
178: }
179:
180: /**
181: * Set the name of the keystore to be used for this
182: * connection. This must be the name of a keystore
183: * stored within the KeystoreManager instance.
184: *
185: * @param keyStore The key store String name.
186: */
187: public void setKeyStore(String keyStore) {
188: this .keyStore = keyStore;
189: }
190:
191: /**
192: * Retrieve the name of the keystore.
193: *
194: * @return The String key store name.
195: */
196: public String getKeyStore() {
197: return keyStore;
198: }
199:
200: /**
201: * Set the name of the truststore to be used for
202: * connections. The truststore must map to one
203: * managed by the KeystoreManager instance.
204: *
205: * @param trustStore The new trustStore name.
206: */
207: public void setTrustStore(String trustStore) {
208: this .trustStore = trustStore;
209: }
210:
211: /**
212: * Retrieve the in-use truststore name.
213: *
214: * @return The String name of the trust store.
215: */
216: public String getTrustStore() {
217: return trustStore;
218: }
219:
220: /**
221: * Set the key alias to be used for the connection.
222: *
223: * @param keyAlias The String name of the key alias.
224: */
225: public void setKeyAlias(String keyAlias) {
226: this .keyAlias = keyAlias;
227: }
228:
229: /**
230: * Retrieve the key alias name to use.
231: *
232: * @return The String name of the key alias.
233: */
234: public String getKeyAlias() {
235: return keyAlias;
236: }
237: }
|