001: package org.objectweb.celtix.bus.transports.https;
002:
003: import java.lang.reflect.Method;
004: import java.util.List;
005: import java.util.logging.Handler;
006: import java.util.logging.Level;
007: import java.util.logging.Logger;
008:
009: import javax.net.ssl.KeyManagerFactory;
010:
011: import org.mortbay.http.SslListener;
012: import org.objectweb.celtix.bus.configuration.security.SSLServerPolicy;
013: import org.objectweb.celtix.common.logging.LogUtils;
014: import org.objectweb.celtix.configuration.Configuration;
015:
016: public final class JettySslListenerConfigurer {
017: private static final long serialVersionUID = 1L;
018: private static final Logger LOG = LogUtils
019: .getL7dLogger(JettySslListenerConfigurer.class);
020: private static final String DEFAUL_KEYSTORE_TYPE = "PKCS12";
021: private static final String DEFAULT_SECURE_SOCKET_PROTOCOL = "TLSv1";
022: private static final boolean DEFAULT_REQUIRE_CLIENT_AUTHENTICATION = false;
023: private static final boolean DEFAULT_WANT_CLIENT_AUTHENTICATION = true;
024:
025: private Configuration config;
026: private SSLServerPolicy sslPolicy;
027: private SslListener secureListener;
028:
029: public JettySslListenerConfigurer(Configuration configParam,
030: SSLServerPolicy sslPolicyParam,
031: SslListener secureListenerParam) {
032:
033: this .config = configParam;
034: this .sslPolicy = sslPolicyParam;
035: this .secureListener = secureListenerParam;
036: }
037:
038: public void configure() {
039: setupSecurityConfigurer();
040: setupKeystore();
041: setupKeystoreType();
042: setupKeystorePassword();
043: setupKeyPassword();
044: setupWantClientAuthentication();
045: setupRequireClientAuthentication();
046: setupKeystoreAlgorithm();
047: setupCiphersuites();
048: setupTrustStore();
049: setupTrustStoreType();
050: setupSecureSocketProtocol();
051: setupTrustStoreAlgorithm();
052: setupSessionCaching();
053: setupSessionCacheKey();
054: setupMaxChainLength();
055: setupCertValidator();
056:
057: }
058:
059: public boolean setupKeystore() {
060: String keyStoreLocation = null;
061: if (sslPolicy.isSetKeystore()) {
062: keyStoreLocation = sslPolicy.getKeystore();
063: secureListener.setKeystore(keyStoreLocation);
064: LogUtils.log(LOG, Level.INFO, "KEY_STORE_SET",
065: new Object[] { keyStoreLocation });
066: return true;
067: }
068: keyStoreLocation = System.getProperty("javax.net.ssl.keyStore");
069: if (keyStoreLocation != null) {
070: LogUtils.log(LOG, Level.INFO, "KEY_STORE_SET",
071: new Object[] { keyStoreLocation });
072: secureListener.setKeystore(keyStoreLocation);
073: return true;
074: }
075:
076: keyStoreLocation = System.getProperty("user.home")
077: + "/.keystore";
078: secureListener.setKeystore(keyStoreLocation);
079: LogUtils.log(LOG, Level.INFO, "KEY_STORE_NOT_SET",
080: new Object[] { keyStoreLocation });
081: return true;
082:
083: }
084:
085: public boolean setupKeystoreType() {
086:
087: if (!sslPolicy.isSetKeystoreType()) {
088: LogUtils.log(LOG, Level.INFO, "KEY_STORE_TYPE_NOT_SET",
089: new Object[] { DEFAUL_KEYSTORE_TYPE });
090: //Can default to JKs so return true
091: secureListener.setKeystoreType(DEFAUL_KEYSTORE_TYPE);
092: return true;
093: }
094: String keyStoreType = sslPolicy.getKeystoreType();
095: LogUtils.log(LOG, Level.INFO, "KEY_STORE_TYPE_SET",
096: new Object[] { keyStoreType });
097: secureListener.setKeystoreType(keyStoreType);
098: return true;
099: }
100:
101: public boolean setupKeystorePassword() {
102: String keyStorePassword = null;
103: if (sslPolicy.isSetKeystorePassword()) {
104: keyStorePassword = sslPolicy.getKeystorePassword();
105: secureListener.setPassword(keyStorePassword);
106: return true;
107: }
108: keyStorePassword = System
109: .getProperty("javax.net.ssl.keyStorePassword");
110: if (keyStorePassword != null) {
111: secureListener.setPassword(keyStorePassword);
112: return true;
113: }
114: LogUtils.log(LOG, Level.SEVERE, "KEY_STORE_PASSWORD_NOT_SET");
115: return false;
116:
117: }
118:
119: public void setupKeystoreAlgorithm() {
120: String keyManagerFactoryAlgorithm = null;
121: if (sslPolicy.isSetKeystoreAlgorithm()) {
122: keyManagerFactoryAlgorithm = sslPolicy
123: .getKeystoreAlgorithm();
124: secureListener.setAlgorithm(keyManagerFactoryAlgorithm);
125: LogUtils.log(LOG, Level.INFO, "KEY_STORE_ALGORITHM_SET",
126: new Object[] { keyManagerFactoryAlgorithm });
127: }
128: keyManagerFactoryAlgorithm = KeyManagerFactory
129: .getDefaultAlgorithm();
130: LogUtils.log(LOG, Level.INFO, "KEY_STORE_ALGORITHM_NOT_SET",
131: new Object[] { keyManagerFactoryAlgorithm });
132: }
133:
134: public void setupTrustStoreAlgorithm() {
135: if (sslPolicy.isSetTrustStoreAlgorithm()) {
136: LogUtils.log(LOG, Level.WARNING,
137: "UNSUPPORTED_SSL_SERVER_POLICY_DATA",
138: new Object[] { "TrustStoreAlgorithm" });
139: }
140: }
141:
142: public boolean setupKeyPassword() {
143: String keyPassword = null;
144: if (sslPolicy.isSetKeyPassword()) {
145: keyPassword = sslPolicy.getKeyPassword();
146: secureListener.setKeyPassword(keyPassword);
147: return true;
148: }
149: keyPassword = System
150: .getProperty("javax.net.ssl.keyStorePassword");
151: if (keyPassword == null) {
152: LogUtils.log(LOG, Level.INFO, "KEY_PASSWORD_NOT_SET");
153: }
154: secureListener.setKeyPassword(keyPassword);
155: return true;
156: }
157:
158: public boolean setupRequireClientAuthentication() {
159: if (!sslPolicy.isSetRequireClientAuthentication()) {
160: LogUtils.log(LOG, Level.WARNING,
161: "REQUIRE_CLIENT_AUTHENTICATION_NOT_SET");
162: secureListener
163: .setNeedClientAuth(DEFAULT_REQUIRE_CLIENT_AUTHENTICATION);
164: return true;
165: }
166: Boolean holder = sslPolicy.isRequireClientAuthentication();
167: boolean setRequireClientAuthentication = holder.booleanValue();
168: LogUtils.log(LOG, Level.INFO,
169: "REQUIRE_CLIENT_AUTHENTICATION_SET",
170: new Object[] { setRequireClientAuthentication });
171: secureListener
172: .setNeedClientAuth(setRequireClientAuthentication);
173: return true;
174: }
175:
176: public boolean setupWantClientAuthentication() {
177: if (!sslPolicy.isSetWantClientAuthentication()) {
178: LogUtils.log(LOG, Level.WARNING,
179: "WANT_CLIENT_AUTHENTICATION_NOT_SET");
180: secureListener
181: .setWantClientAuth(DEFAULT_WANT_CLIENT_AUTHENTICATION);
182: return true;
183: }
184:
185: Boolean holder = sslPolicy.isWantClientAuthentication();
186: boolean setWantClientAuthentication = holder.booleanValue();
187: LogUtils.log(LOG, Level.INFO, "WANT_CLIENT_AUTHENTICATION_SET",
188: new Object[] { setWantClientAuthentication });
189: secureListener.setWantClientAuth(setWantClientAuthentication);
190: return true;
191: }
192:
193: public boolean setupCiphersuites() {
194: if (sslPolicy.isSetCiphersuites()) {
195:
196: List<String> cipherSuites = sslPolicy.getCiphersuites();
197: int numCipherSuites = cipherSuites.size();
198: String[] ciphs = new String[numCipherSuites];
199: String ciphsStr = null;
200: for (int i = 0; i < numCipherSuites; i++) {
201: ciphs[i] = cipherSuites.get(i);
202: if (ciphsStr == null) {
203: ciphsStr = ciphs[i];
204: } else {
205: ciphsStr += ", " + ciphs[i];
206: }
207:
208: }
209: LogUtils.log(LOG, Level.INFO, "CIPHERSUITE_SET",
210: new Object[] { ciphsStr });
211: secureListener.setCipherSuites(ciphs);
212: }
213: LogUtils.log(LOG, Level.INFO, "CIPHERSUITE_NOT_SET");
214: return true;
215: }
216:
217: public boolean setupTrustStore() {
218: String trustStore = null;
219: if (sslPolicy.isSetTrustStore()) {
220: trustStore = sslPolicy.getTrustStore();
221: LogUtils.log(LOG, Level.INFO, "TRUST_STORE_SET",
222: new Object[] { trustStore });
223: }
224: if (trustStore == null) {
225: trustStore = System.getProperty("javax.net.ssl.trustStore");
226: }
227: if (trustStore == null) {
228:
229: trustStore = System.getProperty("java.home")
230: + "/lib/security/cacerts";
231: LogUtils.log(LOG, Level.INFO, "TRUST_STORE_NOT_SET",
232: new Object[] { trustStore });
233: }
234:
235: System.setProperty("javax.net.ssl.trustStore", trustStore);
236: return true;
237: }
238:
239: public boolean setupTrustStoreType() {
240: if (sslPolicy.isSetTrustStoreType()) {
241: LogUtils.log(LOG, Level.WARNING,
242: "UNSUPPORTED_SSL_SERVER_POLICY_DATA",
243: new Object[] { "TrustStoreType" });
244: return true;
245: }
246: return true;
247: }
248:
249: public void setupSecureSocketProtocol() {
250: String secureSocketProtocol = null;
251: if (!sslPolicy.isSetSecureSocketProtocol()) {
252: LogUtils.log(LOG, Level.INFO,
253: "SECURE_SOCKET_PROTOCOL_NOT_SET");
254: secureSocketProtocol = DEFAULT_SECURE_SOCKET_PROTOCOL;
255: return;
256: }
257: secureSocketProtocol = sslPolicy.getSecureSocketProtocol();
258: secureListener.setProtocol(secureSocketProtocol);
259: LogUtils.log(LOG, Level.INFO, "SECURE_SOCKET_PROTOCOL_SET",
260: new Object[] { secureSocketProtocol });
261: }
262:
263: public boolean setupSessionCaching() {
264: if (sslPolicy.isSetSessionCaching()) {
265: LogUtils.log(LOG, Level.WARNING,
266: "UNSUPPORTED_SSL_SERVER_POLICY_DATA",
267: new Object[] { "SessionCaching" });
268: }
269: return true;
270: }
271:
272: public boolean setupSessionCacheKey() {
273: if (sslPolicy.isSetSessionCacheKey()) {
274: LogUtils.log(LOG, Level.WARNING,
275: "UNSUPPORTED_SSL_SERVER_POLICY_DATA",
276: new Object[] { "SessionCacheKey" });
277: }
278: return true;
279: }
280:
281: public boolean setupMaxChainLength() {
282: if (sslPolicy.isSetMaxChainLength()) {
283: LogUtils.log(LOG, Level.WARNING,
284: "UNSUPPORTED_SSL_SERVER_POLICY_DATA",
285: new Object[] { "MaxChainLength" });
286: }
287: return true;
288: }
289:
290: public boolean setupCertValidator() {
291: if (sslPolicy.isSetCertValidator()) {
292: LogUtils.log(LOG, Level.WARNING,
293: "UNSUPPORTED_SSL_SERVER_POLICY_DATA",
294: new Object[] { "CertValidator" });
295: }
296: return true;
297: }
298:
299: public void setupSecurityConfigurer() {
300: String systemProperty = "celtix.security.configurer.celtix."
301: + config.getId();
302: String securityConfigurerName = System
303: .getProperty(systemProperty);
304: if ((securityConfigurerName == null)
305: || (securityConfigurerName.equals(""))) {
306: return;
307: }
308: LogUtils.log(LOG, Level.WARNING,
309: "UNOFFICIAL_SECURITY_CONFIGURER");
310: try {
311: Class clazz = Class.forName(securityConfigurerName);
312: Method configure = clazz.getDeclaredMethod("configure",
313: SSLServerPolicy.class);
314: Object[] params = new Object[] { sslPolicy };
315: Object configurer = clazz.newInstance();
316: configure.invoke(configurer, params);
317: LogUtils.log(LOG, Level.INFO,
318: "SUCCESS_INVOKING_SECURITY_CONFIGURER",
319: new Object[] { securityConfigurerName });
320:
321: } catch (Exception e) {
322: LogUtils.log(LOG, Level.SEVERE,
323: "ERROR_INVOKING_SECURITY_CONFIGURER", new Object[] {
324: securityConfigurerName, e.getMessage() });
325: }
326: }
327:
328: /*
329: * For development only
330: */
331: protected boolean testAllDataHasSetupMethod() {
332: Method[] sslPolicyMethods = sslPolicy.getClass()
333: .getDeclaredMethods();
334: Class[] classArgs = null;
335:
336: for (int i = 0; i < sslPolicyMethods.length; i++) {
337: String sslPolicyMethodName = sslPolicyMethods[i].getName();
338: if (sslPolicyMethodName.startsWith("isSet")) {
339: String dataName = sslPolicyMethodName.substring("isSet"
340: .length(), sslPolicyMethodName.length());
341: String this MethodName = "setup" + dataName;
342: try {
343: this .getClass()
344: .getMethod(this MethodName, classArgs);
345: } catch (Exception e) {
346: return false;
347: }
348:
349: }
350: }
351: return true;
352: }
353:
354: protected SslListener getSslListener() {
355: return secureListener;
356: }
357:
358: protected void addLogHandler(Handler handler) {
359: LOG.addHandler(handler);
360: }
361: }
|