001: /*
002: * JBoss, Home of Professional Open Source.
003: * Copyright 2006, Red Hat Middleware LLC, and individual contributors
004: * as indicated by the @author tags. See the copyright.txt file in the
005: * distribution for a full listing of individual contributors.
006: *
007: * This is free software; you can redistribute it and/or modify it
008: * under the terms of the GNU Lesser General Public License as
009: * published by the Free Software Foundation; either version 2.1 of
010: * the License, or (at your option) any later version.
011: *
012: * This software is distributed in the hope that it will be useful,
013: * but WITHOUT ANY WARRANTY; without even the implied warranty of
014: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
015: * Lesser General Public License for more details.
016: *
017: * You should have received a copy of the GNU Lesser General Public
018: * License along with this software; if not, write to the Free
019: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
020: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
021: */
022: package org.jboss.net.ssl;
023:
024: import java.io.IOException;
025: import java.security.KeyStore;
026:
027: import javax.naming.InitialContext;
028: import javax.naming.NamingException;
029: import javax.net.ssl.TrustManager;
030: import javax.net.ssl.KeyManager;
031: import javax.net.ssl.TrustManagerFactory;
032: import javax.net.ssl.KeyManagerFactory;
033:
034: import org.jboss.security.SecurityDomain;
035: import org.apache.tomcat.util.net.jsse.JSSESocketFactory;
036:
037: /**
038: * Extends the tomcat JSSE14SocketFactory to obtain the server key and trust
039: * stores from the SecurityDomain defined by the securityDomain attribute
040: * of the connector.
041: *
042: */
043: public class JBossSocketFactory extends JSSESocketFactory {
044: private SecurityDomain securityDomain;
045:
046: public JBossSocketFactory() {
047: }
048:
049: public void setAttribute(String name, Object value) {
050: if (name.equalsIgnoreCase("securityDomain")) {
051: try {
052: setSecurityDomainName((String) value);
053: } catch (Exception e) {
054: IllegalArgumentException ex = new IllegalArgumentException(
055: "Failed to set security domain");
056: ex.initCause(e);
057: throw ex;
058: }
059: }
060: super .setAttribute(name, value);
061: }
062:
063: /**
064: * Set the SecurityDomain to use for the key/trust stores
065: *
066: * @param jndiName - the jndi name of the SecurityDomain binding
067: * @throws NamingException
068: * @throws IOException
069: */
070: public void setSecurityDomainName(String jndiName)
071: throws NamingException, IOException {
072: InitialContext iniCtx = new InitialContext();
073: securityDomain = (SecurityDomain) iniCtx.lookup(jndiName);
074: }
075:
076: /**
077: * Gets the SSL server's keystore from the SecurityDomain.
078: *
079: * @param type - ignored, this comes from the security domain config
080: * @param pass - ignore, this comes from the security domain config
081: * @return the KeyStore for the server cert
082: * @throws IOException
083: */
084: protected KeyStore getKeystore(String type, String pass)
085: throws IOException {
086: verifySecurityDomain();
087: return securityDomain.getKeyStore();
088: }
089:
090: /*
091: * Gets the SSL server's truststore from the SecurityDomain.
092:
093: * @param type - ignored, this comes from the security domain config
094: * @return the KeyStore for the trusted signers store
095: */
096: protected KeyStore getTrustStore(String type) throws IOException {
097: verifySecurityDomain();
098: return securityDomain.getTrustStore();
099: }
100:
101: /**
102: * Override to obtain the TrustManagers from the security domain.
103: *
104: * @param keystoreType - ignored, this comes from the security domain
105: * @param algorithm - ignored, this comes from the security domain
106: * @return the array of TrustManagers from the security domain
107: * @throws Exception
108: */
109: protected TrustManager[] getTrustManagers(String keystoreType,
110: String algorithm) throws Exception {
111: verifySecurityDomain();
112: TrustManagerFactory tmf = securityDomain
113: .getTrustManagerFactory();
114: TrustManager[] trustMgrs = null;
115:
116: if (tmf != null) {
117: trustMgrs = tmf.getTrustManagers();
118: }
119: return trustMgrs;
120: }
121:
122: /**
123: * Override to obtain the KeyManagers from the security domain.
124: *
125: * @param keystoreType - ignored, this comes from the security domain
126: * @param algorithm - ignored, this comes from the security domain
127: * @param keyAlias - ignored
128: * @return the array of KeyManagers from the security domain
129: * @throws Exception
130: */
131: protected KeyManager[] getKeyManagers(String keystoreType,
132: String algorithm, String keyAlias) throws Exception {
133: verifySecurityDomain();
134: KeyManagerFactory kmf = securityDomain.getKeyManagerFactory();
135: KeyManager[] keyMgrs = null;
136: if (kmf != null) {
137: keyMgrs = kmf.getKeyManagers();
138: }
139: return keyMgrs;
140: }
141:
142: private void verifySecurityDomain() {
143: String str = "securityDomain is null."
144: + "Set it as an attribute in the connector setting";
145:
146: if (this .securityDomain == null)
147: throw new IllegalStateException(str);
148: }
149: }
|