001: /**
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */package org.apache.geronimo.console.keystores;
017:
018: import java.io.ByteArrayInputStream;
019: import java.io.InputStream;
020: import java.io.Serializable;
021: import java.security.cert.Certificate;
022: import java.security.cert.CertificateFactory;
023: import java.security.cert.X509Certificate;
024: import java.util.Collection;
025: import java.util.HashMap;
026: import java.util.Map;
027:
028: import javax.portlet.ActionResponse;
029: import javax.portlet.PortletRequest;
030: import javax.portlet.PortletSession;
031:
032: import org.apache.commons.logging.Log;
033: import org.apache.commons.logging.LogFactory;
034: import org.apache.geronimo.console.MultiPageAbstractHandler;
035: import org.apache.geronimo.console.MultiPageModel;
036: import org.apache.geronimo.management.geronimo.KeystoreException;
037: import org.apache.geronimo.management.geronimo.KeystoreInstance;
038: import org.apache.geronimo.crypto.CertificateUtil;
039:
040: /**
041: * The base class for all handlers for this portlet
042: *
043: * @version $Rev: 617588 $ $Date: 2008-02-01 10:20:07 -0800 (Fri, 01 Feb 2008) $
044: */
045: public abstract class BaseKeystoreHandler extends
046: MultiPageAbstractHandler {
047: private final static Log log = LogFactory
048: .getLog(BaseKeystoreHandler.class);
049: protected static final String KEYSTORE_DATA_PREFIX = "org.apache.geronimo.keystore.";
050: protected static final String LIST_MODE = "list";
051: protected static final String UNLOCK_KEYSTORE_FOR_EDITING = "unlockEdit";
052: protected static final String UNLOCK_KEYSTORE_FOR_USAGE = "unlockKeystore";
053: protected static final String UNLOCK_KEY = "unlockKey";
054: protected static final String LOCK_KEYSTORE_FOR_EDITING = "lockEdit";
055: protected static final String LOCK_KEYSTORE_FOR_USAGE = "lockKeystore";
056: protected static final String CREATE_KEYSTORE = "createKeystore";
057: protected static final String VIEW_KEYSTORE = "viewKeystore";
058: protected static final String UPLOAD_CERTIFICATE = "uploadCertificate";
059: protected static final String CONFIRM_CERTIFICATE = "confirmCertificate";
060: protected static final String CONFIGURE_KEY = "configureKey";
061: protected static final String CONFIRM_KEY = "confirmKey";
062: protected static final String CERTIFICATE_DETAILS = "certificateDetails";
063: protected static final String GENERATE_CSR = "generateCSR";
064: protected static final String IMPORT_CA_REPLY = "importCAReply";
065: protected static final String DELETE_ENTRY = "deleteEntry";
066: protected static final String CHANGE_PASSWORD = "changePassword";
067:
068: // Name of the attribute for error message to be displayed in a page
069: protected static final String ERROR_MSG = "errorMsg";
070: // Name of the attribute for information message to be displayed in a page
071: protected static final String INFO_MSG = "infoMsg";
072:
073: protected BaseKeystoreHandler(String mode, String viewName) {
074: super (mode, viewName);
075: }
076:
077: public final static class KeystoreModel implements MultiPageModel {
078: public KeystoreModel(PortletRequest request) {
079: }
080:
081: public void save(ActionResponse response, PortletSession session) {
082: }
083: }
084:
085: public final static class KeystoreData implements Serializable {
086: private transient KeystoreInstance instance;
087: private char[] password;
088: private String[] certificates;
089: private String[] keys;
090: private Map fingerprints;
091: private Map keyPasswords;
092:
093: public String getName() {
094: return instance.getKeystoreName();
095: }
096:
097: public String getType() {
098: return instance.getKeystoreType();
099: }
100:
101: public KeystoreInstance getInstance() {
102: return instance;
103: }
104:
105: public void setInstance(KeystoreInstance instance) {
106: this .instance = instance;
107: }
108:
109: public boolean isLockedEdit() {
110: return password == null;
111: }
112:
113: public boolean isLockedUse() {
114: return instance.isKeystoreLocked();
115: }
116:
117: public String[] getCertificates() {
118: return certificates;
119: }
120:
121: public String[] getKeys() {
122: return keys;
123: }
124:
125: public Map getFingerprints() throws KeystoreException {
126: if (fingerprints == null) {
127: fingerprints = new HashMap();
128: for (int i = 0; i < certificates.length; i++) {
129: String alias = certificates[i];
130: try {
131: fingerprints.put(alias, CertificateUtil
132: .generateFingerprint(
133: instance.getCertificate(alias,
134: password), "MD5"));
135: } catch (Exception e) {
136: log
137: .error(
138: "Unable to generate certificate fingerprint",
139: e);
140: }
141: }
142: for (int i = 0; i < keys.length; i++) {
143: String alias = keys[i];
144: try {
145: fingerprints.put(alias, CertificateUtil
146: .generateFingerprint(
147: instance.getCertificate(alias,
148: password), "MD5"));
149: } catch (Exception e) {
150: log
151: .error(
152: "Unable to generate certificate fingerprint",
153: e);
154: }
155: }
156: }
157: return fingerprints;
158: }
159:
160: public void importTrustCert(String fileName, String alias)
161: throws KeystoreException {
162: try {
163: // Uploading certificate using a disk file fails on Windows. Certificate text is used instead.
164: //InputStream is = new FileInputStream(fileName);
165: InputStream is = new ByteArrayInputStream(fileName
166: .getBytes());
167: CertificateFactory cf = CertificateFactory
168: .getInstance("X.509");
169: Collection certs = cf.generateCertificates(is);
170: X509Certificate cert = (X509Certificate) certs
171: .iterator().next();
172: instance.importTrustCertificate(cert, alias, password);
173: String[] update = new String[certificates.length + 1];
174: System.arraycopy(certificates, 0, update, 0,
175: certificates.length);
176: update[certificates.length] = alias;
177: certificates = update;
178: if (fingerprints != null) {
179: fingerprints.put(alias, CertificateUtil
180: .generateFingerprint(instance
181: .getCertificate(alias, password),
182: "MD5"));
183: }
184: } catch (KeystoreException e) {
185: throw e;
186: } catch (Exception e) {
187: throw new KeystoreException(
188: "Unable to import trust certificate", e);
189: }
190: }
191:
192: public void createKeyPair(String alias, String keyPassword,
193: String keyAlgorithm, int keySize,
194: String signatureAlgorithm, int validity,
195: String commonName, String orgUnit, String organization,
196: String locality, String state, String country)
197: throws KeystoreException {
198: try {
199: instance
200: .generateKeyPair(alias, password, keyPassword
201: .toCharArray(), keyAlgorithm, keySize,
202: signatureAlgorithm, validity,
203: commonName, orgUnit, organization,
204: locality, state, country);
205: String[] update = new String[keys.length + 1];
206: System.arraycopy(keys, 0, update, 0, keys.length);
207: update[keys.length] = alias;
208: keys = update;
209: if (fingerprints != null) {
210: fingerprints.put(alias, CertificateUtil
211: .generateFingerprint(instance
212: .getCertificate(alias, password),
213: "MD5"));
214: }
215: } catch (KeystoreException e) {
216: throw e;
217: } catch (Exception e) {
218: throw new KeystoreException(
219: "Unable to create key pair", e);
220: }
221: }
222:
223: public Certificate getCertificate(String alias)
224: throws KeystoreException {
225: return instance.getCertificate(alias, password);
226: }
227:
228: public void unlockPrivateKey(String alias, char[] keyPassword)
229: throws KeystoreException {
230: if (keyPasswords == null) {
231: keyPasswords = new HashMap();
232: }
233: instance.unlockPrivateKey(alias, password, keyPassword);
234: keyPasswords.put(alias, keyPassword);
235: }
236:
237: public void deleteEntry(String alias) throws KeystoreException {
238: for (int i = 0; i < keys.length; ++i) {
239: if (keys[i].equals(alias)) {
240: String[] temp = new String[keys.length - 1];
241: for (int j = 0; j < i; ++j) {
242: temp[j] = keys[j];
243: }
244: for (int j = i + 1; j < keys.length; ++j) {
245: temp[j - 1] = keys[j];
246: }
247: keys = temp;
248: break;
249: }
250: }
251:
252: for (int i = 0; i < certificates.length; ++i) {
253: if (certificates[i].equals(alias)) {
254: String[] temp = new String[certificates.length - 1];
255: for (int j = 0; j < i; ++j) {
256: temp[j] = certificates[j];
257: }
258: for (int j = i + 1; j < certificates.length; ++j) {
259: temp[j - 1] = certificates[j];
260: }
261: certificates = temp;
262: break;
263: }
264: }
265: instance.deleteEntry(alias, password);
266: if (keyPasswords != null)
267: keyPasswords.remove(alias);
268: if (fingerprints != null)
269: fingerprints.remove(alias);
270: }
271:
272: public void importPKCS7Certificate(String alias,
273: String pkcs7cert) throws KeystoreException {
274: try {
275: instance.importPKCS7Certificate(alias, pkcs7cert,
276: password);
277: fingerprints.put(alias, CertificateUtil
278: .generateFingerprint(instance.getCertificate(
279: alias, password), "MD5"));
280: } catch (KeystoreException e) {
281: throw e;
282: } catch (Exception e) {
283: throw new KeystoreException(
284: "Unable to import PKCS7 certificate", e);
285: }
286: }
287:
288: public String generateCSR(String alias)
289: throws KeystoreException {
290: return instance.generateCSR(alias, password);
291: }
292:
293: public void unlockEdit(char[] password)
294: throws KeystoreException {
295: this .certificates = instance
296: .listTrustCertificates(password);
297: this .keys = instance.listPrivateKeys(password);
298: // Set password last, so that if an error occurs, the keystore
299: // still appears locked (lockedEdit == false)
300: this .password = password;
301: this .fingerprints = null;
302: }
303:
304: public void lockEdit() {
305: this .password = null;
306: this .certificates = null;
307: this .keyPasswords = null;
308: this .keys = null;
309: this .fingerprints = null;
310: }
311:
312: public void lockUse() throws KeystoreException {
313: instance.lockKeystore(password);
314: }
315:
316: public void unlockUse(char[] password) throws KeystoreException {
317: instance.unlockKeystore(password);
318: }
319:
320: public void changeKeystorePassword(char[] oldPassword,
321: char[] newPassword) throws KeystoreException {
322: instance.changeKeystorePassword(oldPassword, newPassword);
323: this .password = newPassword;
324: }
325:
326: public void changeKeyPassword(String alias, char[] keyPassword,
327: char[] newKeyPassword) throws KeystoreException {
328: instance.changeKeyPassword(alias, password, keyPassword,
329: newKeyPassword);
330: if (keyPasswords != null && keyPasswords.containsKey(alias)) {
331: keyPasswords.put(alias, newKeyPassword);
332: }
333: }
334: }
335: }
|