001: package com.sun.portal.netlet.crypt.jsse;
002:
003: import java.io.FileInputStream;
004: import java.net.Socket;
005: import java.security.KeyStore;
006: import java.security.KeyStoreException;
007: import java.security.NoSuchProviderException;
008: import java.security.Principal;
009: import java.security.PrivateKey;
010: import java.security.cert.X509Certificate;
011: import java.util.Vector;
012:
013: import javax.net.ssl.X509KeyManager;
014:
015: /*
016: * com.sun.portal.netlet.crypt.jsse.NetletKeyManager is an implementation of X509KeyManager which
017: * wraps an existing X509KeyManager instance, and prompts for
018: * keystore password and path.
019: */
020:
021: public class NetletKeyManager implements X509KeyManager {
022: NetletJSSEAuthContext authContext = null;
023: NetletDataRepository repos = null;
024: KeyStore ks = null;
025: String alias = null;
026:
027: /**
028: * @param authContext This will be used for callbacks
029: */
030: public NetletKeyManager(NetletJSSEAuthContext authContext) {
031:
032: this .authContext = authContext;
033: repos = NetletDataRepository.getInstance();
034:
035: }
036:
037: /**
038: * chooseClientAlias selects an alias to authenticate the client side
039: * of a SSL connection. This implementation prompts the user for the
040: * keystore path and password.
041: * @param keyType the key algorithm type name(s)
042: * @param issuers the list of acceptable CA issuer subject names
043: * @param socket the socket to be used for this connection.
044: */
045: public String chooseClientAlias(String[] keyType,
046: Principal[] issuers, Socket socket)
047:
048: {
049:
050: // Call the callback functions to set password and keystore path
051: // if not already set.
052: setContext();
053: try {
054: // Create a keystore of the specified type
055: if (ks == null) {
056:
057: ks = KeyStore.getInstance(repos.getKeyStoreType()
058: .toString(), repos.getKeyStoreType()
059: .getProvider());
060:
061: if (repos.getKeyStoreStream() != null)
062: ks.load(repos.getKeyStoreStream(), repos
063: .getKeyStorePassphrase());
064: else
065: ks
066: .load(new FileInputStream(repos
067: .getKeyStorePath()), repos
068: .getKeyStorePassphrase());
069: }
070:
071: alias = (String) ks.aliases().nextElement();
072: // return the alias
073: return alias;
074: } catch (KeyStoreException e) {
075: throw new IllegalArgumentException(e.getMessage());
076: } catch (NoSuchProviderException ne) {
077: throw new IllegalArgumentException(ne.getMessage());
078: } catch (Exception na) {
079: throw new IllegalArgumentException(na.getMessage());
080: }
081:
082: }
083:
084: public String chooseServerAlias(String keyType,
085: Principal[] issuers, Socket socket) {
086: return null;
087: }
088:
089: public X509Certificate[] getCertificateChain(String a) {
090: alias = chooseClientAlias(null, null, null);
091: try {
092: java.security.cert.Certificate[] certs = ks
093: .getCertificateChain(alias);
094: Vector temp = new Vector(certs.length);
095: for (int i = 0; i < certs.length; i++)
096: temp.add(certs[i]);
097:
098: return (X509Certificate[]) temp
099: .toArray(new X509Certificate[0]);
100: } catch (KeyStoreException e) {
101: return null;
102: }
103:
104: }
105:
106: public String[] getClientAliases(String keyType, Principal[] issuers) {
107:
108: String temp[] = new String[1];
109: if (alias == null) {
110: alias = chooseClientAlias(null, null, null);
111: temp[0] = alias;
112: }
113: return temp;
114: }
115:
116: public PrivateKey getPrivateKey(String a) {
117: alias = chooseClientAlias(null, null, null);
118: try {
119: return (PrivateKey) ks.getKey(alias, repos
120: .getKeyStorePassphrase());
121:
122: } catch (Exception e) {
123: return null;
124: }
125:
126: }
127:
128: public String[] getServerAliases(String keyType, Principal[] issuers) {
129: return null;
130: }
131:
132: private void setContext() {
133: if (repos.getKeyStorePassphrase() == null) {
134: repos.setKeyStoreStream(authContext.getKeyStoreStream());
135: repos.setKeyStorePath(authContext.getKeyStorePath());
136: repos.setKeyStorePassphrase(authContext
137: .getKeyStorePassword());
138: repos.setKeyStoreType(authContext.getKeyStoreType());
139: }
140: }
141: }
|