001: /**
002: * Copyright (c) 2000/2001 Thomas Kopp
003: * All rights reserved.
004: *
005: * Redistribution and use in source and binary forms, with or without
006: * modification, are permitted provided that the following conditions
007: * are met:
008: * 1. Redistributions of source code must retain the above copyright
009: * notice, this list of conditions and the following disclaimer.
010: * 2. Redistributions in binary form must reproduce the above copyright
011: * notice, this list of conditions and the following disclaimer in the
012: * documentation and/or other materials provided with the distribution.
013: *
014: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
015: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
016: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
017: * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
018: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
019: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
020: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
021: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
022: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
023: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
024: * SUCH DAMAGE.
025: */package org.w3c.jigsaw.https.socket;
026:
027: import java.security.KeyStore;
028:
029: import org.w3c.jigsaw.config.PropertySet;
030:
031: import org.w3c.jigsaw.http.httpd;
032:
033: import org.w3c.tools.resources.Attribute;
034: import org.w3c.tools.resources.AttributeRegistry;
035: import org.w3c.tools.resources.BooleanAttribute;
036: import org.w3c.tools.resources.FileAttribute;
037: import org.w3c.tools.resources.StringAttribute;
038:
039: /**
040: * @author Thomas Kopp, Dialogika GmbH
041: * @version 1.1, 27 December 2000, 6 February 2004
042: *
043: * This class supplies a management resource for SSL properties
044: */
045: public class SSLProperties extends PropertySet {
046:
047: /**
048: * property key for specifying the TLS security provider
049: */
050: public static final String SECURITY_PROVIDER_P = "org.w3c.jigsaw.ssl.security.provider";
051:
052: /**
053: * property key for specifying the TLS protocol handler
054: */
055: public static final String PROTOCOL_HANDLER_P = "org.w3c.jigsaw.ssl.protocol.handler";
056:
057: /**
058: * property key for specifying the TLS protocol name
059: */
060: public static final String PROTOCOL_NAME_P = "org.w3c.jigsaw.ssl.protocol.name";
061:
062: /**
063: * property key for specifying the keymanager type
064: */
065: public static final String KEYMANAGER_TYPE_P = "org.w3c.jigsaw.ssl.keymanager.type";
066:
067: /**
068: * property key for indicating a generic keystore, i.e.
069: * a class implementing the key manager factory parameters interface
070: */
071: public static final String KEYSTORE_GENERIC_P = "org.w3c.jigsaw.ssl.keystore.generic";
072:
073: /**
074: * property key for specifying the keystore type
075: */
076: public static final String KEYSTORE_TYPE_P = "org.w3c.jigsaw.ssl.keystore.type";
077:
078: /**
079: * property key for specifying the keystore path
080: */
081: public static final String KEYSTORE_PATH_P = "org.w3c.jigsaw.ssl.keystore.path";
082:
083: /**
084: * property key for specifying the keystore password
085: */
086: public static final String KEYSTORE_PASSWORD_P = "org.w3c.jigsaw.ssl.keystore.password";
087:
088: /**
089: * property key for specifying the trustmanager type
090: */
091: public static final String TRUSTMANAGER_TYPE_P = "org.w3c.jigsaw.ssl.trustmanager.type";
092:
093: /**
094: * property key for indicating a generic truststore, i.e.
095: * a class implementing the key manager factory parameters interface
096: */
097: public static final String TRUSTSTORE_GENERIC_P = "org.w3c.jigsaw.ssl.truststore.generic";
098:
099: /**
100: * property key for specifying the truststore type
101: */
102: public static final String TRUSTSTORE_TYPE_P = "org.w3c.jigsaw.ssl.truststore.type";
103:
104: /**
105: * property key for specifying the truststore path
106: */
107: public static final String TRUSTSTORE_PATH_P = "org.w3c.jigsaw.ssl.truststore.path";
108:
109: /**
110: * property key for specifying the truststore password
111: */
112: public static final String TRUSTSTORE_PASSWORD_P = "org.w3c.jigsaw.ssl.truststore.password";
113:
114: /**
115: * property key for enabling mandatory TLS client authentication
116: */
117: public static final String MUST_AUTHENTICATE_P = "org.w3c.jigsaw.ssl.must.authenticate";
118:
119: /**
120: * property key for enabling TLS support (attribute implicit via
121: * keystore configuration)
122: */
123: public static final String SSL_ENABLED_P = "org.w3c.jigsaw.ssl.enabled";
124:
125: /**
126: * default security provider for TLS support
127: * (concerning pre JDK 1.4 api only)
128: */
129: public static final String DEFAULT_SECURITY_PROVIDER = "com.sun.net.ssl.internal.ssl.Provider";
130:
131: /**
132: * default TLS protocol handler (concerning pre JDK 1.4 api only)
133: */
134: public static final String DEFAULT_PROTOCOL_HANDLER = "com.sun.net.ssl.internal.www.protocol";
135:
136: /**
137: * default TLS protocol
138: */
139: public static final String DEFAULT_PROTOCOL_NAME = "TLS";
140:
141: /**
142: * default TLS generic keystore default
143: */
144: public static final boolean DEFAULT_KEYSTORE_GENERIC = false;
145:
146: /**
147: * default TLS generic truststore default
148: */
149: public static final boolean DEFAULT_TRUSTSTORE_GENERIC = false;
150:
151: /**
152: * default TLS client mandatory authentication
153: */
154: public static final boolean DEFAULT_MUST_AUTHENTICATE = false;
155:
156: /**
157: * default TLS support
158: */
159: public static final boolean DEFAULT_SSL_ENABLED = true;
160:
161: /**
162: * default properties name
163: */
164: private static final String DEFAULT_NAME = "SSL";
165:
166: /**
167: * security provider attribute index
168: */
169: // protected static int ATTR_SSL_SECURITY_PROVIDER = -1 ;
170: /**
171: * protocol handler attribute index
172: */
173: // protected static int ATTR_SSL_PROTOCOL_HANDLER = -1 ;
174: /**
175: * protocol name attribute index
176: */
177: protected static int ATTR_SSL_PROTOCOL_NAME = -1;
178:
179: /**
180: * keymanager type attribute index
181: */
182: protected static int ATTR_SSL_KEYMANAGER_TYPE = -1;
183:
184: /**
185: * keystore generic attribute index
186: */
187: protected static int ATTR_SSL_KEYSTORE_GENERIC = -1;
188:
189: /**
190: * keystore type attribute index
191: */
192: protected static int ATTR_SSL_KEYSTORE_TYPE = -1;
193:
194: /**
195: * keystore path attribute index
196: */
197: protected static int ATTR_SSL_KEYSTORE_PATH = -1;
198:
199: /**
200: * keystore password attribute index
201: */
202: protected static int ATTR_SSL_KEYSTORE_PASSWORD = -1;
203:
204: /**
205: * trustmanager type attribute index
206: */
207: protected static int ATTR_SSL_TRUSTMANAGER_TYPE = -1;
208:
209: /**
210: * truststore generic attribute index
211: */
212: protected static int ATTR_SSL_TRUSTSTORE_GENERIC = -1;
213:
214: /**
215: * truststore type attribute index (for client authentication)
216: */
217: protected static int ATTR_SSL_TRUSTSTORE_TYPE = -1;
218:
219: /**
220: * truststore path attribute index (for client authentication)
221: */
222: protected static int ATTR_SSL_TRUSTSTORE_PATH = -1;
223:
224: /**
225: * truststore password attribute index (for client authentication)
226: */
227: protected static int ATTR_SSL_TRUSTSTORE_PASSWORD = -1;
228:
229: /**
230: * ssl authenticate status attribute index (for mandatory client
231: * authentication)
232: */
233: protected static int ATTR_SSL_AUTHENTICATE_REQUIRED = -1;
234:
235: /**
236: * ssl enable status attribute index
237: * @deprecated implicit via keystore path configuration
238: */
239: // protected static int ATTR_SSL_ENABLED_STATUS = -1 ;
240: /**
241: * static initializer for TLS properties
242: */
243: static {
244: Class cls = null;
245: Attribute a = null;
246:
247: try {
248:
249: cls = Class
250: .forName("org.w3c.jigsaw.https.socket.SSLProperties");
251: } catch (Exception ex) {
252: ex.printStackTrace();
253: System.exit(1);
254: }
255:
256: // removed from admin gui for providing JDK 1.4 compatibility
257: // a = new StringAttribute(SECURITY_PROVIDER_P,
258: // DEFAULT_SECURITY_PROVIDER, Attribute.EDITABLE);
259: // ATTR_SSL_SECURITY_PROVIDER =
260: // AttributeRegistry.registerAttribute(cls, a);
261:
262: // removed from admin gui for providing JDK 1.4 compatibility
263: // a = new StringAttribute(PROTOCOL_HANDLER_P,
264: // DEFAULT_PROTOCOL_HANDLER, Attribute.EDITABLE);
265: // ATTR_SSL_PROTOCOL_HANDLER =
266: // AttributeRegistry.registerAttribute(cls, a);
267:
268: a = new StringAttribute(PROTOCOL_NAME_P, DEFAULT_PROTOCOL_NAME,
269: Attribute.EDITABLE);
270: ATTR_SSL_PROTOCOL_NAME = AttributeRegistry.registerAttribute(
271: cls, a);
272:
273: // removed from admin gui for simplifying configuration with the
274: // default being taken from the underlying provider, yet still
275: // configurable via the https-server.props file, tk, 2004-11-01
276: // a = new StringAttribute(KEYMANAGER_TYPE_P, null, Attribute.EDITABLE);
277: // ATTR_SSL_KEYMANAGER_TYPE = AttributeRegistry.registerAttribute(cls, a);
278:
279: a = new BooleanAttribute(KEYSTORE_GENERIC_P, new Boolean(
280: DEFAULT_KEYSTORE_GENERIC), Attribute.EDITABLE);
281: ATTR_SSL_KEYSTORE_GENERIC = AttributeRegistry
282: .registerAttribute(cls, a);
283:
284: a = new StringAttribute(KEYSTORE_TYPE_P, null,
285: Attribute.EDITABLE);
286: ATTR_SSL_KEYSTORE_TYPE = AttributeRegistry.registerAttribute(
287: cls, a);
288:
289: a = new FileAttribute(KEYSTORE_PATH_P, null, Attribute.EDITABLE);
290: ATTR_SSL_KEYSTORE_PATH = AttributeRegistry.registerAttribute(
291: cls, a);
292:
293: a = new StringAttribute(KEYSTORE_PASSWORD_P, null,
294: Attribute.EDITABLE);
295: ATTR_SSL_KEYSTORE_PASSWORD = AttributeRegistry
296: .registerAttribute(cls, a);
297:
298: // removed from admin gui for simplifying configuration with the
299: // default being taken from the underlying provider, yet still
300: // configurable via the https-server.props file, tk, 2004-11-01
301: // a = new StringAttribute(TRUSTMANAGER_TYPE_P, null, Attribute.EDITABLE);
302: // ATTR_SSL_TRUSTMANAGER_TYPE = AttributeRegistry.registerAttribute(cls, a);
303:
304: a = new BooleanAttribute(TRUSTSTORE_GENERIC_P, new Boolean(
305: DEFAULT_TRUSTSTORE_GENERIC), Attribute.EDITABLE);
306: ATTR_SSL_TRUSTSTORE_GENERIC = AttributeRegistry
307: .registerAttribute(cls, a);
308:
309: a = new StringAttribute(TRUSTSTORE_TYPE_P, null,
310: Attribute.EDITABLE);
311: ATTR_SSL_TRUSTSTORE_TYPE = AttributeRegistry.registerAttribute(
312: cls, a);
313:
314: a = new FileAttribute(TRUSTSTORE_PATH_P, null,
315: Attribute.EDITABLE);
316: ATTR_SSL_TRUSTSTORE_PATH = AttributeRegistry.registerAttribute(
317: cls, a);
318:
319: a = new StringAttribute(TRUSTSTORE_PASSWORD_P, null,
320: Attribute.EDITABLE);
321: ATTR_SSL_TRUSTSTORE_PASSWORD = AttributeRegistry
322: .registerAttribute(cls, a);
323:
324: a = new BooleanAttribute(MUST_AUTHENTICATE_P, new Boolean(
325: DEFAULT_MUST_AUTHENTICATE), Attribute.EDITABLE);
326: ATTR_SSL_AUTHENTICATE_REQUIRED = AttributeRegistry
327: .registerAttribute(cls, a);
328:
329: // @deprecated
330: // a = new BooleanAttribute(SSL_ENABLED_P,
331: // Boolean.valueOf(DEFAULT_SSL_ENABLED), Attribute.EDITABLE);
332: // ATTR_SSL_ENABLED_STATUS = AttributeRegistry.registerAttribute(cls,
333: // a);
334: }
335:
336: /**
337: * method for supplying the current security provider
338: * @return SSL security provider
339: */
340: // public String getSecurityProvider() {
341: // return ((String)(getValue(ATTR_SSL_SECURITY_PROVIDER,
342: // DEFAULT_SECURITY_PROVIDER)));
343: // }
344: /**
345: * nameless constructor for SSL properties
346: * @param server reference to the current daemon
347: */
348: public SSLProperties(httpd server) {
349: super (DEFAULT_NAME, server);
350: }
351:
352: /**
353: * named constructor for SSL properties
354: * @param name the name for the daemon in question
355: * @param server reference to the current daemon
356: */
357: public SSLProperties(String name, httpd server) {
358: super(name, server);
359: }
360: }
|