You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@synapse.apache.org by in...@apache.org on 2008/07/07 12:19:49 UTC
svn commit: r674440 - in /synapse/trunk/java:
modules/core/src/main/java/org/apache/synapse/config/
modules/core/src/main/java/org/apache/synapse/config/xml/
modules/core/src/main/java/org/apache/synapse/core/axis2/
modules/core/src/main/java/org/apach...
Author: indika
Date: Mon Jul 7 03:19:45 2008
New Revision: 674440
URL: http://svn.apache.org/viewvc?rev=674440&view=rev
Log:
this commit is based in patch by Jonathan Holmes . Thanks Jonathan
In addtion I had to do numerous chnages
I have tested https url for wsdl of both proxy service and wsdl endpoint
Added:
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/config/SynapsePropertiesLoader.java
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/definition/
- copied from r673914, synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/bean/
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/definition/CipherInformation.java
- copied, changed from r674415, synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/bean/CipherInformation.java
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/definition/IdentityKeyStoreInformation.java
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/definition/KeyStoreInformation.java
- copied, changed from r674415, synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/bean/KeyStoreInformation.java
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/definition/TrustKeyStoreInformation.java
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/definition/factory/
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/definition/factory/KeyStoreInformationFactory.java
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/enumeration/
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/enumeration/KeyStoreType.java
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/interfaces/
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/interfaces/ICACertsLoader.java
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/interfaces/IKeyStoreLoader.java
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/keystore/
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/keystore/AbstractKeyStoreLoader.java
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/keystore/CACertsLoader.java
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/keystore/JKSKeyStoreLoader.java
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/keystore/PKCS12KeyStoreLoader.java
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/keystore/PKCS8KeyStoreLoader.java
Removed:
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/bean/
Modified:
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/config/SynapseConfigUtils.java
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/config/SynapseConfigurationBuilder.java
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/config/xml/SynapseXMLConfigurationFactory.java
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/core/axis2/ProxyService.java
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/secret/SecretManager.java
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/secret/repository/FileBaseSecretRepository.java
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/tool/CipherTool.java
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/wrappers/CipherWrapper.java
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/wrappers/IdentityKeyStoreWrapper.java
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/wrappers/KeyStoreWrapper.java
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/wrappers/TrustKeyStoreWrapper.java
synapse/trunk/java/repository/conf/secret-manager.properties
synapse/trunk/java/repository/conf/synapse.properties
Modified: synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/config/SynapseConfigUtils.java
URL: http://svn.apache.org/viewvc/synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/config/SynapseConfigUtils.java?rev=674440&r1=674439&r2=674440&view=diff
==============================================================================
--- synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/config/SynapseConfigUtils.java (original)
+++ synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/config/SynapseConfigUtils.java Mon Jul 7 03:19:45 2008
@@ -23,12 +23,18 @@
import org.apache.axiom.om.impl.builder.StAXOMBuilder;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.synapse.SynapseConstants;
import org.apache.synapse.SynapseException;
import org.apache.synapse.ServerManager;
+import org.apache.synapse.security.definition.KeyStoreInformation;
+import org.apache.synapse.security.definition.IdentityKeyStoreInformation;
+import org.apache.synapse.security.definition.TrustKeyStoreInformation;
+import org.apache.synapse.security.definition.factory.KeyStoreInformationFactory;
import org.apache.synapse.util.SynapseBinaryDataSource;
import org.xml.sax.InputSource;
+import sun.net.www.protocol.https.HttpsURLConnectionImpl;
+
+import javax.net.ssl.*;
import javax.xml.stream.XMLInputFactory;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamReader;
@@ -36,6 +42,9 @@
import javax.activation.DataHandler;
import java.io.*;
import java.net.*;
+import java.security.NoSuchAlgorithmException;
+import java.security.KeyManagementException;
+import java.util.Properties;
public class SynapseConfigUtils {
@@ -239,12 +248,98 @@
if (url == null) {
return null;
}
- URLConnection conn = url.openConnection();
- conn.setReadTimeout(getReadTimeout());
- conn.setConnectTimeout(getConnectionTimeout());
- conn.setRequestProperty("Connection", "close"); // if http is being used
- BufferedInputStream urlInStream = new BufferedInputStream(
- conn.getInputStream());
+
+ InputStream urlInStream = null;
+
+ if (url.getProtocol().equalsIgnoreCase("https")) {
+ Properties synapseProperties = SynapsePropertiesLoader.loadSynapseProperties();
+ KeyManager[] keyManagers = null;
+ TrustManager[] trustManagers = null;
+
+ IdentityKeyStoreInformation identityInformation =
+ KeyStoreInformationFactory.createIdentityKeyStoreInformation(synapseProperties);
+
+ if (identityInformation != null) {
+ KeyManagerFactory keyManagerFactory =
+ identityInformation.getIdentityKeyManagerFactoryInstance();
+ if (keyManagerFactory != null) {
+ keyManagers = keyManagerFactory.getKeyManagers();
+ }
+
+ }
+
+ TrustKeyStoreInformation trustInformation =
+ KeyStoreInformationFactory.createTrustKeyStoreInformation(synapseProperties);
+
+ if (trustInformation != null) {
+ TrustManagerFactory trustManagerFactory =
+ trustInformation.getTrustManagerFactoryInstance();
+ if (trustManagerFactory != null) {
+ trustManagers = trustManagerFactory.getTrustManagers();
+ }
+ }
+
+ HttpsURLConnectionImpl connection = (HttpsURLConnectionImpl) url.openConnection();
+ try {
+ SSLContext sslContext = SSLContext.getInstance("TLS");
+ sslContext.init(keyManagers,
+ trustManagers, null);
+ connection.setSSLSocketFactory(sslContext.getSocketFactory());
+ if (trustInformation != null) {
+ boolean enableHostnameVerifier = true;
+ String value =
+ trustInformation.getParameter(
+ KeyStoreInformation.ENABLE_HOST_NAME_VERIFIER);
+ if (value != null) {
+ enableHostnameVerifier = Boolean.parseBoolean(value);
+ }
+ if (!enableHostnameVerifier) {
+ connection.setHostnameVerifier(new javax.net.ssl.HostnameVerifier() {
+ public boolean verify(String hostname, javax.net.ssl.SSLSession session) {
+ if (log.isTraceEnabled()) {
+ log.trace("HostName verification disabled");
+ log.trace("host: " + hostname);
+ log.trace("peer host: " + session.getPeerHost());
+ }
+ return true;
+ }
+
+ public boolean verify(String hostname, String certHostname) {
+ if (log.isTraceEnabled()) {
+ log.trace("Hostname verification disabled");
+ log.trace("host: " + hostname);
+ log.trace("cert hostname: " + certHostname);
+ }
+ return true;
+ }
+ });
+ }
+ }
+
+ } catch (NoSuchAlgorithmException e) {
+ handleException("Error loading SSLContext ");
+ } catch (KeyManagementException e) {
+ handleException("Error initiation SSLContext with KeyManagers");
+ }
+
+ connection.setReadTimeout(getReadTimeout());
+ connection.setConnectTimeout(getConnectionTimeout());
+ connection.setRequestProperty("Connection", "close"); // if http is being used
+ urlInStream = connection.getInputStream();
+
+ } else {
+
+ URLConnection conn = url.openConnection();
+ conn.setReadTimeout(getReadTimeout());
+ conn.setConnectTimeout(getConnectionTimeout());
+ conn.setRequestProperty("Connection", "close"); // if http is being used
+ urlInStream = conn.getInputStream();
+ }
+
+ if (urlInStream == null) {
+ return null;
+ }
+
try {
StAXOMBuilder builder = new StAXOMBuilder(urlInStream);
OMElement doc = builder.getDocumentElement();
Modified: synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/config/SynapseConfigurationBuilder.java
URL: http://svn.apache.org/viewvc/synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/config/SynapseConfigurationBuilder.java?rev=674440&r1=674439&r2=674440&view=diff
==============================================================================
--- synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/config/SynapseConfigurationBuilder.java (original)
+++ synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/config/SynapseConfigurationBuilder.java Mon Jul 7 03:19:45 2008
@@ -32,7 +32,6 @@
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
-import java.io.InputStream;
import java.util.Properties;
/**
@@ -72,7 +71,7 @@
// build the Synapse configuration parsing the XML config file
try {
- Properties synapseProperties = loadSynapseProperties();
+ Properties synapseProperties = SynapsePropertiesLoader.loadSynapseProperties();
DataSourceRegistrar.registerDataSources(synapseProperties);
SynapseConfiguration synCfg
= XMLConfigurationBuilder.getConfiguration(new FileInputStream(configFile));
@@ -89,50 +88,6 @@
return null;
}
- private static Properties loadSynapseProperties() {
-
- try {
- Properties properties = new Properties();
- ClassLoader cl = Thread.currentThread().getContextClassLoader();
-
- if (log.isDebugEnabled()) {
- log.debug("synapse.properties file is loading from classpath");
- }
-
- InputStream in = cl.getResourceAsStream(SynapseConstants.SYNAPSE_PROPERTIES);
- if (in == null) {
- if (log.isDebugEnabled()) {
- log.debug("Unable to load synapse.propeties file");
- }
-
- String path = SynapseConstants.CONF_DIRECTORY +
- File.separatorChar + SynapseConstants.SYNAPSE_PROPERTIES;
- if (log.isDebugEnabled()) {
- log.debug("synapse.properties file is loading from classpath" +
- " with resource path '" + path + " '");
- }
-
- in = cl.getResourceAsStream(path);
- if (in == null) {
- if (log.isDebugEnabled()) {
- log.debug("Unable to load the synapse.properties file from classpath" +
- " with resource name '" + path + " '");
- }
- }
- }
-
- if (in != null) {
- properties.load(in);
- }
-
- return properties;
-
- } catch (Exception e) {
- log.info("Using the default tuning parameters for Synapse");
- }
- return new Properties();
- }
-
private static void handleException(String msg, Exception e) {
log.error(msg, e);
throw new SynapseException(msg, e);
Added: synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/config/SynapsePropertiesLoader.java
URL: http://svn.apache.org/viewvc/synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/config/SynapsePropertiesLoader.java?rev=674440&view=auto
==============================================================================
--- synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/config/SynapsePropertiesLoader.java (added)
+++ synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/config/SynapsePropertiesLoader.java Mon Jul 7 03:19:45 2008
@@ -0,0 +1,51 @@
+/*
+* Licensed to the Apache Software Foundation (ASF) under one
+* or more contributor license agreements. See the NOTICE file
+* distributed with this work for additional information
+* regarding copyright ownership. The ASF licenses this file
+* to you under the Apache License, Version 2.0 (the
+* "License"); you may not use this file except in compliance
+* with the License. You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+package org.apache.synapse.config;
+
+import org.apache.synapse.SynapseConstants;
+import org.apache.synapse.util.MiscellaneousUtil;
+
+import java.util.Properties;
+
+/**
+ * Provides a Factory method load synapse properties.
+ * Cache the properties to make sure properties loading only is occurred onetime
+ */
+public class SynapsePropertiesLoader {
+
+ private SynapsePropertiesLoader() {
+ }
+
+ private static Properties properties;
+
+ /**
+ * Loads the properties
+ * This happen only cached properties are null.
+ *
+ * @return Synapse Properties
+ */
+ public static Properties loadSynapseProperties() {
+ if (properties == null) {
+ properties = MiscellaneousUtil.loadProperties(
+ SynapseConstants.SYNAPSE_PROPERTIES);
+ }
+ return properties;
+ }
+
+}
Modified: synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/config/xml/SynapseXMLConfigurationFactory.java
URL: http://svn.apache.org/viewvc/synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/config/xml/SynapseXMLConfigurationFactory.java?rev=674440&r1=674439&r2=674440&view=diff
==============================================================================
--- synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/config/xml/SynapseXMLConfigurationFactory.java (original)
+++ synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/config/xml/SynapseXMLConfigurationFactory.java Mon Jul 7 03:19:45 2008
@@ -52,9 +52,8 @@
if (!definitions.getQName().equals(XMLConfigConstants.DEFINITIONS_ELT)) {
throw new SynapseException(
- "Wrong QName for this config factory " + definitions.getQName());
+ "Wrong QName for this configuration factory " + definitions.getQName());
}
-
SynapseConfiguration config = new SynapseConfiguration();
config.setDefaultQName(definitions.getQName());
Modified: synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/core/axis2/ProxyService.java
URL: http://svn.apache.org/viewvc/synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/core/axis2/ProxyService.java?rev=674440&r1=674439&r2=674440&view=diff
==============================================================================
--- synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/core/axis2/ProxyService.java (original)
+++ synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/core/axis2/ProxyService.java Mon Jul 7 03:19:45 2008
@@ -34,6 +34,7 @@
import org.apache.synapse.SynapseConstants;
import org.apache.synapse.SynapseException;
import org.apache.synapse.ServerManager;
+import org.apache.synapse.security.definition.KeyStoreInformation;
import org.apache.synapse.config.SynapseConfigUtils;
import org.apache.synapse.config.SynapseConfiguration;
import org.apache.synapse.core.SynapseEnvironment;
@@ -42,6 +43,7 @@
import org.apache.synapse.util.PolicyInfo;
import org.xml.sax.InputSource;
+import javax.xml.namespace.QName;
import javax.xml.stream.XMLStreamException;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
@@ -232,6 +234,7 @@
InputStream wsdlInputStream = null;
OMElement wsdlElement = null;
boolean wsdlFound = false;
+ String publishWSDL = null;
if (wsdlKey != null) {
synCfg.getEntryDefinition(wsdlKey);
@@ -245,8 +248,10 @@
wsdlFound = true;
} else if (wsdlURI != null) {
try {
- URL url = wsdlURI.toURL();
- OMNode node = SynapseConfigUtils.getOMElementFromURL(url.toString());
+ URL url = wsdlURI.toURL();
+ publishWSDL = url.toString();
+
+ OMNode node = SynapseConfigUtils.getOMElementFromURL(publishWSDL);
if (node instanceof OMElement) {
wsdlElement = (OMElement) node;
}
@@ -254,7 +259,45 @@
} catch (MalformedURLException e) {
handleException("Malformed URI for wsdl", e);
} catch (IOException e) {
- handleException("Error reading from wsdl URI", e);
+ //handleException("Error reading from wsdl URI", e);
+ boolean enablePublishWSDLSafeMode = false;
+ Map proxyParameters = null;
+ proxyParameters = this.getParameterMap();
+ if(!proxyParameters.isEmpty()){
+ if(proxyParameters.containsKey("enablePublishWSDLSafeMode")){
+ enablePublishWSDLSafeMode =
+ Boolean.parseBoolean(
+ proxyParameters.get("enablePublishWSDLSafeMode").toString().toLowerCase());
+ }else{
+ if (trace()){
+ trace.info("WSDL was unable to load for: " + publishWSDL);
+ trace.info("Please add <syn:parameter name=\"enableURISafeMode\">true</syn:parameter> to proxy service.");
+ }
+ handleException("Error reading from wsdl URI", e);
+ }
+ }
+
+ if(enablePublishWSDLSafeMode){
+ // this is if the wsdl cannot be loaded... create a dummy service and an operation for which
+ // our SynapseDispatcher will properly dispatch to
+
+ //!!!Need to add a reload function... And display that the wsdl/service is offline!!!
+ if (trace()){
+ trace.info("WSDL was unable to load for: " + publishWSDL);
+ trace.info("enableURISafeMode: true");
+ }
+
+ proxyService = new AxisService();
+ AxisOperation mediateOperation = new InOutAxisOperation(new QName("mediate"));
+ proxyService.addOperation(mediateOperation);
+ } else{
+ if (trace()){
+ trace.info("WSDL was unable to load for: " + publishWSDL);
+ trace.info("enableURISafeMode: false");
+ }
+
+ handleException("Error reading from wsdl URI", e);
+ }
}
} else {
// this is for POX... create a dummy service and an operation for which
Copied: synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/definition/CipherInformation.java (from r674415, synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/bean/CipherInformation.java)
URL: http://svn.apache.org/viewvc/synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/definition/CipherInformation.java?p2=synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/definition/CipherInformation.java&p1=synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/bean/CipherInformation.java&r1=674415&r2=674440&rev=674440&view=diff
==============================================================================
--- synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/bean/CipherInformation.java (original)
+++ synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/definition/CipherInformation.java Mon Jul 7 03:19:45 2008
@@ -16,7 +16,7 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.synapse.security.bean;
+package org.apache.synapse.security.definition;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
Added: synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/definition/IdentityKeyStoreInformation.java
URL: http://svn.apache.org/viewvc/synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/definition/IdentityKeyStoreInformation.java?rev=674440&view=auto
==============================================================================
--- synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/definition/IdentityKeyStoreInformation.java (added)
+++ synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/definition/IdentityKeyStoreInformation.java Mon Jul 7 03:19:45 2008
@@ -0,0 +1,54 @@
+/*
+* Licensed to the Apache Software Foundation (ASF) under one
+* or more contributor license agreements. See the NOTICE file
+* distributed with this work for additional information
+* regarding copyright ownership. The ASF licenses this file
+* to you under the Apache License, Version 2.0 (the
+* "License"); you may not use this file except in compliance
+* with the License. You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+package org.apache.synapse.security.definition;
+
+import javax.net.ssl.KeyManagerFactory;
+import java.security.KeyStore;
+
+/**
+ *
+ */
+public class IdentityKeyStoreInformation extends KeyStoreInformation {
+
+ private String keyPassword;
+
+ public void setKeyPassword(String keyPassword) {
+ this.keyPassword = keyPassword;
+ }
+
+ public KeyManagerFactory getIdentityKeyManagerFactoryInstance() {
+ try {
+ KeyStore keyStore = this.getIdentityKeyStore();
+ KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(
+ KeyManagerFactory.getDefaultAlgorithm());
+ keyManagerFactory.init(keyStore, keyPassword.toCharArray());
+
+ return keyManagerFactory;
+ } catch (Exception e) {
+ handleException("Error getting KeyManagerFactory: ", e);
+ }
+
+ return null;
+ }
+
+ public KeyStore getIdentityKeyStore() {
+ return super.getKeyStore();
+ }
+
+}
Copied: synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/definition/KeyStoreInformation.java (from r674415, synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/bean/KeyStoreInformation.java)
URL: http://svn.apache.org/viewvc/synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/definition/KeyStoreInformation.java?p2=synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/definition/KeyStoreInformation.java&p1=synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/bean/KeyStoreInformation.java&r1=674415&r2=674440&rev=674440&view=diff
==============================================================================
--- synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/bean/KeyStoreInformation.java (original)
+++ synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/definition/KeyStoreInformation.java Mon Jul 7 03:19:45 2008
@@ -16,27 +16,39 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.synapse.security.bean;
+package org.apache.synapse.security.definition;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.synapse.SynapseException;
+import org.apache.synapse.security.enumeration.KeyStoreType;
+import org.apache.synapse.security.interfaces.ICACertsLoader;
+import org.apache.synapse.security.interfaces.IKeyStoreLoader;
+import org.apache.synapse.security.keystore.CACertsLoader;
+import org.apache.synapse.security.keystore.JKSKeyStoreLoader;
+import org.apache.synapse.security.keystore.PKCS12KeyStoreLoader;
+import org.apache.synapse.security.keystore.PKCS8KeyStoreLoader;
+
+import java.security.KeyStore;
+import java.util.HashMap;
+import java.util.Map;
/**
* Encapsulates the keyStore related information
*/
-public class KeyStoreInformation {
+public abstract class KeyStoreInformation {
private static final Log log = LogFactory.getLog(KeyStoreInformation.class);
- private String storeType = "JKS";
+ public static final String KEYSTORE_CERTIFICATE_FILE_PATH = "keyStoreCertificateFilePath";
+ public static final String ENABLE_HOST_NAME_VERIFIER = "enableHostnameVerifier";
+ private KeyStoreType storeType;
private String alias;
private String location;
+ private String keyStorePassword;
+ private String provider;
-
- public String getStoreType() {
- return storeType;
- }
+ private final Map parameters = new HashMap();
public void setStoreType(String storeType) {
if (storeType == null || "".equals(storeType)) {
@@ -44,7 +56,7 @@
log.debug("Given store type is null , using default type : JKS");
}
}
- this.storeType = storeType;
+ this.storeType = KeyStoreType.valueOf(storeType);
}
public String getAlias() {
@@ -53,7 +65,10 @@
public void setAlias(String alias) {
if (alias == null || "".equals(alias)) {
- handleException("Alias for a key entry or a certificate cannot be null");
+ if (log.isDebugEnabled()) {
+ log.debug("Alias for a key entry or a certificate is null");
+ }
+ return;
}
this.alias = alias;
}
@@ -69,9 +84,54 @@
this.location = location;
}
- private void handleException(String msg) {
+ protected void handleException(String msg) {
log.error(msg);
throw new SynapseException(msg);
}
+ protected void handleException(String msg, Exception e) {
+ log.error(msg, e);
+ throw new SynapseException(msg, e);
+ }
+
+ public void addParameter(String name, String value) {
+ parameters.put(name, value);
+ }
+
+ public String getParameter(String name) {
+ return (String) parameters.get(name);
+ }
+
+ protected KeyStore getKeyStore() {
+ switch (storeType) {
+ case JKS:
+ IKeyStoreLoader jksKeyStoreLoader = new JKSKeyStoreLoader(location,
+ keyStorePassword);
+ return jksKeyStoreLoader.getKeyStore();
+
+ case PKCS12:
+ IKeyStoreLoader pkcs12KeyStoreLoader = new PKCS12KeyStoreLoader(location,
+ keyStorePassword);
+ return pkcs12KeyStoreLoader.getKeyStore();
+ case PKCS8:
+ IKeyStoreLoader pkcs8KeyStoreLoader = new PKCS8KeyStoreLoader(location,
+ (String) parameters.get(KEYSTORE_CERTIFICATE_FILE_PATH),
+ keyStorePassword, alias);
+ return pkcs8KeyStoreLoader.getKeyStore();
+ case CA_CERTIFICATES_PATH:
+ ICACertsLoader caCertsLoader = new CACertsLoader();
+ return caCertsLoader.loadTrustStore(location);
+ default:
+ return null;
+ }
+ }
+
+ public void setProvider(String provider) {
+ this.provider = provider;
+ }
+
+ public void setKeyStorePassword(String keyStorePassword) {
+ this.keyStorePassword = keyStorePassword;
+ }
+
}
Added: synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/definition/TrustKeyStoreInformation.java
URL: http://svn.apache.org/viewvc/synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/definition/TrustKeyStoreInformation.java?rev=674440&view=auto
==============================================================================
--- synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/definition/TrustKeyStoreInformation.java (added)
+++ synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/definition/TrustKeyStoreInformation.java Mon Jul 7 03:19:45 2008
@@ -0,0 +1,49 @@
+/*
+* Licensed to the Apache Software Foundation (ASF) under one
+* or more contributor license agreements. See the NOTICE file
+* distributed with this work for additional information
+* regarding copyright ownership. The ASF licenses this file
+* to you under the Apache License, Version 2.0 (the
+* "License"); you may not use this file except in compliance
+* with the License. You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+package org.apache.synapse.security.definition;
+
+import javax.net.ssl.TrustManagerFactory;
+import java.security.KeyStore;
+
+/**
+ *
+ */
+public class TrustKeyStoreInformation extends KeyStoreInformation {
+
+ public TrustManagerFactory getTrustManagerFactoryInstance() {
+ try {
+ KeyStore trustStore = this.getKeyStore();
+ TrustManagerFactory trustManagerfactory = TrustManagerFactory.getInstance(
+ TrustManagerFactory.getDefaultAlgorithm());
+ trustManagerfactory.init(trustStore);
+
+ return trustManagerfactory;
+ } catch (Exception e) {
+ handleException("Error getting TrustManagerFactory: ", e);
+ }
+
+ return null;
+ }
+
+ public KeyStore getTrustStore() {
+ return super.getKeyStore();
+
+ }
+
+}
Added: synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/definition/factory/KeyStoreInformationFactory.java
URL: http://svn.apache.org/viewvc/synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/definition/factory/KeyStoreInformationFactory.java?rev=674440&view=auto
==============================================================================
--- synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/definition/factory/KeyStoreInformationFactory.java (added)
+++ synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/definition/factory/KeyStoreInformationFactory.java Mon Jul 7 03:19:45 2008
@@ -0,0 +1,151 @@
+/*
+* Licensed to the Apache Software Foundation (ASF) under one
+* or more contributor license agreements. See the NOTICE file
+* distributed with this work for additional information
+* regarding copyright ownership. The ASF licenses this file
+* to you under the Apache License, Version 2.0 (the
+* "License"); you may not use this file except in compliance
+* with the License. You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+package org.apache.synapse.security.definition.factory;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.synapse.security.definition.IdentityKeyStoreInformation;
+import org.apache.synapse.security.definition.KeyStoreInformation;
+import org.apache.synapse.security.definition.TrustKeyStoreInformation;
+import org.apache.synapse.util.MiscellaneousUtil;
+
+import java.util.Properties;
+
+/**
+ * Factory for creating KeyStoreInformation
+ */
+public class KeyStoreInformationFactory {
+
+ private static Log log = LogFactory.getLog(KeyStoreInformationFactory.class);
+
+ /* Private key entry KeyStore location */
+ private final static String IDENTITY_KEY_STORE = "keystore.identity.location";
+ /* Private key entry KeyStore type */
+ private final static String IDENTITY_KEY_STORE_TYPE = "keystore.identity.type";
+ /* Alias for private key entry KeyStore */
+ private final static String IDENTITY_KEY_STORE_ALIAS = "keystore.identity.alias";
+ /* Password for access keyStore*/
+ private final static String IDENTITY_KEY_STORE_PASSWORD = "keystore.identity.storePassword";
+ /* Password for get private key*/
+ private final static String IDENTITY_KEY_PASSWORD = "keystore.identity.keyPassword";
+
+ private final static String KEY_STORE_PARAMETERS = "keystore.identity.parameters";
+
+ /* Trusted certificate KeyStore location */
+ private final static String TRUST_STORE = "keystore.trust.location";
+ /* Trusted certificate KeyStore type*/
+ private final static String TRUST_STORE_TYPE = "keystore.trust.type";
+ /* Alias for certificate KeyStore */
+ private final static String TRUST_STORE_ALIAS = "keystore.trust.alias";
+ /* Password for access TrustStore*/
+ private final static String TRUST_STORE_PASSWORD = "keystore.trust.storePassword";
+
+ private final static String TRUST_STORE_PARAMETERS = "keystore.trust.parameters";
+
+ /**
+ * Creates a KeyStoreInformation using synapse properties
+ * Uses KeyStore configuration properties
+ *
+ * @param properties Synapse Properties
+ * @return IdentityKeyStoreInformation instance
+ */
+ public static IdentityKeyStoreInformation createIdentityKeyStoreInformation(Properties properties) {
+
+ String keyStoreLocation = MiscellaneousUtil.getProperty(
+ properties, IDENTITY_KEY_STORE, null);
+ if (keyStoreLocation == null || "".equals(keyStoreLocation)) {
+ if (log.isDebugEnabled()) {
+ log.debug("Cannot find a KeyStoreLocation");
+ }
+ return null;
+ }
+ IdentityKeyStoreInformation keyStoreInformation = new IdentityKeyStoreInformation();
+ keyStoreInformation.setAlias(
+ MiscellaneousUtil.getProperty(properties,
+ IDENTITY_KEY_STORE_ALIAS, null));
+ keyStoreInformation.setLocation(keyStoreLocation);
+ keyStoreInformation.setStoreType(
+ MiscellaneousUtil.getProperty(properties,
+ IDENTITY_KEY_STORE_TYPE, null));
+ keyStoreInformation.setKeyStorePassword(
+ MiscellaneousUtil.getProperty(
+ properties, IDENTITY_KEY_STORE_PASSWORD, null));
+ keyStoreInformation.setKeyPassword(
+ MiscellaneousUtil.getProperty(
+ properties, IDENTITY_KEY_PASSWORD, null));
+ String parameterString = MiscellaneousUtil.getProperty(
+ properties, KEY_STORE_PARAMETERS, null);
+ parseParameter(parameterString, keyStoreInformation);
+ return keyStoreInformation;
+ }
+
+ /**
+ * Creates a TrustKeyStoreInformation using synapse properties
+ * Uses TrustStore Configuration properties
+ *
+ * @param properties Synapse Properties
+ * @return TrustKeyStoreInformation instance
+ */
+ public static TrustKeyStoreInformation createTrustKeyStoreInformation(Properties properties) {
+
+ String keyStoreLocation =
+ MiscellaneousUtil.getProperty(properties,
+ TRUST_STORE, null);
+ if (keyStoreLocation == null || "".equals(keyStoreLocation)) {
+ if (log.isDebugEnabled()) {
+ log.debug("Cannot find a KeyStoreLocation");
+ }
+ return null;
+ }
+
+ TrustKeyStoreInformation trustInformation = new TrustKeyStoreInformation();
+ trustInformation.setAlias(
+ MiscellaneousUtil.getProperty(properties, TRUST_STORE_ALIAS, null));
+ trustInformation.setLocation(keyStoreLocation);
+ trustInformation.setStoreType(
+ MiscellaneousUtil.getProperty(properties,
+ TRUST_STORE_TYPE, null));
+ trustInformation.setKeyStorePassword(
+ MiscellaneousUtil.getProperty(properties, TRUST_STORE_PASSWORD, null));
+ String parameterString = MiscellaneousUtil.getProperty(
+ properties, TRUST_STORE_PARAMETERS, null);
+ parseParameter(parameterString, trustInformation);
+ return trustInformation;
+ }
+
+ private static void parseParameter(String parameterString, KeyStoreInformation information) {
+
+ if (parameterString == null || "".equals(parameterString)) {
+ return;
+ }
+
+ String[] parameterPairs = parameterString.split(";");
+ if (parameterPairs == null) {
+ return;
+ }
+
+ for (String parameterPairString : parameterPairs) {
+ String[] parametersPair = parameterPairString.split("=");
+ if (parametersPair == null) {
+ return;
+ }
+ information.addParameter(parametersPair[0], parametersPair[1]);
+ }
+ }
+}
Added: synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/enumeration/KeyStoreType.java
URL: http://svn.apache.org/viewvc/synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/enumeration/KeyStoreType.java?rev=674440&view=auto
==============================================================================
--- synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/enumeration/KeyStoreType.java (added)
+++ synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/enumeration/KeyStoreType.java Mon Jul 7 03:19:45 2008
@@ -0,0 +1,8 @@
+package org.apache.synapse.security.enumeration;
+
+public enum KeyStoreType {
+ JKS,
+ PKCS8,
+ PKCS12,
+ CA_CERTIFICATES_PATH
+}
Added: synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/interfaces/ICACertsLoader.java
URL: http://svn.apache.org/viewvc/synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/interfaces/ICACertsLoader.java?rev=674440&view=auto
==============================================================================
--- synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/interfaces/ICACertsLoader.java (added)
+++ synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/interfaces/ICACertsLoader.java Mon Jul 7 03:19:45 2008
@@ -0,0 +1,10 @@
+package org.apache.synapse.security.interfaces;
+
+import java.security.KeyStore;
+
+/**
+ * ICACertsLoader provides an uniform interface to create a keystore containing CA certs (truststore)
+ */
+public interface ICACertsLoader {
+ public abstract KeyStore loadTrustStore(String CACertificateFilesPath);
+}
Added: synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/interfaces/IKeyStoreLoader.java
URL: http://svn.apache.org/viewvc/synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/interfaces/IKeyStoreLoader.java?rev=674440&view=auto
==============================================================================
--- synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/interfaces/IKeyStoreLoader.java (added)
+++ synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/interfaces/IKeyStoreLoader.java Mon Jul 7 03:19:45 2008
@@ -0,0 +1,14 @@
+package org.apache.synapse.security.interfaces;
+
+import java.security.KeyStore;
+
+public interface IKeyStoreLoader {
+
+ /**
+ * returns an instance of KeyStore object
+ *
+ * @return
+ * @throws Exception
+ */
+ public abstract KeyStore getKeyStore();
+}
Added: synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/keystore/AbstractKeyStoreLoader.java
URL: http://svn.apache.org/viewvc/synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/keystore/AbstractKeyStoreLoader.java?rev=674440&view=auto
==============================================================================
--- synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/keystore/AbstractKeyStoreLoader.java (added)
+++ synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/keystore/AbstractKeyStoreLoader.java Mon Jul 7 03:19:45 2008
@@ -0,0 +1,97 @@
+/*
+* Licensed to the Apache Software Foundation (ASF) under one
+* or more contributor license agreements. See the NOTICE file
+* distributed with this work for additional information
+* regarding copyright ownership. The ASF licenses this file
+* to you under the Apache License, Version 2.0 (the
+* "License"); you may not use this file except in compliance
+* with the License. You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+package org.apache.synapse.security.keystore;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.synapse.SynapseException;
+import org.apache.synapse.security.interfaces.IKeyStoreLoader;
+
+import java.io.BufferedInputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.cert.CertificateException;
+
+/**
+ *
+ */
+public abstract class AbstractKeyStoreLoader implements IKeyStoreLoader {
+ protected static Log log;
+
+ protected AbstractKeyStoreLoader() {
+ log = LogFactory.getLog(this.getClass());
+ }
+
+ protected KeyStore getKeyStore(String location, String storePassword, String storeType, String provider) {
+
+ File keyStoreFile = new File(location);
+ if (!keyStoreFile.exists()) {
+ handleException("KeyStore can not be found at ' " + keyStoreFile + " '");
+ }
+
+ BufferedInputStream bis = null;
+ try {
+ if (log.isDebugEnabled()) {
+ log.debug("Loading KeyStore form : " + location);
+ }
+ bis = new BufferedInputStream(new FileInputStream(keyStoreFile));
+ KeyStore keyStore;
+ if (provider != null) {
+ keyStore = KeyStore.getInstance(storeType, provider);
+ } else {
+ keyStore = KeyStore.getInstance(storeType);
+ }
+ keyStore.load(bis, storePassword.toCharArray());
+ return keyStore;
+ } catch (KeyStoreException e) {
+ handleException("Error loading keyStore from ' " + location + " ' ", e);
+ } catch (IOException e) {
+ handleException("IOError loading keyStore from ' " + location + " ' ", e);
+ } catch (NoSuchAlgorithmException e) {
+ handleException("Error loading keyStore from ' " + location + " ' ", e);
+ } catch (CertificateException e) {
+ handleException("Error loading keyStore from ' " + location + " ' ", e);
+ } catch (NoSuchProviderException e) {
+ handleException("Error loading keyStore from ' " + location + " ' ", e);
+ } finally {
+ if (bis != null) {
+ try {
+ bis.close();
+ } catch (IOException ignored) {
+ }
+ }
+ }
+ return null;
+ }
+
+ protected void handleException(String msg, Exception e) {
+ log.error(msg, e);
+ throw new SynapseException(msg, e);
+ }
+
+ protected void handleException(String msg) {
+ log.error(msg);
+ throw new SynapseException(msg);
+ }
+}
Added: synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/keystore/CACertsLoader.java
URL: http://svn.apache.org/viewvc/synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/keystore/CACertsLoader.java?rev=674440&view=auto
==============================================================================
--- synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/keystore/CACertsLoader.java (added)
+++ synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/keystore/CACertsLoader.java Mon Jul 7 03:19:45 2008
@@ -0,0 +1,48 @@
+package org.apache.synapse.security.keystore;
+
+
+import org.apache.synapse.security.interfaces.ICACertsLoader;
+
+import java.io.BufferedInputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.security.KeyStore;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateFactory;
+
+public class CACertsLoader implements ICACertsLoader {
+
+ /**
+ * Constructs a keyStore from the path provided.
+ *
+ * @param CACertificateFilesPath - directory which contains Certificate Authority Certificates in PEM encoding.
+ */
+ public KeyStore loadTrustStore(String CACertificateFilesPath) {
+ try {
+ KeyStore trustStore = KeyStore.getInstance("JKS");
+ trustStore.load(null, null);
+
+ File certsPath = new File(CACertificateFilesPath);
+
+ File[] certs = certsPath.listFiles();
+
+ for (File currentCert : certs) {
+ FileInputStream inStream = new FileInputStream(currentCert);
+ BufferedInputStream bis = new BufferedInputStream(inStream);
+
+ CertificateFactory certFactory = CertificateFactory.getInstance("X509");
+
+ Certificate cert = certFactory.generateCertificate(bis);
+
+ trustStore.setCertificateEntry(currentCert.getName(), cert);
+
+ bis.close();
+ inStream.close();
+ }
+
+ return trustStore;
+ } catch (Exception e) {
+ return null;
+ }
+ }
+}
Added: synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/keystore/JKSKeyStoreLoader.java
URL: http://svn.apache.org/viewvc/synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/keystore/JKSKeyStoreLoader.java?rev=674440&view=auto
==============================================================================
--- synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/keystore/JKSKeyStoreLoader.java (added)
+++ synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/keystore/JKSKeyStoreLoader.java Mon Jul 7 03:19:45 2008
@@ -0,0 +1,32 @@
+/**
+ *
+ */
+package org.apache.synapse.security.keystore;
+
+import java.security.KeyStore;
+
+/**
+ *
+ */
+public class JKSKeyStoreLoader extends AbstractKeyStoreLoader {
+
+ private String keyStorePath;
+ private String keyStorePassword;
+
+ /**
+ * constructs an instance of KeyStoreLoader
+ *
+ * @param keyStorePath - path to KeyStore file. KeyStore must be in JKS format.
+ * @param keyStorePassword - password to access keyStore
+ */
+ public JKSKeyStoreLoader(String keyStorePath, String keyStorePassword) {
+ super();
+ this.keyStorePath = keyStorePath;
+ this.keyStorePassword = keyStorePassword;
+ }
+
+ public KeyStore getKeyStore() {
+ return getKeyStore(keyStorePath, keyStorePassword, "JKS", null);
+ }
+
+}
Added: synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/keystore/PKCS12KeyStoreLoader.java
URL: http://svn.apache.org/viewvc/synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/keystore/PKCS12KeyStoreLoader.java?rev=674440&view=auto
==============================================================================
--- synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/keystore/PKCS12KeyStoreLoader.java (added)
+++ synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/keystore/PKCS12KeyStoreLoader.java Mon Jul 7 03:19:45 2008
@@ -0,0 +1,29 @@
+package org.apache.synapse.security.keystore;
+
+import java.security.KeyStore;
+
+
+public class PKCS12KeyStoreLoader extends AbstractKeyStoreLoader {
+
+ private String keyStorePath;
+ private String keyStorePassword;
+
+ /**
+ * constructs an instance of KeyStoreLoader
+ *
+ * @param keystorePath - path to Keystore file. KeyStore must be in pkcs12 format.
+ * @param keyStorePassword - password to access keyStore
+ */
+ public PKCS12KeyStoreLoader(String keystorePath, String keyStorePassword) {
+ this.keyStorePath = keystorePath;
+ this.keyStorePassword = keyStorePassword;
+ }
+
+ /**
+ * returns KeyStore to be used
+ */
+ public KeyStore getKeyStore() {
+ return getKeyStore(keyStorePath, keyStorePassword, "PKCS12", "SunJSSE");
+ }
+
+}
Added: synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/keystore/PKCS8KeyStoreLoader.java
URL: http://svn.apache.org/viewvc/synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/keystore/PKCS8KeyStoreLoader.java?rev=674440&view=auto
==============================================================================
--- synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/keystore/PKCS8KeyStoreLoader.java (added)
+++ synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/keystore/PKCS8KeyStoreLoader.java Mon Jul 7 03:19:45 2008
@@ -0,0 +1,142 @@
+package org.apache.synapse.security.keystore;
+
+import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.synapse.SynapseException;
+import org.apache.synapse.security.interfaces.IKeyStoreLoader;
+
+import java.io.BufferedInputStream;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.security.*;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.PKCS8EncodedKeySpec;
+
+/**
+ * Constructs a KeyStore instance of type JKS from a pkcs8 private key and certificate.
+ */
+public class PKCS8KeyStoreLoader implements IKeyStoreLoader {
+
+ private static Log log = LogFactory.getLog(PKCS8KeyStoreLoader.class);
+ private String pkPath;
+ private String certPath;
+ private String keyPassword;
+ private String entryAlias;
+
+ private static final String HEADER = "-----BEGIN PRIVATE KEY-----\n";
+ private static final String FOOTER = "-----END PRIVATE KEY-----";
+
+ /**
+ * constructs an instance of KeyStoreLoader
+ *
+ * @param pkcs8PrivateKeyPath - path to a private key file. Key must be in PKCS8 format, PEM encoded and unencrypted.
+ * @param certFilePath - path to certificate file. File must be PEM encoded.
+ * @param keyPass - password to secure the private key within the keystore. This will be required later to retrieve the private key back from the keystore.
+ * @param entryAlias - alias for the given entry within the keystore.
+ */
+ public PKCS8KeyStoreLoader(String pkcs8PrivateKeyPath, String certFilePath, String keyPass, String entryAlias) {
+ pkPath = pkcs8PrivateKeyPath;
+ certPath = certFilePath;
+ keyPassword = keyPass;
+ this.entryAlias = entryAlias;
+ }
+
+ /**
+ * returns a JKS keystore from the given private key, certificate path, key password and alias.
+ */
+ public KeyStore getKeyStore() {
+ FileInputStream keyFile = null;
+ try {
+ keyFile = new FileInputStream(pkPath);
+ BufferedInputStream kis = new BufferedInputStream(keyFile);
+ byte[] keyBytes = new byte[kis.available()];
+
+ kis.read(keyBytes);
+
+ kis.close();
+ keyFile.close();
+
+ PrivateKey key = createPrivateKey(keyBytes);
+
+ FileInputStream certificateFile = new FileInputStream(certPath);
+ BufferedInputStream bis = new BufferedInputStream(certificateFile);
+
+ CertificateFactory certFactory = CertificateFactory.getInstance("X509");
+
+ Certificate cert = certFactory.generateCertificate(bis);
+
+ bis.close();
+ certificateFile.close();
+
+ KeyStore newKeyStore = KeyStore.getInstance("JKS");
+ newKeyStore.load(null, null);
+
+ newKeyStore.setCertificateEntry("server Cert", cert);
+
+ Certificate[] certChain = new Certificate[1];
+ certChain[0] = cert;
+
+ newKeyStore.setKeyEntry(entryAlias, key, keyPassword.toCharArray(), certChain);
+
+ return newKeyStore;
+ } catch (FileNotFoundException e) {
+ handleException("IOError", e);
+ } catch (IOException e) {
+ handleException("IOError", e);
+ } catch (NoSuchAlgorithmException e) {
+ handleException("Error creating KeyStore", e);
+ } catch (KeyStoreException e) {
+ handleException("Error creating KeyStore", e);
+ } catch (CertificateException e) {
+ handleException("Error creating KeyStore", e);
+ }
+ return null;
+
+
+ }
+
+
+ /**
+ * takes the (unencrypted) RSA private key in pkcs8 format, and creates a private key out of it
+ *
+ * @param keyBytes
+ * @return
+ */
+ private PrivateKey createPrivateKey(byte[] keyBytes) {
+
+ int dataStart = HEADER.length();
+ int dataEnd = keyBytes.length - FOOTER.length() - 1;
+ int dataLength = dataEnd - dataStart;
+ byte[] keyContent = new byte[dataLength];
+
+ System.arraycopy(keyBytes, dataStart, keyContent, 0, dataLength);
+
+ PKCS8EncodedKeySpec pkcs8SpecPriv = new PKCS8EncodedKeySpec(new Base64().decode(keyContent));
+
+ KeyFactory keyFactory = null;
+ try {
+ keyFactory = KeyFactory.getInstance("RSA");
+ return keyFactory.generatePrivate(pkcs8SpecPriv);
+ } catch (NoSuchAlgorithmException e) {
+ handleException("Error getting KeyFactory instance", e);
+ } catch (InvalidKeySpecException e) {
+ handleException("Error generating private key", e);
+ }
+ return null;
+ }
+
+ protected void handleException(String msg) {
+ log.error(msg);
+ throw new SynapseException(msg);
+ }
+
+ protected void handleException(String msg, Exception e) {
+ log.error(msg, e);
+ throw new SynapseException(msg, e);
+ }
+}
Modified: synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/secret/SecretManager.java
URL: http://svn.apache.org/viewvc/synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/secret/SecretManager.java?rev=674440&r1=674439&r2=674440&view=diff
==============================================================================
--- synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/secret/SecretManager.java (original)
+++ synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/secret/SecretManager.java Mon Jul 7 03:19:45 2008
@@ -6,7 +6,10 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.synapse.SynapseException;
-import org.apache.synapse.security.bean.KeyStoreInformation;
+import org.apache.synapse.config.SynapsePropertiesLoader;
+import org.apache.synapse.security.definition.IdentityKeyStoreInformation;
+import org.apache.synapse.security.definition.TrustKeyStoreInformation;
+import org.apache.synapse.security.definition.factory.KeyStoreInformationFactory;
import org.apache.synapse.security.secret.repository.FileBaseSecretRepository;
import org.apache.synapse.security.wrappers.IdentityKeyStoreWrapper;
import org.apache.synapse.security.wrappers.TrustKeyStoreWrapper;
@@ -31,18 +34,6 @@
private final static String SECRET_REPOSITORIES = "secretRepositories";
/* Type of the secret repository */
private final static String TYPE = "type";
- /* Private key entry KeyStore password */
- private final static String IDENTITY_KEY_STORE = "keystore.identity.location";
- /* Private key entry KeyStore type */
- private final static String IDENTITY_KEY_STORE_TYPE = "keystore.identity.type";
- /*Alias for private key entry KeyStore */
- private final static String IDENTITY_KEY_STORE_ALIAS = "keystore.identity.alias";
- /* Trusted certificate KeyStore password */
- private final static String TRUST_KEY_STORE = "keystore.trust.location";
- /* Trusted certificate KeyStore type*/
- private final static String TRUST_KEY_STORE_TYPE = "keystore.trust.type";
- /* Alias for certificate KeyStore */
- private final static String TRUST_KEY_STORE_ALIAS = "keystore.trust.alias";
private final static String DOT = ".";
/* Secret Repository type - file */
@@ -72,6 +63,14 @@
*/
public void init(Properties properties, String identityStorePass, String identityKeyPass, String trustStorePass) {
+ Properties keyStoreProperties = SynapsePropertiesLoader.loadSynapseProperties();
+ if (keyStoreProperties == null) {
+ if (log.isDebugEnabled()) {
+ log.debug("KeyStore configuration properties cannot be found");
+ }
+ return;
+ }
+
String configurationFile = MiscellaneousUtil.getProperty(
properties, SECRET_MANAGER_CONF, DEFAULT_CONF_LOCATION);
@@ -102,34 +101,20 @@
}
//Create a KeyStore Information for private key entry KeyStore
- KeyStoreInformation keyStoreInformation = new KeyStoreInformation();
-
- keyStoreInformation.setAlias(
- MiscellaneousUtil.getProperty(configurationProperties,
- IDENTITY_KEY_STORE_ALIAS, null));
- keyStoreInformation.setLocation(
- MiscellaneousUtil.getProperty(configurationProperties, IDENTITY_KEY_STORE, null));
- keyStoreInformation.setStoreType(
- MiscellaneousUtil.getProperty(configurationProperties,
- IDENTITY_KEY_STORE_TYPE, null));
+ IdentityKeyStoreInformation keyStoreInformation =
+ KeyStoreInformationFactory.createIdentityKeyStoreInformation(keyStoreProperties);
+ keyStoreInformation.setKeyStorePassword(identityStorePass);
// Create a KeyStore Information for trusted certificate KeyStore
- KeyStoreInformation trustInformation = new KeyStoreInformation();
-
- trustInformation.setAlias(
- MiscellaneousUtil.getProperty(configurationProperties, TRUST_KEY_STORE, null));
- trustInformation.setLocation(
- MiscellaneousUtil.getProperty(configurationProperties,
- TRUST_KEY_STORE_ALIAS, null));
- trustInformation.setStoreType(
- MiscellaneousUtil.getProperty(configurationProperties,
- TRUST_KEY_STORE_TYPE, null));
+ TrustKeyStoreInformation trustInformation =
+ KeyStoreInformationFactory.createTrustKeyStoreInformation(keyStoreProperties);
+ trustInformation.setKeyStorePassword(trustStorePass);
IdentityKeyStoreWrapper identityKeyStoreWrapper = new IdentityKeyStoreWrapper();
- identityKeyStoreWrapper.init(keyStoreInformation, identityStorePass, identityKeyPass);
+ identityKeyStoreWrapper.init(keyStoreInformation, identityKeyPass);
TrustKeyStoreWrapper trustStoreWrapper = new TrustKeyStoreWrapper();
- trustStoreWrapper.init(keyStoreInformation, trustStorePass);
+ trustStoreWrapper.init(trustInformation);
SecretRepository currentParent = null;
for (String secretRepo : repositories) {
Modified: synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/secret/repository/FileBaseSecretRepository.java
URL: http://svn.apache.org/viewvc/synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/secret/repository/FileBaseSecretRepository.java?rev=674440&r1=674439&r2=674440&view=diff
==============================================================================
--- synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/secret/repository/FileBaseSecretRepository.java (original)
+++ synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/secret/repository/FileBaseSecretRepository.java Mon Jul 7 03:19:45 2008
@@ -20,7 +20,7 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.synapse.security.bean.CipherInformation;
+import org.apache.synapse.security.definition.CipherInformation;
import org.apache.synapse.security.secret.SecretRepository;
import org.apache.synapse.security.tool.CipherTool;
import org.apache.synapse.security.wrappers.CipherWrapper;
@@ -54,7 +54,7 @@
/* Parent secret repository */
private SecretRepository parentRepository;
/*Map of secrets keyed by alias for property name */
- private final Map secrets = new HashMap();
+ private final Map<String, String> secrets = new HashMap<String, String>();
/*Wrapper for Identity KeyStore */
private IdentityKeyStoreWrapper identity;
/* Wrapper for trusted KeyStore */
@@ -184,7 +184,7 @@
public String getSecret(String alias) {
if (alias == null || "".equals(alias)) {
- return alias; // TODO is it need to throw an error?
+ return alias; // TODO is it needed to throw an error?
}
if (!initialize || secrets.isEmpty()) {
@@ -199,7 +199,7 @@
sb.append(DOT);
sb.append(SECRET);
- String secret = (String) secrets.get(sb.toString());
+ String secret = secrets.get(sb.toString());
if (secret == null || "".equals(secret)) {
if (log.isDebugEnabled()) {
log.debug("There is no secret found for alias '" + alias + "' returning itself");
Modified: synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/tool/CipherTool.java
URL: http://svn.apache.org/viewvc/synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/tool/CipherTool.java?rev=674440&r1=674439&r2=674440&view=diff
==============================================================================
--- synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/tool/CipherTool.java (original)
+++ synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/tool/CipherTool.java Mon Jul 7 03:19:45 2008
@@ -22,8 +22,9 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.synapse.SynapseException;
-import org.apache.synapse.security.bean.CipherInformation;
-import org.apache.synapse.security.bean.KeyStoreInformation;
+import org.apache.synapse.security.definition.CipherInformation;
+import org.apache.synapse.security.definition.IdentityKeyStoreInformation;
+import org.apache.synapse.security.definition.TrustKeyStoreInformation;
import org.apache.synapse.security.wrappers.CipherWrapper;
import org.apache.synapse.security.wrappers.IdentityKeyStoreWrapper;
import org.apache.synapse.security.wrappers.TrustKeyStoreWrapper;
@@ -104,8 +105,7 @@
CommandLine cmd = parser.parse(options, args);
// Loads the cipher relate information
CipherInformation cipherInformation = getCipherInformation(cmd);
- // Loads the keyStore relate information
- KeyStoreInformation keyStoreInformation = getKeyStoreInformation(cmd);
+
//Key information must not contain any password
//Password for access KeyStore
String storePass = getArgument(cmd, STORE_PASS);
@@ -124,11 +124,11 @@
} else {
if (isTrusted) {
TrustKeyStoreWrapper trustKeyStoreWrapper = new TrustKeyStoreWrapper();
- trustKeyStoreWrapper.init(keyStoreInformation, storePass);
+ trustKeyStoreWrapper.init(getTrustKeyStoreInformation(cmd));
key = trustKeyStoreWrapper.getPublicKey();
} else {
IdentityKeyStoreWrapper storeWrapper = new IdentityKeyStoreWrapper();
- storeWrapper.init(keyStoreInformation, storePass, keyPass);
+ storeWrapper.init(getIdentityKeyStoreInformation(cmd), keyPass);
if (ENCRYPT.equals(cipherInformation.getOperationMode())) {
key = storeWrapper.getPrivateKey();
} else {
@@ -223,12 +223,30 @@
* @param cmd Command line which capture all command line arguments
* @return KeyStoreInformation object
*/
- private static KeyStoreInformation getKeyStoreInformation(CommandLine cmd) {
+ private static IdentityKeyStoreInformation getIdentityKeyStoreInformation(CommandLine cmd) {
+
+ IdentityKeyStoreInformation information = new IdentityKeyStoreInformation();
+ information.setAlias(getArgument(cmd, ALIAS));
+ information.setLocation(getArgument(cmd, KEY_STORE));
+ information.setStoreType(getArgument(cmd, STORE_TYPE));
+ information.setKeyStorePassword(getArgument(cmd, STORE_PASS));
+ return information;
+
+ }
+
+ /**
+ * Factoyr method to create a @see keyStoreInformation from command line options
+ *
+ * @param cmd Command line which capture all command line arguments
+ * @return KeyStoreInformation object
+ */
+ private static TrustKeyStoreInformation getTrustKeyStoreInformation(CommandLine cmd) {
- KeyStoreInformation information = new KeyStoreInformation();
+ TrustKeyStoreInformation information = new TrustKeyStoreInformation();
information.setAlias(getArgument(cmd, ALIAS));
information.setLocation(getArgument(cmd, KEY_STORE));
information.setStoreType(getArgument(cmd, STORE_TYPE));
+ information.setKeyStorePassword(getArgument(cmd, STORE_PASS));
return information;
}
@@ -310,7 +328,7 @@
} catch (IOException e) {
handleException("Error reading ", e);
} catch (ClassNotFoundException e) {
- handleException("Canot load a key from the file" + filePath, e);
+ handleException("Cannot load a key from the file" + filePath, e);
} finally {
if (in != null) {
try {
Modified: synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/wrappers/CipherWrapper.java
URL: http://svn.apache.org/viewvc/synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/wrappers/CipherWrapper.java?rev=674440&r1=674439&r2=674440&view=diff
==============================================================================
--- synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/wrappers/CipherWrapper.java (original)
+++ synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/wrappers/CipherWrapper.java Mon Jul 7 03:19:45 2008
@@ -21,7 +21,7 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.synapse.SynapseException;
-import org.apache.synapse.security.bean.CipherInformation;
+import org.apache.synapse.security.definition.CipherInformation;
import org.apache.synapse.security.tool.CipherTool;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;
@@ -54,7 +54,7 @@
* providing those
*
* @param information Encapsulated object contains all information required to cipher
- * @param key The key that will be used by the cipher either for encryption and encryption
+ * @param key The key that will be used by the cipher either for encryption and encryption
*/
public CipherWrapper(CipherInformation information, Key key) {
this.information = information;
Modified: synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/wrappers/IdentityKeyStoreWrapper.java
URL: http://svn.apache.org/viewvc/synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/wrappers/IdentityKeyStoreWrapper.java?rev=674440&r1=674439&r2=674440&view=diff
==============================================================================
--- synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/wrappers/IdentityKeyStoreWrapper.java (original)
+++ synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/wrappers/IdentityKeyStoreWrapper.java Mon Jul 7 03:19:45 2008
@@ -18,10 +18,11 @@
*/
package org.apache.synapse.security.wrappers;
-import org.apache.synapse.security.bean.KeyStoreInformation;
+import org.apache.synapse.security.definition.IdentityKeyStoreInformation;
import javax.crypto.SecretKey;
import java.security.Key;
+import java.security.KeyStore;
import java.security.PrivateKey;
/**
@@ -32,13 +33,11 @@
public class IdentityKeyStoreWrapper extends KeyStoreWrapper {
/**
- * @param information @see KeyStoreWrapper
- * @param storePassword @see KeyStoreWrapper
- * @param keyPassword @see KeyStoreWrapper
* @see org.apache.synapse.security.wrappers.KeyStoreWrapper
+ * #init(org.apache.synapse.security.bean.KeyStoreInformation, String, String)
*/
- public void init(KeyStoreInformation information, String storePassword, String keyPassword) {
- super.init(information, storePassword, keyPassword);
+ public void init(IdentityKeyStoreInformation information, String keyPassword) {
+ super.init(information, keyPassword);
}
/**
@@ -96,4 +95,8 @@
}
return null;
}
+
+ public KeyStore getIdentityKeyStore() {
+ return getKeyStore();
+ }
}
Modified: synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/wrappers/KeyStoreWrapper.java
URL: http://svn.apache.org/viewvc/synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/wrappers/KeyStoreWrapper.java?rev=674440&r1=674439&r2=674440&view=diff
==============================================================================
--- synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/wrappers/KeyStoreWrapper.java (original)
+++ synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/wrappers/KeyStoreWrapper.java Mon Jul 7 03:19:45 2008
@@ -21,15 +21,12 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.synapse.SynapseException;
-import org.apache.synapse.security.bean.KeyStoreInformation;
+import org.apache.synapse.security.definition.IdentityKeyStoreInformation;
+import org.apache.synapse.security.definition.KeyStoreInformation;
+import org.apache.synapse.security.definition.TrustKeyStoreInformation;
-import java.io.BufferedInputStream;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
import java.security.*;
import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
/**
* Wraps the keyStore and provide abstraction need for ciphering in the synapse.
@@ -50,57 +47,25 @@
/**
* Initialize the KeyStore wrapper based on provided KeyStoreinformation and passwords
*
- * @param information The object that has encapsulated all information for a
- * keyStore excepts passwords
- * @param storePassword Specifies the password for the keyStore file
- * @param keyPassword Specifies the password of the key within the keyStore
+ * @param information The object that has encapsulated all information for a
+ * keyStore excepts passwords
+ * @param keyPassword Specifies the password of the key within the keyStore
*/
- protected void init(KeyStoreInformation information, String storePassword, String keyPassword) {
+ protected void init(KeyStoreInformation information, String keyPassword) {
if (information == null) {
handleException("KeyStore information cannot be found");
}
-
- if (storePassword == null || "".equals(storePassword)) {
- handleException("KeyStore password need to be provided ");
- }
-
this.keyStoreInformation = information;
this.keyPassword = keyPassword;
- String store = information.getLocation();
- File keyStoreFile = new File(store);
- if (!keyStoreFile.exists()) {
- handleException("KeyStore can not be found at ' " + keyStoreFile + " '");
- }
-
- String storeType = information.getStoreType();
- BufferedInputStream bis = null;
- try {
- if (log.isDebugEnabled()) {
- log.debug("Loading KeyStore form : " + store);
- }
- bis = new BufferedInputStream(new FileInputStream(keyStoreFile));
- keyStore = KeyStore.getInstance(storeType);
- keyStore.load(bis, storePassword.toCharArray());
-
- } catch (KeyStoreException e) {
- handleException("Error loading keyStore from ' " + store + " ' ", e);
- } catch (IOException e) {
- handleException("IOError loading keyStore from ' " + store + " ' ", e);
- } catch (NoSuchAlgorithmException e) {
- handleException("Error loading keyStore from ' " + store + " ' ", e);
- } catch (CertificateException e) {
- handleException("Error loading keyStore from ' " + store + " ' ", e);
- } finally {
- if (bis != null) {
- try {
- bis.close();
- } catch (IOException ignored) {
- }
- }
+ if (information instanceof TrustKeyStoreInformation) {
+ this.keyStore = ((TrustKeyStoreInformation) information).getTrustStore();
+ } else if (information instanceof IdentityKeyStoreInformation) {
+ this.keyStore = ((IdentityKeyStoreInformation) information).getIdentityKeyStore();
+ } else {
+ handleException("Invalid KeyStore type");
}
-
}
/**
@@ -196,4 +161,8 @@
log.error(msg);
throw new SynapseException(msg);
}
+
+ protected KeyStore getKeyStore() {
+ return keyStore;
+ }
}
Modified: synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/wrappers/TrustKeyStoreWrapper.java
URL: http://svn.apache.org/viewvc/synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/wrappers/TrustKeyStoreWrapper.java?rev=674440&r1=674439&r2=674440&view=diff
==============================================================================
--- synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/wrappers/TrustKeyStoreWrapper.java (original)
+++ synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/wrappers/TrustKeyStoreWrapper.java Mon Jul 7 03:19:45 2008
@@ -18,7 +18,9 @@
*/
package org.apache.synapse.security.wrappers;
-import org.apache.synapse.security.bean.KeyStoreInformation;
+import org.apache.synapse.security.definition.TrustKeyStoreInformation;
+
+import java.security.KeyStore;
/**
* Represents the abstraction for trusted KeyStore
@@ -29,7 +31,11 @@
* @see org.apache.synapse.security.wrappers.KeyStoreWrapper
* There is no keyPassword as trusted Store doesn't keep private or secret keys
*/
- public void init(KeyStoreInformation information, String storePassword) {
- super.init(information, storePassword, null);
+ public void init(TrustKeyStoreInformation information) {
+ super.init(information, null);
+ }
+
+ public KeyStore getTrustKeyStore() {
+ return getKeyStore();
}
}
Modified: synapse/trunk/java/repository/conf/secret-manager.properties
URL: http://svn.apache.org/viewvc/synapse/trunk/java/repository/conf/secret-manager.properties?rev=674440&r1=674439&r2=674440&view=diff
==============================================================================
--- synapse/trunk/java/repository/conf/secret-manager.properties (original)
+++ synapse/trunk/java/repository/conf/secret-manager.properties Mon Jul 7 03:19:45 2008
@@ -1,11 +1,3 @@
-#keystore.identity.location=lib/identity.jks
-#keystore.identity.type=JKS
-#keystore.identity.alias=synapse
-#
-#keystore.trust.location=lib/trust.jks
-#keystore.trust.type=JKS
-#keystore.trust.alias=synapse
-#
#secretRepositories=file
#
#secretRepositories.file.type=file
Modified: synapse/trunk/java/repository/conf/synapse.properties
URL: http://svn.apache.org/viewvc/synapse/trunk/java/repository/conf/synapse.properties?rev=674440&r1=674439&r2=674440&view=diff
==============================================================================
--- synapse/trunk/java/repository/conf/synapse.properties (original)
+++ synapse/trunk/java/repository/conf/synapse.properties Mon Jul 7 03:19:45 2008
@@ -24,6 +24,23 @@
#synapse.threads.group = synapse-thread-group
#synapse.threads.idprefix = SynapseWorker
+# KeyStores configurations
+
+#keystore.identity.location=lib/identity.jks
+#keystore.identity.type=JKS
+#keystore.identity.alias=synapse
+#keystore.identity.storePassword=password
+#keystore.identity.keyPassword=password
+#keystore.identity.parameters=enableHostnameVerifier=true;keyStoreCertificateFilePath=/home/esb.cer
+#
+#keystore.trust.location=lib/trust.jks
+#keystore.trust.type=JKS
+#keystore.trust.alias=synapse
+#keystore.trust.storePassword=password
+#keystore.trust.parameters=enableHostnameVerifier=false;keyStoreCertificateFilePath=/home/esb.cer
+
+# DataSources Configurations
+
#synapse.datasources=lookupds,reportds
#synapse.datasources.icFactory=com.sun.jndi.rmi.registry.RegistryContextFactory
#synapse.datasources.providerUrl=rmi://localhost:2199