You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@servicemix.apache.org by gn...@apache.org on 2006/06/13 16:04:19 UTC
svn commit: r413898 - in /incubator/servicemix/trunk/servicemix-core/src:
main/java/org/apache/servicemix/jbi/security/
main/java/org/apache/servicemix/jbi/security/acl/
main/java/org/apache/servicemix/jbi/security/acl/impl/
main/java/org/apache/servic...
Author: gnodet
Date: Tue Jun 13 07:04:17 2006
New Revision: 413898
URL: http://svn.apache.org/viewvc?rev=413898&view=rev
Log:
Security refactoring and improvement:
* add an AuthenticationService interface to authenticate users based on credentials
* add a KeystoreManager to perform operations on KeyStore having a single location for configuration and passwords (based on geronimo-security)
* add a CertificatesLoginModule (based on geronimo-security)
* move classes to more specialized packages
Added:
incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/
incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/AuthorizationMap.java
incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/impl/
incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/impl/AuthorizationEntry.java
incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/impl/DefaultAuthorizationMap.java
incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/auth/
incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/auth/AuthenticationService.java
incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/auth/impl/
incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/auth/impl/JAASAuthenticationService.java
incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/keystore/
incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/keystore/KeyIsLocked.java
incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/keystore/KeystoreInstance.java
incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/keystore/KeystoreIsLocked.java
incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/keystore/KeystoreManager.java
incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/keystore/impl/
incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/keystore/impl/BaseKeystoreManager.java
incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/keystore/impl/FileKeystoreInstance.java
incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/login/
incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/login/CertificateCallback.java
incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/login/CertificatesLoginModule.java
incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/login/PropertiesLoginModule.java
incubator/servicemix/trunk/servicemix-core/src/test/java/org/apache/servicemix/jbi/security/FileKeystoreManagerTest.java
incubator/servicemix/trunk/servicemix-core/src/test/resources/org/apache/servicemix/jbi/security/privatestore.jks (with props)
Removed:
incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/AuthorizationEntry.java
incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/AuthorizationMap.java
incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/DefaultAuthorizationMap.java
incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/PropertiesLoginModule.java
Modified:
incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/GroupPrincipal.java
incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/SecuredBroker.java
incubator/servicemix/trunk/servicemix-core/src/test/java/org/apache/servicemix/jbi/security/SecuredBrokerTest.java
incubator/servicemix/trunk/servicemix-core/src/test/resources/org/apache/servicemix/jbi/security/login.properties
Modified: incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/GroupPrincipal.java
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/GroupPrincipal.java?rev=413898&r1=413897&r2=413898&view=diff
==============================================================================
--- incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/GroupPrincipal.java (original)
+++ incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/GroupPrincipal.java Tue Jun 13 07:04:17 2006
@@ -19,7 +19,10 @@
/**
- *
+ * This principal represents a group against which authorizations are
+ * usually checked.
+ *
+ * @version $Rev: $ $Date: $
*/
public class GroupPrincipal implements Principal {
Modified: incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/SecuredBroker.java
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/SecuredBroker.java?rev=413898&r1=413897&r2=413898&view=diff
==============================================================================
--- incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/SecuredBroker.java (original)
+++ incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/SecuredBroker.java Tue Jun 13 07:04:17 2006
@@ -25,6 +25,7 @@
import org.apache.servicemix.jbi.messaging.MessageExchangeImpl;
import org.apache.servicemix.jbi.nmr.DefaultBroker;
+import org.apache.servicemix.jbi.security.acl.AuthorizationMap;
/**
*
Added: incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/AuthorizationMap.java
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/AuthorizationMap.java?rev=413898&view=auto
==============================================================================
--- incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/AuthorizationMap.java (added)
+++ incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/AuthorizationMap.java Tue Jun 13 07:04:17 2006
@@ -0,0 +1,26 @@
+/*
+ * Copyright 2005-2006 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.servicemix.jbi.security.acl;
+
+import java.util.Set;
+
+import javax.jbi.servicedesc.ServiceEndpoint;
+
+public interface AuthorizationMap {
+
+ Set getAcls(ServiceEndpoint endpoint);
+
+}
Added: incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/impl/AuthorizationEntry.java
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/impl/AuthorizationEntry.java?rev=413898&view=auto
==============================================================================
--- incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/impl/AuthorizationEntry.java (added)
+++ incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/impl/AuthorizationEntry.java Tue Jun 13 07:04:17 2006
@@ -0,0 +1,155 @@
+/*
+ * Copyright 2005-2006 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.servicemix.jbi.security.acl.impl;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+import java.util.StringTokenizer;
+
+import javax.xml.XMLConstants;
+import javax.xml.namespace.QName;
+
+import org.apache.servicemix.jbi.security.GroupPrincipal;
+
+/**
+ *
+ * @author gnodet
+ * @org.apache.xbean.XBean
+ */
+public class AuthorizationEntry {
+
+ /**
+ * Add the roles to the ACLs list
+ */
+ public static final String TYPE_ADD = "add";
+ /**
+ * Set the ACLs to the given roles
+ */
+ public static final String TYPE_SET = "set";
+ /**
+ * Remove the given roles from the ACLs list
+ */
+ public static final String TYPE_REM = "rem";
+
+ private Set acls;
+ private QName service;
+ private String endpoint;
+ private String type = TYPE_ADD;
+
+ public AuthorizationEntry() {
+ }
+
+ public AuthorizationEntry(QName service, String endpoint, String roles) {
+ this.service = service;
+ this.endpoint = endpoint;
+ setRoles(roles);
+ }
+
+ public AuthorizationEntry(QName service, String endpoint, String roles, String type) {
+ this.service = service;
+ this.endpoint = endpoint;
+ setRoles(roles);
+ this.type = type;
+ }
+
+ /**
+ * @return the type
+ */
+ public String getType() {
+ return type;
+ }
+
+ /**
+ * @param type the type to set
+ */
+ public void setType(String type) {
+ this.type = type;
+ }
+
+ /**
+ * @return the endpoint
+ */
+ public String getEndpoint() {
+ return endpoint;
+ }
+
+ /**
+ * @param endpoint the endpoint to set
+ */
+ public void setEndpoint(String endpoint) {
+ this.endpoint = endpoint;
+ }
+
+ /**
+ * @return the service
+ */
+ public QName getService() {
+ return service;
+ }
+
+ /**
+ * @param service the service to set
+ */
+ public void setService(QName service) {
+ // Hack a bit to support wildcards
+ // If the attribute was service="*:*", then the namespace is not found, but the prefix is set
+ if (XMLConstants.NULL_NS_URI.equals(service.getNamespaceURI()) &&
+ service.getPrefix() != null && service.getPrefix().length() > 0) {
+ service = new QName(service.getPrefix(), service.getLocalPart());
+ }
+ this.service = service;
+ }
+
+ /**
+ * @return the acls
+ */
+ public Set getAcls() {
+ return acls;
+ }
+
+ /**
+ * @param acls the acls to set
+ */
+ public void setAcls(Set acls) {
+ this.acls = acls;
+ }
+
+ public void setRoles(String roles) {
+ this.acls = new HashSet();
+ StringTokenizer iter = new StringTokenizer(roles, ",");
+ while (iter.hasMoreTokens()) {
+ String name = iter.nextToken().trim();
+ this.acls.add(new GroupPrincipal(name));
+ }
+ }
+
+ public String getRoles() {
+ StringBuffer sb = new StringBuffer();
+ for (Iterator iter = this.acls.iterator(); iter.hasNext();) {
+ GroupPrincipal p = (GroupPrincipal) iter.next();
+ sb.append(p);
+ if (iter.hasNext()) {
+ sb.append(",");
+ }
+ }
+ return sb.toString();
+ }
+
+ public String toString() {
+ return "AuthorizationEntry[service=" + service + ", endpoint=" + endpoint + ", roles=" + getRoles() + "]";
+ }
+}
Added: incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/impl/DefaultAuthorizationMap.java
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/impl/DefaultAuthorizationMap.java?rev=413898&view=auto
==============================================================================
--- incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/impl/DefaultAuthorizationMap.java (added)
+++ incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/impl/DefaultAuthorizationMap.java Tue Jun 13 07:04:17 2006
@@ -0,0 +1,113 @@
+/*
+ * Copyright 2005-2006 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.servicemix.jbi.security.acl.impl;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+import java.util.regex.Pattern;
+
+import javax.jbi.servicedesc.ServiceEndpoint;
+import javax.xml.namespace.QName;
+
+import org.apache.servicemix.jbi.security.acl.AuthorizationMap;
+
+
+/**
+ *
+ * @author gnodet
+ * @org.apache.xbean.XBean element="authorizationMap"
+ */
+public class DefaultAuthorizationMap implements AuthorizationMap {
+
+ private AuthorizationEntry defaultEntry;
+ private List authorizationEntries;
+
+ public DefaultAuthorizationMap() {
+ }
+
+ public DefaultAuthorizationMap(List authorizationEntries) {
+ this.authorizationEntries = authorizationEntries;
+ }
+
+ /**
+ * @return the authorizationEntries
+ */
+ public List getAuthorizationEntries() {
+ return authorizationEntries;
+ }
+
+ /**
+ * @param authorizationEntries the authorizationEntries to set
+ * @org.apache.xbean.ElementType class="org.apache.servicemix.jbi.security.AuthorizationEntry"
+ */
+ public void setAuthorizationEntries(List authorizationEntries) {
+ this.authorizationEntries = authorizationEntries;
+ }
+
+ /**
+ * @return the defaultEntry
+ */
+ public AuthorizationEntry getDefaultEntry() {
+ return defaultEntry;
+ }
+
+ /**
+ * @param defaultEntry the defaultEntry to set
+ */
+ public void setDefaultEntry(AuthorizationEntry defaultEntry) {
+ this.defaultEntry = defaultEntry;
+ }
+
+ public Set getAcls(ServiceEndpoint endpoint) {
+ Set acls = new HashSet();
+ if (defaultEntry != null) {
+ acls.add(defaultEntry);
+ }
+ for (Iterator iter = authorizationEntries.iterator(); iter.hasNext();) {
+ AuthorizationEntry entry = (AuthorizationEntry) iter.next();
+ if (match(entry, endpoint)) {
+ if (AuthorizationEntry.TYPE_ADD.equalsIgnoreCase(entry.getType())) {
+ acls.addAll(entry.getAcls());
+ } else if (AuthorizationEntry.TYPE_SET.equalsIgnoreCase(entry.getType())) {
+ acls.clear();
+ acls.addAll(entry.getAcls());
+ } else if (AuthorizationEntry.TYPE_REM.equalsIgnoreCase(entry.getType())) {
+ acls.removeAll(entry.getAcls());
+ }
+ }
+ }
+ return acls;
+ }
+
+ protected boolean match(AuthorizationEntry entry, ServiceEndpoint endpoint) {
+ return match(entry.getService(), endpoint.getServiceName()) &&
+ match(entry.getEndpoint(), endpoint.getEndpointName());
+ }
+
+ private boolean match(QName acl, QName target) {
+ return match(acl.getNamespaceURI(), target.getNamespaceURI()) &&
+ match(acl.getLocalPart(), target.getLocalPart());
+ }
+
+ private boolean match(String acl, String target) {
+ return acl == null ||
+ acl.equals("*") ||
+ Pattern.matches(acl, target);
+ }
+
+}
Added: incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/auth/AuthenticationService.java
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/auth/AuthenticationService.java?rev=413898&view=auto
==============================================================================
--- incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/auth/AuthenticationService.java (added)
+++ incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/auth/AuthenticationService.java Tue Jun 13 07:04:17 2006
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2005-2006 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.servicemix.jbi.security.auth;
+
+import java.security.GeneralSecurityException;
+
+import javax.security.auth.Subject;
+
+/**
+ * Interface for the authentication service.
+ *
+ * @version $Rev: $ $Date: $
+ */
+public interface AuthenticationService {
+
+ /**
+ * Authenticate a user given its name and credentials.
+ * Upon sucessfull completion, the subject should be populated
+ * with the user known principals.
+ *
+ * @param subject the subject to populate
+ * @param domain the security domain to use
+ * @param user the user name
+ * @param credentials the user credntials
+ * @throws GeneralSecurityException if the user can not be authenticated
+ */
+ void authenticate(Subject subject, String domain, String user, Object credentials) throws GeneralSecurityException;
+
+}
Added: incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/auth/impl/JAASAuthenticationService.java
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/auth/impl/JAASAuthenticationService.java?rev=413898&view=auto
==============================================================================
--- incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/auth/impl/JAASAuthenticationService.java (added)
+++ incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/auth/impl/JAASAuthenticationService.java Tue Jun 13 07:04:17 2006
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2005-2006 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.servicemix.jbi.security.auth.impl;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.cert.X509Certificate;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.login.LoginContext;
+
+import org.apache.servicemix.jbi.security.auth.AuthenticationService;
+import org.apache.servicemix.jbi.security.login.CertificateCallback;
+
+/**
+ * Implementation of the authentication service using JAAS.
+ *
+ * @version $Rev: $ $Date: $
+ */
+public class JAASAuthenticationService implements AuthenticationService {
+
+ public void authenticate(Subject subject,
+ String domain,
+ final String user,
+ final Object credentials) throws GeneralSecurityException {
+ LoginContext loginContext = new LoginContext(domain, subject, new CallbackHandler() {
+ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ if (callbacks[i] instanceof NameCallback) {
+ ((NameCallback) callbacks[i]).setName(user);
+ } else if (callbacks[i] instanceof PasswordCallback && credentials instanceof String) {
+ ((PasswordCallback) callbacks[i]).setPassword(((String) credentials).toCharArray());
+ } else if (callbacks[i] instanceof CertificateCallback && credentials instanceof X509Certificate) {
+ ((CertificateCallback) callbacks[i]).setCertificate((X509Certificate) credentials);
+ } else {
+ throw new UnsupportedCallbackException(callbacks[i]);
+ }
+ }
+ }
+ });
+ loginContext.login();
+ }
+
+}
Added: incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/keystore/KeyIsLocked.java
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/keystore/KeyIsLocked.java?rev=413898&view=auto
==============================================================================
--- incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/keystore/KeyIsLocked.java (added)
+++ incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/keystore/KeyIsLocked.java Tue Jun 13 07:04:17 2006
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2005-2006 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.servicemix.jbi.security.keystore;
+
+import java.security.GeneralSecurityException;
+
+public class KeyIsLocked extends GeneralSecurityException {
+
+ public KeyIsLocked() {
+ super();
+ }
+
+ public KeyIsLocked(String message, Throwable cause) {
+ super(message, cause);
+ }
+
+ public KeyIsLocked(String msg) {
+ super(msg);
+ }
+
+ public KeyIsLocked(Throwable cause) {
+ super(cause);
+ }
+
+}
Added: incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/keystore/KeystoreInstance.java
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/keystore/KeystoreInstance.java?rev=413898&view=auto
==============================================================================
--- incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/keystore/KeystoreInstance.java (added)
+++ incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/keystore/KeystoreInstance.java Tue Jun 13 07:04:17 2006
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2005-2006 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.servicemix.jbi.security.keystore;
+
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.TrustManager;
+
+/**
+ * Based on http://svn.apache.org/repos/asf/geronimo/trunk/modules/management/src/java/org/apache/geronimo/management/geronimo/KeystoreInstance.java
+ *
+ * @version $Rev: $ $Date: $
+ */
+public interface KeystoreInstance {
+
+ String getName();
+
+ String[] listPrivateKeys();
+
+ String[] listTrustCertificates();
+
+ Certificate getCertificate(String alias);
+
+ String getCertificateAlias(Certificate cert);
+
+ Certificate[] getCertificateChain(String alias);
+
+ PrivateKey getPrivateKey(String alias);
+
+ boolean isKeystoreLocked();
+
+ boolean isKeyLocked(String keyAlias);
+
+ KeyManager[] getKeyManager(String algorithm, String keyAlias) throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, KeystoreIsLocked, KeystoreIsLocked;
+
+ TrustManager[] getTrustManager(String algorithm) throws KeyStoreException, NoSuchAlgorithmException, KeystoreIsLocked;
+
+}
Added: incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/keystore/KeystoreIsLocked.java
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/keystore/KeystoreIsLocked.java?rev=413898&view=auto
==============================================================================
--- incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/keystore/KeystoreIsLocked.java (added)
+++ incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/keystore/KeystoreIsLocked.java Tue Jun 13 07:04:17 2006
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2005-2006 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.servicemix.jbi.security.keystore;
+
+import java.security.GeneralSecurityException;
+
+public class KeystoreIsLocked extends GeneralSecurityException {
+
+ public KeystoreIsLocked() {
+ super();
+ }
+
+ public KeystoreIsLocked(String message, Throwable cause) {
+ super(message, cause);
+ }
+
+ public KeystoreIsLocked(String msg) {
+ super(msg);
+ }
+
+ public KeystoreIsLocked(Throwable cause) {
+ super(cause);
+ }
+
+}
Added: incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/keystore/KeystoreManager.java
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/keystore/KeystoreManager.java?rev=413898&view=auto
==============================================================================
--- incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/keystore/KeystoreManager.java (added)
+++ incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/keystore/KeystoreManager.java Tue Jun 13 07:04:17 2006
@@ -0,0 +1,98 @@
+/*
+ * Copyright 2005-2006 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.servicemix.jbi.security.keystore;
+
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.UnrecoverableKeyException;
+
+import javax.net.ssl.SSLServerSocketFactory;
+import javax.net.ssl.SSLSocketFactory;
+
+/**
+ * Based on http://svn.apache.org/repos/asf/geronimo/trunk/modules/management/src/java/org/apache/geronimo/management/geronimo/KeystoreManager.java
+ *
+ * @version $Rev: $ $Date: $
+ */
+public interface KeystoreManager {
+
+ KeystoreInstance getKeystore(String name);
+
+ /**
+ * Gets a ServerSocketFactory using one Keystore to access the private key
+ * and another to provide the list of trusted certificate authorities.
+ * @param provider
+ * @param protocol The SSL protocol to use
+ * @param algorithm The SSL algorithm to use
+ * @param keyStore The key keystore name as provided by listKeystores. The
+ * KeystoreInstance for this keystore must be unlocked.
+ * @param keyAlias The name of the private key in the keystore. The
+ * KeystoreInstance for this keystore must have unlocked
+ * this key.
+ * @param trustStore The trust keystore name as provided by listKeystores.
+ * The KeystoreInstance for this keystore must have
+ * unlocked this key.
+ * @param loader The class loader used to resolve factory classes.
+ *
+ * @throws KeystoreIsLocked Occurs when the requested key keystore cannot
+ * be used because it has not been unlocked.
+ * @throws KeyIsLocked Occurs when the requested private key in the key
+ * keystore cannot be used because it has not been
+ * unlocked.
+ */
+ public SSLServerSocketFactory createSSLServerFactory(
+ String provider,
+ String protocol,
+ String algorithm,
+ String keyStore,
+ String keyAlias,
+ String trustStore)
+ throws KeystoreIsLocked, KeyIsLocked, NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, KeyManagementException, NoSuchProviderException;
+
+ /**
+ * Gets a SocketFactory using one Keystore to access the private key
+ * and another to provide the list of trusted certificate authorities.
+ * @param provider The SSL provider to use, or null for the default
+ * @param protocol The SSL protocol to use
+ * @param algorithm The SSL algorithm to use
+ * @param keyStore The key keystore name as provided by listKeystores. The
+ * KeystoreInstance for this keystore must be unlocked.
+ * @param keyAlias The name of the private key in the keystore. The
+ * KeystoreInstance for this keystore must have unlocked
+ * this key.
+ * @param trustStore The trust keystore name as provided by listKeystores.
+ * The KeystoreInstance for this keystore must have
+ * unlocked this key.
+ * @param loader The class loader used to resolve factory classes.
+ *
+ * @throws KeystoreIsLocked Occurs when the requested key keystore cannot
+ * be used because it has not been unlocked.
+ * @throws KeyIsLocked Occurs when the requested private key in the key
+ * keystore cannot be used because it has not been
+ * unlocked.
+ */
+ public SSLSocketFactory createSSLFactory(
+ String provider,
+ String protocol,
+ String algorithm,
+ String keyStore,
+ String keyAlias,
+ String trustStore)
+ throws KeystoreIsLocked, KeyIsLocked, NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, KeyManagementException, NoSuchProviderException;
+
+}
Added: incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/keystore/impl/BaseKeystoreManager.java
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/keystore/impl/BaseKeystoreManager.java?rev=413898&view=auto
==============================================================================
--- incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/keystore/impl/BaseKeystoreManager.java (added)
+++ incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/keystore/impl/BaseKeystoreManager.java Tue Jun 13 07:04:17 2006
@@ -0,0 +1,260 @@
+/*
+ * Copyright 2005-2006 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.servicemix.jbi.security.keystore.impl;
+
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.SecureRandom;
+import java.security.UnrecoverableKeyException;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLServerSocketFactory;
+import javax.net.ssl.SSLSocketFactory;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.servicemix.jbi.security.keystore.KeyIsLocked;
+import org.apache.servicemix.jbi.security.keystore.KeystoreInstance;
+import org.apache.servicemix.jbi.security.keystore.KeystoreIsLocked;
+import org.apache.servicemix.jbi.security.keystore.KeystoreManager;
+
+/**
+ *
+ * @org.apache.xbean.XBean element="keystoreManager"
+ *
+ */
+public class BaseKeystoreManager implements KeystoreManager {
+
+ protected final Log log = LogFactory.getLog(getClass());
+
+ protected KeystoreInstance[] keystores;
+
+ /**
+ * @return the keystores
+ */
+ public KeystoreInstance[] getKeystores() {
+ return keystores;
+ }
+
+ /**
+ * @param keystores the keystores to set
+ */
+ public void setKeystores(KeystoreInstance[] keystores) {
+ this.keystores = keystores;
+ }
+
+ /**
+ * Gets a SocketFactory using one Keystore to access the private key and
+ * another to provide the list of trusted certificate authorities.
+ *
+ * @param provider
+ * The SSL provider to use, or null for the default
+ * @param protocol
+ * The SSL protocol to use
+ * @param algorithm
+ * The SSL algorithm to use
+ * @param keyStore
+ * The key keystore name as provided by listKeystores. The
+ * KeystoreInstance for this keystore must be unlocked.
+ * @param keyAlias
+ * The name of the private key in the keystore. The
+ * KeystoreInstance for this keystore must have unlocked this
+ * key.
+ * @param trustStore
+ * The trust keystore name as provided by listKeystores. The
+ * KeystoreInstance for this keystore must have unlocked this
+ * key.
+ * @param loader
+ * The class loader used to resolve factory classes.
+ *
+ * @return A created SSLSocketFactory item created from the KeystoreManager.
+ * @throws KeystoreIsLocked
+ * Occurs when the requested key keystore cannot be used because
+ * it has not been unlocked.
+ * @throws KeyIsLocked
+ * Occurs when the requested private key in the key keystore
+ * cannot be used because it has not been unlocked.
+ * @throws NoSuchAlgorithmException
+ * @throws UnrecoverableKeyException
+ * @throws KeyStoreException
+ * @throws KeyManagementException
+ * @throws NoSuchProviderException
+ */
+ public SSLSocketFactory createSSLFactory(
+ String provider,
+ String protocol,
+ String algorithm,
+ String keyStore,
+ String keyAlias,
+ String trustStore) throws KeystoreIsLocked, KeyIsLocked,
+ NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, KeyManagementException,
+ NoSuchProviderException {
+ // the keyStore is optional.
+ KeystoreInstance keyInstance = null;
+ if (keyStore != null) {
+ keyInstance = getKeystore(keyStore);
+ if (keyInstance.isKeystoreLocked()) {
+ throw new KeystoreIsLocked("Keystore '" + keyStore
+ + "' is locked; please use the keystore page in the admin console to unlock it");
+ }
+ if (keyInstance.isKeyLocked(keyAlias)) {
+ throw new KeystoreIsLocked("Key '" + keyAlias + "' in keystore '" + keyStore
+ + "' is locked; please use the keystore page in the admin console to unlock it");
+ }
+ }
+ KeystoreInstance trustInstance = trustStore == null ? null : getKeystore(trustStore);
+ if (trustInstance != null && trustInstance.isKeystoreLocked()) {
+ throw new KeystoreIsLocked("Keystore '" + trustStore
+ + "' is locked; please use the keystore page in the admin console to unlock it");
+ }
+
+ // OMG this hurts, but it causes ClassCastExceptions elsewhere unless
+ // done this way!
+ try {
+ /*
+ Class cls = loader.loadClass("javax.net.ssl.SSLContext");
+ Object ctx = cls.getMethod("getInstance", new Class[] { String.class }).invoke(null,
+ new Object[] { protocol });
+ Class kmc = loader.loadClass("[Ljavax.net.ssl.KeyManager;");
+ Class tmc = loader.loadClass("[Ljavax.net.ssl.TrustManager;");
+ Class src = loader.loadClass("java.security.SecureRandom");
+ cls.getMethod("init", new Class[] { kmc, tmc, src }).invoke(
+ ctx,
+ new Object[] { keyInstance == null ? null : keyInstance.getKeyManager(algorithm, keyAlias),
+ trustInstance == null ? null : trustInstance.getTrustManager(algorithm),
+ new java.security.SecureRandom() });
+ Object result = cls.getMethod("getSocketFactory", new Class[0]).invoke(ctx, new Object[0]);
+ return (SSLSocketFactory) result;
+ */
+ SSLContext context;
+ if (provider == null) {
+ context = SSLContext.getInstance(protocol);
+ } else {
+ context= SSLContext.getInstance(protocol, provider);
+ }
+ context.init(keyInstance == null ? null : keyInstance.getKeyManager(algorithm, keyAlias),
+ trustInstance == null ? null : trustInstance.getTrustManager(algorithm),
+ new SecureRandom());
+ return context.getSocketFactory();
+ } catch (Exception e) {
+ log.error("Unable to dynamically load", e);
+ return null;
+ }
+ }
+
+ /**
+ * Gets a ServerSocketFactory using one Keystore to access the private key
+ * and another to provide the list of trusted certificate authorities.
+ *
+ * @param provider
+ * The SSL provider to use, or null for the default
+ * @param protocol
+ * The SSL protocol to use
+ * @param algorithm
+ * The SSL algorithm to use
+ * @param keyStore
+ * The key keystore name as provided by listKeystores. The
+ * KeystoreInstance for this keystore must be unlocked.
+ * @param keyAlias
+ * The name of the private key in the keystore. The
+ * KeystoreInstance for this keystore must have unlocked this
+ * key.
+ * @param trustStore
+ * The trust keystore name as provided by listKeystores. The
+ * KeystoreInstance for this keystore must have unlocked this
+ * key.
+ * @param loader
+ * The class loader used to resolve factory classes.
+ *
+ * @throws KeystoreIsLocked
+ * Occurs when the requested key keystore cannot be used because
+ * it has not been unlocked.
+ * @throws KeyIsLocked
+ * Occurs when the requested private key in the key keystore
+ * cannot be used because it has not been unlocked.
+ */
+ public SSLServerSocketFactory createSSLServerFactory(
+ String provider,
+ String protocol,
+ String algorithm,
+ String keyStore,
+ String keyAlias,
+ String trustStore) throws KeystoreIsLocked,
+ KeyIsLocked, NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException,
+ KeyManagementException, NoSuchProviderException {
+ KeystoreInstance keyInstance = getKeystore(keyStore);
+ if (keyInstance.isKeystoreLocked()) {
+ throw new KeystoreIsLocked("Keystore '" + keyStore
+ + "' is locked; please use the keystore page in the admin console to unlock it");
+ }
+ if (keyInstance.isKeyLocked(keyAlias)) {
+ throw new KeystoreIsLocked("Key '" + keyAlias + "' in keystore '" + keyStore
+ + "' is locked; please use the keystore page in the admin console to unlock it");
+ }
+ KeystoreInstance trustInstance = trustStore == null ? null : getKeystore(trustStore);
+ if (trustInstance != null && trustInstance.isKeystoreLocked()) {
+ throw new KeystoreIsLocked("Keystore '" + trustStore
+ + "' is locked; please use the keystore page in the admin console to unlock it");
+ }
+
+ // OMG this hurts, but it causes ClassCastExceptions elsewhere unless
+ // done this way!
+ try {
+ /*
+ Class cls = loader.loadClass("javax.net.ssl.SSLContext");
+ Object ctx = cls.getMethod("getInstance", new Class[] { String.class }).invoke(null,
+ new Object[] { protocol });
+ Class kmc = loader.loadClass("[Ljavax.net.ssl.KeyManager;");
+ Class tmc = loader.loadClass("[Ljavax.net.ssl.TrustManager;");
+ Class src = loader.loadClass("java.security.SecureRandom");
+ cls.getMethod("init", new Class[] { kmc, tmc, src }).invoke(
+ ctx,
+ new Object[] { keyInstance.getKeyManager(algorithm, keyAlias),
+ trustInstance == null ? null : trustInstance.getTrustManager(algorithm),
+ new java.security.SecureRandom() });
+ Object result = cls.getMethod("getServerSocketFactory", new Class[0]).invoke(ctx, new Object[0]);
+ return (SSLServerSocketFactory) result;
+ */
+ SSLContext context;
+ if (provider == null) {
+ context = SSLContext.getInstance(protocol);
+ } else {
+ context= SSLContext.getInstance(protocol, provider);
+ }
+ context.init(keyInstance == null ? null : keyInstance.getKeyManager(algorithm, keyAlias),
+ trustInstance == null ? null : trustInstance.getTrustManager(algorithm),
+ new SecureRandom());
+ return context.getServerSocketFactory();
+ } catch (Exception e) {
+ log.error("Unable to dynamically load", e);
+ return null;
+ }
+ }
+
+ public KeystoreInstance getKeystore(String name) {
+ if (keystores != null) {
+ for (int i = 0; i < keystores.length; i++) {
+ if (name.equals(keystores[i].getName())) {
+ return keystores[i];
+ }
+ }
+ }
+ return null;
+ }
+
+}
Added: incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/keystore/impl/FileKeystoreInstance.java
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/keystore/impl/FileKeystoreInstance.java?rev=413898&view=auto
==============================================================================
--- incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/keystore/impl/FileKeystoreInstance.java (added)
+++ incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/keystore/impl/FileKeystoreInstance.java Tue Jun 13 07:04:17 2006
@@ -0,0 +1,252 @@
+package org.apache.servicemix.jbi.security.keystore.impl;
+
+import java.io.BufferedInputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.Key;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.servicemix.jbi.security.keystore.KeystoreInstance;
+import org.apache.servicemix.jbi.security.keystore.KeystoreIsLocked;
+import org.springframework.core.io.Resource;
+
+/**
+ *
+ * @org.apache.xbean.XBean element="keystore"
+ */
+public class FileKeystoreInstance implements KeystoreInstance {
+
+ private static final Log log = LogFactory.getLog(FileKeystoreInstance.class);
+ private final static String JKS = "JKS";
+
+ private Resource path;
+ private String name;
+ private String keystorePassword;
+ private Map keyPasswords = new HashMap();
+ private File keystoreFile; // Only valid after startup
+
+ // The following variables are the state of the keystore, which should be chucked if the file on disk changes
+ private List privateKeys = new ArrayList();
+ private List trustCerts = new ArrayList();
+ private KeyStore keystore;
+ private long keystoreReadDate = Long.MIN_VALUE;
+
+ /**
+ * @param keyPasswords the keyPasswords to set
+ */
+ public void setKeyPasswords(String keyPasswords) {
+ if (keyPasswords != null) {
+ String[] keys = keyPasswords.split("\\]\\!\\[");
+ for (int i = 0; i < keys.length; i++) {
+ String key = keys[i];
+ int pos = key.indexOf('=');
+ this.keyPasswords.put(key.substring(0, pos), key.substring(pos+1).toCharArray());
+ }
+ }
+ }
+
+ /**
+ * @return the keystoreName
+ */
+ public String getName() {
+ return name;
+ }
+
+ /**
+ * @param keystoreName the keystoreName to set
+ */
+ public void setName(String keystoreName) {
+ this.name = keystoreName;
+ }
+
+ /**
+ * @param keystorePassword the keystorePassword to set
+ */
+ public void setKeystorePassword(String keystorePassword) {
+ this.keystorePassword = keystorePassword;
+ }
+
+ /**
+ * @return the keystorePath
+ */
+ public Resource getPath() {
+ return path;
+ }
+
+ /**
+ * @param keystorePath the keystorePath to set
+ */
+ public void setPath(Resource keystorePath) throws IOException {
+ this.path = keystorePath;
+ this.keystoreFile = keystorePath.getFile();
+ }
+
+ public Certificate getCertificate(String alias) {
+ if (!loadKeystoreData()) {
+ return null;
+ }
+ try {
+ return keystore.getCertificate(alias);
+ } catch (KeyStoreException e) {
+ log.error("Unable to read certificate from keystore", e);
+ }
+ return null;
+ }
+
+ public String getCertificateAlias(Certificate cert) {
+ if (!loadKeystoreData()) {
+ return null;
+ }
+ try {
+ return keystore.getCertificateAlias(cert);
+ } catch (KeyStoreException e) {
+ log.error("Unable to read retrieve alias for given certificate from keystore", e);
+ }
+ return null;
+ }
+
+ public Certificate[] getCertificateChain(String alias) {
+ if (!loadKeystoreData()) {
+ return null;
+ }
+ try {
+ return keystore.getCertificateChain(alias);
+ } catch (KeyStoreException e) {
+ log.error("Unable to read certificate chain from keystore", e);
+ }
+ return null;
+ }
+
+ public KeyManager[] getKeyManager(String algorithm, String keyAlias) throws KeystoreIsLocked, NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
+ if(isKeystoreLocked()) {
+ throw new KeystoreIsLocked("Keystore '"+name+"' is locked; please unlock it in the console.");
+ }
+ if(keystore == null || keystoreReadDate < keystoreFile.lastModified()) {
+ loadKeystoreData();
+ }
+ KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(algorithm);
+ keyFactory.init(keystore, (char[]) keyPasswords.get(keyAlias));
+ return keyFactory.getKeyManagers();
+ }
+
+ public PrivateKey getPrivateKey(String alias) {
+ if (!loadKeystoreData()) {
+ return null;
+ }
+ try {
+ if (isKeyLocked(alias)) {
+ return null;
+ }
+ Key key = keystore.getKey(alias, (char[]) keyPasswords.get(alias));
+ if (key instanceof PrivateKey) {
+ return (PrivateKey) key;
+ }
+ } catch (KeyStoreException e) {
+ log.error("Unable to read private key from keystore", e);
+ } catch (NoSuchAlgorithmException e) {
+ log.error("Unable to read private key from keystore", e);
+ } catch (UnrecoverableKeyException e) {
+ log.error("Unable to read private key from keystore", e);
+ }
+ return null;
+ }
+
+ public TrustManager[] getTrustManager(String algorithm) throws KeyStoreException, NoSuchAlgorithmException, KeystoreIsLocked {
+ if(isKeystoreLocked()) {
+ throw new KeystoreIsLocked("Keystore '"+name+"' is locked; please unlock it in the console.");
+ }
+ if (!loadKeystoreData()) {
+ return null;
+ }
+ TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(algorithm);
+ trustFactory.init(keystore);
+ return trustFactory.getTrustManagers();
+ }
+
+ public boolean isKeyLocked(String keyAlias) {
+ return keyPasswords.get(keyAlias) == null;
+ }
+
+ public boolean isKeystoreLocked() {
+ return keystorePassword == null;
+ }
+
+ public String[] listPrivateKeys() {
+ if (!loadKeystoreData()) {
+ return null;
+ }
+ return (String[]) privateKeys.toArray(new String[privateKeys.size()]);
+ }
+
+ public String[] listTrustCertificates() {
+ if (!loadKeystoreData()) {
+ return null;
+ }
+ return (String[]) trustCerts.toArray(new String[trustCerts.size()]);
+ }
+
+ // ==================== Internals =====================
+
+ private boolean loadKeystoreData() {
+ if (keystoreFile == null) {
+ throw new IllegalArgumentException("keystorePath not set");
+ }
+ if (keystoreReadDate >= keystoreFile.lastModified()) {
+ return true;
+ }
+ if (!keystoreFile.exists() || !keystoreFile.canRead()) {
+ throw new IllegalArgumentException("Invalid keystore file (" + path + " = " + keystoreFile.getAbsolutePath() + ")");
+ }
+ try {
+ keystoreReadDate = System.currentTimeMillis();
+ privateKeys.clear();
+ trustCerts.clear();
+ if(keystore == null) {
+ keystore = KeyStore.getInstance(JKS);
+ }
+ InputStream in = new BufferedInputStream(new FileInputStream(keystoreFile));
+ keystore.load(in, keystorePassword == null ? new char[0] : keystorePassword.toCharArray());
+ in.close();
+ Enumeration aliases = keystore.aliases();
+ while (aliases.hasMoreElements()) {
+ String alias = (String) aliases.nextElement();
+ if (keystore.isKeyEntry(alias)) {
+ privateKeys.add(alias);
+ } else if (keystore.isCertificateEntry(alias)) {
+ trustCerts.add(alias);
+ }
+ }
+ return true;
+ } catch (KeyStoreException e) {
+ log.error("Unable to open keystore with provided password", e);
+ } catch (IOException e) {
+ log.error("Unable to open keystore with provided password", e);
+ } catch (NoSuchAlgorithmException e) {
+ log.error("Unable to open keystore with provided password", e);
+ } catch (CertificateException e) {
+ log.error("Unable to open keystore with provided password", e);
+ }
+ return false;
+ }
+
+}
Added: incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/login/CertificateCallback.java
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/login/CertificateCallback.java?rev=413898&view=auto
==============================================================================
--- incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/login/CertificateCallback.java (added)
+++ incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/login/CertificateCallback.java Tue Jun 13 07:04:17 2006
@@ -0,0 +1,40 @@
+/*
+ * Copyright 2005-2006 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.servicemix.jbi.security.login;
+
+import java.security.cert.X509Certificate;
+
+import javax.security.auth.callback.Callback;
+
+/**
+ * A callback to retrieve an X509Certificate.
+ * This class is mainly used from the related login module.
+ *
+ * @see CertificatesLoginModule
+ * @version $Rev: $ $Date: $
+ */
+public class CertificateCallback implements Callback {
+
+ private X509Certificate certificate;
+
+ public X509Certificate getCertificate() {
+ return certificate;
+ }
+
+ public void setCertificate(X509Certificate certificate) {
+ this.certificate = certificate;
+ }
+}
Added: incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/login/CertificatesLoginModule.java
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/login/CertificatesLoginModule.java?rev=413898&view=auto
==============================================================================
--- incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/login/CertificatesLoginModule.java (added)
+++ incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/login/CertificatesLoginModule.java Tue Jun 13 07:04:17 2006
@@ -0,0 +1,175 @@
+/*
+ * Copyright 2005-2006 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.servicemix.jbi.security.login;
+
+import java.io.File;
+import java.io.IOException;
+import java.security.Principal;
+import java.security.cert.X509Certificate;
+import java.util.Enumeration;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.login.FailedLoginException;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.servicemix.jbi.security.GroupPrincipal;
+import org.apache.servicemix.jbi.security.UserPrincipal;
+
+
+/**
+ * This login module authenticate users given an X509 certificate.
+ *
+ * @version $Rev: $ $Date: $
+ */
+public class CertificatesLoginModule implements LoginModule {
+
+ private final String USER_FILE = "org.apache.servicemix.security.certificates.user";
+ private final String GROUP_FILE = "org.apache.servicemix.security.certificates.group";
+
+ private static final Log log = LogFactory.getLog(CertificatesLoginModule.class);
+
+ private Subject subject;
+ private CallbackHandler callbackHandler;
+
+ private boolean debug;
+ private String usersFile;
+ private String groupsFile;
+ private Properties users = new Properties();
+ private Properties groups = new Properties();
+ private String user;
+ private Set principals = new HashSet();
+ private File baseDir;
+
+ public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
+ this.subject = subject;
+ this.callbackHandler = callbackHandler;
+
+ if( System.getProperty("java.security.auth.login.config")!=null ) {
+ baseDir=new File(System.getProperty("java.security.auth.login.config")).getParentFile();
+ } else {
+ baseDir = new File(".");
+ }
+
+ debug = "true".equalsIgnoreCase((String) options.get("debug"));
+ usersFile = (String) options.get(USER_FILE)+"";
+ groupsFile = (String) options.get(GROUP_FILE)+"";
+
+ if (debug) {
+ log.debug("Initialized debug=" + debug + " usersFile=" + usersFile + " groupsFile=" + groupsFile+" basedir="+baseDir);
+ }
+ }
+
+ public boolean login() throws LoginException {
+ File f = new File(baseDir,usersFile);
+ try {
+ users.load(new java.io.FileInputStream(f));
+ } catch (IOException ioe) {
+ throw new LoginException("Unable to load user properties file " + f);
+ }
+ f = new File(baseDir, groupsFile);
+ try {
+ groups.load(new java.io.FileInputStream(f));
+ } catch (IOException ioe) {
+ throw new LoginException("Unable to load group properties file " + f);
+ }
+
+ Callback[] callbacks = new Callback[1];
+ callbacks[0] = new CertificateCallback();
+ try {
+ callbackHandler.handle(callbacks);
+ } catch (IOException ioe) {
+ throw new LoginException(ioe.getMessage());
+ } catch (UnsupportedCallbackException uce) {
+ throw new LoginException(uce.getMessage() + " not available to obtain information from user");
+ }
+ X509Certificate cert = ((CertificateCallback) callbacks[0]).getCertificate();
+ if (cert == null) throw new FailedLoginException("Unable to retrieve certificate");
+
+ Principal principal = cert.getSubjectX500Principal();
+ String certName = principal.getName();
+ for (Iterator it = users.entrySet().iterator(); it.hasNext();) {
+ Map.Entry entry = (Map.Entry) it.next();
+ if (certName.equals(entry.getValue())) {
+ user = (String) entry.getKey();
+ principals.add(principal);
+ if (debug) {
+ log.debug("login " + user);
+ }
+ return true;
+ }
+ }
+ throw new FailedLoginException();
+ }
+
+ public boolean commit() throws LoginException {
+ principals.add(new UserPrincipal(user));
+
+ for (Enumeration enumeration = groups.keys(); enumeration.hasMoreElements();) {
+ String name = (String) enumeration.nextElement();
+ String[] userList = ((String) groups.getProperty(name) + "").split(",");
+ for (int i = 0; i < userList.length; i++) {
+ if (user.equals(userList[i])) {
+ principals.add(new GroupPrincipal(name));
+ break;
+ }
+ }
+ }
+
+ subject.getPrincipals().addAll(principals);
+
+ clear();
+
+ if (debug) {
+ log.debug("commit");
+ }
+ return true;
+ }
+
+ public boolean abort() throws LoginException {
+ clear();
+
+ if (debug) {
+ log.debug("abort");
+ }
+ return true;
+ }
+
+ public boolean logout() throws LoginException {
+ subject.getPrincipals().removeAll(principals);
+ principals.clear();
+
+ if (debug) {
+ log.debug("logout");
+ }
+ return true;
+ }
+
+ private void clear() {
+ groups.clear();
+ user = null;
+ }
+}
Added: incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/login/PropertiesLoginModule.java
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/login/PropertiesLoginModule.java?rev=413898&view=auto
==============================================================================
--- incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/login/PropertiesLoginModule.java (added)
+++ incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/login/PropertiesLoginModule.java Tue Jun 13 07:04:17 2006
@@ -0,0 +1,173 @@
+/*
+ * Copyright 2005-2006 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.servicemix.jbi.security.login;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.Enumeration;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.login.FailedLoginException;
+import javax.security.auth.spi.LoginModule;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.servicemix.jbi.security.GroupPrincipal;
+import org.apache.servicemix.jbi.security.UserPrincipal;
+
+/**
+ * JAAS Login module for user / password, based on two properties files.
+ *
+ * @version $Rev: $ $Date: $
+ */
+public class PropertiesLoginModule implements LoginModule {
+
+ private final String USER_FILE = "org.apache.servicemix.security.properties.user";
+ private final String GROUP_FILE = "org.apache.servicemix.security.properties.group";
+
+ private static final Log log = LogFactory.getLog(PropertiesLoginModule.class);
+
+ private Subject subject;
+ private CallbackHandler callbackHandler;
+
+ private boolean debug;
+ private String usersFile;
+ private String groupsFile;
+ private Properties users = new Properties();
+ private Properties groups = new Properties();
+ private String user;
+ private Set principals = new HashSet();
+ private File baseDir;
+
+ public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
+ this.subject = subject;
+ this.callbackHandler = callbackHandler;
+
+ if( System.getProperty("java.security.auth.login.config")!=null ) {
+ baseDir=new File(System.getProperty("java.security.auth.login.config")).getParentFile();
+ } else {
+ baseDir = new File(".");
+ }
+
+ debug = "true".equalsIgnoreCase((String) options.get("debug"));
+ usersFile = (String) options.get(USER_FILE)+"";
+ groupsFile = (String) options.get(GROUP_FILE)+"";
+
+ if (debug) {
+ log.debug("Initialized debug=" + debug + " usersFile=" + usersFile + " groupsFile=" + groupsFile+" basedir="+baseDir);
+ }
+ }
+
+ public boolean login() throws LoginException {
+ File f = new File(baseDir,usersFile);
+ try {
+ users.load(new java.io.FileInputStream(f));
+ } catch (IOException ioe) {
+ throw new LoginException("Unable to load user properties file " + f);
+ }
+ f = new File(baseDir, groupsFile);
+ try {
+ groups.load(new java.io.FileInputStream(f));
+ } catch (IOException ioe) {
+ throw new LoginException("Unable to load group properties file " + f);
+ }
+
+ Callback[] callbacks = new Callback[2];
+
+ callbacks[0] = new NameCallback("Username: ");
+ callbacks[1] = new PasswordCallback("Password: ", false);
+ try {
+ callbackHandler.handle(callbacks);
+ } catch (IOException ioe) {
+ throw new LoginException(ioe.getMessage());
+ } catch (UnsupportedCallbackException uce) {
+ throw new LoginException(uce.getMessage() + " not available to obtain information from user");
+ }
+ user = ((NameCallback) callbacks[0]).getName();
+ char[] tmpPassword = ((PasswordCallback) callbacks[1]).getPassword();
+ if (tmpPassword == null) tmpPassword = new char[0];
+
+ String password = users.getProperty(user);
+
+ if (password == null) throw new FailedLoginException("User does not exist");
+ if (!password.equals(new String(tmpPassword))) throw new FailedLoginException("Password does not match");
+
+ users.clear();
+
+ if (debug) {
+ log.debug("login " + user);
+ }
+ return true;
+ }
+
+ public boolean commit() throws LoginException {
+ principals.add(new UserPrincipal(user));
+
+ for (Enumeration enumeration = groups.keys(); enumeration.hasMoreElements();) {
+ String name = (String) enumeration.nextElement();
+ String[] userList = ((String) groups.getProperty(name) + "").split(",");
+ for (int i = 0; i < userList.length; i++) {
+ if (user.equals(userList[i])) {
+ principals.add(new GroupPrincipal(name));
+ break;
+ }
+ }
+ }
+
+ subject.getPrincipals().addAll(principals);
+
+ clear();
+
+ if (debug) {
+ log.debug("commit");
+ }
+ return true;
+ }
+
+ public boolean abort() throws LoginException {
+ clear();
+
+ if (debug) {
+ log.debug("abort");
+ }
+ return true;
+ }
+
+ public boolean logout() throws LoginException {
+ subject.getPrincipals().removeAll(principals);
+ principals.clear();
+
+ if (debug) {
+ log.debug("logout");
+ }
+ return true;
+ }
+
+ private void clear() {
+ groups.clear();
+ user = null;
+ }
+}
Added: incubator/servicemix/trunk/servicemix-core/src/test/java/org/apache/servicemix/jbi/security/FileKeystoreManagerTest.java
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/servicemix-core/src/test/java/org/apache/servicemix/jbi/security/FileKeystoreManagerTest.java?rev=413898&view=auto
==============================================================================
--- incubator/servicemix/trunk/servicemix-core/src/test/java/org/apache/servicemix/jbi/security/FileKeystoreManagerTest.java (added)
+++ incubator/servicemix/trunk/servicemix-core/src/test/java/org/apache/servicemix/jbi/security/FileKeystoreManagerTest.java Tue Jun 13 07:04:17 2006
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2005-2006 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.servicemix.jbi.security;
+
+import junit.framework.TestCase;
+
+import org.apache.servicemix.jbi.security.keystore.KeystoreInstance;
+import org.apache.servicemix.jbi.security.keystore.KeystoreManager;
+import org.apache.servicemix.jbi.security.keystore.impl.BaseKeystoreManager;
+import org.apache.servicemix.jbi.security.keystore.impl.FileKeystoreInstance;
+import org.springframework.core.io.ClassPathResource;
+
+public class FileKeystoreManagerTest extends TestCase {
+
+ private KeystoreManager keystoreManager;
+
+ protected void setUp() throws Exception {
+ BaseKeystoreManager mgr = new BaseKeystoreManager();
+ FileKeystoreInstance keystore = new FileKeystoreInstance();
+ keystore.setPath(new ClassPathResource("org/apache/servicemix/jbi/security/privatestore.jks"));
+ keystore.setKeystorePassword("keyStorePassword");
+ keystore.setKeyPasswords("myalias=myAliasPassword");
+ keystore.setName("ks");
+ mgr.setKeystores(new KeystoreInstance[] { keystore });
+ keystoreManager = mgr;
+ }
+
+ public void testGetKeystoreInstance() throws Exception {
+ assertNotNull(keystoreManager.getKeystore("ks"));
+ }
+
+ public void testGetUnknownKeystoreInstance() throws Exception {
+ assertNull(keystoreManager.getKeystore("ks2"));
+ }
+
+ public void testPrivateKey() throws Exception {
+ KeystoreInstance ks = keystoreManager.getKeystore("ks");
+ String[] pk = ks.listPrivateKeys();
+ assertNotNull(pk);
+ assertEquals(1, pk.length);
+ assertEquals("myalias", pk[0]);
+ assertNotNull(ks.getCertificate("myalias"));
+ assertNotNull(ks.getPrivateKey("myalias"));
+ }
+
+}
Modified: incubator/servicemix/trunk/servicemix-core/src/test/java/org/apache/servicemix/jbi/security/SecuredBrokerTest.java
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/servicemix-core/src/test/java/org/apache/servicemix/jbi/security/SecuredBrokerTest.java?rev=413898&r1=413897&r2=413898&view=diff
==============================================================================
--- incubator/servicemix/trunk/servicemix-core/src/test/java/org/apache/servicemix/jbi/security/SecuredBrokerTest.java (original)
+++ incubator/servicemix/trunk/servicemix-core/src/test/java/org/apache/servicemix/jbi/security/SecuredBrokerTest.java Tue Jun 13 07:04:17 2006
@@ -36,6 +36,9 @@
import org.apache.servicemix.client.ServiceMixClient;
import org.apache.servicemix.jbi.container.JBIContainer;
import org.apache.servicemix.jbi.jaxp.StringSource;
+import org.apache.servicemix.jbi.security.acl.AuthorizationMap;
+import org.apache.servicemix.jbi.security.acl.impl.AuthorizationEntry;
+import org.apache.servicemix.jbi.security.acl.impl.DefaultAuthorizationMap;
import org.apache.servicemix.tck.ReceiverComponent;
public class SecuredBrokerTest extends TestCase {
Modified: incubator/servicemix/trunk/servicemix-core/src/test/resources/org/apache/servicemix/jbi/security/login.properties
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/servicemix-core/src/test/resources/org/apache/servicemix/jbi/security/login.properties?rev=413898&r1=413897&r2=413898&view=diff
==============================================================================
--- incubator/servicemix/trunk/servicemix-core/src/test/resources/org/apache/servicemix/jbi/security/login.properties (original)
+++ incubator/servicemix/trunk/servicemix-core/src/test/resources/org/apache/servicemix/jbi/security/login.properties Tue Jun 13 07:04:17 2006
@@ -1,5 +1,5 @@
servicemix-domain {
- org.apache.servicemix.jbi.security.PropertiesLoginModule required
+ org.apache.servicemix.jbi.security.login.PropertiesLoginModule required
debug=true
org.apache.servicemix.security.properties.user="users.properties"
org.apache.servicemix.security.properties.group="groups.properties";
Added: incubator/servicemix/trunk/servicemix-core/src/test/resources/org/apache/servicemix/jbi/security/privatestore.jks
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/servicemix-core/src/test/resources/org/apache/servicemix/jbi/security/privatestore.jks?rev=413898&view=auto
==============================================================================
Binary file - no diff available.
Propchange: incubator/servicemix/trunk/servicemix-core/src/test/resources/org/apache/servicemix/jbi/security/privatestore.jks
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream