You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by ri...@apache.org on 2006/05/13 20:02:29 UTC
svn commit: r406135 - in /geronimo/branches/1.1/modules:
jetty/src/java/org/apache/geronimo/jetty/connector/
management/src/java/org/apache/geronimo/management/geronimo/
security/src/java/org/apache/geronimo/security/keystore/
Author: rickmcguire
Date: Sat May 13 11:02:28 2006
New Revision: 406135
URL: http://svn.apache.org/viewcvs?rev=406135&view=rev
Log:
Fix -1 comments from Aaron Mulder on first commit. Also correct the isKeyUnlocked() methods of KeyInstance.
Modified:
geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/connector/GeronimoSSLListener.java
geronimo/branches/1.1/modules/management/src/java/org/apache/geronimo/management/geronimo/KeystoreInstance.java
geronimo/branches/1.1/modules/management/src/java/org/apache/geronimo/management/geronimo/KeystoreManager.java
geronimo/branches/1.1/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreInstance.java
geronimo/branches/1.1/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreManager.java
Modified: geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/connector/GeronimoSSLListener.java
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/connector/GeronimoSSLListener.java?rev=406135&r1=406134&r2=406135&view=diff
==============================================================================
--- geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/connector/GeronimoSSLListener.java (original)
+++ geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/connector/GeronimoSSLListener.java Sat May 13 11:02:28 2006
@@ -37,6 +37,7 @@
}
protected SSLServerSocketFactory createFactory() throws Exception {
+ // we need the server factory version.
return manager.createSSLServerFactory(null, getProtocol(), getAlgorithm(), keyStore, keyAlias, trustStore, SslListener.class.getClassLoader());
}
Modified: geronimo/branches/1.1/modules/management/src/java/org/apache/geronimo/management/geronimo/KeystoreInstance.java
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.1/modules/management/src/java/org/apache/geronimo/management/geronimo/KeystoreInstance.java?rev=406135&r1=406134&r2=406135&view=diff
==============================================================================
--- geronimo/branches/1.1/modules/management/src/java/org/apache/geronimo/management/geronimo/KeystoreInstance.java (original)
+++ geronimo/branches/1.1/modules/management/src/java/org/apache/geronimo/management/geronimo/KeystoreInstance.java Sat May 13 11:02:28 2006
@@ -97,11 +97,11 @@
public void lockPrivateKey(String alias);
/**
- * Checks whether the specified private key is unlocked, which is to say,
+ * Checks whether the specified private key is locked, which is to say,
* available for other components to use to generate socket factories.
* Does not check whether the unlock password is actually correct.
*/
- public boolean isKeyUnlocked(String alias);
+ public boolean isKeyLocked(String alias);
/**
* Gets the aliases of all trusted certificate entries in the keystore.
Modified: geronimo/branches/1.1/modules/management/src/java/org/apache/geronimo/management/geronimo/KeystoreManager.java
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.1/modules/management/src/java/org/apache/geronimo/management/geronimo/KeystoreManager.java?rev=406135&r1=406134&r2=406135&view=diff
==============================================================================
--- geronimo/branches/1.1/modules/management/src/java/org/apache/geronimo/management/geronimo/KeystoreManager.java (original)
+++ geronimo/branches/1.1/modules/management/src/java/org/apache/geronimo/management/geronimo/KeystoreManager.java Sat May 13 11:02:28 2006
@@ -54,6 +54,7 @@
* @param trustStore The trust keystore name as provided by listKeystores.
* The KeystoreInstance for this keystore must have
* unlocked this key.
+ * @param loader The class loader used to resolve factory classes.
*
* @throws KeystoreIsLocked Occurs when the requested key keystore cannot
* be used because it has not been unlocked.
@@ -80,6 +81,7 @@
* @param trustStore The trust keystore name as provided by listKeystores.
* The KeystoreInstance for this keystore must have
* unlocked this key.
+ * @param loader The class loader used to resolve factory classes.
*
* @throws KeystoreIsLocked Occurs when the requested key keystore cannot
* be used because it has not been unlocked.
@@ -89,6 +91,28 @@
*/
public SSLSocketFactory createSSLFactory(String provider, String protocol, String algorithm,
String keyStore, String keyAlias, String trustStore, ClassLoader loader)
+ throws KeystoreIsLocked, KeyIsLocked, NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, KeyManagementException, NoSuchProviderException;
+
+
+ /**
+ * Gets a SocketFactory using one Keystore to access the private key
+ * and another to provide the list of trusted certificate authorities.
+ * @param provider The SSL provider to use, or null for the default
+ * @param protocol The SSL protocol to use
+ * @param algorithm The SSL algorithm to use
+ * @param trustStore The trust keystore name as provided by listKeystores.
+ * The KeystoreInstance for this keystore must have
+ * unlocked this key.
+ * @param loader The class loader used to resolve factory classes.
+ *
+ * @throws KeystoreIsLocked Occurs when the requested key keystore cannot
+ * be used because it has not been unlocked.
+ * @throws KeyIsLocked Occurs when the requested private key in the key
+ * keystore cannot be used because it has not been
+ * unlocked.
+ */
+ public SSLSocketFactory createSSLFactory(String provider, String protocol, String algorithm,
+ String trustStore, ClassLoader loader)
throws KeystoreIsLocked, KeyIsLocked, NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, KeyManagementException, NoSuchProviderException;
/**
Modified: geronimo/branches/1.1/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreInstance.java
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.1/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreInstance.java?rev=406135&r1=406134&r2=406135&view=diff
==============================================================================
--- geronimo/branches/1.1/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreInstance.java (original)
+++ geronimo/branches/1.1/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreInstance.java Sat May 13 11:02:28 2006
@@ -200,7 +200,12 @@
public void setKeyPasswords(String passwords) {} // Just so the kernel sees the new value
- public boolean isKeyUnlocked(String alias) {
+ /**
+ * Checks whether the specified private key is locked, which is to say,
+ * available for other components to use to generate socket factories.
+ * Does not check whether the unlock password is actually correct.
+ */
+ public boolean isKeyLocked(String alias) {
return keyPasswords.get(alias) == null;
}
Modified: geronimo/branches/1.1/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreManager.java
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.1/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreManager.java?rev=406135&r1=406134&r2=406135&view=diff
==============================================================================
--- geronimo/branches/1.1/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreManager.java (original)
+++ geronimo/branches/1.1/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreManager.java Sat May 13 11:02:28 2006
@@ -177,31 +177,76 @@
/**
* Gets a SocketFactory using one Keystore to access the private key
* and another to provide the list of trusted certificate authorities.
- * @param provider The SSL provider to use, or null for the default
- * @param protocol The SSL protocol to use
- * @param algorithm The SSL algorithm to use
- * @param keyStore The key keystore name as provided by listKeystores. The
- * KeystoreInstance for this keystore must be unlocked.
- * @param keyAlias The name of the private key in the keystore. The
- * KeystoreInstance for this keystore must have unlocked
- * this key.
+ *
+ * @param provider The SSL provider to use, or null for the default
+ * @param protocol The SSL protocol to use
+ * @param algorithm The SSL algorithm to use
* @param trustStore The trust keystore name as provided by listKeystores.
* The KeystoreInstance for this keystore must have
* unlocked this key.
+ * @param loader The class loader used to resolve factory classes.
*
- * @throws KeystoreIsLocked Occurs when the requested key keystore cannot
- * be used because it has not been unlocked.
- * @throws KeyIsLocked Occurs when the requested private key in the key
- * keystore cannot be used because it has not been
- * unlocked.
+ * @return A created SSLSocketFactory item created from the KeystoreManager.
+ * @throws KeystoreIsLocked
+ * Occurs when the requested key keystore cannot
+ * be used because it has not been unlocked.
+ * @throws KeyIsLocked
+ * Occurs when the requested private key in the key
+ * keystore cannot be used because it has not been
+ * unlocked.
+ * @throws NoSuchAlgorithmException
+ * @throws UnrecoverableKeyException
+ * @throws KeyStoreException
+ * @throws KeyManagementException
+ * @throws NoSuchProviderException
+ */
+ public SSLSocketFactory createSSLFactory(String provider, String protocol, String algorithm, String trustStore, ClassLoader loader) throws KeystoreIsLocked, KeyIsLocked, NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, KeyManagementException, NoSuchProviderException {
+ // typically, the keyStore and the keyAlias are not required if authentication is also not required.
+ return createSSLFactory(provider, protocol, algorithm, null, null, trustStore, loader);
+ }
+
+ /**
+ * Gets a SocketFactory using one Keystore to access the private key
+ * and another to provide the list of trusted certificate authorities.
+ *
+ * @param provider The SSL provider to use, or null for the default
+ * @param protocol The SSL protocol to use
+ * @param algorithm The SSL algorithm to use
+ * @param keyStore The key keystore name as provided by listKeystores. The
+ * KeystoreInstance for this keystore must be unlocked.
+ * @param keyAlias The name of the private key in the keystore. The
+ * KeystoreInstance for this keystore must have unlocked
+ * this key.
+ * @param trustStore The trust keystore name as provided by listKeystores.
+ * The KeystoreInstance for this keystore must have
+ * unlocked this key.
+ * @param loader The class loader used to resolve factory classes.
+ *
+ * @return A created SSLSocketFactory item created from the KeystoreManager.
+ * @throws KeystoreIsLocked
+ * Occurs when the requested key keystore cannot
+ * be used because it has not been unlocked.
+ * @throws KeyIsLocked
+ * Occurs when the requested private key in the key
+ * keystore cannot be used because it has not been
+ * unlocked.
+ * @throws NoSuchAlgorithmException
+ * @throws UnrecoverableKeyException
+ * @throws KeyStoreException
+ * @throws KeyManagementException
+ * @throws NoSuchProviderException
*/
public SSLSocketFactory createSSLFactory(String provider, String protocol, String algorithm, String keyStore, String keyAlias, String trustStore, ClassLoader loader) throws KeystoreIsLocked, KeyIsLocked, NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, KeyManagementException, NoSuchProviderException {
- KeystoreInstance keyInstance = getKeystore(keyStore);
- if(keyInstance.isKeystoreLocked()) {
- throw new KeystoreIsLocked("Keystore '"+keyStore+"' is locked; please use the keystore page in the admin console to unlock it");
- }
- if(keyInstance.isKeyUnlocked(keyAlias)) {
- throw new KeystoreIsLocked("Key '"+keyAlias+"' in keystore '"+keyStore+"' is locked; please use the keystore page in the admin console to unlock it");
+ // the keyStore is optional.
+ KeystoreInstance keyInstance = null;
+ if (keyStore != null) {
+ keyInstance = getKeystore(keyStore);
+ if(keyInstance.isKeystoreLocked()) {
+ throw new KeystoreIsLocked("Keystore '"+keyStore+"' is locked; please use the keystore page in the admin console to unlock it");
+ }
+ if(keyInstance.isKeyLocked(keyAlias)) {
+ throw new KeystoreIsLocked("Key '"+keyAlias+"' in keystore '"+keyStore+"' is locked; please use the keystore page in the admin console to unlock it");
+ }
}
KeystoreInstance trustInstance = trustStore == null ? null : getKeystore(trustStore);
if(trustInstance != null && trustInstance.isKeystoreLocked()) {
@@ -215,7 +260,8 @@
Class kmc = loader.loadClass("[Ljavax.net.ssl.KeyManager;");
Class tmc = loader.loadClass("[Ljavax.net.ssl.TrustManager;");
Class src = loader.loadClass("java.security.SecureRandom");
- cls.getMethod("init", new Class[]{kmc, tmc, src}).invoke(ctx, new Object[]{keyInstance.getKeyManager(algorithm, keyAlias),
+ cls.getMethod("init", new Class[]{kmc, tmc, src}).invoke(ctx, new Object[]{
+ keyInstance == null ? null : keyInstance.getKeyManager(algorithm, keyAlias),
trustInstance == null ? null : trustInstance.getTrustManager(algorithm),
new java.security.SecureRandom()});
Object result = cls.getMethod("getSocketFactory", new Class[0]).invoke(ctx, new Object[0]);
@@ -240,6 +286,7 @@
* @param trustStore The trust keystore name as provided by listKeystores.
* The KeystoreInstance for this keystore must have
* unlocked this key.
+ * @param loader The class loader used to resolve factory classes.
*
* @throws KeystoreIsLocked Occurs when the requested key keystore cannot
* be used because it has not been unlocked.
@@ -247,33 +294,12 @@
* keystore cannot be used because it has not been
* unlocked.
*/
- /**
- * Create an SSLServerSocketFactory configured from the
- * appropriate characteristics.
- *
- * @param provider The JSSE provider to use (optional).
- * @param protocol The protocol we need a factory for.
- * @param algorithm A particular algoritm to use.
- * @param keyStore The keystore the factory should be configured with.
- * @param keyAlias
- * @param trustStore The trustStore to use for managing trust certificates.
- * @param loader The ClassLoader instance for loading the factory.
- *
- * @return An SSLServerSocketFactory instance.
- * @exception KeystoreIsLocked
- * @exception KeyIsLocked
- * @exception NoSuchAlgorithmException
- * @exception UnrecoverableKeyException
- * @exception KeyStoreException
- * @exception KeyManagementException
- * @exception NoSuchProviderException
- */
public SSLServerSocketFactory createSSLServerFactory(String provider, String protocol, String algorithm, String keyStore, String keyAlias, String trustStore, ClassLoader loader) throws KeystoreIsLocked, KeyIsLocked, NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, KeyManagementException, NoSuchProviderException {
KeystoreInstance keyInstance = getKeystore(keyStore);
if(keyInstance.isKeystoreLocked()) {
throw new KeystoreIsLocked("Keystore '"+keyStore+"' is locked; please use the keystore page in the admin console to unlock it");
}
- if(keyInstance.isKeyUnlocked(keyAlias)) {
+ if(keyInstance.isKeyLocked(keyAlias)) {
throw new KeystoreIsLocked("Key '"+keyAlias+"' in keystore '"+keyStore+"' is locked; please use the keystore page in the admin console to unlock it");
}
KeystoreInstance trustInstance = trustStore == null ? null : getKeystore(trustStore);