[prev in list] [next in list] [prev in thread] [next in thread]
List: jboss-cvs-commits
Subject: [jboss-cvs] jboss-tomcat/src/main/org/jboss/net/ssl ...
From: Scott Stark <scott.stark () jboss ! com>
Date: 2005-04-30 4:50:35
Message-ID: E1DRjw3-0003Eb-1b () committer01 ! frg ! pub ! inap ! atl ! jboss ! com
[Download RAW message or body]
User: starksm
Date: 05/04/30 00:50:35
Modified: src/main/org/jboss/net/ssl JBossImplementation.java
JBossSocketFactory.java
Log:
Update to subclass the org.apache.tomcat.util.net.jsse.JSSE14SocketFactory and pass \
the key and trust stores to the JSSE14SocketFactory.
Revision Changes Path
1.2 +30 -19 \
jboss-tomcat/src/main/org/jboss/net/ssl/JBossImplementation.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: JBossImplementation.java
================================================================== RCS file: \
/cvsroot/jboss/jboss-tomcat/src/main/org/jboss/net/ssl/JBossImplementation.java,v \
retrieving revision 1.1 retrieving revision 1.2
diff -u -b -r1.1 -r1.2
--- JBossImplementation.java 4 Aug 2003 23:31:41 -0000 1.1
+++ JBossImplementation.java 30 Apr 2005 04:50:35 -0000 1.2
@@ -1,30 +1,41 @@
/*
- * JBoss, the OpenSource EJB server
+ * JBoss, Home of Professional Open Source
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
package org.jboss.net.ssl;
-import java.net.Socket;
-import javax.net.ssl.SSLSocket;
-
import org.apache.tomcat.util.net.ServerSocketFactory;
import org.apache.tomcat.util.net.jsse.JSSEImplementation;
+/**
+ * Extend the default tomcat JSSEImplementation to use the JBossSocketFactory
+ * for integration with the SecurityDomain based key/trust store configuration
+ *
+ * @see JSSEImplementation
+ * @see JBossSocketFactory
+ * @see org.jboss.security.SecurityDomain
+ *
+ * @author Scott.Stark@jboss.org
+ * @version $Revision: 1.2 $
+ */
public class JBossImplementation
- extends JSSEImplementation {
-
+ extends JSSEImplementation
+{
public JBossImplementation()
- throws ClassNotFoundException {
+ throws ClassNotFoundException
+ {
super();
}
- public String getImplementationName(){
+ public String getImplementationName()
+ {
return "JBoss";
}
- public ServerSocketFactory getServerSocketFactory() {
+ public ServerSocketFactory getServerSocketFactory()
+ {
return new JBossSocketFactory();
}
1.2 +121 -55 \
jboss-tomcat/src/main/org/jboss/net/ssl/JBossSocketFactory.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: JBossSocketFactory.java
================================================================== RCS file: \
/cvsroot/jboss/jboss-tomcat/src/main/org/jboss/net/ssl/JBossSocketFactory.java,v \
retrieving revision 1.1 retrieving revision 1.2
diff -u -b -r1.1 -r1.2
--- JBossSocketFactory.java 4 Aug 2003 23:31:41 -0000 1.1
+++ JBossSocketFactory.java 30 Apr 2005 04:50:35 -0000 1.2
@@ -1,5 +1,5 @@
/*
- * JBoss, the OpenSource EJB server
+ * JBoss, Home of Professional Open Source
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
@@ -7,65 +7,131 @@
package org.jboss.net.ssl;
import java.io.IOException;
-import java.net.InetAddress;
-import java.net.ServerSocket;
-import java.net.Socket;
+import java.security.KeyStore;
import javax.naming.InitialContext;
import javax.naming.NamingException;
-import javax.net.ServerSocketFactory;
-import javax.net.ssl.SSLSocket;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.KeyManagerFactory;
import org.jboss.security.SecurityDomain;
-import org.jboss.security.ssl.DomainServerSocketFactory;
+import org.apache.tomcat.util.net.jsse.JSSE14SocketFactory;
+/**
+ * Extends the tomcat JSSE14SocketFactory to obtain the server key and trust
+ * stores from the SecurityDomain defined by the securityDomain attribute
+ * of the connector.
+ *
+ */
public class JBossSocketFactory
- extends org.apache.tomcat.util.net.ServerSocketFactory {
-
- private DomainServerSocketFactory socketFactory;
+ extends JSSE14SocketFactory
+{
+ private SecurityDomain securityDomain;
+
+ public JBossSocketFactory()
+ {
+ }
- public void setAttribute(String name, Object value) {
- if (name.equals("algorithm")) {
- try {
+ public void setAttribute(String name, Object value)
+ {
+ if (name.equalsIgnoreCase("securityDomain"))
+ {
+ try
+ {
setSecurityDomainName((String) value);
- } catch (Exception e) {
- throw new IllegalArgumentException(e.getMessage());
+ }
+ catch (Exception e)
+ {
+ IllegalArgumentException ex + new \
IllegalArgumentException("Failed to set security domain"); + \
ex.initCause(e); + throw ex;
}
}
+ super.setAttribute(name, value);
}
+ /**
+ * Set the SecurityDomain to use for the key/trust stores
+ *
+ * @param jndiName - the jndi name of the SecurityDomain binding
+ * @throws NamingException
+ * @throws IOException
+ */
public void setSecurityDomainName(String jndiName)
- throws NamingException, IOException {
+ throws NamingException, IOException
+ {
InitialContext iniCtx = new InitialContext();
- SecurityDomain securityDomain - (SecurityDomain) \
iniCtx.lookup(jndiName);
- socketFactory = new DomainServerSocketFactory(securityDomain);
+ securityDomain = (SecurityDomain) iniCtx.lookup(jndiName);
}
- public ServerSocket createSocket(int port)
- throws IOException {
- return createSocket(port, 50, null);
+ /**
+ * Gets the SSL server's keystore from the SecurityDomain.
+ *
+ * @param type - ignored, this comes from the security domain config
+ * @param pass - ignore, this comes from the security domain config
+ * @return the KeyStore for the server cert
+ * @throws IOException
+ */
+ protected KeyStore getKeystore(String type, String pass)
+ throws IOException
+ {
+ return securityDomain.getKeyStore();
}
- public ServerSocket createSocket(int port, int backlog)
- throws IOException {
- return createSocket(port, backlog, null);
- }
+ /*
+ * Gets the SSL server's truststore from the SecurityDomain.
- public ServerSocket createSocket(int port, int backlog,
- InetAddress ifAddress)
- throws IOException {
- return socketFactory.createServerSocket(port, backlog, ifAddress);
+ * @param type - ignored, this comes from the security domain config
+ * @return the KeyStore for the trusted signers store
+ */
+ protected KeyStore getTrustStore(String type) throws IOException
+ {
+ return securityDomain.getTrustStore();
}
- public Socket acceptSocket(ServerSocket socket)
- throws IOException {
- return socket.accept();
- }
+ /**
+ * Override to obtain the TrustManagers from the security domain.
+ *
+ * @param keystoreType - ignored, this comes from the security domain
+ * @param algorithm - ignored, this comes from the security domain
+ * @return the array of TrustManagers from the security domain
+ * @throws Exception
+ */
+ protected TrustManager[] getTrustManagers(String keystoreType, String \
algorithm) + throws Exception
+ {
+ TrustManagerFactory tmf = securityDomain.getTrustManagerFactory();
+ TrustManager[] trustMgrs = null;
- public void handshake(Socket sock)
- throws IOException {
- ((SSLSocket)sock).startHandshake();
+ if( tmf != null )
+ {
+ trustMgrs = tmf.getTrustManagers();
+ }
+ return trustMgrs;
}
+ /**
+ * Override to obtain the KeyManagers from the security domain.
+ *
+ * @param keystoreType - ignored, this comes from the security domain
+ * @param algorithm - ignored, this comes from the security domain
+ * @param keyAlias - ignored
+ * @return the array of KeyManagers from the security domain
+ * @throws Exception
+ */
+ protected KeyManager[] getKeyManagers(String keystoreType, String algorithm,
+ String keyAlias)
+ throws Exception
+ {
+ KeyManagerFactory kmf = securityDomain.getKeyManagerFactory();
+ KeyManager[] keyMgrs = null;
+ if( kmf != null )
+ {
+ keyMgrs = kmf.getKeyManagers();
+ }
+ return keyMgrs;
+ }
}
-------------------------------------------------------
This SF.Net email is sponsored by: NEC IT Guy Games.
Get your fingers limbered up and give it your best shot. 4 great events, 4
opportunities to win big! Highest score wins.NEC IT Guy Games. Play to
win an NEC 61 plasma display. Visit http://www.necitguy.com/?r
_______________________________________________
jboss-cvs-commits mailing list
jboss-cvs-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-cvs-commits
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic