Home » geronimo-2.2-source-release » org.apache.geronimo.corba.security.config.ssl » [javadoc | source]

    1   /**
    2     * Licensed to the Apache Software Foundation (ASF) under one or more
    3     * contributor license agreements.  See the NOTICE file distributed with
    4     * this work for additional information regarding copyright ownership.
    5     * The ASF licenses this file to You under the Apache License, Version 2.0
    6     * (the "License"); you may not use this file except in compliance with
    7     * the License.  You may obtain a copy of the License at
    8     *
    9     *     http://www.apache.org/licenses/LICENSE-2.0
   10     *
   11     * Unless required by applicable law or agreed to in writing, software
   12     * distributed under the License is distributed on an "AS IS" BASIS,
   13     * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   14     * See the License for the specific language governing permissions and
   15     * limitations under the License.
   16     */
   17   package org.apache.geronimo.corba.security.config.ssl;
   18   
   19   import org.apache.geronimo.management.geronimo.KeystoreManager;
   20   
   21   import javax.net.ssl.KeyManagerFactory;
   22   import javax.net.ssl.SSLServerSocketFactory;
   23   import javax.net.ssl.SSLSocketFactory;
   24   import org.apache.geronimo.management.geronimo.KeystoreException;
   25   
   26   /**
   27    * An active SSL configuration.  The SSL configuration
   28    * identifies the KeystoreManager instance to be used
   29    * for SSL connections, as well as the specifics
   30    * of the certificates to be used for the connections.
   31    *
   32    * The socket factories attached to the CORBA ORBs
   33    * used the SSLConfig to retrieve SocketFactory instances
   34    * for creating the secure sockets.
   35    * @version $Rev: 484846 $ $Date: 2006-12-08 15:34:10 -0800 (Fri, 08 Dec 2006) $
   36    */
   37   public class SSLConfig {
   38       private KeystoreManager manager;
   39       private String provider;
   40       private String keyStore;
   41       private String trustStore;
   42       private String keyAlias;
   43       private String algorithm = "default";
   44       private String protocol = "SSL";
   45   
   46       /**
   47        * Default GBean constructor.
   48        */
   49       public SSLConfig() {
   50           manager = null;
   51       }
   52   
   53       /**
   54        * "Normal" constructor for config items.
   55        *
   56        * @param keystoreManager
   57        *               The keystoreManager instance used to create SSL sockets
   58        *               for this configuration.
   59        */
   60       public SSLConfig(KeystoreManager keystoreManager) {
   61           manager = keystoreManager;
   62       }
   63   
   64   
   65       /**
   66        * Create an SSLServerSocketFactory instance for creating
   67        * server-side SSL connections.
   68        *
   69        * @param loader The class loader used to resolve classes required
   70        *               by the KeystoreManager.
   71        *
   72        * @return An SSLServerSocketFactory instance created with the
   73        *         SSLConfig specifices.
   74        *
   75        * @throws KeystoreException
   76        *                When a problem occurs while creating the factory.
   77        */
   78       public SSLSocketFactory createSSLFactory(ClassLoader loader) throws KeystoreException {
   79           if (manager != null) {
   80               // fix up the default algorithm now.
   81               if ("default".equalsIgnoreCase(algorithm)) {
   82                   this.algorithm = KeyManagerFactory.getDefaultAlgorithm();
   83               }
   84               // the keystore manager does all of the heavy lifting
   85               return manager.createSSLFactory(provider, protocol, algorithm, keyStore, keyAlias, trustStore, loader);
   86           }
   87           else {
   88               return (SSLSocketFactory) SSLSocketFactory.getDefault();
   89           }
   90       }
   91   
   92       /**
   93        * Create an SSLSocketFactory instance for creating
   94        * client-side SSL connections.
   95        *
   96        * @param loader The class loader used to resolve classes required
   97        *               by the KeystoreManager.
   98        *
   99        * @return An SSLSocketFactory instance created with the
  100        *         SSLConfig specifices.
  101        *
  102        * @throws KeystoreException
  103        *                When a problem occurs while creating the factory.
  104        */
  105       public SSLServerSocketFactory createSSLServerFactory(ClassLoader loader) throws KeystoreException {
  106           if (manager != null) {
  107               // fix up the default algorithm now.
  108               if ("default".equalsIgnoreCase(algorithm)) {
  109                   this.algorithm = KeyManagerFactory.getDefaultAlgorithm();
  110               }
  111               // the keystore manager does all of the heavy lifting
  112               return manager.createSSLServerFactory(provider, protocol, algorithm, keyStore, keyAlias, trustStore, loader);
  113           }
  114           else {
  115               return (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
  116           }
  117       }
  118   
  119       /**
  120        * Get the protocol to be used by this SSL configuration.
  121        * Normally, this is just "SSL".
  122        *
  123        * @return The String name of the configuration protocol.
  124        */
  125       public String getProtocol() {
  126           return protocol;
  127       }
  128   
  129       /**
  130        * Set the protocol to be used by this configuration.
  131        *
  132        * @param protocol The new protocol name.
  133        */
  134       public void setProtocol(String protocol) {
  135           this.protocol = protocol;
  136       }
  137   
  138   
  139       /**
  140        * Retrieve the encryption provider to be used for
  141        * these connnections.
  142        *
  143        * @return The current provider name.
  144        */
  145       public String getProvider() {
  146           return provider;
  147       }
  148   
  149       /**
  150        * Set a new encryption provider for the SSL access.
  151        *
  152        * @param provider The new provider name.
  153        */
  154       public void setProvider(String provider) {
  155           this.provider = provider;
  156       }
  157   
  158       /**
  159        * The encryption algorithm to use.
  160        *
  161        * @return The current encryption algorithm.
  162        */
  163       public String getAlgorithm() {
  164           return algorithm;
  165       }
  166   
  167       /**
  168        * Algorithm to use.
  169        * As different JVMs have different implementations available, the default algorithm can be used by supplying the value "Default".
  170        *
  171        * @param algorithm the algorithm to use, or "Default" to use the default from {@link javax.net.ssl.KeyManagerFactory#getDefaultAlgorithm()}
  172        */
  173       public void setAlgorithm(String algorithm) {
  174           // cache the value so the null
  175           this.algorithm = algorithm;
  176       }
  177   
  178       /**
  179        * Set the name of the keystore to be used for this
  180        * connection.  This must be the name of a keystore
  181        * stored within the KeystoreManager instance.
  182        *
  183        * @param keyStore The key store String name.
  184        */
  185       public void setKeyStore(String keyStore) {
  186           this.keyStore = keyStore;
  187       }
  188   
  189       /**
  190        * Retrieve the name of the keystore.
  191        *
  192        * @return The String key store name.
  193        */
  194       public String getKeyStore() {
  195           return keyStore;
  196       }
  197   
  198       /**
  199        * Set the name of the truststore to be used for
  200        * connections.  The truststore must map to one
  201        * managed by the KeystoreManager instance.
  202        *
  203        * @param trustStore The new trustStore name.
  204        */
  205       public void setTrustStore(String trustStore) {
  206           this.trustStore = trustStore;
  207       }
  208   
  209       /**
  210        * Retrieve the in-use truststore name.
  211        *
  212        * @return The String name of the trust store.
  213        */
  214       public String getTrustStore() {
  215           return trustStore;
  216       }
  217   
  218       /**
  219        * Set the key alias to be used for the connection.
  220        *
  221        * @param keyAlias The String name of the key alias.
  222        */
  223       public void setKeyAlias(String keyAlias) {
  224           this.keyAlias = keyAlias;
  225       }
  226   
  227       /**
  228        * Retrieve the key alias name to use.
  229        *
  230        * @return The String name of the key alias.
  231        */
  232       public String getKeyAlias() {
  233           return keyAlias;
  234       }
  235   }
  236   

Home » geronimo-2.2-source-release » org.apache.geronimo.corba.security.config.ssl » [javadoc | source]