| Fields Summary |
|---|
| private static final String | DEFAULT_KEYSTORE_PASS |
| private static final String | DEFAULT_TRUSTSTORE_PASS |
| private static final String | KEYSTORE_PASS_PROP |
| private static final String | TRUSTSTORE_PASS_PROP |
| private static final String | HTTPS_OUTBOUND_KEY_ALIAS |
| private static Logger | _logger |
| private static com.sun.enterprise.server.pluggable.SecuritySupport | secSupp |
| private static boolean | hasKey |
| private static KeyManager | keyManager |
| private static TrustManager | trustManager |
| private static KeyStore | mergedTrustStore |
| private static final Date | initDate |
| private static boolean | initialized |
| private static com.sun.enterprise.config.clientbeans.Ssl | appclientSsl |
| Methods Summary |
|---|
| private static void | checkCertificateDates(java.security.KeyStore store)
Enumeration<String> aliases = store.aliases();
while (aliases.hasMoreElements()) {
Certificate cert = store.getCertificate(aliases.nextElement());
if (cert instanceof X509Certificate) {
if (((X509Certificate) cert).getNotAfter().before(initDate)) {
_logger.log(Level.SEVERE,
"java_security.expired_certificate",
cert);
}
}
}
|
| public static com.sun.enterprise.config.clientbeans.Ssl | getAppclientSsl()
return appclientSsl;
|
| public static javax.net.ssl.KeyManager[] | getKeyManagers()
return new KeyManager[] { keyManager };
|
| public static java.security.KeyStore | getKeyStore()
return getKeyStores()[0];
|
| public static java.lang.String | getKeyStorePass()
//XXX need to revisit if the value should be cached
return System.getProperty(KEYSTORE_PASS_PROP, DEFAULT_KEYSTORE_PASS);
|
| public static java.security.KeyStore[] | getKeyStores()
return secSupp.getKeyStores();
|
| public static java.security.KeyStore | getMergedTrustStore()This API is for temporary purpose. It will be removed once JSR 196
is updated.
return mergedTrustStore;
|
| public static java.security.KeyStore.PrivateKeyEntry | getPrivateKeyEntryFromTokenAlias(java.lang.String certNickname)Get a PrivateKeyEntry with certNickName is of the form
[<TokenName>:]alias where alias is an key entry.
PrivateKeyEntry privKeyEntry = null;
if (certNickname != null) {
int ind = certNickname.indexOf(':");
KeyStore[] kstores = getKeyStores();
int count = -1;
String aliasName = certNickname;
if (ind != -1) {
String[] tokens = secSupp.getTokenNames();
String tokenName = certNickname.substring(0, ind);
aliasName = certNickname.substring(ind + 1);
for (int i = 0; i < tokens.length; i++) {
if (tokenName.equals(tokens[i])) {
count = i;
}
}
}
String[] passwords = secSupp.getKeyStorePasswords();
if (count != -1 && passwords.length >= count) {
Key key = kstores[count].getKey(
aliasName, passwords[count].toCharArray());
if (key instanceof PrivateKey) {
PrivateKey privKey = (PrivateKey)key;
Certificate[] certs = kstores[count].getCertificateChain(
aliasName);
privKeyEntry = new PrivateKeyEntry(privKey, certs);
}
} else {
for (int i = 0; i < kstores.length; i++) {
Key key = kstores[i].getKey(
aliasName, passwords[i].toCharArray());
if (key != null && key instanceof PrivateKey) {
PrivateKey privKey = (PrivateKey)key;
Certificate[] certs =
kstores[i].getCertificateChain(
aliasName);
privKeyEntry = new PrivateKeyEntry(privKey, certs);
break;
}
}
}
passwords = null;
}
return privKeyEntry;
|
| public static javax.net.ssl.TrustManager[] | getTrustManagers()
return new TrustManager[] { trustManager };
|
| public static java.security.KeyStore | getTrustStore()
return getTrustStores()[0];
|
| public static java.lang.String | getTrustStorePass()
//XXX need to revisit if the value should be cached
return System.getProperty(TRUSTSTORE_PASS_PROP, DEFAULT_TRUSTSTORE_PASS);
|
| public static java.security.KeyStore[] | getTrustStores()
return secSupp.getTrustStores();
|
| private static void | initKeyManagers(java.security.KeyStore[] kstores, java.lang.String[] pwds)
ArrayList keyManagers = new ArrayList();
for (int i = 0; i < kstores.length; i++) {
checkCertificateDates(kstores[i]);
KeyManagerFactory kmf = KeyManagerFactory.getInstance(
KeyManagerFactory.getDefaultAlgorithm());
kmf.init(kstores[i], pwds[i].toCharArray());
KeyManager[] kmgrs = kmf.getKeyManagers();
if (kmgrs != null) {
for (int j = 0; j < kmgrs.length; j++) {
keyManagers.add(kmgrs[j]);
}
}
}
keyManager = new UnifiedX509KeyManager(
(X509KeyManager [])keyManagers.toArray(
new X509KeyManager[keyManagers.size()]),
secSupp.getTokenNames());
|
| public static synchronized void | initStoresAtStartup()
if (initialized) {
return;
}
SSLSocketFactory.setManagers(getKeyManagers(), getTrustManagers());
// Creating a default SSLContext and HttpsURLConnection for clients
// that use Https
SSLContext ctx = SSLContext.getInstance("TLS");
String keyAlias = System.getProperty(HTTPS_OUTBOUND_KEY_ALIAS);
KeyManager[] kMgrs = getKeyManagers();
if (keyAlias != null && keyAlias.length() > 0 && kMgrs != null) {
for (int i = 0; i < kMgrs.length; i++) {
kMgrs[i] = new J2EEKeyManager((X509KeyManager)kMgrs[i], keyAlias);
}
}
ctx.init(kMgrs, getTrustManagers(), null);
HttpsURLConnection.setDefaultSSLSocketFactory(ctx.getSocketFactory());
initialized = true;
|
| private static void | initTrustManagers(java.security.KeyStore[] tstores)
ArrayList trustManagers = new ArrayList();
for (int i = 0; i < tstores.length; i++) {
checkCertificateDates(tstores[i]);
TrustManagerFactory tmf = TrustManagerFactory.getInstance(
TrustManagerFactory.getDefaultAlgorithm());
tmf.init(tstores[i]);
TrustManager[] tmgrs = tmf.getTrustManagers();
if (tmgrs != null) {
for (int j = 0; j < tmgrs.length; j++) {
trustManagers.add(tmgrs[j]);
}
}
}
if (trustManagers.size() == 1) {
trustManager = (TrustManager)trustManagers.get(0);
} else {
trustManager = new UnifiedX509TrustManager((X509TrustManager [])trustManagers.toArray(new X509TrustManager[trustManagers.size()]));
}
|
| public static boolean | isKeyAvailable()This method checks whether a private key is available or not.
return hasKey;
|
| public static boolean | isTokenKeyAlias(java.lang.String certNickname)Check whether given String is of the form [<TokenName>:]alias
where alias is an key entry.
boolean isTokenKeyAlias = false;
if (certNickname != null) {
int ind = certNickname.indexOf(':");
KeyStore[] kstores = getKeyStores();
int count = -1;
String aliasName = null;
if (ind != -1) {
String[] tokens = secSupp.getTokenNames();
String tokenName = certNickname.substring(0, ind);
aliasName = certNickname.substring(ind + 1);
for (int i = 0; i < tokens.length; i++) {
if (tokenName.equals(tokens[i])) {
count = i;
}
}
}
if (count != -1) {
isTokenKeyAlias = kstores[count].isKeyEntry(aliasName);
} else {
for (int i = 0; i < kstores.length; i++) {
if (kstores[i].isKeyEntry(certNickname)) {
isTokenKeyAlias = true;
break;
}
}
}
}
return isTokenKeyAlias;
|
| private static java.security.KeyStore | mergingTrustStores(java.security.KeyStore[] trustStores)
KeyStore mergedStore = null;
try {
mergedStore = KeyStore.getInstance("CaseExactJKS");
} catch(KeyStoreException ex) {
mergedStore = KeyStore.getInstance("JKS");
}
String[] passwords = secSupp.getKeyStorePasswords();
mergedStore.load(null,
passwords[passwords.length - 1].toCharArray());
String[] tokens = secSupp.getTokenNames();
for (int i = 0; i < trustStores.length; i++) {
Enumeration aliases = trustStores[i].aliases();
while (aliases.hasMoreElements()) {
String alias = (String)aliases.nextElement();
Certificate cert = trustStores[i].getCertificate(alias);
//need to preserve the token:alias name format
String alias2 = (i < tokens.length - 1)? tokens[i] + ":" + alias : alias;
String alias3 = alias2;
boolean alreadyInStore = false;
Certificate aCert = null;
int count = 1;
while ((aCert = mergedStore.getCertificate(alias3)) != null) {
if (aCert.equals(cert)) {
alreadyInStore = true;
break;
}
alias3 = alias2 + "__" + count++;
}
if (!alreadyInStore) {
mergedStore.setCertificateEntry(alias3, cert);
}
}
}
return mergedStore;
|
| public static void | setAppclientSsl(com.sun.enterprise.config.clientbeans.Ssl ssl)
appclientSsl = ssl;
|
