001 /**
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements. See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License. You may obtain a copy of the License at
008 *
009 * http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017 package org.apache.geronimo.corba.security.config.ssl;
018
019 import org.apache.geronimo.management.geronimo.KeystoreManager;
020
021 import javax.net.ssl.KeyManagerFactory;
022 import javax.net.ssl.SSLServerSocketFactory;
023 import javax.net.ssl.SSLSocketFactory;
024 import org.apache.geronimo.management.geronimo.KeystoreException;
025
026 /**
027 * An active SSL configuration. The SSL configuration
028 * identifies the KeystoreManager instance to be used
029 * for SSL connections, as well as the specifics
030 * of the certificates to be used for the connections.
031 *
032 * The socket factories attached to the CORBA ORBs
033 * used the SSLConfig to retrieve SocketFactory instances
034 * for creating the secure sockets.
035 * @version $Rev: 706640 $ $Date: 2008-10-21 14:44:05 +0000 (Tue, 21 Oct 2008) $
036 */
037 public class SSLConfig {
038 private KeystoreManager manager;
039 private String provider;
040 private String keyStore;
041 private String trustStore;
042 private String keyAlias;
043 private String algorithm = "default";
044 private String protocol = "SSL";
045
046 /**
047 * Default GBean constructor.
048 */
049 public SSLConfig() {
050 manager = null;
051 }
052
053 /**
054 * "Normal" constructor for config items.
055 *
056 * @param keystoreManager
057 * The keystoreManager instance used to create SSL sockets
058 * for this configuration.
059 */
060 public SSLConfig(KeystoreManager keystoreManager) {
061 manager = keystoreManager;
062 }
063
064
065 /**
066 * Create an SSLServerSocketFactory instance for creating
067 * server-side SSL connections.
068 *
069 * @param loader The class loader used to resolve classes required
070 * by the KeystoreManager.
071 *
072 * @return An SSLServerSocketFactory instance created with the
073 * SSLConfig specifices.
074 *
075 * @throws KeystoreException
076 * When a problem occurs while creating the factory.
077 */
078 public SSLSocketFactory createSSLFactory(ClassLoader loader) throws KeystoreException {
079 if (manager != null) {
080 // fix up the default algorithm now.
081 if ("default".equalsIgnoreCase(algorithm)) {
082 this.algorithm = KeyManagerFactory.getDefaultAlgorithm();
083 }
084 // the keystore manager does all of the heavy lifting
085 return manager.createSSLFactory(provider, protocol, algorithm, keyStore, keyAlias, trustStore, loader);
086 }
087 else {
088 return (SSLSocketFactory) SSLSocketFactory.getDefault();
089 }
090 }
091
092 /**
093 * Create an SSLSocketFactory instance for creating
094 * client-side SSL connections.
095 *
096 * @param loader The class loader used to resolve classes required
097 * by the KeystoreManager.
098 *
099 * @return An SSLSocketFactory instance created with the
100 * SSLConfig specifices.
101 *
102 * @throws KeystoreException
103 * When a problem occurs while creating the factory.
104 */
105 public SSLServerSocketFactory createSSLServerFactory(ClassLoader loader) throws KeystoreException {
106 if (manager != null) {
107 // fix up the default algorithm now.
108 if ("default".equalsIgnoreCase(algorithm)) {
109 this.algorithm = KeyManagerFactory.getDefaultAlgorithm();
110 }
111 // the keystore manager does all of the heavy lifting
112 return manager.createSSLServerFactory(provider, protocol, algorithm, keyStore, keyAlias, trustStore, loader);
113 }
114 else {
115 return (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
116 }
117 }
118
119 /**
120 * Get the protocol to be used by this SSL configuration.
121 * Normally, this is just "SSL".
122 *
123 * @return The String name of the configuration protocol.
124 */
125 public String getProtocol() {
126 return protocol;
127 }
128
129 /**
130 * Set the protocol to be used by this configuration.
131 *
132 * @param protocol The new protocol name.
133 */
134 public void setProtocol(String protocol) {
135 this.protocol = protocol;
136 }
137
138
139 /**
140 * Retrieve the encryption provider to be used for
141 * these connnections.
142 *
143 * @return The current provider name.
144 */
145 public String getProvider() {
146 return provider;
147 }
148
149 /**
150 * Set a new encryption provider for the SSL access.
151 *
152 * @param provider The new provider name.
153 */
154 public void setProvider(String provider) {
155 this.provider = provider;
156 }
157
158 /**
159 * The encryption algorithm to use.
160 *
161 * @return The current encryption algorithm.
162 */
163 public String getAlgorithm() {
164 return algorithm;
165 }
166
167 /**
168 * Algorithm to use.
169 * As different JVMs have different implementations available, the default algorithm can be used by supplying the value "Default".
170 *
171 * @param algorithm the algorithm to use, or "Default" to use the default from {@link javax.net.ssl.KeyManagerFactory#getDefaultAlgorithm()}
172 */
173 public void setAlgorithm(String algorithm) {
174 // cache the value so the null
175 this.algorithm = algorithm;
176 }
177
178 /**
179 * Set the name of the keystore to be used for this
180 * connection. This must be the name of a keystore
181 * stored within the KeystoreManager instance.
182 *
183 * @param keyStore The key store String name.
184 */
185 public void setKeyStore(String keyStore) {
186 this.keyStore = keyStore;
187 }
188
189 /**
190 * Retrieve the name of the keystore.
191 *
192 * @return The String key store name.
193 */
194 public String getKeyStore() {
195 return keyStore;
196 }
197
198 /**
199 * Set the name of the truststore to be used for
200 * connections. The truststore must map to one
201 * managed by the KeystoreManager instance.
202 *
203 * @param trustStore The new trustStore name.
204 */
205 public void setTrustStore(String trustStore) {
206 this.trustStore = trustStore;
207 }
208
209 /**
210 * Retrieve the in-use truststore name.
211 *
212 * @return The String name of the trust store.
213 */
214 public String getTrustStore() {
215 return trustStore;
216 }
217
218 /**
219 * Set the key alias to be used for the connection.
220 *
221 * @param keyAlias The String name of the key alias.
222 */
223 public void setKeyAlias(String keyAlias) {
224 this.keyAlias = keyAlias;
225 }
226
227 /**
228 * Retrieve the key alias name to use.
229 *
230 * @return The String name of the key alias.
231 */
232 public String getKeyAlias() {
233 return keyAlias;
234 }
235 }
236