001 /** 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017 package org.apache.geronimo.corba.security.config.ssl; 018 019 import org.apache.geronimo.management.geronimo.KeystoreManager; 020 021 import javax.net.ssl.KeyManagerFactory; 022 import javax.net.ssl.SSLServerSocketFactory; 023 import javax.net.ssl.SSLSocketFactory; 024 import org.apache.geronimo.management.geronimo.KeystoreException; 025 026 /** 027 * An active SSL configuration. The SSL configuration 028 * identifies the KeystoreManager instance to be used 029 * for SSL connections, as well as the specifics 030 * of the certificates to be used for the connections. 031 * 032 * The socket factories attached to the CORBA ORBs 033 * used the SSLConfig to retrieve SocketFactory instances 034 * for creating the secure sockets. 035 * @version $Rev: 706640 $ $Date: 2008-10-21 14:44:05 +0000 (Tue, 21 Oct 2008) $ 036 */ 037 public class SSLConfig { 038 private KeystoreManager manager; 039 private String provider; 040 private String keyStore; 041 private String trustStore; 042 private String keyAlias; 043 private String algorithm = "default"; 044 private String protocol = "SSL"; 045 046 /** 047 * Default GBean constructor. 048 */ 049 public SSLConfig() { 050 manager = null; 051 } 052 053 /** 054 * "Normal" constructor for config items. 055 * 056 * @param keystoreManager 057 * The keystoreManager instance used to create SSL sockets 058 * for this configuration. 059 */ 060 public SSLConfig(KeystoreManager keystoreManager) { 061 manager = keystoreManager; 062 } 063 064 065 /** 066 * Create an SSLServerSocketFactory instance for creating 067 * server-side SSL connections. 068 * 069 * @param loader The class loader used to resolve classes required 070 * by the KeystoreManager. 071 * 072 * @return An SSLServerSocketFactory instance created with the 073 * SSLConfig specifices. 074 * 075 * @throws KeystoreException 076 * When a problem occurs while creating the factory. 077 */ 078 public SSLSocketFactory createSSLFactory(ClassLoader loader) throws KeystoreException { 079 if (manager != null) { 080 // fix up the default algorithm now. 081 if ("default".equalsIgnoreCase(algorithm)) { 082 this.algorithm = KeyManagerFactory.getDefaultAlgorithm(); 083 } 084 // the keystore manager does all of the heavy lifting 085 return manager.createSSLFactory(provider, protocol, algorithm, keyStore, keyAlias, trustStore, loader); 086 } 087 else { 088 return (SSLSocketFactory) SSLSocketFactory.getDefault(); 089 } 090 } 091 092 /** 093 * Create an SSLSocketFactory instance for creating 094 * client-side SSL connections. 095 * 096 * @param loader The class loader used to resolve classes required 097 * by the KeystoreManager. 098 * 099 * @return An SSLSocketFactory instance created with the 100 * SSLConfig specifices. 101 * 102 * @throws KeystoreException 103 * When a problem occurs while creating the factory. 104 */ 105 public SSLServerSocketFactory createSSLServerFactory(ClassLoader loader) throws KeystoreException { 106 if (manager != null) { 107 // fix up the default algorithm now. 108 if ("default".equalsIgnoreCase(algorithm)) { 109 this.algorithm = KeyManagerFactory.getDefaultAlgorithm(); 110 } 111 // the keystore manager does all of the heavy lifting 112 return manager.createSSLServerFactory(provider, protocol, algorithm, keyStore, keyAlias, trustStore, loader); 113 } 114 else { 115 return (SSLServerSocketFactory) SSLServerSocketFactory.getDefault(); 116 } 117 } 118 119 /** 120 * Get the protocol to be used by this SSL configuration. 121 * Normally, this is just "SSL". 122 * 123 * @return The String name of the configuration protocol. 124 */ 125 public String getProtocol() { 126 return protocol; 127 } 128 129 /** 130 * Set the protocol to be used by this configuration. 131 * 132 * @param protocol The new protocol name. 133 */ 134 public void setProtocol(String protocol) { 135 this.protocol = protocol; 136 } 137 138 139 /** 140 * Retrieve the encryption provider to be used for 141 * these connnections. 142 * 143 * @return The current provider name. 144 */ 145 public String getProvider() { 146 return provider; 147 } 148 149 /** 150 * Set a new encryption provider for the SSL access. 151 * 152 * @param provider The new provider name. 153 */ 154 public void setProvider(String provider) { 155 this.provider = provider; 156 } 157 158 /** 159 * The encryption algorithm to use. 160 * 161 * @return The current encryption algorithm. 162 */ 163 public String getAlgorithm() { 164 return algorithm; 165 } 166 167 /** 168 * Algorithm to use. 169 * As different JVMs have different implementations available, the default algorithm can be used by supplying the value "Default". 170 * 171 * @param algorithm the algorithm to use, or "Default" to use the default from {@link javax.net.ssl.KeyManagerFactory#getDefaultAlgorithm()} 172 */ 173 public void setAlgorithm(String algorithm) { 174 // cache the value so the null 175 this.algorithm = algorithm; 176 } 177 178 /** 179 * Set the name of the keystore to be used for this 180 * connection. This must be the name of a keystore 181 * stored within the KeystoreManager instance. 182 * 183 * @param keyStore The key store String name. 184 */ 185 public void setKeyStore(String keyStore) { 186 this.keyStore = keyStore; 187 } 188 189 /** 190 * Retrieve the name of the keystore. 191 * 192 * @return The String key store name. 193 */ 194 public String getKeyStore() { 195 return keyStore; 196 } 197 198 /** 199 * Set the name of the truststore to be used for 200 * connections. The truststore must map to one 201 * managed by the KeystoreManager instance. 202 * 203 * @param trustStore The new trustStore name. 204 */ 205 public void setTrustStore(String trustStore) { 206 this.trustStore = trustStore; 207 } 208 209 /** 210 * Retrieve the in-use truststore name. 211 * 212 * @return The String name of the trust store. 213 */ 214 public String getTrustStore() { 215 return trustStore; 216 } 217 218 /** 219 * Set the key alias to be used for the connection. 220 * 221 * @param keyAlias The String name of the key alias. 222 */ 223 public void setKeyAlias(String keyAlias) { 224 this.keyAlias = keyAlias; 225 } 226 227 /** 228 * Retrieve the key alias name to use. 229 * 230 * @return The String name of the key alias. 231 */ 232 public String getKeyAlias() { 233 return keyAlias; 234 } 235 } 236