Changeset 7306
- Timestamp:
- 09/08/10 14:12:30 (11 years ago)
- Location:
- TI12-security/trunk/EsgYadisParser/src/org/earthsystemgrid/security
- Files:
-
- 1 edited
- 1 moved
Legend:
- Unmodified
- Added
- Removed
-
TI12-security/trunk/EsgYadisParser/src/org/earthsystemgrid/security/DnWhitelistX509TrustMgr.java
r7305 r7306 15 15 import javax.net.ssl.TrustManagerFactory; 16 16 import javax.net.ssl.X509TrustManager; 17 import javax.security.auth.x500.X500Principal; 18 19 import org.earthsystemgrid.security.exceptions.DnWhitelistX509TrustMgrInitException; 17 20 18 21 19 public class DnWhite ListBasedX509TrustManager implements X509TrustManager {22 public class DnWhitelistX509TrustMgr implements X509TrustManager { 20 23 21 protected Principal [] certificateDnWhiteList;24 protected X500Principal [] certificateDnWhiteList; 22 25 23 26 /* … … 28 31 X509TrustManager pkixTrustManager; 29 32 30 public DnWhite ListBasedX509TrustManager(Principal[] certificateDnWhiteList,33 public DnWhitelistX509TrustMgr(X500Principal[] certificateDnWhiteList, 31 34 String keyStoreFilePath, 32 String keyStorePassphrase) throws Exception {35 String keyStorePassphrase) throws DnWhitelistX509TrustMgrInitException { 33 36 34 37 this.certificateDnWhiteList = certificateDnWhiteList; 38 39 TrustManagerFactory tmf = null; 40 try { 41 tmf = TrustManagerFactory.getInstance("PKIX"); 42 43 } catch (NoSuchAlgorithmException e) { 44 throw new DnWhitelistX509TrustMgrInitException("Instantiating "+ 45 "\"PKIX\" trust manager", e); 46 } 35 47 36 48 FileInputStream kis = null; 49 KeyStore ks = null; 37 50 38 if (keyStoreFilePath == null) 39 kis = new FileInputStream("trustedCerts"); 40 else 41 kis = new FileInputStream(keyStoreFilePath); 51 if (keyStoreFilePath != null) 52 { 53 try { 54 kis = new FileInputStream(keyStoreFilePath); 55 56 } catch (FileNotFoundException e) { 57 // TODO Auto-generated catch block 58 throw new DnWhitelistX509TrustMgrInitException("Error reading "+ 59 "\"" + keyStoreFilePath + "\" keystore", e); 60 } 42 61 43 // create a "default" JSSE X509TrustManager. 44 KeyStore ks = KeyStore.getInstance("JKS"); 45 ks.load(kis, 46 keyStorePassphrase == null ? 47 null : keyStorePassphrase.toCharArray()); 48 49 TrustManagerFactory tmf = 50 TrustManagerFactory.getInstance("PKIX"); 51 tmf.init(ks); 52 62 // Create a "default" JSSE X509TrustManager. 63 try { 64 ks = KeyStore.getInstance("JKS"); 65 66 } catch (KeyStoreException e) { 67 throw new DnWhitelistX509TrustMgrInitException("Instantiating "+ 68 "new Java keystore", e); 69 } 70 71 try { 72 ks.load(kis, keyStorePassphrase == null ? 73 null : keyStorePassphrase.toCharArray()); 74 75 } catch (NoSuchAlgorithmException e) { 76 throw new DnWhitelistX509TrustMgrInitException("Error reading "+ 77 "\"" + keyStoreFilePath + "\" keystore", e); 78 79 } catch (CertificateException e) { 80 throw new DnWhitelistX509TrustMgrInitException("Error reading "+ 81 "\"" + keyStoreFilePath + "\" keystore", e); 82 83 } catch (IOException e) { 84 throw new DnWhitelistX509TrustMgrInitException("Error reading "+ 85 "\"" + keyStoreFilePath + "\" keystore", e); 86 } 87 } 88 89 try { 90 tmf.init(ks); 91 } catch (KeyStoreException e) { 92 throw new DnWhitelistX509TrustMgrInitException("Initialising "+ 93 "\"PKIX\" trust manager", e); 94 } 95 53 96 TrustManager tms [] = tmf.getTrustManagers(); 54 97 55 98 /* 56 * Iterate over the returned trustmanagers, look 57 * for an instance of X509TrustManager. If found, 58 * use that as our "default" trust manager. 99 * Iterate over the returned trustmanagers, look for an instance of 100 * X509TrustManager. If found, use that as our "default" trust manager. 59 101 */ 60 for ( int i = 0; i < tms.length; i++) {61 if (tm s[i]instanceof X509TrustManager) {62 pkixTrustManager = (X509TrustManager) tm s[i];102 for (Object tm : tms) { 103 if (tm instanceof X509TrustManager) { 104 pkixTrustManager = (X509TrustManager) tm; 63 105 return; 64 106 } … … 66 108 67 109 /* 68 * Find some other way to initialize, or else we have to fail the 69 * constructor. 110 * Got to here so no X509TrustManager was found 70 111 */ 71 throw new Exception("Couldn't initialize"); 112 throw new DnWhitelistX509TrustMgrInitException("No X509TrustManager " + 113 "found in trust manager factory instance"); 72 114 } 73 115 … … 93 135 // If chain is OK following previous check, then execute whitelisting of 94 136 // DN 95 Principal subject= null;137 X500Principal peerCertDN = null; 96 138 97 139 if (certificateDnWhiteList == null) … … 100 142 for (X509Certificate cert : certList) 101 143 { 102 subject = cert.getSubjectDN();144 peerCertDN = cert.getSubjectX500Principal(); 103 145 104 146 for (Principal dn : certificateDnWhiteList) 105 if ( subject == dn)147 if (peerCertDN.equals(dn)) 106 148 return; 107 149 } 108 150 throw new CertificateException("No match for peer certificate " + 109 subject + 110 "against Certificate DN whitelist"); 151 peerCertDN + "against Certificate DN whitelist"); 111 152 } 112 153 -
TI12-security/trunk/EsgYadisParser/src/org/earthsystemgrid/security/yadis/YadisRetrieval.java
r7305 r7306 19 19 import javax.net.ssl.SSLSocketFactory; 20 20 import javax.net.ssl.X509TrustManager; 21 import javax.security.auth.x500.X500Principal; 21 22 22 import org.earthsystemgrid.security.DnWhiteListBasedX509TrustManager; 23 import org.earthsystemgrid.security.DnWhitelistX509TrustMgr; 24 import org.earthsystemgrid.security.exceptions.DnWhitelistX509TrustMgrInitException; 23 25 import org.earthsystemgrid.security.yadis.exception.XrdsParseException; 24 26 import org.earthsystemgrid.security.yadis.exception.YadisRetrievalException; … … 35 37 public class YadisRetrieval 36 38 { 37 public static String retrieve(URL yadisURL) throws IOException, 38 NoSuchAlgorithmException, KeyManagementException, CertificateException, 39 KeyStoreException 39 public static String retrieve(URL yadisURL) throws YadisRetrievalException 40 40 { 41 41 // Experimenting with Trust Manager for whitelisting 42 X509TrustManager xtm = new DnWhiteListBasedX509TrustManager(null, null, null); 42 X509TrustManager xtm; 43 44 X500Principal [] whitelist = { 45 new X500Principal("CN=ceda.ac.uk, OU=RAL-SPBU, O=Science and Technology Facilities Council, C=GB") 46 }; 47 48 // Create trust manager with given whitelist and default keystore 49 try { 50 xtm = new DnWhitelistX509TrustMgr(whitelist, null, null); 51 } catch (DnWhitelistX509TrustMgrInitException e) { 52 throw new YadisRetrievalException("Creating trust manager", e); 53 } 54 43 55 X509TrustManager tm[] = {xtm}; 44 SSLContext ctx = SSLContext.getInstance("SSL"); 45 ctx.init(null, tm, null); 56 SSLContext ctx = null; 57 try { 58 ctx = SSLContext.getInstance("SSL"); 59 60 } catch (NoSuchAlgorithmException e) { 61 throw new YadisRetrievalException("Getting SSL context", e); 62 } 63 64 try { 65 ctx.init(null, tm, null); 66 } catch (KeyManagementException e) { 67 throw new YadisRetrievalException("Initialising SSL context", e); 68 } 69 46 70 SSLSocketFactory socketFactory = ctx.getSocketFactory(); 47 71 48 HttpsURLConnection connection = (HttpsURLConnection) 49 yadisURL.openConnection(); 72 HttpsURLConnection connection = null; 73 try { 74 connection = (HttpsURLConnection)yadisURL.openConnection(); 75 } catch (IOException e) { 76 throw new YadisRetrievalException("Making connection", e); 77 } 50 78 connection.setSSLSocketFactory(socketFactory); 51 79 52 InputStream ins = connection.getInputStream(); 80 InputStream ins = null; 81 try { 82 ins = connection.getInputStream(); 83 } catch (IOException e) { 84 throw new YadisRetrievalException("Getting input stream", e); 85 } 53 86 InputStreamReader isr = new InputStreamReader(ins); 54 87 BufferedReader in = new BufferedReader(isr); … … 56 89 String inputLine = null; 57 90 58 while ((inputLine = in.readLine()) != null) 59 { 60 buf.append(inputLine); 61 buf.append(System.getProperty("line.separator")); 62 } 63 in.close(); 91 try { 92 while ((inputLine = in.readLine()) != null) 93 { 94 buf.append(inputLine); 95 buf.append(System.getProperty("line.separator")); 96 } 97 in.close(); 98 } catch (IOException e) { 99 throw new YadisRetrievalException("Reading content", e); 100 } 64 101 65 102 return buf.toString(); … … 71 108 { 72 109 String yadisDocContent; 73 try { 74 yadisDocContent = retrieve(yadisURL); 75 } catch (KeyManagementException e) { 76 throw new YadisRetrievalException("Error retrieving " + yadisURL, e); 77 } catch (NoSuchAlgorithmException e) { 78 throw new YadisRetrievalException("Error retrieving " + yadisURL, e); 79 } catch (CertificateException e) { 80 throw new YadisRetrievalException("Error retrieving " + yadisURL, e); 81 } catch (KeyStoreException e) { 82 throw new YadisRetrievalException("Error retrieving " + yadisURL, e); 83 } catch (IOException e) { 84 throw new YadisRetrievalException("Error retrieving " + yadisURL, e); 85 } 110 yadisDocContent = retrieve(yadisURL); 86 111 87 Xrds xrdsDoc = new XrdsDoc();112 XrdsDoc xrdsDoc = new XrdsDoc(); 88 113 List serviceElems = xrdsDoc.parse(yadisDocContent, targetTypes); 89 114 return serviceElems; … … 94 119 YadisRetrieval yadis = new YadisRetrieval(); 95 120 96 //URL yadisURL = new URL("https://ceda.ac.uk/openid/Philip.Kershaw");97 URL yadisURL = new URL("https://localhost:7443/openid/PJKershaw");121 URL yadisURL = new URL("https://ceda.ac.uk/openid/Philip.Kershaw"); 122 // URL yadisURL = new URL("https://localhost:7443/openid/PJKershaw"); 98 123 String content = null; 99 124 try { 100 125 content = YadisRetrieval.retrieve(yadisURL); 101 } catch (KeyManagementException e) { 102 // TODO Auto-generated catch block 103 e.printStackTrace(); 104 } catch (NoSuchAlgorithmException e) { 105 // TODO Auto-generated catch block 106 e.printStackTrace(); 107 } catch (CertificateException e) { 108 // TODO Auto-generated catch block 109 e.printStackTrace(); 110 } catch (KeyStoreException e) { 126 } catch (YadisRetrievalException e) { 111 127 // TODO Auto-generated catch block 112 128 e.printStackTrace(); 113 129 } 114 System.out.println(content); 130 131 System.out.println("Yadis content = " + content); 115 132 116 133 List<XrdsServiceElem> serviceElems = null; … … 128 145 } 129 146 147 if (serviceElems.isEmpty()) 148 System.out.println("No services found for " + elem[0] + " type"); 149 130 150 for (XrdsServiceElem serviceElem : serviceElems) 131 151 System.out.println(serviceElem);
Note: See TracChangeset
for help on using the changeset viewer.
