|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.glite.security.trustmanager.ContextWrapper
public class ContextWrapper
A class wrapping the SSLContext. It adds support for PEM certs, grid proxy certs, timeouts, dynamic reloading of CRLs etc. ContextWrapper.java
Field Summary | |
---|---|
static java.lang.String |
CA_FILES
CA file names |
static java.lang.String |
CA_FILES_DEFAULT
CA files default "/etc/grid-security/certificates/*.0". |
static java.lang.String |
CA_STORE_FILE
CA keystore file name |
static java.lang.String |
CA_STORE_PASSWD
CA store password |
static java.lang.String |
CA_STORE_TYPE
CA store type property name |
FileCertReader |
certReader
The certificate reader instance to use to read the certificates, to avoid initializing it many times. |
static java.lang.String |
CONF_FILE
The config file setting. |
CaseInsensitiveProperties |
config
The settings of this ContextWrapper given in the constructor |
static java.lang.String |
CONNECT_TIMEOUT
The connect timeout setting. |
static java.lang.String |
CREDENTIALS_CERT_FILE
Identity cert property name. |
static java.lang.String |
CREDENTIALS_KEY_FILE
Credential key property name. |
static java.lang.String |
CREDENTIALS_KEY_PASSWD
The password for the private key. |
static java.lang.String |
CREDENTIALS_PROXY_FILE
Identity The credential proxy property name. |
static java.lang.String |
CREDENTIALS_STORE_FILE
identity keystore property names |
static java.lang.String |
CREDENTIALS_STORE_PASSWD
The password for the credential keystore. |
static java.lang.String |
CREDENTIALS_STORE_TYPE
The type of the credential keystore if keystore is used. |
static java.lang.String |
CREDENTIALS_UPDATE_INTERVAL
The name of setting for interval for polling the credentials for update. |
static java.lang.String |
CREDENTIALS_UPDATE_INTERVAL_DEAFULT
Credentials reload interval default "0 s", meaning disabled. |
static java.lang.String |
CRL_ENABLED
The setting for whether the CRL support is enabled or not. |
static java.lang.String |
CRL_ENABLED_DEFAULT
CRL support enabled default: true. |
static java.lang.String |
CRL_FILES
The file definition for the CRL files. |
static java.lang.String |
CRL_FILES_DEFAULT
CRL file default "/etc/grid-security/certificates/*.r0". |
static java.lang.String |
CRL_REQUIRED
The setting for whether the CRLs are required for each of the CAs. |
static java.lang.String |
CRL_REQUIRED_DEFAULT
CRL required default: true. |
static java.lang.String |
CRL_UPDATE_INTERVAL
The setting for interval for CRL updates or polling the trust directory for updates. |
static java.lang.String |
CRL_UPDATE_INTERVAL_DEFAULT
CRL reloading, and trustdir polling interval for updates default: 0, meaning disabled. |
java.util.Vector |
crls
The CRLs of this wrapper. |
static java.lang.String |
GRID_PROXY_STREAM
The stream to load the proxy from |
static java.lang.String |
HOSTNAME_CHECK
The hostname checking setting |
static java.lang.String |
HOSTNAME_CHECK_DEFAULT
The hostname checking default |
javax.net.ssl.KeyManager[] |
identityKeyManagers
The key manager array of this wrapper. |
static java.lang.String |
INT_KEYSTORE_PASSWD
Internal keystore password. |
static java.lang.String |
KEYSTORE_TYPE_DEFAULT
Default keystore type: JKS. |
static java.lang.String |
LOG_CONF_FILE
The file where to load the log4j configuration. |
static java.lang.String |
LOG_FILE
The file to log to. |
OpensslTrustmanager |
m_trustmanager
The new trustmanager instance if the new configuration method is used (Trust directory). |
static java.lang.String |
OVERRIDE_EXPIRATION_CHECK_ON_INIT
Flag to override the credential expiration check on loading for testing purposes only. |
boolean |
overrideExpirationCheck
Switch to bypass the expiration check. |
static java.lang.String |
SSL_PROTOCOL
The SSL protocol to use. |
static java.lang.String |
SSL_PROTOCOL_DEFAULT
SSL protocol default: TLSv1. |
static java.lang.String |
SSL_TIMEOUT_SETTING
timeout for ssl handshake and reading in milliseconds |
static java.lang.String |
TIMEOUT_DEFAULT
Timeout default 1 minute. |
java.util.Vector |
trustAnchors
The trust anchors of this contextWrapper. |
CRLFileTrustManager |
trustManager
The old trustmanager instance if the old configuration method is used. |
static java.lang.String |
TRUSTSTORE_DIR
The trust store setting |
static java.lang.String |
TRUSTSTORE_DIR_DEFAULT
The default trust store dir |
Constructor Summary | |
---|---|
ContextWrapper(java.util.Properties inputConfig)
Creates a new ContextWrapper object. |
|
ContextWrapper(java.util.Properties inputConfig,
boolean wantLog4jConf)
Creates a new ContextWrapper object. |
|
ContextWrapper(java.util.Properties inputConfig,
org.bouncycastle.openssl.PasswordFinder finder)
Creates a new instance of ContextWrapper |
|
ContextWrapper(java.util.Properties inputConfig,
java.security.cert.X509Certificate[] chain,
java.security.PrivateKey key)
Creates a new ContextWrapper object. |
Method Summary | |
---|---|
javax.net.ssl.SSLContext |
getContext()
Returns the underlying SSLContext that is wrapped. |
static long |
getIntervalSecs(java.lang.String intervalBlob)
Parses a string representation of an interval into seconds. |
javax.net.ssl.X509KeyManager |
getKeyManager()
Returns the internal key managers, only for debugging. |
javax.net.ssl.SSLServerSocketFactory |
getServerSocketFactory()
Creates a ServerSocketFactory. |
javax.net.ssl.SSLSocketFactory |
getSocketFactory()
Create a TimeoutSSLSocketFactory instance with the configuration requested. |
void |
init(org.bouncycastle.openssl.PasswordFinder finder,
java.security.cert.X509Certificate[] chain,
java.security.PrivateKey key)
Initializes the key manager. |
void |
initKeyManagers(org.bouncycastle.openssl.PasswordFinder finder)
Initializes the key manager, the key manager will be updating keymanager and updates if the update interval is set. |
void |
initKeyManagers(java.security.cert.X509Certificate[] chain,
java.security.PrivateKey key)
Initializes the key manager, the key manager doesn't know where update from, so it will be not updating by itself. |
void |
loadConfig(java.util.Properties inputConfig,
boolean wantLog4jConfiguration)
Depending on the configuration given either uses the configuration or loads the configuration from a file if the configuration file setting is set. |
void |
stop()
Stops runing updater threads if there is any. |
Methods inherited from class java.lang.Object |
---|
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final java.lang.String CREDENTIALS_PROXY_FILE
public static final java.lang.String CREDENTIALS_UPDATE_INTERVAL
public static final java.lang.String CREDENTIALS_CERT_FILE
public static final java.lang.String CREDENTIALS_KEY_FILE
public static final java.lang.String CREDENTIALS_KEY_PASSWD
public static final java.lang.String CREDENTIALS_STORE_FILE
public static final java.lang.String CREDENTIALS_STORE_TYPE
public static final java.lang.String CREDENTIALS_STORE_PASSWD
public static final java.lang.String CA_FILES
public static final java.lang.String CA_STORE_FILE
public static final java.lang.String CA_STORE_TYPE
public static final java.lang.String CA_STORE_PASSWD
public static final java.lang.String CRL_FILES
public static final java.lang.String CRL_ENABLED
public static final java.lang.String CRL_REQUIRED
public static final java.lang.String CRL_UPDATE_INTERVAL
public static final java.lang.String LOG_CONF_FILE
public static final java.lang.String LOG_FILE
public static final java.lang.String SSL_PROTOCOL
public static final java.lang.String CONF_FILE
public static final java.lang.String SSL_TIMEOUT_SETTING
public static final java.lang.String CONNECT_TIMEOUT
public static final java.lang.String OVERRIDE_EXPIRATION_CHECK_ON_INIT
public static final java.lang.String GRID_PROXY_STREAM
public static final java.lang.String KEYSTORE_TYPE_DEFAULT
public static final java.lang.String CRL_UPDATE_INTERVAL_DEFAULT
public static final java.lang.String CRL_REQUIRED_DEFAULT
public static final java.lang.String SSL_PROTOCOL_DEFAULT
public static final java.lang.String CRL_ENABLED_DEFAULT
public static final java.lang.String CREDENTIALS_UPDATE_INTERVAL_DEAFULT
public static final java.lang.String CA_FILES_DEFAULT
public static final java.lang.String CRL_FILES_DEFAULT
public static final java.lang.String TIMEOUT_DEFAULT
public static final java.lang.String INT_KEYSTORE_PASSWD
public static final java.lang.String TRUSTSTORE_DIR
public static final java.lang.String TRUSTSTORE_DIR_DEFAULT
public static final java.lang.String HOSTNAME_CHECK
public static final java.lang.String HOSTNAME_CHECK_DEFAULT
public CaseInsensitiveProperties config
public javax.net.ssl.KeyManager[] identityKeyManagers
public java.util.Vector trustAnchors
public java.util.Vector crls
public FileCertReader certReader
public CRLFileTrustManager trustManager
public OpensslTrustmanager m_trustmanager
public boolean overrideExpirationCheck
Constructor Detail |
---|
public ContextWrapper(java.util.Properties inputConfig, boolean wantLog4jConf) throws java.io.IOException, java.security.GeneralSecurityException
inputConfig
- the configuration to use.wantLog4jConf
- a flag telling whether log4j should be configured
java.io.IOException
- in case there is a problem reading config file, certificates, key or CRLs.
java.security.GeneralSecurityException
- if there is a problem initializing the SSLContext.public ContextWrapper(java.util.Properties inputConfig) throws java.io.IOException, java.security.GeneralSecurityException
inputConfig
- the configuration to use.
java.io.IOException
- in case there is a problem reading config file, certificates, key or CRLs.
java.security.GeneralSecurityException
- if there is a problem initializing the SSLContext.public ContextWrapper(java.util.Properties inputConfig, java.security.cert.X509Certificate[] chain, java.security.PrivateKey key) throws java.io.IOException, java.security.GeneralSecurityException
inputConfig
- The configuration values given.chain
- the certificate chain to use for authentication.key
- the key to use for authentication.
java.io.IOException
- in case the SSL context initialization fails.
java.security.GeneralSecurityException
public ContextWrapper(java.util.Properties inputConfig, org.bouncycastle.openssl.PasswordFinder finder) throws java.io.IOException, java.security.GeneralSecurityException
inputConfig
- The properties used for configuring the instance of context wrapper.finder
-
java.io.IOException
java.security.GeneralSecurityException
Method Detail |
---|
public void loadConfig(java.util.Properties inputConfig, boolean wantLog4jConfiguration) throws java.io.FileNotFoundException, java.io.IOException
inputConfig
- the configuration values.wantLog4jConfiguration
- switch allowing the bypass of log4j initialization to allow the use of slf4j etc.
java.io.FileNotFoundException
- if the config file pointed to by the config values is not found.
java.io.IOException
- if the config file loading fails.public javax.net.ssl.SSLContext getContext()
public javax.net.ssl.SSLServerSocketFactory getServerSocketFactory() throws javax.net.ssl.SSLException
getServerSocketFactory
in interface SSLContextWrapper
javax.net.ssl.SSLException
- if a problem occurs while creating the factory.public javax.net.ssl.SSLSocketFactory getSocketFactory() throws javax.net.ssl.SSLException
getSocketFactory
in interface SSLContextWrapper
javax.net.ssl.SSLException
- In case of problems an exception is thrown.public void init(org.bouncycastle.openssl.PasswordFinder finder, java.security.cert.X509Certificate[] chain, java.security.PrivateKey key) throws java.security.cert.CertificateException, java.security.GeneralSecurityException, java.io.IOException
finder
- the Password Finder implementation to use to ask the user for password to access the private key.chain
- the certificate chain to be used as credentials.key
- the private key to be used as credential.
java.security.cert.CertificateException
- if certificate reading failed.
java.security.GeneralSecurityException
- in case there is a security violation.
java.security.NoSuchAlgorithmException
- if certificate or key uses unsupported algorithm.
java.io.IOException
- if certificate reading failed.public void initKeyManagers(org.bouncycastle.openssl.PasswordFinder finder) throws java.security.cert.CertificateException, java.security.NoSuchAlgorithmException
finder
- the PasswordFinder implementation to use to ask the user for password to access the private key.
java.security.cert.CertificateException
- if certificate reading failed.
java.security.NoSuchAlgorithmException
- If RSA algorithm is not supported.public void initKeyManagers(java.security.cert.X509Certificate[] chain, java.security.PrivateKey key) throws java.security.cert.CertificateException, java.security.NoSuchAlgorithmException, java.io.IOException
chain
- the certificate chain to be used as credentials.key
- the private key to be used as credential.
java.security.cert.CertificateException
- if certificate reading failed.
java.security.NoSuchAlgorithmException
- if certificate or key uses unsupported algorithm.
java.io.IOException
- if certificate reading failed.public static long getIntervalSecs(java.lang.String intervalBlob)
intervalBlob
- String defining the interval.
public javax.net.ssl.X509KeyManager getKeyManager()
public void stop()
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |