Author: gnodet
Date: Tue Jul 1 09:16:00 2008
New Revision: 673127
URL: http://svn.apache.org/viewvc?rev=673127&view=rev
Log:
Add security layer, to be independant of both smx3 and smx4
Added:
servicemix/components/shared-libraries/trunk/servicemix-common/src/main/java/org/apache/servicemix/common/security/
servicemix/components/shared-libraries/trunk/servicemix-common/src/main/java/org/apache/servicemix/common/security/AuthenticationService.java
servicemix/components/shared-libraries/trunk/servicemix-common/src/main/java/org/apache/servicemix/common/security/KeystoreInstance.java
servicemix/components/shared-libraries/trunk/servicemix-common/src/main/java/org/apache/servicemix/common/security/KeystoreManager.java
Added:
servicemix/components/shared-libraries/trunk/servicemix-common/src/main/java/org/apache/servicemix/common/security/AuthenticationService.java
URL:
http://svn.apache.org/viewvc/servicemix/components/shared-libraries/trunk/servicemix-common/src/main/java/org/apache/servicemix/common/security/AuthenticationService.java?rev=673127&view=auto
==============================================================================
---
servicemix/components/shared-libraries/trunk/servicemix-common/src/main/java/org/apache/servicemix/common/security/AuthenticationService.java
(added)
+++
servicemix/components/shared-libraries/trunk/servicemix-common/src/main/java/org/apache/servicemix/common/security/AuthenticationService.java
Tue Jul 1 09:16:00 2008
@@ -0,0 +1,56 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.servicemix.common.security;
+
+import java.security.GeneralSecurityException;
+import java.lang.reflect.Proxy;
+import java.lang.reflect.InvocationHandler;
+import java.lang.reflect.Method;
+
+import javax.security.auth.Subject;
+
+/**
+ * Interface for the authentication service.
+ *
+ */
+public interface AuthenticationService {
+
+ /**
+ * Authenticate a user given its name and credentials.
+ * Upon sucessfull completion, the subject should be populated
+ * with the user known principals.
+ *
+ * @param subject the subject to populate
+ * @param domain the security domain to use
+ * @param user the user name
+ * @param credentials the user credntials
+ * @throws GeneralSecurityException if the user can not be authenticated
+ */
+ void authenticate(Subject subject, String domain, String user, Object
credentials) throws GeneralSecurityException;
+
+ public static final class Proxy {
+ public static AuthenticationService create(final Object target) {
+ return (AuthenticationService)
java.lang.reflect.Proxy.newProxyInstance(null, new Class[] {
AuthenticationService.class }, new InvocationHandler() {
+ public Object invoke(Object proxy, Method method, Object[]
args) throws Throwable {
+ Object o = target.getClass().getMethod(method.getName(),
method.getParameterTypes()).invoke(proxy, args);
+ return o;
+ }
+ });
+ }
+ }
+
+}
Added:
servicemix/components/shared-libraries/trunk/servicemix-common/src/main/java/org/apache/servicemix/common/security/KeystoreInstance.java
URL:
http://svn.apache.org/viewvc/servicemix/components/shared-libraries/trunk/servicemix-common/src/main/java/org/apache/servicemix/common/security/KeystoreInstance.java?rev=673127&view=auto
==============================================================================
---
servicemix/components/shared-libraries/trunk/servicemix-common/src/main/java/org/apache/servicemix/common/security/KeystoreInstance.java
(added)
+++
servicemix/components/shared-libraries/trunk/servicemix-common/src/main/java/org/apache/servicemix/common/security/KeystoreInstance.java
Tue Jul 1 09:16:00 2008
@@ -0,0 +1,68 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.servicemix.common.security;
+
+import java.security.PrivateKey;
+import java.security.GeneralSecurityException;
+import java.security.cert.Certificate;
+import java.lang.reflect.InvocationHandler;
+import java.lang.reflect.Method;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.TrustManager;
+
+/**
+ * Based on http://svn.apache.org/repos/asf/geronimo/trunk/modules/management/
+ *
src/java/org/apache/geronimo/management/geronimo/KeystoreInstance.java
+ *
+ * @version $Rev: $ $Date: $
+ */
+public interface KeystoreInstance {
+
+ String getName();
+
+ String[] listPrivateKeys();
+
+ String[] listTrustCertificates();
+
+ Certificate getCertificate(String alias);
+
+ String getCertificateAlias(Certificate cert);
+
+ Certificate[] getCertificateChain(String alias);
+
+ PrivateKey getPrivateKey(String alias);
+
+ boolean isKeystoreLocked();
+
+ boolean isKeyLocked(String keyAlias);
+
+ KeyManager[] getKeyManager(String algorithm, String keyAlias) throws
GeneralSecurityException;
+
+ TrustManager[] getTrustManager(String algorithm) throws
GeneralSecurityException;
+
+ public static final class Proxy {
+ public static KeystoreInstance create(final Object target) {
+ return (KeystoreInstance)
java.lang.reflect.Proxy.newProxyInstance(null, new Class[] {
KeystoreInstance.class }, new InvocationHandler() {
+ public Object invoke(Object proxy, Method method, Object[]
args) throws Throwable {
+ Object o = target.getClass().getMethod(method.getName(),
method.getParameterTypes()).invoke(proxy, args);
+ return o;
+ }
+ });
+ }
+ }
+}
Added:
servicemix/components/shared-libraries/trunk/servicemix-common/src/main/java/org/apache/servicemix/common/security/KeystoreManager.java
URL:
http://svn.apache.org/viewvc/servicemix/components/shared-libraries/trunk/servicemix-common/src/main/java/org/apache/servicemix/common/security/KeystoreManager.java?rev=673127&view=auto
==============================================================================
---
servicemix/components/shared-libraries/trunk/servicemix-common/src/main/java/org/apache/servicemix/common/security/KeystoreManager.java
(added)
+++
servicemix/components/shared-libraries/trunk/servicemix-common/src/main/java/org/apache/servicemix/common/security/KeystoreManager.java
Tue Jul 1 09:16:00 2008
@@ -0,0 +1,100 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.servicemix.common.security;
+
+import java.security.GeneralSecurityException;
+import java.lang.reflect.InvocationHandler;
+import java.lang.reflect.Method;
+
+import javax.net.ssl.SSLServerSocketFactory;
+import javax.net.ssl.SSLSocketFactory;
+
+/**
+ * Based on http://svn.apache.org/repos/asf/geronimo/trunk/modules/management/
+ *
src/java/org/apache/geronimo/management/geronimo/KeystoreManager.java
+ *
+ */
+public interface KeystoreManager {
+
+ KeystoreInstance getKeystore(String name);
+
+ /**
+ * Gets a ServerSocketFactory using one Keystore to access the private key
+ * and another to provide the list of trusted certificate authorities.
+ * @param provider
+ * @param protocol The SSL protocol to use
+ * @param algorithm The SSL algorithm to use
+ * @param keyStore The key keystore name as provided by listKeystores. The
+ * KeystoreInstance for this keystore must be unlocked.
+ * @param keyAlias The name of the private key in the keystore. The
+ * KeystoreInstance for this keystore must have unlocked
+ * this key.
+ * @param trustStore The trust keystore name as provided by listKeystores.
+ * The KeystoreInstance for this keystore must have
+ * unlocked this key.
+ *
+ * @throws KeystoreIsLocked Occurs when the requested key keystore cannot
+ * be used because it has not been unlocked.
+ * @throws KeyIsLocked Occurs when the requested private key in the key
+ * keystore cannot be used because it has not been
+ * unlocked.
+ */
+ SSLServerSocketFactory createSSLServerFactory(String provider, String
protocol,
+ String algorithm, String
keyStore,
+ String keyAlias, String
trustStore) throws GeneralSecurityException;
+
+ /**
+ * Gets a SocketFactory using one Keystore to access the private key
+ * and another to provide the list of trusted certificate authorities.
+ * @param provider The SSL provider to use, or null for the default
+ * @param protocol The SSL protocol to use
+ * @param algorithm The SSL algorithm to use
+ * @param keyStore The key keystore name as provided by listKeystores. The
+ * KeystoreInstance for this keystore must be unlocked.
+ * @param keyAlias The name of the private key in the keystore. The
+ * KeystoreInstance for this keystore must have unlocked
+ * this key.
+ * @param trustStore The trust keystore name as provided by listKeystores.
+ * The KeystoreInstance for this keystore must have
+ * unlocked this key.
+ *
+ * @throws KeystoreIsLocked Occurs when the requested key keystore cannot
+ * be used because it has not been unlocked.
+ * @throws KeyIsLocked Occurs when the requested private key in the key
+ * keystore cannot be used because it has not been
+ * unlocked.
+ * @throws GeneralSecurityException
+ */
+ SSLSocketFactory createSSLFactory(String provider, String protocol,
+ String algorithm, String keyStore,
+ String keyAlias, String trustStore)
throws GeneralSecurityException;
+
+
+ public static final class Proxy {
+ public static KeystoreManager create(final Object target) {
+ return (KeystoreManager)
java.lang.reflect.Proxy.newProxyInstance(null, new Class[] {
KeystoreManager.class }, new InvocationHandler() {
+ public Object invoke(Object proxy, Method method, Object[]
args) throws Throwable {
+ Object o = target.getClass().getMethod(method.getName(),
method.getParameterTypes()).invoke(proxy, args);
+ if (method.getName().equals("getKeystore")) {
+ o = KeystoreInstance.Proxy.create(o);
+ }
+ return o;
+ }
+ });
+ }
+ }
+}
