Author: keith Date: Wed Jul 9 09:44:42 2008 New Revision: 19048 URL: http://wso2.org/svn/browse/wso2?view=rev&revision=19048
Log: Adding Security configuration support to the Mashup Server. This means that we dont need to go to wsasadmin anymore to assign security configurations to a Mashup. Need to do more testing on this and also more work on the client side will be needed. Added: trunk/mashup/java/modules/admin/service/src/org/wso2/mashup/admin/service/MashupSecurityScenarioConfigAdmin.java trunk/mashup/java/modules/core/src/org/wso2/mashup/utils/KeyStoreUtil.java Modified: trunk/mashup/java/modules/admin/service/META-INF/services.xml trunk/mashup/java/modules/admin/service/src/org/wso2/mashup/admin/service/MashupAdminService.java trunk/mashup/java/modules/core/src/org/wso2/mashup/MashupConstants.java trunk/mashup/java/modules/core/src/org/wso2/mashup/utils/CustomProtocolSocketFactory.java trunk/mashup/java/modules/core/src/org/wso2/mashup/utils/MashupArchiveManupulator.java trunk/mashup/java/modules/core/src/org/wso2/mashup/utils/MashupUtils.java trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/utils/RegistryUtils.java trunk/mashup/java/modules/www/js/services.js trunk/mashup/java/modules/www/mashup.jsp Modified: trunk/mashup/java/modules/admin/service/META-INF/services.xml URL: http://wso2.org/svn/browse/wso2/trunk/mashup/java/modules/admin/service/META-INF/services.xml?rev=19048&r1=19047&r2=19048&view=diff ============================================================================== --- trunk/mashup/java/modules/admin/service/META-INF/services.xml (original) +++ trunk/mashup/java/modules/admin/service/META-INF/services.xml Wed Jul 9 09:44:42 2008 @@ -43,6 +43,13 @@ <parameter name="ServiceClass">org.wso2.mashup.admin.service.MashupAdminService</parameter> <schema schemaNamespace="http://service.admin.mashup.wso2.org/xsd"/> </service> + <service name="MashupSecurityScenarioConfigAdmin" scope="transportsession"> + <Description> + This service is used to do security scenario related stuff for the Mashup Server. + </Description> + <parameter name="ServiceClass">org.wso2.mashup.admin.service.MashupSecurityScenarioConfigAdmin</parameter> + <schema schemaNamespace="http://service.admin.mashup.wso2.org/xsd"/> + </service> <service name="MashupDataServiceAdmin" scope="transportsession"> <Description> This service is used to do dataservices related stuff for the Mashup Server. Modified: trunk/mashup/java/modules/admin/service/src/org/wso2/mashup/admin/service/MashupAdminService.java URL: http://wso2.org/svn/browse/wso2/trunk/mashup/java/modules/admin/service/src/org/wso2/mashup/admin/service/MashupAdminService.java?rev=19048&r1=19047&r2=19048&view=diff ============================================================================== --- trunk/mashup/java/modules/admin/service/src/org/wso2/mashup/admin/service/MashupAdminService.java (original) +++ trunk/mashup/java/modules/admin/service/src/org/wso2/mashup/admin/service/MashupAdminService.java Wed Jul 9 09:44:42 2008 @@ -36,6 +36,8 @@ import org.wso2.registry.jdbc.EmbeddedRegistry; import org.wso2.registry.session.UserRegistry; import org.wso2.utils.ServerConfiguration; +import org.wso2.utils.security.CryptoUtil; +import org.wso2.utils.security.CryptoException; import org.wso2.ws.dataservice.DBConstants; import org.wso2.wsas.ServerConstants; import org.wso2.wsas.ServerManager; @@ -48,6 +50,7 @@ import org.wso2.wsas.persistence.dataobject.ServiceDO; import org.wso2.wsas.persistence.dataobject.ServiceIdentifierDO; import org.wso2.wsas.persistence.dataobject.TransportDO; +import org.wso2.wsas.persistence.dataobject.KeyStoreDO; import org.wso2.wsas.persistence.exception.ServiceNotFoundException; import javax.activation.DataHandler; @@ -62,6 +65,10 @@ import java.io.InputStream; import java.io.ByteArrayOutputStream; import java.io.ByteArrayInputStream; +import java.io.FileInputStream; +import java.io.BufferedInputStream; +import java.io.OutputStream; +import java.io.FileOutputStream; import java.util.HashMap; import java.util.Iterator; import java.util.Map; @@ -638,53 +645,77 @@ return Boolean.valueOf(success); } + public Boolean importCert(String userName, String alias, DataHandler cert) throws AxisFault { + String msg; + FileInputStream ksIn = null; + BufferedInputStream ksbufin = null; + OutputStream os = null; + String keyStoreName = userName + MashupConstants.KEY_STORE_SUFFIX; + + try { + ServerConfiguration config = ServerConfiguration.getInstance(); + KeyStoreDO keyStoreDO = pm.getKeyStore(keyStoreName); + KeyStore keyStore = KeyStore.getInstance(keyStoreDO.getKeyStoreType()); + + String ksInPath; + // Check whether the file has a relative path or an absolute path + if (!new File(keyStoreDO.getFilePath()).isAbsolute()) { + String ksDir = config.getFirstProperty("Security.KeyStoresDir"); + ksInPath = ksDir + File.separator + keyStoreDO.getFilePath(); + } else { + ksInPath = keyStoreDO.getFilePath(); + } - public Boolean importCert(String userName, String alias, DataHandler cert) throws MashupFault { - try { + ksIn = new FileInputStream(ksInPath); + ksbufin = new BufferedInputStream(ksIn); + String storePassword = keyStoreDO.getStorePassword(); + String ksFile = config.getFirstProperty("Security.KeyStore.Location"); + if (!new File(ksFile).isAbsolute()) { + ksFile = System.getProperty(ServerConstants.WSO2WSAS_HOME) + + File.separator + ksFile; + } + CryptoUtil cryptoUtil = + new CryptoUtil(ksFile, + config.getFirstProperty("Security.KeyStore.Password"), + config.getFirstProperty("Security.KeyStore.KeyAlias"), + config.getFirstProperty("Security.KeyStore.KeyPassword"), + config.getFirstProperty("Security.KeyStore.Type")); + char[] decryptedStorePass = + new String(cryptoUtil.base64DecodeAndDecrypt(storePassword)).toCharArray(); + keyStore.load(ksbufin, decryptedStorePass); InputStream certIn = cert.getDataSource().getInputStream(); - - Resource useKeyStoreResource = MashupUtils.getUserKeystoreResource(userName); - - KeyStore userKeyStore = KeyStore.getInstance("JKS"); - char[] keyPassphrase = - useKeyStoreResource.getProperty(MashupConstants.USER_KEYSTORE_PASSWORD) - .toCharArray(); - userKeyStore.load(new ByteArrayInputStream((byte[]) useKeyStoreResource.getContent()), - keyPassphrase); - - // Check to prevent alias conflicts int seq = 0; - while (userKeyStore.containsAlias(alias)) { + while (keyStore.containsAlias(alias)) { seq++; alias = alias + "." + seq; } - - userKeyStore.setCertificateEntry(alias, - CertificateFactory.getInstance("X.509"). - generateCertificate(certIn)); - ByteArrayOutputStream newKeyStoreContent = new ByteArrayOutputStream(); - userKeyStore.store(newKeyStoreContent, keyPassphrase); - - // Updating the keystore in registry - if (!MashupUtils.putUserKeystoreResource(userName, newKeyStoreContent.toByteArray())) { - throw new MashupFault( - "An error occured while adding the new certificate. Please refer the log for details."); - } else { - return Boolean.valueOf(true); + keyStore.setCertificateEntry(alias, + CertificateFactory.getInstance("X.509"). + generateCertificate(certIn)); + os = new FileOutputStream(new File(ksInPath)); + keyStore.store(os, decryptedStorePass); + os.flush(); + os.close(); + } catch (Exception e) { + msg = "Could not import certificate. Certificate may be invalid. "; + log.error(msg, e); + throw new AxisFault(msg, e); + } finally { + try { + if (ksIn != null) { + ksIn.close(); + } + if (ksbufin != null) { + ksbufin.close(); + } + if (os != null) { + os.close(); + } + } catch (IOException e) { + log.error("Error occurred while closing keystore file " + keyStoreName, e); } - - } catch (IOException e) { - throw new MashupFault(e); - } catch (KeyStoreException e) { - throw new MashupFault(e); - } catch (CertificateException e) { - throw new MashupFault(e); - } catch (RegistryException e) { - throw new MashupFault(e); - } catch (NoSuchAlgorithmException e) { - throw new MashupFault(e); } - + return Boolean.valueOf(true); } @@ -712,49 +743,73 @@ // Close the socket socket.close(); - // Retrieve the user keystore - Resource useKeyStoreResource = MashupUtils.getUserKeystoreResource(userName); - KeyStore userKeyStore = KeyStore.getInstance("JKS"); - char[] keyPassphrase = - useKeyStoreResource.getProperty(MashupConstants.USER_KEYSTORE_PASSWORD) - .toCharArray(); - userKeyStore.load(new ByteArrayInputStream((byte[]) useKeyStoreResource.getContent()), - keyPassphrase); + FileInputStream ksIn = null; + BufferedInputStream ksbufin = null; + OutputStream os = null; + String keyStoreName = userName + MashupConstants.KEY_STORE_SUFFIX; + ServerConfiguration config = ServerConfiguration.getInstance(); + KeyStoreDO keyStoreDO = pm.getKeyStore(keyStoreName); + KeyStore keyStore = KeyStore.getInstance(keyStoreDO.getKeyStoreType()); + + String ksInPath; + // Check whether the file has a relative path or an absolute path + if (!new File(keyStoreDO.getFilePath()).isAbsolute()) { + String ksDir = config.getFirstProperty("Security.KeyStoresDir"); + ksInPath = ksDir + File.separator + keyStoreDO.getFilePath(); + } else { + ksInPath = keyStoreDO.getFilePath(); + } + + ksIn = new FileInputStream(ksInPath); + ksbufin = new BufferedInputStream(ksIn); + String storePassword = keyStoreDO.getStorePassword(); + String ksFile = config.getFirstProperty("Security.KeyStore.Location"); + if (!new File(ksFile).isAbsolute()) { + ksFile = System.getProperty(ServerConstants.WSO2WSAS_HOME) + + File.separator + ksFile; + } + CryptoUtil cryptoUtil = + new CryptoUtil(ksFile, + config.getFirstProperty("Security.KeyStore.Password"), + config.getFirstProperty("Security.KeyStore.KeyAlias"), + config.getFirstProperty("Security.KeyStore.KeyPassword"), + config.getFirstProperty("Security.KeyStore.Type")); + char[] decryptedStorePass = + new String(cryptoUtil.base64DecodeAndDecrypt(storePassword)).toCharArray(); + keyStore.load(ksbufin, decryptedStorePass); - // Adding the certificate chain to keystore + // Adding the certificate chain to keystore for (int x = 0; x < serverCerts.length; x++) { // Check to prevent alias conflicts int seq = 0; - while (userKeyStore.containsAlias(alias)) { + while (keyStore.containsAlias(alias)) { seq++; alias = alias + "." + seq; } - userKeyStore.setCertificateEntry(alias, serverCerts[x]); + keyStore.setCertificateEntry(alias, serverCerts[x]); } - ByteArrayOutputStream newKeyStoreContent = new ByteArrayOutputStream(); - userKeyStore.store(newKeyStoreContent, keyPassphrase); + os = new FileOutputStream(new File(ksInPath)); + keyStore.store(os, decryptedStorePass); + keyStore.store(os, decryptedStorePass); + os.flush(); + os.close(); // Updating the keystore in registry - if (!MashupUtils.putUserKeystoreResource(userName, newKeyStoreContent.toByteArray())) { - throw new MashupFault( - "An error occured while adding the new certificate. Please refer the log for details."); - } else { - return Boolean.valueOf(true); - } + return Boolean.valueOf(true); } catch (SSLPeerUnverifiedException e) { throw new MashupFault(e); } catch (IOException e) { throw new MashupFault(e); - } catch (RegistryException e) { - throw new MashupFault(e); } catch (NoSuchAlgorithmException e) { throw new MashupFault(e); } catch (KeyStoreException e) { throw new MashupFault(e); } catch (CertificateException e) { throw new MashupFault(e); + } catch (CryptoException e) { + throw new MashupFault(e); } } @@ -762,39 +817,56 @@ public Boolean deleteCert(String userName, String alias) throws MashupFault { try { - Resource useKeyStoreResource = MashupUtils.getUserKeystoreResource(userName); - - KeyStore userKeyStore = KeyStore.getInstance("JKS"); - char[] keyPassphrase = - useKeyStoreResource.getProperty(MashupConstants.USER_KEYSTORE_PASSWORD) - .toCharArray(); - userKeyStore.load(new ByteArrayInputStream((byte[]) useKeyStoreResource.getContent()), - keyPassphrase); - - // deleting the certificate entry from keystore - userKeyStore.deleteEntry(alias); - - ByteArrayOutputStream newKeyStoreContent = new ByteArrayOutputStream(); - userKeyStore.store(newKeyStoreContent, keyPassphrase); - - // Updating the keystore in registry - if (!MashupUtils.putUserKeystoreResource(userName, newKeyStoreContent.toByteArray())) { - throw new MashupFault( - "An error occured while adding the new certificate. Please refer the log for details."); + String keyStoreName = userName + MashupConstants.KEY_STORE_SUFFIX; + ServerConfiguration config = ServerConfiguration.getInstance(); + KeyStoreDO keyStoreDO = pm.getKeyStore(keyStoreName); + KeyStore keyStore = KeyStore.getInstance(keyStoreDO.getKeyStoreType()); + + String ksInPath; + // Check whether the file has a relative path or an absolute path + if (!new File(keyStoreDO.getFilePath()).isAbsolute()) { + String ksDir = config.getFirstProperty("Security.KeyStoresDir"); + ksInPath = ksDir + File.separator + keyStoreDO.getFilePath(); } else { - return Boolean.valueOf(true); + ksInPath = keyStoreDO.getFilePath(); } + FileInputStream ksIn = new FileInputStream(ksInPath); + BufferedInputStream ksbufin = new BufferedInputStream(ksIn); + String storePassword = keyStoreDO.getStorePassword(); + String ksFile = config.getFirstProperty("Security.KeyStore.Location"); + if (!new File(ksFile).isAbsolute()) { + ksFile = System.getProperty(ServerConstants.WSO2WSAS_HOME) + + File.separator + ksFile; + } + CryptoUtil cryptoUtil = + new CryptoUtil(ksFile, + config.getFirstProperty("Security.KeyStore.Password"), + config.getFirstProperty("Security.KeyStore.KeyAlias"), + config.getFirstProperty("Security.KeyStore.KeyPassword"), + config.getFirstProperty("Security.KeyStore.Type")); + char[] decryptedStorePass = + new String(cryptoUtil.base64DecodeAndDecrypt(storePassword)).toCharArray(); + keyStore.load(ksbufin, decryptedStorePass); + // deleting the certificate entry from keystore + keyStore.deleteEntry(alias); + + OutputStream os = new FileOutputStream(new File(ksInPath)); + keyStore.store(os, decryptedStorePass); + os.flush(); + os.close(); + return Boolean.valueOf(true); + } catch (IOException e) { throw new MashupFault(e); } catch (KeyStoreException e) { throw new MashupFault(e); } catch (CertificateException e) { throw new MashupFault(e); - } catch (RegistryException e) { - throw new MashupFault(e); } catch (NoSuchAlgorithmException e) { throw new MashupFault(e); + } catch (CryptoException e) { + throw new MashupFault(e); } } } Added: trunk/mashup/java/modules/admin/service/src/org/wso2/mashup/admin/service/MashupSecurityScenarioConfigAdmin.java URL: http://wso2.org/svn/browse/wso2/trunk/mashup/java/modules/admin/service/src/org/wso2/mashup/admin/service/MashupSecurityScenarioConfigAdmin.java?pathrev=19048 ============================================================================== --- (empty file) +++ trunk/mashup/java/modules/admin/service/src/org/wso2/mashup/admin/service/MashupSecurityScenarioConfigAdmin.java Wed Jul 9 09:44:42 2008 @@ -0,0 +1,44 @@ +package org.wso2.mashup.admin.service; + +import org.wso2.wsas.admin.service.SecurityScenarioConfigAdmin; +import org.wso2.wsas.admin.service.util.SecurityAssignment; +import org.wso2.wsas.persistence.dataobject.SecurityScenarioDO; +import org.wso2.wsas.persistence.dataobject.ServiceIdentifierDO; +import org.wso2.mashup.MashupConstants; +import org.apache.axis2.AxisFault; + +public class MashupSecurityScenarioConfigAdmin extends SecurityScenarioConfigAdmin { + + public SecurityScenarioDO[] getScenarios(String serviceName) { + + SecurityScenarioDO[] securityScenarioDOs = super.getScenarios(serviceName); + for (int i = 0; i < securityScenarioDOs.length; i ++) { + securityScenarioDOs[i].setLastUpdatedTime(null); + } + return securityScenarioDOs; + } + + public SecurityAssignment getSecurityAssignment(String serviceId, String serviceVersion) + throws AxisFault { + return super.getSecurityAssignment(serviceId, serviceVersion); + } + + public void assignSecurityScenario(String serviceName, String scenarioId, String category, String[] users, + String[] roles) throws AxisFault { + String authorName = getAuthorName(serviceName); + String keyStore = authorName + MashupConstants.KEY_STORE_SUFFIX; + if ("ut.related".equals(category)) { + super.assignUsersAndRoles(serviceName, ServiceIdentifierDO.EMPTY_SERVICE_VERSION, scenarioId, users, roles); + } else if ("ut.keystore.related".equals(category)) { + super.assignUsersAndRolesAndKeyStores(serviceName, ServiceIdentifierDO.EMPTY_SERVICE_VERSION, scenarioId, + new String[] {keyStore}, keyStore, users, roles); + } else { + super.assignKeyStores(serviceName, scenarioId, new String[] {keyStore}, keyStore); + } + } + + private String getAuthorName(String serviceName) { + int index = serviceName.indexOf(MashupConstants.SEPARATOR_CHAR); + return serviceName.substring(0,index); + } +} Modified: trunk/mashup/java/modules/core/src/org/wso2/mashup/MashupConstants.java URL: http://wso2.org/svn/browse/wso2/trunk/mashup/java/modules/core/src/org/wso2/mashup/MashupConstants.java?rev=19048&r1=19047&r2=19048&view=diff ============================================================================== --- trunk/mashup/java/modules/core/src/org/wso2/mashup/MashupConstants.java (original) +++ trunk/mashup/java/modules/core/src/org/wso2/mashup/MashupConstants.java Wed Jul 9 09:44:42 2008 @@ -87,11 +87,6 @@ public static final String USERS_PATH = "/users"; - // The path to the individual keystore under every user - public static final String USER_KEYSTORE_PATH = "/keystore"; - public static final String USER_KEYSTORE_TYPE = "user-keystore-type"; - public static final String USER_KEYSTORE_PASSWORD = "user-keystore-password"; - public static final String SYSTEM_PATH = "/system"; public static final String SYSTEM__QUERIES_PATH = SYSTEM_PATH + "/queries"; public static final String PROFILES_PATH = USERS_PATH + "/profile"; @@ -291,6 +286,8 @@ // Default number of entries shows when displaying a paginated list of items. public static final int DEFAULT_PAGE_SIZE = 10; + public static final String KEY_STORE_SUFFIX = "-keystore.jks"; + // Used to persist the remember me option. public static final String REMEMBER_OPENID = "rememberopenid"; Modified: trunk/mashup/java/modules/core/src/org/wso2/mashup/utils/CustomProtocolSocketFactory.java URL: http://wso2.org/svn/browse/wso2/trunk/mashup/java/modules/core/src/org/wso2/mashup/utils/CustomProtocolSocketFactory.java?rev=19048&r1=19047&r2=19048&view=diff ============================================================================== --- trunk/mashup/java/modules/core/src/org/wso2/mashup/utils/CustomProtocolSocketFactory.java (original) +++ trunk/mashup/java/modules/core/src/org/wso2/mashup/utils/CustomProtocolSocketFactory.java Wed Jul 9 09:44:42 2008 @@ -20,8 +20,12 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.wso2.mashup.MashupConstants; -import org.wso2.registry.Resource; -import org.wso2.registry.exceptions.RegistryException; +import org.wso2.utils.ServerConfiguration; +import org.wso2.utils.security.CryptoUtil; +import org.wso2.utils.security.CryptoException; +import org.wso2.wsas.persistence.dataobject.KeyStoreDO; +import org.wso2.wsas.persistence.PersistenceManager; +import org.wso2.wsas.ServerConstants; import javax.net.ssl.SSLContext; import javax.net.ssl.KeyManagerFactory; @@ -32,7 +36,9 @@ import java.net.InetSocketAddress; import java.net.SocketAddress; import java.io.IOException; -import java.io.ByteArrayInputStream; +import java.io.File; +import java.io.FileInputStream; +import java.io.BufferedInputStream; import java.security.KeyStore; import java.security.NoSuchAlgorithmException; import java.security.KeyStoreException; @@ -55,33 +61,64 @@ private SSLContext sslcontext = null; - private Resource userKeyStore = null; + private String username = null; - public CustomProtocolSocketFactory(Resource keyStore) { + public CustomProtocolSocketFactory(String username) { super(); - this.userKeyStore = keyStore; + this.username = username; } private SSLContext createSSLContext() { - String keyStorePass = userKeyStore.getProperty(MashupConstants.USER_KEYSTORE_PASSWORD); - - try { + try { System.setProperty("java.protocol.handler.pkgs", "javax.net.ssl"); SSLContext sslContext = SSLContext.getInstance("TLS"); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509"); - KeyStore keyStore = KeyStore.getInstance("JKS"); - char[] keyPassphrase = keyStorePass.toCharArray(); - keyStore.load(new ByteArrayInputStream((byte[]) this.userKeyStore.getContent()), keyPassphrase); - keyManagerFactory.init(keyStore, keyPassphrase); + String keyStoreName = username + MashupConstants.KEY_STORE_SUFFIX; + ServerConfiguration config = ServerConfiguration.getInstance(); + PersistenceManager pm = new PersistenceManager(); + KeyStoreDO keyStoreDO = pm.getKeyStore(keyStoreName); + KeyStore keyStore = KeyStore.getInstance(keyStoreDO.getKeyStoreType()); + + String ksInPath; + // Check whether the file has a relative path or an absolute path + if (!new File(keyStoreDO.getFilePath()).isAbsolute()) { + String ksDir = config.getFirstProperty("Security.KeyStoresDir"); + ksInPath = ksDir + File.separator + keyStoreDO.getFilePath(); + } else { + ksInPath = keyStoreDO.getFilePath(); + } + + FileInputStream ksIn = new FileInputStream(ksInPath); + BufferedInputStream ksbufin = new BufferedInputStream(ksIn); + String storePassword = keyStoreDO.getStorePassword(); + String ksFile = config.getFirstProperty("Security.KeyStore.Location"); + if (!new File(ksFile).isAbsolute()) { + ksFile = System.getProperty(ServerConstants.WSO2WSAS_HOME) + + File.separator + ksFile; + } + CryptoUtil cryptoUtil = + new CryptoUtil(ksFile, + config.getFirstProperty("Security.KeyStore.Password"), + config.getFirstProperty("Security.KeyStore.KeyAlias"), + config.getFirstProperty("Security.KeyStore.KeyPassword"), + config.getFirstProperty("Security.KeyStore.Type")); + char[] decryptedStorePass = + new String(cryptoUtil.base64DecodeAndDecrypt(storePassword)).toCharArray(); + keyStore.load(ksbufin, decryptedStorePass); + + keyManagerFactory.init(keyStore, decryptedStorePass); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509"); KeyStore trustStore = KeyStore.getInstance("JKS"); - char[] trustPassphrase = keyStorePass.toCharArray(); - trustStore.load(new ByteArrayInputStream((byte[]) this.userKeyStore.getContent()), trustPassphrase); + + ksIn = new FileInputStream(ksInPath); + ksbufin = new BufferedInputStream(ksIn); + + trustStore.load(ksbufin, decryptedStorePass); trustManagerFactory.init(trustStore); sslContext.init(keyManagerFactory.getKeyManagers(), @@ -100,10 +137,10 @@ log.error(e); } catch (KeyManagementException e) { log.error(e); - } catch (RegistryException e) { - log.error(e); } catch (IOException e) { log.error(e); + } catch (CryptoException e) { + log.error(e); } return null; Added: trunk/mashup/java/modules/core/src/org/wso2/mashup/utils/KeyStoreUtil.java URL: http://wso2.org/svn/browse/wso2/trunk/mashup/java/modules/core/src/org/wso2/mashup/utils/KeyStoreUtil.java?pathrev=19048 ============================================================================== --- (empty file) +++ trunk/mashup/java/modules/core/src/org/wso2/mashup/utils/KeyStoreUtil.java Wed Jul 9 09:44:42 2008 @@ -0,0 +1,125 @@ +package org.wso2.mashup.utils; + +import org.wso2.wsas.admin.service.CryptoAdmin; +import org.wso2.wsas.persistence.exception.KeyStoreAlreadyExistsException; +import org.wso2.utils.ServerConfiguration; +import org.wso2.utils.ServerException; +import org.apache.axis2.AxisFault; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import java.io.File; +import java.io.FileInputStream; +import java.io.BufferedInputStream; +import java.io.OutputStream; +import java.io.FileOutputStream; +import java.io.IOException; +import java.security.KeyStore; +import java.security.UnrecoverableKeyException; +import java.util.Enumeration; + +public class KeyStoreUtil { + + private static Log log = LogFactory.getLog(KeyStoreUtil.class); + + public static String addNewKeyStore(String ksFilePath, + String keyStoreName, + String ksPassword, + String pvtKeyAlias, + String pvtKeyPassword, + String keyStoreType, + String provider) throws AxisFault { + ServerConfiguration serverConfig = ServerConfiguration.getInstance(); + File ksFile; + + // Move the KS file from work to WSO2WSAS_HOME/conf/keystores, if there is more than + // 1 Kpr, delete all Kpr which are not equal to pvtKeyAlias + FileInputStream in = null; + BufferedInputStream ksbufin = null; + OutputStream os = null; + try { + + // mkdir keystore + File ksDir = new File(serverConfig.getFirstProperty("Security.KeyStoresDir")); + if (!ksDir.exists()) { + ksDir.mkdirs(); + } + + // Check whether KS file already exists + ksFile = new File(ksDir.getAbsolutePath(), keyStoreName); + if (ksFile.exists()) { + throw new AxisFault("Keystore file " + ksFile.getName() + " already exists!"); + } + + KeyStore keyStore = KeyStore.getInstance(keyStoreType); + in = new FileInputStream(ksFilePath); + ksbufin = new BufferedInputStream(in); + keyStore.load(ksbufin, ksPassword.toCharArray()); //Populate the keystore + + if (!keyStore.isKeyEntry(pvtKeyAlias)) { + return pvtKeyAlias + " is not a key entry"; + } + + keyStore.getKey(pvtKeyAlias, pvtKeyPassword.toCharArray()); + + // Remove all other private keys + Enumeration enumeration = keyStore.aliases(); + while (enumeration.hasMoreElements()) { + String alias = (String) enumeration.nextElement(); + if (keyStore.isKeyEntry(alias) && !alias.equals(pvtKeyAlias)) { + keyStore.deleteEntry(alias); + } + } + + // Move the KS file to WSO2WSAS_HOME/conf/keystores + os = new FileOutputStream(ksFile); + keyStore.store(os, ksPassword.toCharArray()); + in.close(); + os.flush(); + os.close(); + } catch (UnrecoverableKeyException e) { + String msg = "Cannot retrieve private key." + + " Please verify that the password is correct."; + log.error(msg, e); + throw new AxisFault(msg, e); + } catch (Exception e) { + String msg = "Could not add new keystore. "; + log.error(msg, e); + throw new AxisFault(msg + e.getMessage()); + } finally { + try { + if (in != null) { + in.close(); + } + if (ksbufin != null) { + ksbufin.close(); + } + if (os != null) { + os.close(); + } + } catch (IOException e) { + log.error("Error occurred while closing keystore file " + ksFilePath, e); + } + } + + // Store the KS entry in the database + try { + org.wso2.wsas.util.KeyStoreUtil.persistKeyStore(ksFile.getName(), + ksPassword, + keyStoreType, + pvtKeyAlias, + pvtKeyPassword, + provider, + false); + } catch (KeyStoreAlreadyExistsException e) { + String msg = "Cannot add new keystore. "; + log.error(msg, e); + throw new AxisFault(msg, e); + } catch (ServerException e) { + String msg = "Cannot add new keystore. "; + log.error(msg, e); + throw new AxisFault(msg + e.getMessage()); + } + return "Keystore " + keyStoreName + " successfully added."; + } +} Modified: trunk/mashup/java/modules/core/src/org/wso2/mashup/utils/MashupArchiveManupulator.java URL: http://wso2.org/svn/browse/wso2/trunk/mashup/java/modules/core/src/org/wso2/mashup/utils/MashupArchiveManupulator.java?rev=19048&r1=19047&r2=19048&view=diff ============================================================================== --- trunk/mashup/java/modules/core/src/org/wso2/mashup/utils/MashupArchiveManupulator.java (original) +++ trunk/mashup/java/modules/core/src/org/wso2/mashup/utils/MashupArchiveManupulator.java Wed Jul 9 09:44:42 2008 @@ -247,8 +247,7 @@ // Creating a custom protocol based on the user's keystores and trusted certs within if (localUserName != null) { - ProtocolSocketFactory psf = new CustomProtocolSocketFactory( - MashupUtils.getUserKeystoreResource(localUserName)); + ProtocolSocketFactory psf = new CustomProtocolSocketFactory(localUserName); Protocol protocol = new Protocol("custom-https", psf, 443); options.setProperty(HTTPConstants.CUSTOM_PROTOCOL_HANDLER, protocol); } Modified: trunk/mashup/java/modules/core/src/org/wso2/mashup/utils/MashupUtils.java URL: http://wso2.org/svn/browse/wso2/trunk/mashup/java/modules/core/src/org/wso2/mashup/utils/MashupUtils.java?rev=19048&r1=19047&r2=19048&view=diff ============================================================================== --- trunk/mashup/java/modules/core/src/org/wso2/mashup/utils/MashupUtils.java (original) +++ trunk/mashup/java/modules/core/src/org/wso2/mashup/utils/MashupUtils.java Wed Jul 9 09:44:42 2008 @@ -72,11 +72,14 @@ import org.wso2.registry.users.accesscontrol.AccessControlConstants; import org.wso2.utils.ServerConfiguration; import org.wso2.utils.security.CryptoUtil; +import org.wso2.utils.security.CryptoException; import org.wso2.wsas.ServerConstants; import org.wso2.wsas.ServerManager; import org.wso2.wsas.admin.service.util.CertData; import org.wso2.wsas.persistence.PersistenceManager; import org.wso2.wsas.persistence.dataobject.ServiceUserDO; +import org.wso2.wsas.persistence.dataobject.KeyStoreDO; +import org.wso2.wsas.persistence.dataobject.SecurityScenarioDO; import javax.management.InstanceNotFoundException; import javax.management.MBeanException; @@ -102,6 +105,8 @@ import java.io.Reader; import java.io.InputStreamReader; import java.io.ByteArrayInputStream; +import java.io.BufferedInputStream; +import java.io.OutputStream; import java.math.BigInteger; import java.net.MalformedURLException; import java.net.URL; @@ -1139,81 +1144,62 @@ return scripts; } - public static KeyStore getUserKeyStore(String userName) { + public static KeyStore getUserKeyStore(String userName) throws MashupFault { + FileInputStream ksIn = null; + BufferedInputStream ksbufin = null; + OutputStream os = null; + String keyStoreName = userName + MashupConstants.KEY_STORE_SUFFIX; + try { + PersistenceManager pm = new PersistenceManager(); + ServerConfiguration config = ServerConfiguration.getInstance(); + KeyStoreDO keyStoreDO = pm.getKeyStore(keyStoreName); + KeyStore keyStore = KeyStore.getInstance(keyStoreDO.getKeyStoreType()); - // Getting this users keystore from registry - Resource ksResource = getUserKeystoreResource(userName); + String ksInPath; + // Check whether the file has a relative path or an absolute path + if (!new File(keyStoreDO.getFilePath()).isAbsolute()) { + String ksDir = config.getFirstProperty("Security.KeyStoresDir"); + ksInPath = ksDir + File.separator + keyStoreDO.getFilePath(); + } else { + ksInPath = keyStoreDO.getFilePath(); + } - try { - KeyStore keyStore = KeyStore.getInstance("JKS"); - char[] keyPassphrase = - ksResource.getProperty(MashupConstants.USER_KEYSTORE_PASSWORD).toCharArray(); - keyStore.load(new ByteArrayInputStream((byte[]) ksResource.getContent()), - keyPassphrase); + ksIn = new FileInputStream(ksInPath); + ksbufin = new BufferedInputStream(ksIn); + String storePassword = keyStoreDO.getStorePassword(); + String ksFile = config.getFirstProperty("Security.KeyStore.Location"); + if (!new File(ksFile).isAbsolute()) { + ksFile = System.getProperty(ServerConstants.WSO2WSAS_HOME) + + File.separator + ksFile; + } + CryptoUtil cryptoUtil = + new CryptoUtil(ksFile, + config.getFirstProperty("Security.KeyStore.Password"), + config.getFirstProperty("Security.KeyStore.KeyAlias"), + config.getFirstProperty("Security.KeyStore.KeyPassword"), + config.getFirstProperty("Security.KeyStore.Type")); + char[] decryptedStorePass = + new String(cryptoUtil.base64DecodeAndDecrypt(storePassword)).toCharArray(); + keyStore.load(ksbufin, decryptedStorePass); return keyStore; } catch (KeyStoreException e) { log.error(e); + throw new MashupFault(e); } catch (IOException e) { log.error(e); + throw new MashupFault(e); } catch (NoSuchAlgorithmException e) { log.error(e); + throw new MashupFault(e); } catch (CertificateException e) { log.error(e); - } catch (RegistryException e) { - log.error(e); - } - - return null; - } - - public static Resource getUserKeystoreResource(String userName) { - ServerManager serverManager = ServerManager.getInstance(); - ConfigurationContext configContext = serverManager.configContext; - EmbeddedRegistry embeddedRegistry = - (EmbeddedRegistry) configContext.getAxisConfiguration().getParameterValue( - RegistryConstants.REGISTRY); - - try { - UserRegistry systemRegistry = embeddedRegistry.getSystemRegistry(); - String path = MashupConstants.USERS_PATH + "/" + userName + MashupConstants - .USER_KEYSTORE_PATH; - return systemRegistry.get(path); - } catch (RegistryException e) { - log.error(e); - } - - return null; - } - - - public static boolean putUserKeystoreResource(String userName, byte[] keyStoreContent) { - - ServerManager serverManager = ServerManager.getInstance(); - ConfigurationContext configContext = serverManager.configContext; - EmbeddedRegistry embeddedRegistry = - (EmbeddedRegistry) configContext.getAxisConfiguration().getParameterValue( - RegistryConstants.REGISTRY); - - try { - UserRegistry systemRegistry = embeddedRegistry.getSystemRegistry(); - String path = MashupConstants.USERS_PATH + "/" + userName + MashupConstants - .USER_KEYSTORE_PATH; - - // Updating the existing keystore with new content - Resource userKeyStoreResource = getUserKeystoreResource(userName); - userKeyStoreResource.setContent(keyStoreContent); - systemRegistry.put(path, userKeyStoreResource); - - return true; - } catch (RegistryException e) { - log.error(e); + throw new MashupFault(e); + } catch (CryptoException e) { + throw new MashupFault(e); } - - return false; } - - /** + /** * Gets all certificates from a user's keystore * * @param userName The name of the user @@ -1356,8 +1342,7 @@ String username = (String) currentMessageContext.getAxisService().getParameterValue( MashupConstants.MASHUP_AUTHOR_NAME); - return new CustomProtocolSocketFactory( - MashupUtils.getUserKeystoreResource(username)); + return new CustomProtocolSocketFactory(username); } /** @@ -1389,6 +1374,33 @@ return builder.getDocumentElement(); } + public static SecurityScenarioDO[] getSecurityScenarios(String serviceName, String cookieString, + String contextPath) throws MashupFault { + try { + RPCServiceClient serviceClient = new RPCServiceClient(); + ServerManager serverManager = ServerManager.getInstance(); + ConfigurationContext context = serverManager.configContext; + Options options = serviceClient.getOptions(); + options.setAction("urn:getScenarios"); + options.setTo(new EndpointReference("http://localhost:"; + serverManager.getHttpPort() + + contextPath + "/" + context.getServicePath() + + "/MashupSecurityScenarioConfigAdmin/getScenarios")); + options.setProperty(HTTPConstants.COOKIE_STRING, "JSESSIONID=" + cookieString); + options.setManageSession(true); + serviceClient.setOptions(options); + QName operation = new QName("http://service.admin.mashup.wso2.org/xsd";, "getScenarios"); + + // parameters to the service ServiceName string, service file name, + // dataHandler of the bundled archive + Object[] parameters = new Object[] { serviceName }; + Class[] result = new Class[] { SecurityScenarioDO[].class}; + Object[] objects = serviceClient.invokeBlocking(operation, parameters, result); + return (SecurityScenarioDO[]) objects[0]; + } catch (AxisFault axisFault) { + throw new MashupFault(axisFault); + } + } + /** * Calculates the period for which the 'remember me' cookie has to be retained. * @param rememberForever Whether to remember for an extended period or the default time span. @@ -1413,4 +1425,16 @@ } return expireIn; } + + public static boolean isValidMashup(String authorName, String mashup) throws MashupFault { + String mashupName = authorName + MashupConstants.SEPARATOR_CHAR + mashup; + ServerManager serverManager = ServerManager.getInstance(); + AxisConfiguration configuration = serverManager.configContext.getAxisConfiguration(); + AxisService service = configuration.getServiceForActivation(mashupName); + if (service == null) { + throw new MashupFault("Incorrect mashup name. Either the author name or the mashup " + + "Name is incorrect"); + } + return true; + } } Modified: trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/utils/RegistryUtils.java URL: http://wso2.org/svn/browse/wso2/trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/utils/RegistryUtils.java?rev=19048&r1=19047&r2=19048&view=diff ============================================================================== --- trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/utils/RegistryUtils.java (original) +++ trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/utils/RegistryUtils.java Wed Jul 9 09:44:42 2008 @@ -24,6 +24,7 @@ import org.wso2.mashup.utils.QueryResult; import org.wso2.mashup.utils.QueryResults; import org.wso2.mashup.utils.MashupUtils; +import org.wso2.mashup.utils.KeyStoreUtil; import org.wso2.mashup.webapp.userprofile.User; import org.wso2.registry.ActionConstants; import org.wso2.registry.Collection; @@ -44,6 +45,7 @@ import org.wso2.registry.users.accesscontrol.AuthorizingRealmConfig; import org.wso2.utils.ServerConfiguration; import org.wso2.wsas.ServerManager; +import org.wso2.wsas.admin.service.CryptoAdmin; import javax.servlet.ServletContext; import javax.servlet.http.HttpServletRequest; @@ -643,7 +645,7 @@ } // Create the keystore for this user - addUserKeyStore(systemRegistry, userName); + addUserKeyStore(userName); } /** @@ -813,51 +815,34 @@ * Typically, certificates will be added to this store in order to allow https sessions with * outside domains. This store and its certificates will be loaded and used during such sessions. * - * @param registry An instance of the registry * @param userName The username of the keystore owner */ - private static void addUserKeyStore(Registry registry, String userName) { + private static void addUserKeyStore(String userName) { - String path = - MashupConstants.USERS_PATH + "/" + userName + MashupConstants.USER_KEYSTORE_PATH; - try { - registry.get(path); - } catch (RegistryException e) { - log.info("A keystore was not found for user " + userName + - ". Initializing using the default keystore."); - - // Getting the default keysotre - ServerConfiguration serverConfig = ServerConfiguration.getInstance(); - - String keyStoreLocation = - serverConfig.getFirstProperty(MashupConstants.SECURITY_CONFIG + "." + - MashupConstants.SECURITY_CONFIG_KEYSTORE + "." + MashupConstants - .SECURITY_CONFIG_KEYSTORE_LOCATION); - - String keyStorePass = - serverConfig.getFirstProperty(MashupConstants.SECURITY_CONFIG + "." + - MashupConstants.SECURITY_CONFIG_KEYSTORE + "." + MashupConstants - .SECURITY_CONFIG_KEYSTORE_PASSWORD); - - Resource keyStore = new ResourceImpl(); - try { - // Reading the key file and storing it in the registry - keyStore.setContent(MashupUtils.getBytesFromFile(new File(keyStoreLocation))); + // Getting the default keysotre + ServerConfiguration serverConfig = ServerConfiguration.getInstance(); - keyStore.setProperty(MashupConstants.USER_KEYSTORE_TYPE, "JKS"); - keyStore.setProperty(MashupConstants.USER_KEYSTORE_PASSWORD, keyStorePass); + String keyStoreLocation = + serverConfig.getFirstProperty(MashupConstants.SECURITY_CONFIG + "." + + MashupConstants.SECURITY_CONFIG_KEYSTORE + "." + MashupConstants + .SECURITY_CONFIG_KEYSTORE_LOCATION); + + String keyStorePass = + serverConfig.getFirstProperty(MashupConstants.SECURITY_CONFIG + "." + + MashupConstants.SECURITY_CONFIG_KEYSTORE + "." + MashupConstants + .SECURITY_CONFIG_KEYSTORE_PASSWORD); + + String keyStoreAlias = + serverConfig.getFirstProperty(MashupConstants.SECURITY_CONFIG + "." + + MashupConstants.SECURITY_CONFIG_KEYSTORE + "." + MashupConstants + .SECURITY_CONFIG_KEYSTORE_KEYALIAS); - registry.put(path, keyStore); - } catch (FileNotFoundException e1) { - log.error(e1); - } catch (RegistryException e1) { - log.error(e1); - } catch (IOException e1) { - log.error(e1); - } + try { + KeyStoreUtil.addNewKeyStore(keyStoreLocation, userName + + MashupConstants.KEY_STORE_SUFFIX, keyStorePass, + keyStoreAlias, keyStorePass, "JKS", null); + } catch (IOException e1) { + log.error(e1); } } - - - -} +} \ No newline at end of file Modified: trunk/mashup/java/modules/www/js/services.js URL: http://wso2.org/svn/browse/wso2/trunk/mashup/java/modules/www/js/services.js?rev=19048&r1=19047&r2=19048&view=diff ============================================================================== --- trunk/mashup/java/modules/www/js/services.js (original) +++ trunk/mashup/java/modules/www/js/services.js Wed Jul 9 09:44:42 2008 @@ -629,6 +629,50 @@ new wso2.wsf.WSRequest(callURL, "getUrl", body_xml, callback, "", wso2.mashup.services.defaultErrHandler); }; +/** + * @description Method used to meta-data for a given service + * @method getSecurityAssignment + * @public + * @static + * @param {String} serviceName Name of the service to retrieve security assignments + * @param {callback} callBack User-defined callback function or object + */ +wso2.mashup.services.getSecurityAssignment = function (serviceName, callback) { + + var body_xml = '<req:getSecurityAssignmentRequest xmlns:req="http://service.admin.mashup.wso2.org/xsd";>\n' + + ' <req:serviceId>' + serviceName + '</req:serviceId>\n' + + ' <serviceVersion></serviceVersion>\n' + + ' </req:getSecurityAssignmentRequest>\n'; + + var callURL = mashupServerURL + "/" + "MashupSecurityScenarioConfigAdmin/getSecurityAssignment" + "/" ; + + new wso2.wsf.WSRequest(callURL, "getSecurityAssignment", body_xml, callback, "", wso2.mashup.services.defaultErrHandler); +}; + + +/** + * @description Method used to meta-data for a given service + * @method getSecurityAssignment + * @public + * @static + * @param {String} serviceName Name of the service to retrieve security assignments + * @param {callback} callBack User-defined callback function or object + */ +wso2.mashup.services.assignSecurityScenario = function (serviceName, scenarioID, category, roles, users, callback) { + + var body_xml = '<req:assignSecurityScenarioRequest xmlns:req="http://service.admin.mashup.wso2.org/xsd";>\n' + + ' <req:serviceName>' + serviceName + '</req:serviceName>\n' + + ' <req:scenarioID>' + scenarioID + '</req:scenarioID>\n' + + ' <req:category>' + category + '</req:category>\n' + + users + + roles + + ' </req:assignSecurityScenarioRequest>\n'; + + var callURL = mashupServerURL + "/" + "MashupSecurityScenarioConfigAdmin/assignSecurityScenario" + "/" ; + + new wso2.wsf.WSRequest(callURL, "assignSecurityScenario", body_xml, callback, "", wso2.mashup.services.defaultErrHandler); +}; + /** * @description The default error handler Modified: trunk/mashup/java/modules/www/mashup.jsp URL: http://wso2.org/svn/browse/wso2/trunk/mashup/java/modules/www/mashup.jsp?rev=19048&r1=19047&r2=19048&view=diff ============================================================================== --- trunk/mashup/java/modules/www/mashup.jsp (original) +++ trunk/mashup/java/modules/www/mashup.jsp Wed Jul 9 09:44:42 2008 @@ -591,7 +591,7 @@ transportCount++; } %> - <li>(Security configuration details to go here.)</li> + <li><a href="service_security_manager.jsp?bounceback=<%=URLEncoder.encode(thisPage, "UTF-8")%>&author=<%=mashupOwner%>&mashup=<%=mashup%>">Configure Security Scenarios</a></li> </ul> </div> </td> _______________________________________________ Mashup-dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/mashup-dev
