pseconfig.java

jxta平台的开发包

/*
 *
 * $Id: PSEConfig.java,v 1.13 2006/05/30 21:15:04 hamada Exp $
 *
 * Copyright (c) 2001-2006 Sun Microsystems, Inc.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. The end-user documentation included with the redistribution,
 *    if any, must include the following acknowledgment:
 *       "This product includes software developed by the
 *       Sun Microsystems, Inc. for Project JXTA."
 *    Alternately, this acknowledgment may appear in the software itself,
 *    if and wherever such third-party acknowledgments normally appear.
 *
 * 4. The names "Sun", "Sun Microsystems, Inc.", "JXTA" and "Project JXTA"
 *    must not be used to endorse or promote products derived from this
 *    software without prior written permission. For written
 *    permission, please contact Project JXTA at http://www.jxta.org.
 *
 * 5. Products derived from this software may not be called "JXTA",
 *    nor may "JXTA" appear in their name, without prior written
 *    permission of Sun.
 *
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED.  IN NO EVENT SHALL SUN MICROSYSTEMS OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * ====================================================================
 *
 * This software consists of voluntary contributions made by many
 * individuals on behalf of Project JXTA.  For more
 * information on Project JXTA, please see
 * <http://www.jxta.org/>.
 *
 * This license is based on the BSD license adopted by the Apache Foundation.
 */

package net.jxta.impl.membership.pse;

import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.List;

import net.jxta.id.ID;
import net.jxta.id.IDFactory;

import org.apache.log4j.Level;
import org.apache.log4j.Logger;

/**
 *  Manages the state of a Personal Security Enviroment.
 */
public final class PSEConfig {
    
    /**
     *  Log4J Logger
     */
    private final static transient Logger LOG = Logger.getLogger( PSEConfig.class.getName() );
    
    /**
     *  Manager for the keystore we are using.
     */
    private final KeyStoreManager keystore_manager;
    
    /**
     * The keystore passphrase.
     */
    private char[] keystore_password = null;
    
    /**
     *  Standard constructor.
     *
     *  @param storeManager The StoreManager to be used for this PSEConfig 
     *  instance.
     *  @param store_password The passphrase for the keystore or <tt>null</tt>. 
     *  The passphrase may be set independantly via 
     *  {@link #setKeyStorePassword(char[])}.
     */
    PSEConfig( KeyStoreManager storeManager, char [] store_password ) {
        this.keystore_manager = storeManager;
        setKeyStorePassword( store_password );
    }
    
    /**
     *  Sets the passphrase to be used when unlocking the keystore.
     *
     *  @param store_password The passphrase used to unlock the keystore may be
     *  {@code null} for keystores with no passphrase.
     */
    public final void setKeyStorePassword( char [] store_password ) {
        if( null != this.keystore_password ) {
            Arrays.fill( this.keystore_password, '\0' );
        }
        
        if( null == store_password ) {
            this.keystore_password = null;
        } else {
            this.keystore_password = (char[]) store_password.clone();
        }
    }
    
    /**
     *  {@inheritDoc}
     */
    protected void finalize() throws Throwable {
        if( null != keystore_password ) {
            Arrays.fill( keystore_password, '\0' );
        }
        
        super.finalize();
    }
    
    /**
     *  Returns {@code true} if the PSE has been initialized (created). Some
     *  keystore formats may not require initialization and may always return
     *  {@code true}. {@code false} may also be returned if the keystore passphrase is
     *  incorrect.
     *
     *  @return {@code true} if the PSE has been previously initialized 
     *  otherwise {@code false}.
     */
    public boolean isInitialized( ) {
        try {
            if( keystore_password != null ) {
                return keystore_manager.isInitialized( keystore_password );
            } else {
                return keystore_manager.isInitialized();
            }
        } catch( Exception ignored ) {
            return false;
        }
    }
    
    /**
     * Initializes the PSE environment.
     *
     * @throws KeyStoreException When the wrong keystore has been provided.
     * @throws IOException For errors related to processing the keystore.
     */
    public void initialize( ) throws KeyStoreException, IOException {
        
        if ( LOG.isEnabledFor(Level.INFO) ) {
            LOG.info("Initializing new PSE keystore...");
        }
        
        synchronized( keystore_manager ) {
            try {
                if ( keystore_manager.isInitialized( keystore_password ) ) {
                    return;
                }
                
                keystore_manager.createKeyStore( keystore_password );
            } catch( KeyStoreException failed ) {
                if ( LOG.isEnabledFor(Level.ERROR) ) {
                    LOG.error( "Failure accessing or creating keystore.", failed );
                }
                
                keystore_manager.eraseKeyStore();
                
                throw failed;
            }
        }
    }
    
    /**
     *  Removes an existing PSE enviroment.
     *
     *  @throws IOException If the PSE cannot be successfully deleted.
     */
    public void erase( ) throws IOException {
        synchronized( keystore_manager ) {
            keystore_manager.eraseKeyStore();
        }
    }
    
    /**
     *  Gets a copy of the KeyStore associated with this PSE instance. The
     *  returned KeyStore is a copy and not tied to the instance maintained by
     *  the PSE. Changing the returned keystore will not result in changes to
     *  the PSE.
     *
     *  @return The keystore or {@code null} if it cannot be retrieved.
     */
    public KeyStore getKeyStore( ) {
        Throwable failure;
        
        try {
            return getKeyStore( keystore_password );
        } catch( KeyStoreException failed ) {
            failure = failed;
        } catch( IOException failed ) {
            failure = failed;
        }
        
        if ( LOG.isEnabledFor(Level.WARN) ) {
            LOG.warn("Failure recovering keystore : " + failure );
        }
        
        return null;
    }
    
    /**
     *  Gets a copy of the KeyStore associated with this PSE instance. The
     *  returned KeyStore is a copy and not tied to the instance maintained by
     *  the PSE. Changing the returned keystore will not result in changes to
     *  the PSE.
     *
     *  @since JXTA 2.4
     *
     *  @param store_password The passphrase used to unlock the keystore may be
     *  {@code null} for keystores with no passphrase.
     *  @return The keystore.
     *  @throws KeyStoreException When the wrong keystore has been provided.
     *  @throws IOException For errors related to processing the keystore.
     */
    public KeyStore getKeyStore( char[] store_password ) throws KeyStoreException, IOException {
        synchronized( keystore_manager ) {
            KeyStore store = keystore_manager.loadKeyStore( store_password );
            
            return store;
        }
    }
    
    /**
     *  Check if the provided passwords are correct for the specified identity.
     *
     *  @param keyID    The identity to be validated.
     *  @param store_password The passphrase used to unlock the keystore may be
     *  {@code null} for keystores with no passphrase.
     *  @param key_password The passphrase associated with the private key or 
     *  {@code null} if the key has no passphrase.
     *  @return <code>true</code> if the passwords were valid for the given id
     *      otherwise false.
     */
    boolean validPasswd( ID id, char[] store_password, char[] key_password ) {
        
        if( null == id ) {
            return false;
        }
        
        Throwable failure;
        try {
            synchronized( keystore_manager ) {
                KeyStore store;
                if( null != store_password ) {
                    store = keystore_manager.loadKeyStore( store_password );
                } else {
                    if( null != keystore_password ) {
                        store = keystore_manager.loadKeyStore( keystore_password );
                    } else {
                        throw new UnrecoverableKeyException( "KeyStore passphrase not initialized" );
                    }
                }
                
                String alias = id.toString();
                
                Key key = store.getKey( alias, key_password );
                
                return (null != key);
            }
        } catch( UnrecoverableKeyException failed ) {
            failure = failed;
        } catch( NoSuchAlgorithmException failed ) {
            failure = failed;
        } catch( KeyStoreException failed ) {
            failure = failed;
        } catch( IOException failed ) {
            failure = failed;
        }
        
        if ( LOG.isEnabledFor(Level.WARN) ) {
            LOG.warn("Failure checking passphrase : " + failure );
        }
        
        return false;
    }
    
    /**
     *  Returns the list of the trusted certificates available in this keystore.
     *
     *  @return an array of the IDs of the available trusted certificates.
     *  @throws KeyStoreException When the wrong keystore has been provided.
     *  @throws IOException For errors related to processing the keystore.
     */
    public ID [] getTrustedCertsList( ) throws KeyStoreException, IOException {
        List trustedCertsList = new ArrayList();
        
        synchronized( keystore_manager ) {