📄 psemembershipservice.java
字号:
/* * Copyright (c) 2001 Sun Microsystems, Inc. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The end-user documentation included with the redistribution, * if any, must include the following acknowledgment: * "This product includes software developed by the * Sun Microsystems, Inc. for Project JXTA." * Alternately, this acknowledgment may appear in the software itself, * if and wherever such third-party acknowledgments normally appear. * * 4. The names "Sun", "Sun Microsystems, Inc.", "JXTA" and "Project JXTA" * must not be used to endorse or promote products derived from this * software without prior written permission. For written * permission, please contact Project JXTA at http://www.jxta.org. * * 5. Products derived from this software may not be called "JXTA", * nor may "JXTA" appear in their name, without prior written * permission of Sun. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL SUN MICROSYSTEMS OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * ==================================================================== * * This software consists of voluntary contributions made by many * individuals on behalf of Project JXTA. For more * information on Project JXTA, please see * <http://www.jxta.org/>. * * This license is based on the BSD license adopted by the Apache Foundation. * * $Id: PSEMembershipService.java,v 1.18 2006/06/19 18:51:32 bondolo Exp $ */package net.jxta.impl.membership.pse;import java.beans.PropertyChangeListener;import java.beans.PropertyChangeSupport;import java.io.ByteArrayInputStream;import java.io.File;import java.net.URI;import java.security.PrivateKey;import java.security.cert.CertPath;import java.security.cert.CertificateFactory;import java.security.cert.X509Certificate;import java.util.ArrayList;import java.util.Arrays;import java.util.Collections;import java.util.Enumeration;import java.util.Iterator;import java.util.List;import java.io.IOException;import java.security.KeyStoreException;import java.security.NoSuchProviderException;import java.security.cert.CertificateException;import java.security.InvalidKeyException;import java.security.SignatureException;import java.security.spec.InvalidKeySpecException;import java.util.NoSuchElementException;import org.apache.log4j.Level;import org.apache.log4j.Logger;import net.jxta.credential.AuthenticationCredential;import net.jxta.credential.Credential;import net.jxta.document.Advertisement;import net.jxta.document.AdvertisementFactory;import net.jxta.document.Element;import net.jxta.document.MimeMediaType;import net.jxta.document.StructuredDocumentFactory;import net.jxta.document.StructuredDocumentUtils;import net.jxta.document.XMLDocument;import net.jxta.document.XMLElement;import net.jxta.membership.Authenticator;import net.jxta.membership.MembershipService;import net.jxta.peergroup.PeerGroup;import net.jxta.platform.ModuleSpecID;import net.jxta.protocol.ConfigParams;import net.jxta.protocol.ModuleImplAdvertisement;import net.jxta.protocol.PeerAdvertisement;import net.jxta.service.Service;import net.jxta.id.ID;import net.jxta.exception.PeerGroupException;import net.jxta.exception.ProtocolNotSupportedException;import net.jxta.impl.protocol.Certificate;import net.jxta.impl.protocol.PSEConfigAdv;import net.jxta.impl.membership.pse.PSEUtils.IssuerInfo;/** * A JXTA Membership Service utilizing PKI to provide secure identities. * * @see net.jxta.membership.MembershipService **/public final class PSEMembershipService implements MembershipService { /** * Log4J Logger **/ private final static transient Logger LOG = Logger.getLogger(PSEMembershipService.class.getName()); /** * Well known service specification identifier: pse membership */ public final static ModuleSpecID pseMembershipSpecID = (ModuleSpecID) ID.create( URI.create(ID.URIEncodingName + ":" + ID.URNNamespace + ":uuid-DeadBeefDeafBabaFeedBabe000000050306")); /** * the peergroup to which this service is associated. **/ PeerGroup group = null; /** * The ID assigned to this instance. **/ private ID assignedID = null; /** * The ModuleImplAdvertisement which was used to instantiate this service. **/ private ModuleImplAdvertisement implAdvertisement = null; /** * The current set of principals associated with this peer within this peegroup. **/ private final List principals = new ArrayList(); /** * The set of AuthenticationCredentials which were used to establish the principals. **/ private final List authCredentials = new ArrayList(); /** * property change support **/ private final PropertyChangeSupport support; /** * the keystore we are working with. **/ PSEConfig pseStore = null; /** * the default credential **/ private PSECredential defaultCredential = null; /** * The configuration we are using. **/ private PSEConfigAdv config; /** * PSEPeerSecurityEngine ( and PSEAuthenticatorEngine ) loader */ PSEPeerSecurityEngine peerSecurityEngine = null; private PSEAuthenticatorEngine authenticatorEngine = null; /** * Default constructor. Normally only called by the peer group. **/ public PSEMembershipService() throws PeerGroupException { support = new PropertyChangeSupport( getInterface() ); } /** * @inheritDoc **/ public void addPropertyChangeListener( PropertyChangeListener listener ) { support.addPropertyChangeListener(listener ); } /** * @inheritDoc **/ public void addPropertyChangeListener( String propertyName, PropertyChangeListener listener ) { support.addPropertyChangeListener( propertyName, listener ); } /** * @inheritDoc **/ public void removePropertyChangeListener( PropertyChangeListener listener ) { support.removePropertyChangeListener( listener ); } /** * @inheritDoc **/ public void removePropertyChangeListener( String propertyName, PropertyChangeListener listener ) { support.removePropertyChangeListener( propertyName, listener ); } /** * {@inheritDoc} **/ public void init( PeerGroup group, ID assignedID, Advertisement impl ) throws PeerGroupException { this.group = group; this.assignedID = assignedID; this.implAdvertisement = (ModuleImplAdvertisement) impl; ConfigParams configAdv = (ConfigParams) group.getConfigAdvertisement(); // Get our peer-defined parameters in the configAdv Element param = configAdv.getServiceParam(assignedID); Advertisement paramsAdv = null; if( null != param ) { try { paramsAdv = AdvertisementFactory.newAdvertisement((XMLElement) param); } catch (NoSuchElementException ignored) { ; } if( !(paramsAdv instanceof PSEConfigAdv) ) { throw new PeerGroupException( "Provided Advertisement was not a " + PSEConfigAdv.getAdvertisementType() ); } config = (PSEConfigAdv) paramsAdv; } else { // Create the default advertisement. config = (PSEConfigAdv) AdvertisementFactory.newAdvertisement( PSEConfigAdv.getAdvertisementType() ); } peerSecurityEngine = PSESecurityEngineFactory.getDefault().getInstance( this, config ); authenticatorEngine = PSEAuthenticatorEngineFactory.getDefault().getInstance( this, config ); KeyStoreManager storeManager = PSEKeyStoreManagerFactory.getDefault().getInstance(this, config); pseStore = new PSEConfig(storeManager, null); if (LOG.isEnabledFor(Level.INFO)) { StringBuffer configInfo = new StringBuffer( "Configuring PSE Membership Service : " + assignedID ); configInfo.append( "\n\tImplementation :" ); configInfo.append( "\n\t\tModule Spec ID: " + implAdvertisement.getModuleSpecID()); configInfo.append( "\n\t\tImpl Description : " + implAdvertisement.getDescription()); configInfo.append( "\n\t\tImpl URI : " + implAdvertisement.getUri()); configInfo.append( "\n\t\tImpl Code : " + implAdvertisement.getCode()); configInfo.append( "\n\tGroup Params :" ); configInfo.append( "\n\t\tGroup : " + group.getPeerGroupName() ); configInfo.append( "\n\t\tGroup ID : " + group.getPeerGroupID() ); configInfo.append( "\n\t\tPeer ID : " + group.getPeerID() ); configInfo.append( "\n\tConfiguration :" ); configInfo.append( "\n\t\tPSE state : " + (pseStore.isInitialized( ) ? "inited" : "new") ); configInfo.append( "\n\t\tPSE KeyStore location : " + ((null != config.getKeyStoreLocation()) ? config.getKeyStoreLocation().toString() : assignedID.toString()) ); configInfo.append( "\n\t\tPSE KeyStore type : " + ((null != config.getKeyStoreType()) ? config.getKeyStoreType() : "<default>") ); configInfo.append( "\n\t\tPSE KeyStore provider : " + ((null != config.getKeyStoreProvider()) ? config.getKeyStoreProvider() : "<default>") ); LOG.info( configInfo ); } resign(); } /** * {@inheritDoc} **/ public Service getInterface() { return this; } /** * {@inheritDoc} **/ public Advertisement getImplAdvertisement() { return implAdvertisement; } /** * {@inheritDoc} * * <p/>Currently this service starts by itself and does not expect * arguments. */ public int startApp(String[] arg) { if (LOG.isEnabledFor(Level.INFO)) { LOG.info("PSE Membmership Service started."); } return 0; } /** * {@inheritDoc} **/ public void stopApp() { resign(); if (LOG.isEnabledFor(Level.INFO)) { LOG.info("PSE Membmership Service stopped."); } } public PeerGroup getGroup() { return group; } public ID getAssignedID() { return assignedID; } /** * {@inheritDoc} * * <p/>Supports methods <code>"StringAuthentication"</code>, * <code>"DialogAuthentication"</code>, * <code>"EngineAuthentication"</code> and * <code>"InteractiveAuthentication"</code> (an alias for * <code>"DialogAuthentication"</code>) **/ public Authenticator apply( AuthenticationCredential application) throws ProtocolNotSupportedException { String method = application.getMethod(); boolean newKey; if( !pseStore.isInitialized() ) { // It is not inited, it's new. newKey = true; } else { X509Certificate configCert = config.getCertificate(); if( null != configCert ) { try { ID allTrustedCerts [] = pseStore.getTrustedCertsList(); Iterator eachTrustedCert = Arrays.asList(allTrustedCerts).iterator(); newKey = true; // See if the config cert is already in the keystore. while( eachTrustedCert.hasNext() ) { ID aTrustedCertID = (ID) eachTrustedCert.next(); if( pseStore.isKey(aTrustedCertID) ) { X509Certificate aTrustedCert = pseStore.getTrustedCertificate( aTrustedCertID ); if ( aTrustedCert.equals(configCert) ) { newKey = false; break; } } } } catch( KeyStoreException bad ) { // The keystore is probably initialized but locked. Nothing else we can do. newKey = false; } catch( IOException bad ) { // Could not read the keystore. I'm not sure it wouldn't be better to just fail. newKey = false; } } else { // don't have anything to validate against. newKey = false; } } if( "StringAuthentication".equals( method ) ) { if( newKey ) { return new StringAuthenticator( this, application, config.getCertificate(), config.getEncryptedPrivateKey() ); } else {⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -