📄 psemembershipservice.java
字号:
return new StringAuthenticator( this, application ); } } else if( "EngineAuthentication".equals( method ) ) { if( pseStore.isInitialized() ) { return new EngineAuthenticator( this, application, authenticatorEngine ); } else { return new EngineAuthenticator( this, application, authenticatorEngine ); } } else if( "DialogAuthentication".equals( method ) || "InteractiveAuthentication".equals( method ) || (null == method) ) { if( newKey ) { return new DialogAuthenticator( this, application, config.getCertificate(), config.getEncryptedPrivateKey() ); } else { return new DialogAuthenticator( this, application ); } } else { throw new ProtocolNotSupportedException( "Authentication method not recognized" ); } } /** * {@inheritDoc} **/ public Credential getDefaultCredential() { return defaultCredential; } /** * Sets the default credential. Also updates the peer advertisement with * the certificate of the default credential. * * @param newDefault the new default credential. May also be * <code>null</code> if no default is desired. **/ private void setDefaultCredential( PSECredential newDefault ) { Credential oldDefault = defaultCredential; synchronized( this ) { defaultCredential = newDefault; } if (LOG.isEnabledFor(Level.INFO)) { LOG.info( "New Default credential : " + newDefault ); } try { // include the root cert in the peer advertisement PeerAdvertisement peeradv = group.getPeerAdvertisement(); if( null != newDefault ) { // include the root cert in the peer advertisement XMLDocument paramDoc = (XMLDocument) StructuredDocumentFactory.newStructuredDocument( MimeMediaType.XMLUTF8, "Parm"); Certificate peerCerts = new Certificate(); peerCerts.setCertificates( newDefault.getCertificateChain() ); XMLDocument peerCertsAsDoc = (XMLDocument) peerCerts.getDocument( MimeMediaType.XMLUTF8 ); StructuredDocumentUtils.copyElements( paramDoc, paramDoc, peerCertsAsDoc, "RootCert" ); peeradv.putServiceParam( PeerGroup.peerGroupClassID, paramDoc ); } else { peeradv.removeServiceParam( PeerGroup.peerGroupClassID ); } } catch (Exception ignored) { ; } support.firePropertyChange( "defaultCredential", oldDefault, newDefault ); } /** * {@inheritDoc} **/ public Enumeration getCurrentCredentials() { List credList = Arrays.asList( principals.toArray() ); return Collections.enumeration(credList); } /** * {@inheritDoc} **/ public Enumeration getAuthCredentials() { List credList = Arrays.asList( authCredentials.toArray() ); return Collections.enumeration(credList); } /** * {@inheritDoc} **/ public Credential join( Authenticator authenticated ) throws PeerGroupException { if( this != authenticated.getSourceService() ) { throw new ClassCastException( "This is not my authenticator!" ); } if( !authenticated.isReadyForJoin() ) { throw new PeerGroupException( "Authenticator not ready to join!" ); } PSECredential newCred; char [] store_password = null; ID identity; char [] key_password = null; try { if( authenticated instanceof StringAuthenticator ) { StringAuthenticator auth = (StringAuthenticator) authenticated; store_password = auth.getAuth1_KeyStorePassword(); identity = auth.getAuth2Identity(); key_password = auth.getAuth3_IdentityPassword(); } else if( authenticated instanceof EngineAuthenticator ) { EngineAuthenticator auth = (EngineAuthenticator) authenticated; store_password = auth.getAuth1_KeyStorePassword(); identity = auth.getAuth2Identity(); key_password = auth.getAuth3_IdentityPassword(); } else { if (LOG.isEnabledFor(Level.WARN)) { LOG.warn( "I dont know how to deal with this authenticator " + authenticated ); } throw new PeerGroupException( "I dont know how to deal with this authenticator" ); } if( null != store_password ) { pseStore.setKeyStorePassword( store_password ); } if( !pseStore.isInitialized( ) ) { if ( LOG.isEnabledFor(Level.INFO) ) { LOG.info("Initializing the PSE key store."); } try { pseStore.initialize(); } catch( KeyStoreException bad ) { throw new PeerGroupException( "Could not initialize new PSE keystore.", bad ); } catch( IOException bad ) { throw new PeerGroupException( "Could not initialize new PSE keystore.", bad ); } } try { ID[] allkeys = pseStore.getKeysList( ); if( !Arrays.asList(allkeys).contains(identity) ) { // Add this key to the keystore. X509Certificate [] seed_cert = config.getCertificateChain(); if( null == seed_cert ) { throw new IOException( "Could not read root certificate chain" ); } PrivateKey seedPrivKey = config.getPrivateKey( key_password ); if( null == seedPrivKey ) { throw new IOException( "Could not read private key" ); } pseStore.setKey( identity, seed_cert, seedPrivKey, key_password ); } } catch ( IOException failed ) { if (LOG.isEnabledFor(Level.WARN)) { LOG.warn( "Could not save new key pair.", failed ); } throw new PeerGroupException( "Could not save new key pair.", failed ); } catch ( KeyStoreException failed ) { if (LOG.isEnabledFor(Level.WARN)) { LOG.warn( "Could not save new key pair.", failed ); } throw new PeerGroupException( "Could not save new key pair.", failed ); } try { X509Certificate certList[] = (X509Certificate[]) pseStore.getTrustedCertificateChain( identity ); if( null == certList ) { certList = new X509Certificate[1]; certList[0] = pseStore.getTrustedCertificate( identity ); if ( certList[0] == null && authenticatorEngine != null ) { certList[0] = authenticatorEngine.getX509Certificate(); } } CertificateFactory cf = CertificateFactory.getInstance( "X.509" ); CertPath certs = cf.generateCertPath( Arrays.asList( certList ) ); PrivateKey privateKey = pseStore.getKey( identity, key_password ); newCred = new PSECredential( this, identity, certs, privateKey ); synchronized( this ) { principals.add( newCred ); authCredentials.add( authenticated.getAuthenticationCredential() ); } } catch( IOException failed ) { if (LOG.isEnabledFor(Level.WARN)) { LOG.warn( "Could not create credential.", failed ); } throw new PeerGroupException( "Could not create credential.", failed ); } catch( KeyStoreException failed ) { if (LOG.isEnabledFor(Level.WARN)) { LOG.warn( "Could not create credential.", failed ); } throw new PeerGroupException( "Could not create credential.", failed ); } catch( CertificateException failed ) { if (LOG.isEnabledFor(Level.WARN)) { LOG.warn( "Could not create credential.", failed ); } throw new PeerGroupException( "Could not create credential.", failed ); } } finally { if( null != store_password ) { Arrays.fill( store_password, '\0' ); } if( null != key_password ) { Arrays.fill( key_password, '\0' ); } } // XXX bondolo potential but unlikely race condition here. if( null == getDefaultCredential() ) { setDefaultCredential( newCred ); } support.firePropertyChange( "addCredential", null, newCred ); return newCred; } /** * {@inheritDoc} **/ public void resign() { Iterator eachCred = Arrays.asList( principals.toArray() ).iterator(); synchronized( this ) { principals.clear(); authCredentials.clear(); } setDefaultCredential( null ); // clear the keystore password. pseStore.setKeyStorePassword( null ); while( eachCred.hasNext() ) { PSECredential aCred = (PSECredential) eachCred.next(); aCred.setValid( false ); } } /** * {@inheritDoc} **/ public Credential makeCredential(Element element) { return new PSECredential( this, element ); } /** * Returns the key store object associated with this PSE Membership Service. **/ public PSEConfig getPSEConfig() { return pseStore; } /** * Service Certificates Support */ /** * Generate a new service certificate for the assigned ID given an authenticated local credential. * * @param assignedID The assigned ID of the service credential. * @param credential The issuer credential for the service credential. **/ X509Certificate[] generateServiceCertificate( ID assignedID, PSECredential credential ) throws IOException, KeyStoreException, InvalidKeyException, SignatureException { if (LOG.isEnabledFor(Level.DEBUG)) { LOG.debug("Generating new service cert for " + assignedID); } IssuerInfo serviceinfo = peerSecurityEngine.generateCertificate( credential ); // write the client root cert and private key X509Certificate[] serviceChain = { serviceinfo.cert, serviceinfo.issuer }; char keyPass[]; if( null != serviceinfo.issuerPkey ) { ByteArrayInputStream bis = new ByteArrayInputStream(serviceinfo.issuerPkey.getEncoded()); byte privateKeySignature[] = peerSecurityEngine.sign(null, credential, bis); keyPass = PSEUtils.base64Encode(privateKeySignature).toCharArray(); } else { keyPass = authenticatorEngine.getKeyPass(group); } getPSEConfig().setKey(assignedID, serviceChain, serviceinfo.subjectPkey, keyPass); if (LOG.isEnabledFor(Level.DEBUG)) { LOG.debug("Generated new service cert"); } return serviceChain; } /** * Recover the service credential for the assigned ID given an authenticated local credential. * * @param assignedID The assigned ID of the service credential. * @param credential The issuer credential for the service credential. **/ public PSECredential getServiceCredential( ID assignedID, PSECredential credential ) throws IOException, PeerGroupException, InvalidKeyException, SignatureException { PSECredential pseCredential = null; if (LOG.isEnabledFor(Level.DEBUG)) { LOG.debug("Getting service redential for " + assignedID); } Authenticator authenticate = null; if ( null != authenticatorEngine ) { AuthenticationCredential authCred = new AuthenticationCredential( group, "EngineAuthentication", null ); try { authenticate = apply( authCred ); } catch( Exception failed ) { ; } if( null == authenticate ) { return null; } EngineAuthenticator auth = (EngineAuthenticator) authenticate; auth.setAuth1_KeyStorePassword( authenticatorEngine.getStorePass(group) ); auth.setAuth2Identity( assignedID ); auth.setAuth3_IdentityPassword( authenticatorEngine.getKeyPass(group) ); } else { AuthenticationCredential authCred = new AuthenticationCredential( group, "StringAuthentication", null ); try { authenticate = apply( authCred ); } catch( Exception failed ) { ; } if( null == authenticate ) { return null; } PrivateKey privateKey = credential.getPrivateKey(); // make a new service certificate ByteArrayInputStream bis = new ByteArrayInputStream(privateKey.getEncoded()); byte privateKeySignature[] = peerSecurityEngine.sign(null, credential, bis); String passkey = PSEUtils.base64Encode(privateKeySignature); StringAuthenticator auth = (StringAuthenticator) authenticate; auth.setAuth1_KeyStorePassword( (String) null ); auth.setAuth2Identity( assignedID ); auth.setAuth3_IdentityPassword( passkey ); } if( authenticate.isReadyForJoin() ) { pseCredential = (PSECredential) join( authenticate ); } else { if (LOG.isEnabledFor(Level.WARN)) { LOG.warn( "Could not authenticate service credential" ); } } return pseCredential; }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -