relyingpartydata.java

开源的OpenId的一个java实现

package org.wso2.solutions.identity.relyingparty.servletfilter;

import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.util.List;

import javax.servlet.FilterConfig;
import javax.servlet.ServletException;

import org.wso2.solutions.identity.relyingparty.TokenVerifierConstants;
import org.wso2.solutions.identity.relyingparty.saml.IssuerCertificateUtil;

public class RelyingPartyData {

    private KeyStore systemStore = null;

    private PrivateKey privateKey = null;

    private String validatePolicy = null;

    private String issuerPolicy = null;

    private KeyStore trustStore = null;

    /**
     * One array contains one DN name
     */
    private List[] blackList = null;

    /**
     * One array contains one DN name
     */
    private List[] whiteList = null;

    /**
     * This method read parameters from web.xml Step 1 : Read my private key
     * Step 2 : Read the token validation policy Step 3 : Read paramters that is
     * needed perform token validation
     * 
     * if(promiscuous) ->read nothing else if(blackList) ->read the blacklist
     * and keystore details else if (whiteList)->read the whitelist and keystor
     * details
     * 
     */
    public void loadData(FilterConfig filterConfig) throws ServletException {
        String keyStore = filterConfig
                .getInitParameter(TokenVerifierConstants.KEY_STORE);
        String storeType = filterConfig
                .getInitParameter(TokenVerifierConstants.STORE_TYPE);
        String storePass = filterConfig
                .getInitParameter(TokenVerifierConstants.STORE_PASS);
        String keyAlias = filterConfig
                .getInitParameter(TokenVerifierConstants.KEY_ALIAS);
        String keyPass = filterConfig
                .getInitParameter(TokenVerifierConstants.KEY_PASS);

        issuerPolicy = filterConfig
                .getInitParameter(TokenVerifierConstants.ISSUER_POLICY);

        if (issuerPolicy != null
                && !(issuerPolicy.equals(TokenVerifierConstants.SELF_ONLY)
                        || issuerPolicy
                                .equals(TokenVerifierConstants.MANGED_ONLY) || issuerPolicy
                        .equals(TokenVerifierConstants.SELF_AND_MANGED))) {
            throw new ServletException("Invalid Issuer Policy!");
        }

        try {
            KeyStore store = KeyStore.getInstance(storeType);
            String realPath = filterConfig.getServletContext().getRealPath(
                    keyStore);
            FileInputStream fis = new FileInputStream(realPath);
            store.load(fis, storePass.toCharArray());
            privateKey = (PrivateKey) store.getKey(keyAlias, keyPass
                    .toCharArray());
            fis.close();
        } catch (Exception e) {
            throw new ServletException("Cannot load the private key", e);
        }

        // Step 2: Reading Token validate policy -
        // prmiscuous/blacklist/whitelist/certvalidte
        validatePolicy = filterConfig
                .getInitParameter(TokenVerifierConstants.TOKEN_VALIDATE_POLICY);

        if (validatePolicy == null) {
            validatePolicy = TokenVerifierConstants.CERT_VALIDATE; // .PROMISCUOUS;
        }

        // Step 3: Reading paramters of each policy

        if (validatePolicy.equals(TokenVerifierConstants.BLACK_LIST)) {
            String value = filterConfig
                    .getInitParameter(TokenVerifierConstants.BLACK_LIST);
            if (value != null) {
                blackList = readBlackWhiteList(value);
            }
        }

        if (validatePolicy.equals(TokenVerifierConstants.WHITE_LIST)) {
            String value = filterConfig
                    .getInitParameter(TokenVerifierConstants.WHITE_LIST);
            if (value != null) {
                whiteList = readBlackWhiteList(value);
            }
        }

        if (validatePolicy.equals(TokenVerifierConstants.WHITE_LIST)
                || validatePolicy.equals(TokenVerifierConstants.BLACK_LIST)
                || validatePolicy.equals(TokenVerifierConstants.CERT_VALIDATE)) {
            String IdPstoreFilePath = filterConfig
                    .getInitParameter(TokenVerifierConstants.TRUSTED_KEY_STORE);
            String IdPStorePass = filterConfig
                    .getInitParameter(TokenVerifierConstants.TRUSTED_STORE_PASS);
            String IdpStoreType = filterConfig
                    .getInitParameter(TokenVerifierConstants.TRUSTED_STORE_TYPE);

            try {
                trustStore = KeyStore.getInstance(IdpStoreType);
                String realPath = filterConfig.getServletContext().getRealPath(
                        IdPstoreFilePath);
                trustStore.load(new FileInputStream(realPath), IdPStorePass
                        .toCharArray());
            } catch (Exception e) {
                throw new ServletException("Cannot load trusted store"
                        + IdPstoreFilePath + " and " + IdPStorePass);
            }

            String defaultStorePass = filterConfig
                    .getInitParameter(TokenVerifierConstants.SYSTEM_KEY_STORE_PASS);
            if (defaultStorePass == null) {
                // assume that it hasn't been changed
                defaultStorePass = "changeit";
            }

            String javaHome = System.getenv("JAVA_HOME");
            if (javaHome == null) {
                throw new ServletException("Cannot find JAVA_HOME");
            }
            String relativePath = null;

            if (File.separator.equals("/")) {
                relativePath = TokenVerifierConstants.CACERTS_STORE_UNIX;
            } else {
                relativePath = TokenVerifierConstants.CACERTS_STORE_WIN;
            }
            String defaultKeyStore = javaHome + relativePath;

            try {
                FileInputStream is = new FileInputStream(defaultKeyStore);
                KeyStore sysKS = KeyStore.getInstance("JKS");
                sysKS.load(is, defaultStorePass.toCharArray());
            } catch (Exception e) {
                throw new ServletException("Cannot load system key store");
            }

        }
    }

    public PrivateKey getPrivateKey() {
        return privateKey;
    }

    public void setPrivateKey(PrivateKey privateKey) {
        this.privateKey = privateKey;
    }

    public String getValidatePolicy() {
        return validatePolicy;
    }

    public void setValidatePolicy(String validatePolicy) {
        this.validatePolicy = validatePolicy;
    }

    public String getIssuerPolicy() {
        return issuerPolicy;
    }

    public void setIssuerPolicy(String issuerPolicy) {
        this.issuerPolicy = issuerPolicy;
    }

    public KeyStore getTrustStore() {
        return trustStore;
    }

    public void setTrustStore(KeyStore trustStore) {
        this.trustStore = trustStore;
    }

    public List[] getBlackList() {
        return blackList;
    }

    public void setBlackList(List[] blackList) {
        this.blackList = blackList;
    }

    public List[] getWhiteList() {
        return whiteList;
    }

    public void setWhiteList(List[] whiteList) {
        this.whiteList = whiteList;
    }

    public KeyStore getSystemStore() {
        return systemStore;
    }

    public void setSystemStore(KeyStore systemStore) {
        this.systemStore = systemStore;
    }

    private List[] readBlackWhiteList(String paramString) {
        List[] dnList = null;
        String[] array = paramString.split("\\},\\{");

        if (array != null) {
            if ((array.length > 1) && array[0].startsWith("{")) {
                StringBuffer buff = new StringBuffer(array[0]);
                buff.deleteCharAt(0);
                array[0] = buff.toString();

            }
            int lastIndex = array.length - 1;
            if ((array.length > 1) && array[lastIndex].endsWith("}")) {
                StringBuffer buff = new StringBuffer(array[lastIndex]);
                buff.deleteCharAt(buff.length() - 1);
                array[lastIndex] = buff.toString();
            }

            dnList = new List[array.length];
            for (int i = 0; i < array.length; i++) {
                List lst = IssuerCertificateUtil.getDNOfIssuer(array[i]);
                dnList[i] = lst;
            }

        }

        return dnList;
    }

}