📄 psemembershipservice.java
字号:
} else { return new StringAuthenticator(this, application); } } else if ("EngineAuthentication".equals(method)) { if (pseStore.isInitialized()) { return new EngineAuthenticator(this, application, authenticatorEngine); } else { return new EngineAuthenticator(this, application, authenticatorEngine); } } else if ("DialogAuthentication".equals(method) || "InteractiveAuthentication".equals(method) || (null == method)) { if (newKey) { return new DialogAuthenticator(this, application, config.getCertificate(), config.getEncryptedPrivateKey()); } else { return new DialogAuthenticator(this, application); } } else { throw new ProtocolNotSupportedException("Authentication method not recognized"); } } /** * {@inheritDoc} **/ public Credential getDefaultCredential() { return defaultCredential; } /** * Sets the default credential. Also updates the peer advertisement with * the certificate of the default credential. * * @param newDefault the new default credential. May also be * <code>null</code> if no default is desired. **/ private void setDefaultCredential(PSECredential newDefault) { Credential oldDefault = defaultCredential; synchronized (this) { defaultCredential = newDefault; } if (Logging.SHOW_CONFIG && LOG.isLoggable(Level.CONFIG)) { LOG.config("New Default credential : " + newDefault); } try { // include the root cert in the peer advertisement PeerAdvertisement peeradv = group.getPeerAdvertisement(); if (null != newDefault) { // include the root cert in the peer advertisement XMLDocument paramDoc = (XMLDocument) StructuredDocumentFactory.newStructuredDocument(MimeMediaType.XMLUTF8, "Parm"); Certificate peerCerts = new Certificate(); peerCerts.setCertificates(newDefault.getCertificateChain()); XMLDocument peerCertsAsDoc = (XMLDocument) peerCerts.getDocument(MimeMediaType.XMLUTF8); StructuredDocumentUtils.copyElements(paramDoc, paramDoc, peerCertsAsDoc, "RootCert"); peeradv.putServiceParam(PeerGroup.peerGroupClassID, paramDoc); } else { peeradv.removeServiceParam(PeerGroup.peerGroupClassID); } } catch (Exception ignored) { ; } support.firePropertyChange("defaultCredential", oldDefault, newDefault); } /** * {@inheritDoc} **/ public Enumeration<Credential> getCurrentCredentials() { List<Credential> credList = new ArrayList<Credential>(principals); return Collections.enumeration(credList); } /** * {@inheritDoc} **/ public Enumeration<AuthenticationCredential> getAuthCredentials() { List<AuthenticationCredential> credList = new ArrayList<AuthenticationCredential>(authCredentials); return Collections.enumeration(credList); } /** * {@inheritDoc} **/ public Credential join(Authenticator authenticated) throws PeerGroupException { if (this != authenticated.getSourceService()) { throw new ClassCastException("This is not my authenticator!"); } if (!authenticated.isReadyForJoin()) { throw new PeerGroupException("Authenticator not ready to join!"); } PSECredential newCred; char[] store_password = null; ID identity; char[] key_password = null; try { if (authenticated instanceof StringAuthenticator) { StringAuthenticator auth = (StringAuthenticator) authenticated; store_password = auth.getAuth1_KeyStorePassword(); identity = auth.getAuth2Identity(); key_password = auth.getAuth3_IdentityPassword(); } else if (authenticated instanceof EngineAuthenticator) { EngineAuthenticator auth = (EngineAuthenticator) authenticated; store_password = auth.getAuth1_KeyStorePassword(); identity = auth.getAuth2Identity(); key_password = auth.getAuth3_IdentityPassword(); } else { if (Logging.SHOW_WARNING && LOG.isLoggable(Level.WARNING)) { LOG.warning("I dont know how to deal with this authenticator " + authenticated); } throw new PeerGroupException("I dont know how to deal with this authenticator"); } if (null != store_password) { pseStore.setKeyStorePassword(store_password); } if (!pseStore.isInitialized()) { if (Logging.SHOW_INFO && LOG.isLoggable(Level.INFO)) { LOG.info("Initializing the PSE key store."); } try { pseStore.initialize(); } catch (KeyStoreException bad) { throw new PeerGroupException("Could not initialize new PSE keystore.", bad); } catch (IOException bad) { throw new PeerGroupException("Could not initialize new PSE keystore.", bad); } } try { ID[] allkeys = pseStore.getKeysList(); if (!Arrays.asList(allkeys).contains(identity)) { // Add this key to the keystore. X509Certificate[] seed_cert = config.getCertificateChain(); if (null == seed_cert) { throw new IOException("Could not read root certificate chain"); } PrivateKey seedPrivKey = config.getPrivateKey(key_password); if (null == seedPrivKey) { throw new IOException("Could not read private key"); } pseStore.setKey(identity, seed_cert, seedPrivKey, key_password); } } catch (IOException failed) { if (Logging.SHOW_WARNING && LOG.isLoggable(Level.WARNING)) { LOG.log(Level.WARNING, "Could not save new key pair.", failed); } throw new PeerGroupException("Could not save new key pair.", failed); } catch (KeyStoreException failed) { if (Logging.SHOW_WARNING && LOG.isLoggable(Level.WARNING)) { LOG.log(Level.WARNING, "Could not save new key pair.", failed); } throw new PeerGroupException("Could not save new key pair.", failed); } try { X509Certificate certList[] = pseStore.getTrustedCertificateChain(identity); if (null == certList) { certList = new X509Certificate[1]; certList[0] = pseStore.getTrustedCertificate(identity); if (certList[0] == null && authenticatorEngine != null) { certList[0] = authenticatorEngine.getX509Certificate(); } } CertificateFactory cf = CertificateFactory.getInstance("X.509"); CertPath certs = cf.generateCertPath(Arrays.asList(certList)); PrivateKey privateKey = pseStore.getKey(identity, key_password); newCred = new PSECredential(this, identity, certs, privateKey); synchronized (this) { principals.add(newCred); authCredentials.add(authenticated.getAuthenticationCredential()); } } catch (IOException failed) { if (Logging.SHOW_WARNING && LOG.isLoggable(Level.WARNING)) { LOG.log(Level.WARNING, "Could not create credential.", failed); } throw new PeerGroupException("Could not create credential.", failed); } catch (KeyStoreException failed) { if (Logging.SHOW_WARNING && LOG.isLoggable(Level.WARNING)) { LOG.log(Level.WARNING, "Could not create credential.", failed); } throw new PeerGroupException("Could not create credential.", failed); } catch (CertificateException failed) { if (Logging.SHOW_WARNING && LOG.isLoggable(Level.WARNING)) { LOG.log(Level.WARNING, "Could not create credential.", failed); } throw new PeerGroupException("Could not create credential.", failed); } } finally { if (null != store_password) { Arrays.fill(store_password, '\0'); } if (null != key_password) { Arrays.fill(key_password, '\0'); } } // XXX bondolo potential but unlikely race condition here. if (null == getDefaultCredential()) { setDefaultCredential(newCred); } support.firePropertyChange("addCredential", null, newCred); return newCred; } /** * {@inheritDoc} **/ public void resign() { Iterator eachCred = Arrays.asList(principals.toArray()).iterator(); synchronized (this) { principals.clear(); authCredentials.clear(); } setDefaultCredential(null); // clear the keystore password. pseStore.setKeyStorePassword(null); while (eachCred.hasNext()) { PSECredential aCred = (PSECredential) eachCred.next(); aCred.setValid(false); } } /** * {@inheritDoc} **/ public Credential makeCredential(Element element) { return new PSECredential(this, element); } /** * Returns the key store object associated with this PSE Membership Service. **/ public PSEConfig getPSEConfig() { return pseStore; } /** * Service Certificates Support */ /** * Generate a new service certificate for the assigned ID given an authenticated local credential. * * @param assignedID The assigned ID of the service credential. * @param credential The issuer credential for the service credential. **/ X509Certificate[] generateServiceCertificate(ID assignedID, PSECredential credential) throws IOException, KeyStoreException, InvalidKeyException, SignatureException { if (Logging.SHOW_FINE && LOG.isLoggable(Level.FINE)) { LOG.fine("Generating new service cert for " + assignedID); } IssuerInfo serviceinfo = peerSecurityEngine.generateCertificate(credential); // write the client root cert and private key X509Certificate[] serviceChain = { serviceinfo.cert, serviceinfo.issuer }; char keyPass[]; if (null != serviceinfo.issuerPkey) { ByteArrayInputStream bis = new ByteArrayInputStream(serviceinfo.issuerPkey.getEncoded()); byte privateKeySignature[] = peerSecurityEngine.sign(null, credential, bis); keyPass = PSEUtils.base64Encode(privateKeySignature, false).toCharArray(); } else { keyPass = authenticatorEngine.getKeyPass(group); } getPSEConfig().setKey(assignedID, serviceChain, serviceinfo.subjectPkey, keyPass); if (Logging.SHOW_FINE && LOG.isLoggable(Level.FINE)) { LOG.fine("Generated new service cert"); } return serviceChain; } /** * Recover the service credential for the assigned ID given an authenticated local credential. * * @param assignedID The assigned ID of the service credential. * @param credential The issuer credential for the service credential. **/ public PSECredential getServiceCredential(ID assignedID, PSECredential credential) throws IOException, PeerGroupException, InvalidKeyException, SignatureException { PSECredential pseCredential = null; if (Logging.SHOW_FINE && LOG.isLoggable(Level.FINE)) { LOG.fine("Getting service redential for " + assignedID); } Authenticator authenticate = null; if (null != authenticatorEngine) { AuthenticationCredential authCred = new AuthenticationCredential(group, "EngineAuthentication", null); try { authenticate = apply(authCred); } catch (Exception failed) { ; } if (null == authenticate) { return null; } EngineAuthenticator auth = (EngineAuthenticator) authenticate; auth.setAuth1_KeyStorePassword(authenticatorEngine.getStorePass(group)); auth.setAuth2Identity(assignedID); auth.setAuth3_IdentityPassword(authenticatorEngine.getKeyPass(group)); } else { AuthenticationCredential authCred = new AuthenticationCredential(group, "StringAuthentication", null); try { authenticate = apply(authCred); } catch (Exception failed) { ; } if (null == authenticate) { return null; } PrivateKey privateKey = credential.getPrivateKey(); // make a new service certificate ByteArrayInputStream bis = new ByteArrayInputStream(privateKey.getEncoded()); byte privateKeySignature[] = peerSecurityEngine.sign(null, credential, bis); String passkey = PSEUtils.base64Encode(privateKeySignature, false); StringAuthenticator auth = (StringAuthenticator) authenticate; auth.setAuth1_KeyStorePassword((String) null); auth.setAuth2Identity(assignedID); auth.setAuth3_IdentityPassword(passkey); } if (authenticate.isReadyForJoin()) { pseCredential = (PSECredential) join(authenticate); } else { if (Logging.SHOW_WARNING && LOG.isLoggable(Level.WARNING)) { LOG.warning("Could not authenticate service credential"); } } return pseCredential; }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -