Changeset 7309
- Timestamp:
- 10/08/10 11:30:17 (11 years ago)
- Location:
- TI12-security/trunk/EsgYadisParser/src/org/earthsystemgrid/security
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
TI12-security/trunk/EsgYadisParser/src/org/earthsystemgrid/security/DnWhitelistX509TrustMgr.java
r7308 r7309 48 48 public class DnWhitelistX509TrustMgr implements X509TrustManager { 49 49 50 protected static String KEYSTORE_FILEPATH_PROP_NAME = 51 DnWhitelistX509TrustMgr.class.getName() + ".keyStoreFilePath"; 52 protected static String KEYSTORE_PASSPHRASE_PROP_NAME = 53 DnWhitelistX509TrustMgr.class.getName() + ".keyStorePassphrase"; 54 protected static String DN_PROP_NAME = DnWhitelistX509TrustMgr.class.getName() + ".dn"; 55 50 56 protected static String BASE_TRUST_MGR_ID = "PKIX"; 51 57 protected static String KEYSTORE_TYPE = "JKS"; 52 protected static String DN_PROP_NAME = DnWhitelistX509TrustMgr.class + "dn";53 58 54 59 /** … … 77 82 public DnWhitelistX509TrustMgr(String keyStoreFilePath, 78 83 String keyStorePassphrase) throws DnWhitelistX509TrustMgrInitException { 79 80 84 certificateDnWhiteList = null; 85 _init(keyStoreFilePath, keyStorePassphrase); 86 } 87 88 /** 89 * Initialise key store and default trust manager which is wrapped by this 90 * class 91 * 92 * @param keyStoreFilePath 93 * @param keyStorePassphrase 94 * @throws DnWhitelistX509TrustMgrInitException 95 */ 96 protected void _init(String keyStoreFilePath, String keyStorePassphrase) 97 throws DnWhitelistX509TrustMgrInitException { 81 98 TrustManagerFactory tmf = null; 82 99 try { … … 159 176 * Instantiate based on property file settings 160 177 * 161 * @param keyStoreFilePath key store file path162 * @param keyStorePassphrase pass-phrase for this key store - use null if163 * none set164 178 * @param propertiesFile properties file enables static setting of DN 165 179 * whitelist - the list of peer certificate distinguished … … 168 182 * getting default trust manager 169 183 */ 170 public DnWhitelistX509TrustMgr(String keyStoreFilePath, 171 String keyStorePassphrase, 172 InputStream propertiesFile) throws 184 public DnWhitelistX509TrustMgr(InputStream propertiesFile) throws 173 185 DnWhitelistX509TrustMgrInitException { 174 this(keyStoreFilePath, keyStorePassphrase);175 186 176 187 // create application properties with default … … 184 195 } 185 196 186 // DN values are stored in the property file as e.g. 187 // 188 // DnWhitelistX509TrustMgr.dn0 = ... 189 // DnWhitelistX509TrustMgr.dn1 = ... 190 // DnWhitelistX509TrustMgr.dn2 = ... 191 // 192 // ... etc. 197 // Key store file may be null in which case standard locations are 198 // searched instead 199 String keyStoreFilePath = applicationProps.getProperty( 200 KEYSTORE_FILEPATH_PROP_NAME, null); 201 202 String keyStorePassphrase = applicationProps.getProperty( 203 KEYSTORE_PASSPHRASE_PROP_NAME, null); 204 205 /* 206 * DN values are stored in the property file as e.g. 207 * 208 * DnWhitelistX509TrustMgr.dn0 = ... 209 * DnWhitelistX509TrustMgr.dn1 = ... 210 * DnWhitelistX509TrustMgr.dn2 = ... 211 * 212 * ... etc. 213 */ 193 214 String dnValue = null; 194 215 this.certificateDnWhiteList = new HashSet(); … … 200 221 this.certificateDnWhiteList.add(new X500Principal(dnValue)); 201 222 } 223 224 _init(keyStoreFilePath, keyStorePassphrase); 202 225 } 203 226 … … 272 295 X500Principal peerCertDN = null; 273 296 274 if (certificateDnWhiteList == null )297 if (certificateDnWhiteList == null || certificateDnWhiteList.isEmpty()) 275 298 return; 276 299 … … 283 306 return; 284 307 } 285 throw new CertificateException("No match for peer certificate " +286 peerCertDN + " against Certificate DN whitelist");308 throw new CertificateException("No match for peer certificate \"" + 309 peerCertDN + "\" against Certificate DN whitelist"); 287 310 } 288 311 -
TI12-security/trunk/EsgYadisParser/src/org/earthsystemgrid/security/DnWhitelistX509TrustMgr.properties
r7308 r7309 14 14 # @author pjkersha 15 15 # @version $Revision$ 16 DnWhitelistX509TrustMgr.dn0 = CN=ceda.ac.uk, OU=RAL-SPBU, O=Science and Technology Facilities Council, C=GB17 DnWhitelistX509TrustMgr.dn1 = CN=localhost, OU=Test, O=Test Org16 org.earthsystemgrid.security.DnWhitelistX509TrustMgr.dn0 = CN=ceda.ac.uk, OU=RAL-SPBU, O=Science and Technology Facilities Council, C=GB 17 org.earthsystemgrid.security.DnWhitelistX509TrustMgr.dn1 = CN=localhost, OU=Test, O=Test Org -
TI12-security/trunk/EsgYadisParser/src/org/earthsystemgrid/security/yadis/YadisRetrieval.java
r7308 r7309 37 37 public class YadisRetrieval 38 38 { 39 public static String retrieve(URL yadisURL) throws YadisRetrievalException 40 { 41 // Experimenting with Trust Manager for whitelisting 42 X509TrustManager xtm; 43 44 // X500Principal [] whitelist = { 45 // new X500Principal("CN=ceda.ac.uk, OU=RAL-SPBU, O=Science and Technology Facilities Council, C=GB") 46 // }; 39 // Trust Manager enables DN whitelisting 40 protected X509TrustManager x509TrustMgr; 41 42 /** 43 * Initialise SSL connection properties 44 * 45 * @param propertiesFile input stream for properties file 46 * @throws YadisRetrievalException 47 */ 48 public YadisRetrieval(InputStream propertiesFile) throws YadisRetrievalException { 47 49 48 InputStream propertiesFile = 49 DnWhitelistX509TrustMgr.class.getResourceAsStream( 50 "DnWhitelistX509TrustMgr.properties"); 51 52 // Create trust manager with given whitelist and default keystore 50 // Create trust manager with given whitelist and keystore settings 51 // read from properties file 53 52 try { 54 xtm = new DnWhitelistX509TrustMgr(null, null, propertiesFile); 53 x509TrustMgr = new DnWhitelistX509TrustMgr(propertiesFile); 54 55 55 } catch (DnWhitelistX509TrustMgrInitException e) { 56 56 throw new YadisRetrievalException("Creating trust manager", e); 57 57 } 58 59 X509TrustManager tm[] = {xtm}; 58 } 59 60 /** 61 * Retrieve XRD document from Yadis endpoint 62 * 63 * @param yadisURL URL to retrieve content from 64 * @return string containing the XRD document at the given URL 65 * @throws YadisRetrievalException 66 */ 67 public String retrieve(URL yadisURL) throws YadisRetrievalException 68 { 60 69 SSLContext ctx = null; 61 70 try { … … 66 75 } 67 76 77 X509TrustManager tm[] = {x509TrustMgr}; 68 78 try { 69 79 ctx.init(null, tm, null); … … 73 83 74 84 SSLSocketFactory socketFactory = ctx.getSocketFactory(); 75 76 85 HttpsURLConnection connection = null; 77 86 try { … … 107 116 } 108 117 109 // Retrieve and parse Yadis document returning the services it references 118 /** 119 * Retrieve and parse Yadis document returning the services it references 120 * 121 * @param yadisURL URL to retrieve content from 122 * @param targetTypes retrieve only this subset of target (service types). 123 * See to null to retrieve all types. 124 * @return list of services for this Yadis endpoint 125 * @throws XrdsParseException error parsing XRD document 126 * @throws YadisRetrievalException error GETing the content 127 */ 110 128 public List retrieveAndParse(URL yadisURL, Set targetTypes) throws 111 129 XrdsParseException, YadisRetrievalException … … 121 139 public static void main(String[] args) throws IOException 122 140 { 123 YadisRetrieval yadis = new YadisRetrieval(); 141 // Input Whitelist DNs as a string array 142 // X500Principal [] whitelist = { 143 // new X500Principal("CN=ceda.ac.uk, OU=RAL-SPBU, O=Science and Technology Facilities Council, C=GB") 144 //}; 145 146 // Input DNs from a file 147 InputStream propertiesFile = 148 DnWhitelistX509TrustMgr.class.getResourceAsStream( 149 "DnWhitelistX509TrustMgr.properties"); 150 151 YadisRetrieval yadis = null; 152 try { 153 yadis = new YadisRetrieval(propertiesFile); 154 } catch (YadisRetrievalException e) { 155 // TODO Auto-generated catch block 156 e.printStackTrace(); 157 } 124 158 125 159 URL yadisURL = new URL("https://ceda.ac.uk/openid/Philip.Kershaw"); 126 160 // URL yadisURL = new URL("https://localhost:7443/openid/PJKershaw"); 161 162 // 1) Retrieve as string content 127 163 String content = null; 128 164 try { 129 content = YadisRetrieval.retrieve(yadisURL); 165 content = yadis.retrieve(yadisURL); 166 130 167 } catch (YadisRetrievalException e) { 131 168 // TODO Auto-generated catch block … … 135 172 System.out.println("Yadis content = " + content); 136 173 174 // 2) Retrieve as list of services 137 175 List<XrdsServiceElem> serviceElems = null; 176 177 // Retrieve only services matching these type(s) 138 178 String elem [] = {"urn:esg:security:attribute-service"}; 139 179 Set<String> targetTypes = new HashSet(Arrays.asList(elem));
Note: See TracChangeset
for help on using the changeset viewer.