ws/soapbinding/WSX509KeyManager.java

a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster/**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * opensso/legal/CDDLv1.0.txt
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * at opensso/legal/CDDLv1.0.txt.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: WSX509KeyManager.java,v 1.2 2008/06/25 05:47:24 qcheng Exp $
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpackage com.sun.identity.liberty.ws.soapbinding;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.net.Socket;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.security.cert.X509Certificate;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.security.Principal;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.security.PrivateKey;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport javax.net.ssl.X509KeyManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster/**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The <code>WSX509KeyManager</code> class implements JSSE X509KeyManager
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * interface. This implementation is the same as JSSE default implementation
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * exception it will supply user-specified client certificate alias when
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * client authentication is on.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpublic class WSX509KeyManager implements X509KeyManager {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    private X509KeyManager defaultX509KM = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    private String  certAlias = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Constructor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param defaultX509KeyManager a JSSE default implementation
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param certAlias the client certificate alias
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public WSX509KeyManager(X509KeyManager defaultX509KeyManager,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            String certAlias) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        defaultX509KM = defaultX509KeyManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        this.certAlias = certAlias;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Choose an alias to authenticate the client side of a secure socket given
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * the public key type and the list of certificate issuer authorities
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * recognized by the peer (if any). If the certAlias specified in the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * constructor is not null, it will be used.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param keyType the key algorithm type name
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param issuers the list of acceptable CA issuer subject names
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @return the alias name for the desired key
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public String chooseClientAlias(String[] keyType,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            Principal[] issuers,Socket socket) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        if (certAlias != null && certAlias.length() > 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if (Utils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                Utils.debug.message("WSX509KeyManager.chooseClientAlias: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        "certAlias = " + certAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            return certAlias;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        if (Utils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            Utils.debug.message("WSX509KeyManager.chooseClientAlias: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    "using default implementation");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        return defaultX509KM.chooseClientAlias(keyType, issuers, socket);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Returns an alias to authenticate the server side of a secure socket
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * given the public key type and the list of certificate issuer
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * authorities recognized by the peer (if any).
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param keyType the key algorithm type name
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param issuers the list of acceptable CA issuer subject names
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @return the alias name for the desired key
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public String chooseServerAlias(String keyType,Principal[] issuers,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            Socket socket) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        return defaultX509KM.chooseServerAlias(keyType, issuers, socket);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Returns the matching aliases for authenticating the client  of a secure
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * socket given the public key type and the list of certificate issuer
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * authorities recognized by the peer (if any).
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param keyType the key algorithm type name
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param issuers the list of acceptable CA issuer subject names
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @return the matching alias names
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public String[] getClientAliases(String keyType,Principal[] issuers) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        return defaultX509KM.getClientAliases(keyType, issuers);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Returns the matching aliases for authenticating the server  of a secure
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * socket given the public key type and the list of certificate issuer
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * authorities recognized by the peer (if any).
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param keyType the key algorithm type name
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param issuers the list of acceptable CA issuer subject names
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @return the matching alias names
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public String[] getServerAliases(String keyType,Principal[] issuers) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        return defaultX509KM.getServerAliases(keyType, issuers);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Returns the certificate chain associated with the given alias.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param alias the alias name
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @return the certificate chain (ordered with the user's certificate first
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *         and the root certificate authority last)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public X509Certificate[] getCertificateChain(String alias) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        return defaultX509KM.getCertificateChain(alias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Returns the private key associated with the given alias.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @return the private key associated with the given alias
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public PrivateKey getPrivateKey(String alias) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        return defaultX509KM.getPrivateKey(alias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster}