Gitiles
Code Review Sign In
gerrit.onosproject.org / onos-felix / d5b8288e0e82f7b8e0674d6f38815051964d8eda / . / framework.security / src / main / java / org / apache / felix / framework / security / util / TrustManager.java
blob: 5b2520e08e3dc62337b3763ff74bc86e13f92797 [file] [log] [blame]
Karl Pauls36407322008-03-07 00:37:30 +0000[diff] [blame]1/*
2 * Licensed to the Apache Software Foundation (ASF) under one
3 * or more contributor license agreements. See the NOTICE file
4 * distributed with this work for additional information
5 * regarding copyright ownership. The ASF licenses this file
6 * to you under the Apache License, Version 2.0 (the
7 * "License"); you may not use this file except in compliance
8 * with the License. You may obtain a copy of the License at
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing,
13 * software distributed under the License is distributed on an
14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 * KIND, either express or implied. See the License for the
16 * specific language governing permissions and limitations
17 * under the License.
18 */
19package org.apache.felix.framework.security.util;
20
Karl Paulsd5b82882011-09-12 10:17:45 +0000[diff] [blame^]21import java.io.File;
Karl Pauls36407322008-03-07 00:37:30 +0000[diff] [blame]22import java.io.InputStream;
Karl Paulsd5b82882011-09-12 10:17:45 +0000[diff] [blame^]23import java.io.PrintStream;
Karl Pauls36407322008-03-07 00:37:30 +0000[diff] [blame]24import java.security.KeyStore;
25import java.security.cert.CertificateFactory;
26import java.util.ArrayList;
27import java.util.Collection;
28import java.util.Enumeration;
29import java.util.StringTokenizer;
30
31import org.apache.felix.framework.util.SecureAction;
32
33/*
34 * TODO: the certificate stores as well as the CRLs might change over time
35 * (added/removed certificates). We need a way to detect that and act on it.
36 * The problem is to find a good balance between re-checking and caching...
37 */
38public final class TrustManager
39{
40 private final SecureAction m_action;
41 private final String m_crlList;
42 private final String m_typeList;
43 private final String m_passwdList;
44 private final String m_storeList;
45 private Collection m_caCerts = null;
46 private Collection m_crls = null;
47
48 public TrustManager(String crlList, String typeList, String passwdList,
49 String storeList, SecureAction action)
50 {
51 m_crlList = crlList;
52 m_typeList = typeList;
53 m_passwdList = passwdList;
54 m_storeList = storeList;
55 m_action = action;
56 }
57
58 private synchronized void init()
59 {
60 if (m_caCerts == null)
61 {
62 try
63 {
64 initCRLs();
65 initCaCerts();
66 }
67 catch (Exception ex)
68 {
69 m_caCerts = new ArrayList();
70 m_crls = new ArrayList();
71 // TODO: log this
72 ex.printStackTrace();
73 }
74 }
75 }
76
77 private void initCRLs() throws Exception
78 {
79 final Collection result = new ArrayList();
80
81 if (m_crlList.trim().length() != 0)
82 {
Karl Pauls23287bd2010-01-10 22:11:27 +0000[diff] [blame]83 CertificateFactory fac = CertificateFactory.getInstance("X509");
84
Karl Pauls36407322008-03-07 00:37:30 +0000[diff] [blame]85 for (StringTokenizer tok = new StringTokenizer(m_crlList, "|"); tok
86 .hasMoreElements();)
87 {
88 InputStream input = null;
89 try
90 {
Karl Pauls23287bd2010-01-10 22:11:27 +0000[diff] [blame]91 input = m_action.getURLConnectionInputStream(m_action
92 .createURL(null, tok.nextToken(), null)
93 .openConnection());
Karl Pauls36407322008-03-07 00:37:30 +0000[diff] [blame]94 result.addAll(fac.generateCRLs(input));
95 }
96 catch (Exception ex)
97 {
98 // TODO: log this or something
99 ex.printStackTrace();
100 }
101 finally
102 {
103 if (input != null)
104 {
105 try
106 {
107 input.close();
108 }
109 catch (Exception ex)
110 {
111 // TODO: log this or something
112 ex.printStackTrace();
113 }
114 }
115 }
116 }
117 }
118
119 m_crls = result;
120 }
121
122 private void initCaCerts() throws Exception
123 {
Karl Paulsd5b82882011-09-12 10:17:45 +0000[diff] [blame^]124 final Collection result = new ArrayList();
Karl Pauls36407322008-03-07 00:37:30 +0000[diff] [blame]125
126 if (m_storeList.trim().length() != 0)
127 {
128
129 StringTokenizer storeTok = new StringTokenizer(m_storeList, "|");
130 StringTokenizer passwdTok = new StringTokenizer(m_passwdList, "|");
131 StringTokenizer typeTok = new StringTokenizer(m_typeList, "|");
132
133 while (storeTok.hasMoreTokens())
134 {
135 KeyStore ks = KeyStore.getInstance(typeTok.nextToken().trim());
136
137 InputStream input = null;
138 try
139 {
Karl Pauls23287bd2010-01-10 22:11:27 +0000[diff] [blame]140 input = m_action.getURLConnectionInputStream(m_action
141 .createURL(null, storeTok.nextToken().trim(), null)
142 .openConnection());
143 String pass = passwdTok.nextToken().trim();
Karl Pauls36407322008-03-07 00:37:30 +0000[diff] [blame]144
Karl Pauls23287bd2010-01-10 22:11:27 +0000[diff] [blame]145 ks.load(input, (pass.length() > 0) ? pass.toCharArray()
146 : null);
Karl Pauls36407322008-03-07 00:37:30 +0000[diff] [blame]147
148 for (Enumeration e = ks.aliases(); e.hasMoreElements();)
149 {
150 String alias = (String) e.nextElement();
Karl Pauls23287bd2010-01-10 22:11:27 +0000[diff] [blame]151 result.add(ks.getCertificate(alias));
Karl Pauls36407322008-03-07 00:37:30 +0000[diff] [blame]152 }
153 }
154 catch (Exception ex)
155 {
156 // TODO: log this or something
157 ex.printStackTrace();
158 }
159 finally
160 {
161 if (input != null)
162 {
163 try
164 {
165 input.close();
166 }
167 catch (Exception ex)
168 {
169 // TODO: log this or something
170 ex.printStackTrace();
171 }
172 }
173 }
174 }
175 }
176
177 m_caCerts = result;
178 }
179
180 public Collection getCRLs()
181 {
182 init();
183
184 return m_crls;
185 }
186
187 public Collection getCaCerts()
188 {
189 init();
190
191 return m_caCerts;
192 }
Karl Pauls9ac328a2010-06-21 22:36:50 +0000[diff] [blame]193}