Package org.nimbustools.ctxbroker.security

Source Code of org.nimbustools.ctxbroker.security.DefaultBootstrapFactory

/*
* Copyright 1999-2008 University of Chicago
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy
* of the License at
*
*    http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations
* under the License.
*/

package org.nimbustools.ctxbroker.security;

import org.globus.gsi.GlobusCredential;
import org.globus.gsi.CertUtil;
import org.globus.wsrf.jndi.Initializable;
import org.globus.wsrf.container.ServiceHost;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nimbustools.ctxbroker.ContextBrokerException;
import org.nimbustools.ctxbroker.BrokerConstants;

import javax.security.auth.x500.X500Principal;
import java.io.File;
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateEncodingException;
import java.security.PrivateKey;
import java.security.KeyPair;
import java.security.SignatureException;
import java.security.InvalidKeyException;
import java.util.Calendar;

public class DefaultBootstrapFactory implements BootstrapFactory,
                                                    Initializable {

    private static final Log logger =
        LogFactory.getLog(DefaultBootstrapFactory.class.getName());

    private CertificateAuthority ca = null;

    // set via jndi
    private String caCertPath = null;
    private String caKeyPath = null;
    private boolean testBootstrapGeneration = false;

    public BootstrapInformation newBootstrap(String uuid,
                                             String ctxServiceURL,
                                             Calendar expires)
                throws ContextBrokerException {

        BootstrapInformation bootstrap = new BootstrapInformation();

        KeyPair keypair = this.ca.createNewKeyPair();

        X509Certificate cert;
        try {
            cert = this.ca.signNewCertificate(uuid,
                                              keypair.getPublic(),
                                              expires);
        } catch (SignatureException e) {
            throw new ContextBrokerException(e.getMessage(), e);
        } catch (InvalidKeyException e) {
            throw new ContextBrokerException(e.getMessage(), e);
        } catch (CertificateException e) {
            throw new ContextBrokerException(e.getMessage(), e);
        } catch (IOException e) {
            throw new ContextBrokerException(e.getMessage(), e);
        }

        try {
            bootstrap.setX509Cert(cert);
        } catch (CertificateEncodingException e) {
            throw new ContextBrokerException(e.getMessage(), e);
        }
        try {
            bootstrap.setKeypair(keypair);
        } catch (IOException e) {
            throw new ContextBrokerException(e.getMessage(), e);
        }

        X500Principal subjectDN = cert.getSubjectX500Principal();
        String DN = subjectDN.getName(X500Principal.RFC2253);
        String globusDN = CertUtil.toGlobusID(DN, false);
        bootstrap.setBootstrapDN(globusDN);

        return bootstrap;
    }

    public void initialize() throws Exception {

        if (this.caCertPath == null) {
            final String msg = "No CA certificate path was provided.";
            logger.error(msg); // hard to see amidst JNDI problem
            throw new ContextBrokerException(msg);
        }
        logger.debug("caCertPath provided: '" + this.caCertPath + "'");

        if (this.caKeyPath == null) {
            final String msg = "No CA key path was provided.";
            logger.error(msg); // hard to see amidst JNDI problem
            throw new ContextBrokerException(msg);
        }
        logger.debug("caKeyPath provided: '" + this.caKeyPath + "'");

        File cert = new File(this.caCertPath);
        if (!cert.isAbsolute()) {
            final String msg = "Configured CA certificate path ('" +
                               this.caCertPath + "') is not an absolute path.";
            logger.error(msg); // hard to see amidst JNDI problem
            throw new ContextBrokerException(msg);
        }

        if (!cert.canRead()) {
            final String msg = "Configured CA certificate path ('" +
                               this.caCertPath + "') can not be read.";
            logger.error(msg); // hard to see amidst JNDI problem
            throw new ContextBrokerException(msg);
        }

        cert = new File(this.caKeyPath);
        if (!cert.isAbsolute()) {
            final String msg = "Configured CA key path ('" + this.caKeyPath +
                               "') is not an absolute path.";
            logger.error(msg); // hard to see amidst JNDI problem
            throw new ContextBrokerException(msg);
        }

        if (!cert.canRead()) {
            final String msg = "Configured CA key path ('" +
                               this.caKeyPath + "') can not be read.";
            logger.error(msg); // hard to see amidst JNDI problem
            throw new ContextBrokerException(msg);
        }

        final GlobusCredential caGlobusCred =
                new GlobusCredential(this.caCertPath, this.caKeyPath);

        logger.debug("read in CA credential: '" +
                                caGlobusCred.getIdentity() + "'");

        final X509Certificate caCert = caGlobusCred.getIdentityCertificate();
        final PrivateKey caPrivateKey = caGlobusCred.getPrivateKey();
       
        this.ca = new CertificateAuthority(caCert,
                                           caPrivateKey,
                                           caGlobusCred.getIdentity());

        // make a test certificate, to see if all is well rather than waiting
        // for a deployment to fail
        if (this.testBootstrapGeneration) {
            this.testBootstrapGeneration();
        }

        /*
        // key generation is faster after intiialization, test routine:
        if (logger.isDebugEnabled()) {
            for (int i = 0; i < 15; i++) {
                this.ca.createNewKeyPair();
            }
        }
        */
    }

    private void testBootstrapGeneration()
            throws ContextBrokerException {

        Calendar expires = Calendar.getInstance();
    expires.add(Calendar.MINUTE, 1);
        String url;
        try {
            url = ServiceHost.getBaseURL()
                            + BrokerConstants.CTX_BROKER_PATH;
        } catch (IOException e) {
            throw new ContextBrokerException(e.getMessage(), e);
        }

        this.newBootstrap("fake-UUID", url, expires);

        // for now, not going through and checking validity of cert
        // serialization etc.
        logger.trace("Bootstrap generation test succeeded.");
    }

    // jndi
    public void setCaCertPath(String caCertPath) {
        this.caCertPath = caCertPath;
    }

    // jndi
    public void setCaKeyPath(String caKeyPath) {
        this.caKeyPath = caKeyPath;
    }

    // jndi
    public void setTestBootstrapGeneration(String testBootstrapGeneration) {
        this.testBootstrapGeneration =
                testBootstrapGeneration.trim().equalsIgnoreCase("true");
    }
}
TOP

Related Classes of org.nimbustools.ctxbroker.security.DefaultBootstrapFactory

TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.