PageRenderTime 66ms CodeModel.GetById 30ms RepoModel.GetById 0ms app.codeStats 0ms

/src/org/jgroups/auth/X509Token.java

https://github.com/jadahl/jgroups-android
Java | 245 lines | 189 code | 31 blank | 25 comment | 40 complexity | 51a331f96a31688d3ff1909a53266be3 MD5 | raw file
Possible License(s): LGPL-2.1 
    

  1. package org.jgroups.auth;
    2. 

  2. 

  3. import org.jgroups.util.Util;
    4. 

  4. import org.jgroups.Message;
    5. 

  5. 

  6. import javax.crypto.Cipher;
    7. 

  7. import java.io.*;
    8. 

  8. import java.util.Properties;
    9. 

  9. import java.security.cert.X509Certificate;
    10. 

  10. import java.security.PrivateKey;
    11. 

  11. import java.security.KeyStore;
    12. 

  12. /**
    13. 

  13.  * <p>
    14. 

  14.  * This is an example of using a preshared token that is encrypted using an X509 certificate for authentication purposes.  All members of the group have to have the same string value in the JGroups config.
    15. 

  15.  * </p>
    16. 

  16.  * <p>
    17. 

  17.  * This example uses certificates contained within a specified keystore.  Configuration parameters for this example are shown below:
    18. 

  18.  * </p>
    19. 

  19.  * <ul>
    20. 

  20.  *  <li>keystore_type = JKS(default)/PKCS12 - see http://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html#AppA</li>
    21. 

  21.  *  <li>keystore_path (required) = the location of the keystore</li>
    22. 

  22.  *  <li>keystore_password (required) =  the password of the keystore</li>
    23. 

  23.  *  <li>cert_alias (required) = the alias of the certification within the keystore</li>
    24. 

  24.  *  <li>cert_password = the password of the certification within the keystore</li>
    25. 

  25.  *  <li>auth_value (required) = the string to encrypt</li>
    26. 

  26.  *  <li>cipher_type = RSA(default)/AES/Blowfish/DES/DESede/PBEWithMD5AndDES/PBEWithHmacSHA1AndDESede/RC2/RC4/RC5 - see http://java.sun.com/j2se/1.4.2/docs/guide/security/jce/JCERefGuide.html#AppA</li>
    27. 

  27.  * </ul>
    28. 

  28.  * @see org.jgroups.auth.AuthToken
    29. 

  29.  * @author Chris Mills
    30. 

  30.  */
    31. 

  31. public class X509Token extends AuthToken {
    32. 

  32. 

  33.     public static final String KEYSTORE_TYPE = "keystore_type";
    34. 

  34.     public static final String KEYSTORE_PATH = "keystore_path";
    35. 

  35.     public static final String KEYSTORE_PASSWORD = "keystore_password";
    36. 

  36.     public static final String CERT_ALIAS = "cert_alias";
    37. 

  37.     public static final String CERT_PASSWORD = "cert_password";
    38. 

  38.     public static final String TOKEN_ATTR = "auth_value";
    39. 

  39.     public static final String CIPHER_TYPE = "cipher_type";
    40. 

  40. 

  41.     private boolean valueSet = false;
    42. 

  42. 

  43.     private String keystore_type = null;
    44. 

  44.     private String cert_alias = null;
    45. 

  45.     private String keystore_path = null;
    46. 

  46.     private String token_attr = null;
    47. 

  47.     private String cipher_type = null;
    48. 

  48. 

  49.     private byte[] encryptedToken = null;
    50. 

  50. 

  51.     private char[] cert_password = null;
    52. 

  52.     private char[] keystore_password = null;
    53. 

  53. 

  54.     private Cipher cipher = null;
    55. 

  55.     private PrivateKey certPrivateKey = null;
    56. 

  56.     private X509Certificate certificate = null;
    57. 

  57. 

  58.     public X509Token() {
    59. 

  59.         //need an empty constructor
    60. 

  60.     }
    61. 

  61. 

  62.     public void setValue(Properties properties) {
    63. 

  63.         if(log.isDebugEnabled()){
    64. 

  64.             log.debug("setting values on X509Token object");
    65. 

  65.         }
    66. 

  66. 

  67.         if(properties.containsKey(TOKEN_ATTR)){
    68. 

  68.             this.token_attr = (String) properties.get(TOKEN_ATTR);
    69. 

  69.             properties.remove(TOKEN_ATTR);
    70. 

  70.             if(log.isDebugEnabled()){
    71. 

  71.                 log.debug("token_attr = " + this.token_attr);
    72. 

  72.             }
    73. 

  73.         }
    74. 

  74. 

  75.         if(properties.containsKey(KEYSTORE_TYPE)){
    76. 

  76.             this.keystore_type = (String) properties.get(KEYSTORE_TYPE);
    77. 

  77.             properties.remove(KEYSTORE_TYPE);
    78. 

  78.             if(log.isDebugEnabled()){
    79. 

  79.                 log.debug("keystore_type = " + this.keystore_type);
    80. 

  80.             }
    81. 

  81.         }else{
    82. 

  82.             this.keystore_type = "JKS";
    83. 

  83.             if(log.isDebugEnabled()){
    84. 

  84.                 log.debug("keystore_type = " + this.keystore_type);
    85. 

  85.             }
    86. 

  86.         }
    87. 

  87. 

  88.         if(properties.containsKey(KEYSTORE_PATH)){
    89. 

  89.             this.keystore_path = (String) properties.get(KEYSTORE_PATH);
    90. 

  90.             properties.remove(KEYSTORE_PATH);
    91. 

  91.             if(log.isDebugEnabled()){
    92. 

  92.                 log.debug("keystore_path = " + this.keystore_path);
    93. 

  93.             }
    94. 

  94.         }
    95. 

  95. 

  96.         if(properties.containsKey(KEYSTORE_PASSWORD)){
    97. 

  97.             this.keystore_password = ((String) properties.get(KEYSTORE_PASSWORD)).toCharArray();
    98. 

  98.             properties.remove(KEYSTORE_PASSWORD);
    99. 

  99.             if(log.isDebugEnabled()){
    100. 

  100.                 log.debug("keystore_password = " + this.keystore_password);
    101. 

  101.             }
    102. 

  102.         }
    103. 

  103. 

  104.         if(properties.containsKey(CERT_ALIAS)){
    105. 

  105.             this.cert_alias = (String) properties.get(CERT_ALIAS);
    106. 

  106.             properties.remove(CERT_ALIAS);
    107. 

  107.             if(log.isDebugEnabled()){
    108. 

  108.                 log.debug("cert_alias = " + this.cert_alias);
    109. 

  109.             }
    110. 

  110.         }
    111. 

  111. 

  112.         if(properties.containsKey(CERT_PASSWORD)){
    113. 

  113.             this.cert_password = ((String) properties.get(CERT_PASSWORD)).toCharArray();
    114. 

  114.             properties.remove(CERT_PASSWORD);
    115. 

  115.             if(log.isDebugEnabled()){
    116. 

  116.                 log.debug("cert_password = " + this.cert_password);
    117. 

  117.             }
    118. 

  118.         }else{
    119. 

  119.             this.cert_password = this.keystore_password;
    120. 

  120.             if(log.isDebugEnabled()){
    121. 

  121.                 log.debug("cert_password = " + this.cert_password);
    122. 

  122.             }
    123. 

  123.         }
    124. 

  124. 

  125.         if(properties.containsKey(CIPHER_TYPE)){
    126. 

  126.             this.cipher_type = (String) properties.get(CIPHER_TYPE);
    127. 

  127.             properties.remove(CIPHER_TYPE);
    128. 

  128.             if(log.isDebugEnabled()){
    129. 

  129.                 log.debug("cipher_type = " + this.cipher_type);
    130. 

  130.             }
    131. 

  131.         }else{
    132. 

  132.             this.cipher_type = "RSA";
    133. 

  133.             if(log.isDebugEnabled()){
    134. 

  134.                 log.debug("cipher_type = " + this.cipher_type);
    135. 

  135.             }
    136. 

  136.         }
    137. 

  137. 

  138.         if(getCertificate()){
    139. 

  139.             this.valueSet = true;
    140. 

  140.             if(log.isDebugEnabled()){
    141. 

  141.                 log.debug("X509Token created correctly");
    142. 

  142.             }
    143. 

  143.         }
    144. 

  144.     }
    145. 

  145. 

  146.     public String getName() {
    147. 

  147.         return "org.jgroups.auth.X509Token";
    148. 

  148.     }
    149. 

  149. 

  150.     public boolean authenticate(AuthToken token, Message msg) {
    151. 

  151.         if (!this.valueSet) {
    152. 

  152.             if(log.isFatalEnabled()){
    153. 

  153.                 log.fatal("X509Token not setup correctly - check token attrs");
    154. 

  154.             }
    155. 

  155.             return false;
    156. 

  156.         }
    157. 

  157. 

  158.         if((token != null) && (token instanceof X509Token)){
    159. 

  159.             //got a valid X509 token object
    160. 

  160.             X509Token serverToken = (X509Token)token;
    161. 

  161.             if(!serverToken.valueSet){
    162. 

  162.                 if(log.isFatalEnabled()){
    163. 

  163.                     log.fatal("X509Token - recieved token not valid");
    164. 

  164.                 }
    165. 

  165.                 return false;
    166. 

  166.             }
    167. 

  167. 

  168.             try{
    169. 

  169.                 if(log.isDebugEnabled()){
    170. 

  170.                     log.debug("setting cipher to decrypt mode");
    171. 

  171.                 }
    172. 

  172.                 this.cipher.init(Cipher.DECRYPT_MODE, this.certPrivateKey);
    173. 

  173.                 String serverBytes = new String(this.cipher.doFinal(serverToken.encryptedToken));
    174. 

  174.                 if((serverBytes != null) && (serverBytes.equalsIgnoreCase(this.token_attr))){
    175. 

  175.                     if(log.isDebugEnabled()){
    176. 

  176.                         log.debug("X509 authentication passed");
    177. 

  177.                     }
    178. 

  178.                     return true;
    179. 

  179.                 }
    180. 

  180.             }catch(Exception e){
    181. 

  181.                 if(log.isFatalEnabled()){
    182. 

  182.                     log.fatal(e);
    183. 

  183.                 }
    184. 

  184.             }
    185. 

  185.         }
    186. 

  186.         if(log.isWarnEnabled()){
    187. 

  187.             log.warn("X509 authentication failed");
    188. 

  188.         }
    189. 

  189.         return false;
    190. 

  190.     }
    191. 

  191. 

  192.     public void writeTo(DataOutputStream out) throws IOException {
    193. 

  193.         if(log.isDebugEnabled()){
    194. 

  194.             log.debug("X509Token writeTo()");
    195. 

  195.         }
    196. 

  196.         Util.writeByteBuffer(this.encryptedToken, out);
    197. 

  197.     }
    198. 

  198. 

  199.     public void readFrom(DataInputStream in) throws IOException, IllegalAccessException, InstantiationException {
    200. 

  200.         if(log.isDebugEnabled()){
    201. 

  201.             log.debug("X509Token readFrom()");
    202. 

  202.         }
    203. 

  203.         this.encryptedToken = Util.readByteBuffer(in);
    204. 

  204.         this.valueSet = true;
    205. 

  205.     }
    206. 

  206.     /**
    207. 

  207.      * Used during setup to get the certification from the keystore and encrypt the auth_value with the private key
    208. 

  208.      * @return true if the certificate was found and the string encypted correctly otherwise returns false
    209. 

  209.      */
    210. 

  210.     private boolean getCertificate() {
    211. 

  211.         try{
    212. 

  212.             KeyStore store = KeyStore.getInstance(this.keystore_type);
    213. 

  213.             java.io.FileInputStream fis = new java.io.FileInputStream(this.keystore_path);
    214. 

  214.             store.load(fis, this.keystore_password);
    215. 

  215. 

  216.             this.cipher = Cipher.getInstance(this.cipher_type);
    217. 

  217.             this.certificate = (X509Certificate) store.getCertificate(this.cert_alias);
    218. 

  218. 

  219.             if(log.isDebugEnabled()){
    220. 

  220.                 log.debug("certificate = " + this.certificate.toString());
    221. 

  221.             }
    222. 

  222. 

  223.             this.cipher.init(Cipher.ENCRYPT_MODE, this.certificate);
    224. 

  224.             this.encryptedToken = this.cipher.doFinal(this.token_attr.getBytes());
    225. 

  225. 

  226.             if(log.isDebugEnabled()){
    227. 

  227.                 log.debug("encryptedToken = " + this.encryptedToken);
    228. 

  228.             }
    229. 

  229. 

  230.             KeyStore.PrivateKeyEntry privateKey = (KeyStore.PrivateKeyEntry)store.getEntry(this.cert_alias, new KeyStore.PasswordProtection(this.cert_password));
    231. 

  231.             this.certPrivateKey = privateKey.getPrivateKey();
    232. 

  232. 

  233.             if(log.isDebugEnabled()){
    234. 

  234.                 log.debug("certPrivateKey = " + this.certPrivateKey.toString());
    235. 

  235.             }
    236. 

  236. 

  237.             return true;
    238. 

  238.         }catch(Exception e){
    239. 

  239.             if(log.isFatalEnabled()){
    240. 

  240.                 log.fatal(e);
    241. 

  241.             }
    242. 

  242.             return false;
    243. 

  243.         }
    244. 

  244.     }
    245. 

  245. }
    246. 

  246.