PageRenderTime 50ms CodeModel.GetById 25ms RepoModel.GetById 0ms app.codeStats 0ms

/projects/jgroups-2.10.0/src/org/jgroups/auth/X509Token.java

https://gitlab.com/essere.lab.public/qualitas.class-corpus
Java | 203 lines | 134 code | 31 blank | 38 comment | 18 complexity | 0d9e5b81310670dce2002238874e482e MD5 | raw file
  1. package org.jgroups.auth;
  2. import java.io.DataInputStream;
  3. import java.io.DataOutputStream;
  4. import java.io.IOException;
  5. import java.security.InvalidKeyException;
  6. import java.security.KeyStore;
  7. import java.security.KeyStoreException;
  8. import java.security.NoSuchAlgorithmException;
  9. import java.security.PrivateKey;
  10. import java.security.UnrecoverableEntryException;
  11. import java.security.cert.CertificateException;
  12. import java.security.cert.X509Certificate;
  13. import javax.crypto.BadPaddingException;
  14. import javax.crypto.Cipher;
  15. import javax.crypto.IllegalBlockSizeException;
  16. import javax.crypto.NoSuchPaddingException;
  17. import org.jgroups.Message;
  18. import org.jgroups.annotations.Property;
  19. import org.jgroups.util.Util;
  20. /**
  21. * <p>
  22. * This is an example of using a preshared token that is encrypted using an X509 certificate for
  23. * authentication purposes. All members of the group have to have the same string value in the
  24. * JGroups config.
  25. * </p>
  26. * <p>
  27. * This example uses certificates contained within a specified keystore. Configuration parameters
  28. * for this example are shown below:
  29. * </p>
  30. * <ul>
  31. * <li>keystore_type = JKS(default)/PKCS12 - see
  32. * http://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html#AppA</li>
  33. * <li>keystore_path (required) = the location of the keystore</li>
  34. * <li>keystore_password (required) = the password of the keystore</li>
  35. * <li>cert_alias (required) = the alias of the certification within the keystore</li>
  36. * <li>cert_password = the password of the certification within the keystore</li>
  37. * <li>auth_value (required) = the string to encrypt</li>
  38. * <li>cipher_type =
  39. * RSA(default)/AES/Blowfish/DES/DESede/PBEWithMD5AndDES/PBEWithHmacSHA1AndDESede/RC2/RC4/RC5 - see
  40. * http://java.sun.com/j2se/1.4.2/docs/guide/security/jce/JCERefGuide.html#AppA</li>
  41. * </ul>
  42. *
  43. * @author Chris Mills
  44. * @see org.jgroups.auth.AuthToken
  45. */
  46. public class X509Token extends AuthToken {
  47. public static final String KEYSTORE_TYPE = "keystore_type";
  48. public static final String KEYSTORE_PATH = "keystore_path";
  49. public static final String KEYSTORE_PASSWORD = "keystore_password";
  50. public static final String CERT_ALIAS = "cert_alias";
  51. public static final String CERT_PASSWORD = "cert_password";
  52. public static final String TOKEN_ATTR = "auth_value";
  53. public static final String CIPHER_TYPE = "cipher_type";
  54. private boolean valueSet = false;
  55. @Property
  56. private String keystore_type = "JKS";
  57. @Property
  58. private String cert_alias = null;
  59. @Property
  60. private String keystore_path = null;
  61. @Property
  62. private String auth_value = null;
  63. @Property
  64. private String cipher_type = "RSA";
  65. private byte[] encryptedToken = null;
  66. private char[] cert_password = null;
  67. private char[] keystore_password = null;
  68. private Cipher cipher = null;
  69. private PrivateKey certPrivateKey = null;
  70. private X509Certificate certificate = null;
  71. private static final long serialVersionUID = -514501306160844271L;
  72. public X509Token() {
  73. // need an empty constructor
  74. }
  75. @Property(name = "cert_password")
  76. public void setCertPassword(String pwd) {
  77. this.cert_password = pwd.toCharArray();
  78. }
  79. @Property(name = "keystore_password")
  80. public void setKeyStorePassword(String pwd) {
  81. this.keystore_password = pwd.toCharArray();
  82. if (cert_password == null)
  83. cert_password = keystore_password;
  84. }
  85. public String getName() {
  86. return "org.jgroups.auth.X509Token";
  87. }
  88. public boolean authenticate(AuthToken token, Message msg) {
  89. if (!this.valueSet) {
  90. if (log.isFatalEnabled()) {
  91. log.fatal("X509Token not setup correctly - check token attrs");
  92. }
  93. return false;
  94. }
  95. if ((token != null) && (token instanceof X509Token)) {
  96. // got a valid X509 token object
  97. X509Token serverToken = (X509Token) token;
  98. if (!serverToken.valueSet) {
  99. if (log.isFatalEnabled()) {
  100. log.fatal("X509Token - recieved token not valid");
  101. }
  102. return false;
  103. }
  104. try {
  105. if (log.isDebugEnabled()) {
  106. log.debug("setting cipher to decrypt mode");
  107. }
  108. this.cipher.init(Cipher.DECRYPT_MODE, this.certPrivateKey);
  109. String serverBytes = new String(this.cipher.doFinal(serverToken.encryptedToken));
  110. if ((serverBytes.equalsIgnoreCase(this.auth_value))) {
  111. if (log.isDebugEnabled()) {
  112. log.debug("X509 authentication passed");
  113. }
  114. return true;
  115. }
  116. } catch (Exception e) {
  117. if (log.isFatalEnabled()) {
  118. log.fatal(e.toString());
  119. }
  120. }
  121. }
  122. // if(log.isWarnEnabled()){
  123. // log.warn("X509 authentication failed");
  124. // }
  125. return false;
  126. }
  127. public void writeTo(DataOutputStream out) throws IOException {
  128. if (log.isDebugEnabled()) {
  129. log.debug("X509Token writeTo()");
  130. }
  131. Util.writeByteBuffer(this.encryptedToken, out);
  132. }
  133. public void readFrom(DataInputStream in) throws IOException, IllegalAccessException,
  134. InstantiationException {
  135. if (log.isDebugEnabled()) {
  136. log.debug("X509Token readFrom()");
  137. }
  138. this.encryptedToken = Util.readByteBuffer(in);
  139. this.valueSet = true;
  140. }
  141. /**
  142. * Used during setup to get the certification from the keystore and encrypt the auth_value with
  143. * the private key
  144. *
  145. * @return true if the certificate was found and the string encypted correctly otherwise returns
  146. * false
  147. */
  148. public void setCertificate() throws KeyStoreException, IOException, NoSuchAlgorithmException,
  149. CertificateException, NoSuchPaddingException, InvalidKeyException,
  150. IllegalBlockSizeException, BadPaddingException, UnrecoverableEntryException {
  151. KeyStore store = KeyStore.getInstance(this.keystore_type);
  152. java.io.FileInputStream fis = new java.io.FileInputStream(this.keystore_path);
  153. store.load(fis, this.keystore_password);
  154. this.cipher = Cipher.getInstance(this.cipher_type);
  155. this.certificate = (X509Certificate) store.getCertificate(this.cert_alias);
  156. if (log.isDebugEnabled()) {
  157. log.debug("certificate = " + this.certificate.toString());
  158. }
  159. this.cipher.init(Cipher.ENCRYPT_MODE, this.certificate);
  160. this.encryptedToken = this.cipher.doFinal(this.auth_value.getBytes());
  161. if (log.isDebugEnabled()) {
  162. log.debug("encryptedToken = " + this.encryptedToken);
  163. }
  164. KeyStore.PrivateKeyEntry privateKey = (KeyStore.PrivateKeyEntry) store.getEntry(
  165. this.cert_alias, new KeyStore.PasswordProtection(this.cert_password));
  166. this.certPrivateKey = privateKey.getPrivateKey();
  167. this.valueSet=true;
  168. if (log.isDebugEnabled()) {
  169. log.debug("certPrivateKey = " + this.certPrivateKey.toString());
  170. }
  171. }
  172. }