Source code: net/jxta/impl/membership/pse/StringAuthenticator.java
1 /*
2 * Copyright (c) 2001 Sun Microsystems, Inc. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. The end-user documentation included with the redistribution,
17 * if any, must include the following acknowledgment:
18 * "This product includes software developed by the
19 * Sun Microsystems, Inc. for Project JXTA."
20 * Alternately, this acknowledgment may appear in the software itself,
21 * if and wherever such third-party acknowledgments normally appear.
22 *
23 * 4. The names "Sun", "Sun Microsystems, Inc.", "JXTA" and "Project JXTA"
24 * must not be used to endorse or promote products derived from this
25 * software without prior written permission. For written
26 * permission, please contact Project JXTA at http://www.jxta.org.
27 *
28 * 5. Products derived from this software may not be called "JXTA",
29 * nor may "JXTA" appear in their name, without prior written
30 * permission of Sun.
31 *
32 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
33 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
34 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
35 * DISCLAIMED. IN NO EVENT SHALL SUN MICROSYSTEMS OR
36 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
37 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
38 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
39 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
40 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
41 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
42 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
43 * SUCH DAMAGE.
44 * ====================================================================
45 *
46 * This software consists of voluntary contributions made by many
47 * individuals on behalf of Project JXTA. For more
48 * information on Project JXTA, please see
49 * <http://www.jxta.org/>.
50 *
51 * This license is based on the BSD license adopted by the Apache Foundation.
52 *
53 * $Id: StringAuthenticator.java,v 1.4 2004/08/06 17:43:56 bondolo Exp $
54 */
55
56 package net.jxta.impl.membership.pse;
57
58 import java.net.URI;
59 import java.util.Arrays;
60 import java.util.ArrayList;
61 import java.util.Iterator;
62 import java.util.List;
63 import java.security.cert.X509Certificate;
64 import javax.crypto.EncryptedPrivateKeyInfo;
65
66 import java.io.IOException;
67 import java.net.URISyntaxException;
68 import java.security.KeyStoreException;
69
70 import net.jxta.credential.AuthenticationCredential;
71 import net.jxta.id.ID;
72 import net.jxta.id.IDFactory;
73 import net.jxta.peer.PeerID;
74 import net.jxta.membership.Authenticator;
75 import net.jxta.membership.MembershipService;
76
77 /**
78 * An authenticator associated with the PSE membership service.
79 *
80 *@see net.jxta.membership.Authenticator
81 *@see net.jxta.membership.MembershipService
82 **/
83 public class StringAuthenticator implements Authenticator {
84
85 /**
86 * The Membership Service which generated this authenticator.
87 **/
88 transient PSEMembershipService source;
89
90 /**
91 * The Authentication which was provided to the Apply operation of the
92 * membership service.
93 **/
94 transient AuthenticationCredential application;
95
96 /**
97 *
98 **/
99 transient X509Certificate seedCert;
100
101 /**
102 *
103 **/
104 transient EncryptedPrivateKeyInfo seedKey;
105
106 /**
107 * the password for that identity.
108 **/
109 transient char [] store_password = null;
110
111 /**
112 * the identity which is being claimed
113 **/
114 transient ID identity = null;
115
116 /**
117 * the password for that identity.
118 **/
119 transient char [] key_password = null;
120
121 /**
122 * Creates an authenticator for the PSE membership service. Anything entered
123 * into the identity info section of the Authentication credential is
124 * ignored.
125 *
126 * @param source The instance of the PSE membership service which
127 * created this authenticator.
128 * @param application Anything entered into the identity info section of
129 * the Authentication credential is ignored.
130 **/
131 StringAuthenticator( PSEMembershipService source, AuthenticationCredential application, X509Certificate seedCert, EncryptedPrivateKeyInfo seedKey ) {
132 this( source, application );
133
134 this.seedCert = seedCert;
135 this.seedKey = seedKey;
136 }
137
138 /**
139 * Creates an authenticator for the PSE membership service. Anything entered
140 * into the identity info section of the Authentication credential is
141 * ignored.
142 *
143 * @param source The instance of the PSE membership service which
144 * created this authenticator.
145 * @param application Anything entered into the identity info section of
146 * the Authentication credential is ignored.
147 **/
148 StringAuthenticator( PSEMembershipService source, AuthenticationCredential application) {
149 this.source = source;
150 this.application = application;
151
152 // XXX 20010328 bondolo@jxta.org Could do something with the authentication credential here.
153 }
154
155 /**
156 * {@inheritDoc}
157 **/
158 protected void finalize() throws Throwable {
159 if( null != store_password ) {
160 Arrays.fill( store_password, '\0' );
161 }
162
163 if( null != key_password ) {
164 Arrays.fill( key_password, '\0' );
165 }
166
167 super.finalize();
168 }
169
170 /**
171 * {@inheritDoc}
172 **/
173 public MembershipService getSourceService() {
174 return (MembershipService) source.getInterface();
175 }
176
177 /**
178 * {@inheritDoc}
179 **/
180 public AuthenticationCredential getAuthenticationCredential() {
181 return application;
182 }
183
184 /**
185 * {@inheritDoc}
186 **/
187 public String getMethodName() {
188 return "StringAuthentication";
189 }
190
191 /**
192 * {@inheritDoc}
193 **/
194 synchronized public boolean isReadyForJoin() {
195 if( null != seedCert ) {
196 return null != PSEUtils.pkcs5_Decrypt_pbePrivateKey( key_password, seedCert.getPublicKey().getAlgorithm(), seedKey );
197 } else {
198 return source.pseStore.validPasswd( identity, store_password, key_password );
199 }
200 }
201
202 /**
203 * Get KeyStore password
204 **/
205 public char [] getAuth1_KeyStorePassword() {
206 return store_password;
207 }
208
209 /**
210 * Set KeyStore password
211 **/
212 public void setAuth1_KeyStorePassword( String store_password ) {
213 if( null == store_password ) {
214 setAuth1_KeyStorePassword( (char[]) null );
215 } else {
216 setAuth1_KeyStorePassword( store_password.toCharArray() );
217 }
218 }
219
220 /**
221 * Set KeyStore password
222 **/
223 public void setAuth1_KeyStorePassword( char [] store_password ) {
224 if( null != this.store_password ) {
225 Arrays.fill( this.store_password, '\0' );
226 }
227
228 if( null == store_password ) {
229 this.store_password = null;
230 } else {
231 this.store_password = (char []) store_password.clone();
232 }
233 }
234
235 /**
236 * Return the available identities.
237 **/
238 public PeerID[] getIdentities( char [] store_password ) {
239
240 if( seedCert != null ) {
241 PeerID [] seed = { source.group.getPeerID() };
242 return seed;
243 } else {
244 try {
245 ID[] allkeys = source.pseStore.getKeysList( store_password );
246
247 // XXX bondolo 20040329 it may be appropriate to login
248 // something other than a peer id.
249 List peersOnly = new ArrayList();
250
251 Iterator eachKey = Arrays.asList( allkeys ).iterator();
252
253 while( eachKey.hasNext() ) {
254 ID aKey = (ID) eachKey.next();
255
256 if( aKey instanceof PeerID ) {
257 peersOnly.add( aKey );
258 }
259 }
260
261 return (PeerID[]) peersOnly.toArray( new PeerID[peersOnly.size()] );
262 } catch ( IOException failed ) {
263 return null;
264 } catch ( KeyStoreException failed ) {
265 return null;
266 }
267 }
268 }
269
270 public X509Certificate getCertificate( char [] store_password, ID aPeer ) {
271 if( seedCert != null ) {
272 if( aPeer.equals( source.group.getPeerID() ) ) {
273 return seedCert;
274 } else {
275 return null;
276 }
277 } else {
278 try {
279 return source.pseStore.getTrustedCertificate( aPeer, store_password );
280 } catch ( IOException failed ) {
281 return null;
282 } catch ( KeyStoreException failed ) {
283 return null;
284 }
285 }
286 }
287
288 /**
289 * Get Identity
290 **/
291 public ID getAuth2Identity() {
292 return identity;
293 }
294
295 /**
296 * Set Identity
297 **/
298 public void setAuth2Identity( String id ) {
299 try {
300 URI idURI = new URI( id );
301 ID identity = IDFactory.fromURI( idURI );
302 setAuth2Identity( identity );
303 } catch ( URISyntaxException badID ) {
304 throw new IllegalArgumentException( "Bad ID" );
305 }
306 }
307
308 /**
309 * Set Identity
310 **/
311 public void setAuth2Identity(ID identity) {
312 this.identity = identity;
313 }
314
315 /**
316 * Get identity password
317 **/
318 public char [] getAuth3_IdentityPassword() {
319 return key_password;
320 }
321
322 /**
323 * Set identity password
324 **/
325 public void setAuth3_IdentityPassword( String key_password ) {
326 setAuth3_IdentityPassword( key_password.toCharArray() );
327 }
328
329 /**
330 * Set identity password
331 **/
332 public void setAuth3_IdentityPassword( char [] key_password ) {
333 if( null != this.key_password ) {
334 Arrays.fill( this.key_password, '\0' );
335 }
336
337 if( null == key_password ) {
338 this.key_password = null;
339 } else {
340 this.key_password = (char []) key_password.clone();
341 }
342 }
343 }