From a9e5f4e28a97f203eec296635aeef1ab4f6f38d8 Mon Sep 17 00:00:00 2001 From: lresende Date: Thu, 26 Feb 2009 04:29:11 +0000 Subject: Adding support to enable SSL when using binding-http using Confidentiality policy intent git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@748006 13f79535-47bb-0310-9956-ffa450edef68 --- .../confidentiality/ConfidentialityPolicy.java | 130 +++++++++++++++++ .../ConfidentialityPolicyProcessor.java | 158 +++++++++++++++++++++ .../SecurityPolicyDefinitionsProvider.java | 25 ++-- 3 files changed, 300 insertions(+), 13 deletions(-) create mode 100644 branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/confidentiality/ConfidentialityPolicy.java create mode 100644 branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/confidentiality/ConfidentialityPolicyProcessor.java (limited to 'branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache') diff --git a/branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/confidentiality/ConfidentialityPolicy.java b/branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/confidentiality/ConfidentialityPolicy.java new file mode 100644 index 0000000000..7c97b38968 --- /dev/null +++ b/branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/confidentiality/ConfidentialityPolicy.java @@ -0,0 +1,130 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.confidentiality; + +import java.util.Properties; + +import javax.xml.namespace.QName; + +import org.apache.tuscany.sca.assembly.xml.Constants; +import org.apache.tuscany.sca.policy.Policy; + + +/** + * Models the SCA Implementation Security Policy Assertion for Confidentiality. + * + * This would map to enabling SSL communication and would require + * the following configuration items : + * + * - javax.net.ssl.keyStore + * - javax.net.ssl.keyStorePassword + * - javax.net.ssl.keyStoreType + * + * - javax.net.ssl.trustStoreType + * - javax.net.ssl.trustStore + * - javax.net.ssl.trustStorePassword + * + * @version $Rev$ $Date$ + */ +public class ConfidentialityPolicy implements Policy { + public static final QName NAME = new QName(Constants.SCA10_TUSCANY_NS, "confidentiality"); + + private String trustStore; + private String trustStorePassword; + private String keyStore; + private String keyStorePassword; + private String keyStoreType; + private String trustStoreType; + + public String getTrustStore() { + return trustStore; + } + + public void setTrustStore(String trustStore) { + this.trustStore = trustStore; + } + + public String getTrustStorePassword() { + return trustStorePassword; + } + + public void setTrustStorePassword(String trustStorePassword) { + this.trustStorePassword = trustStorePassword; + } + + public String getKeyStore() { + return keyStore; + } + + public void setKeyStore(String keyStore) { + this.keyStore = keyStore; + } + + public String getKeyStorePassword() { + return keyStorePassword; + } + + public void setKeyStorePassword(String keyStorePassword) { + this.keyStorePassword = keyStorePassword; + } + + public String getKeyStoreType() { + return keyStoreType; + } + + public void setKeyStoreType(String keyStoreType) { + this.keyStoreType = keyStoreType; + } + + public String getTrustStoreType() { + return trustStoreType; + } + + public void setTrustStoreType(String trustStoreType) { + this.trustStoreType = trustStoreType; + } + + public QName getSchemaName() { + return NAME; + } + + public boolean isUnresolved() { + return false; + } + + public void setUnresolved(boolean unresolved) { + + } + + public Properties toProperties() { + Properties properties = new Properties(); + + properties.put("javax.net.ssl.trustStoreType", trustStoreType); + properties.put("javax.net.ssl.trustStore", trustStore); + properties.put("javax.net.ssl.trustStorePassword", trustStorePassword); + + properties.put("javax.net.ssl.keyStoreType", keyStoreType); + properties.put("javax.net.ssl.keyStore", keyStore); + properties.put("javax.net.ssl.keyStorePassword", keyStorePassword); + + return properties; + } + +} diff --git a/branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/confidentiality/ConfidentialityPolicyProcessor.java b/branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/confidentiality/ConfidentialityPolicyProcessor.java new file mode 100644 index 0000000000..8d9621da96 --- /dev/null +++ b/branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/confidentiality/ConfidentialityPolicyProcessor.java @@ -0,0 +1,158 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.confidentiality; + +import static javax.xml.stream.XMLStreamConstants.END_ELEMENT; +import static javax.xml.stream.XMLStreamConstants.START_ELEMENT; + +import javax.xml.namespace.QName; +import javax.xml.stream.XMLStreamException; +import javax.xml.stream.XMLStreamReader; +import javax.xml.stream.XMLStreamWriter; + +import org.apache.tuscany.sca.assembly.builder.impl.ProblemImpl; +import org.apache.tuscany.sca.assembly.xml.Constants; +import org.apache.tuscany.sca.contribution.ModelFactoryExtensionPoint; +import org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor; +import org.apache.tuscany.sca.contribution.resolver.ModelResolver; +import org.apache.tuscany.sca.contribution.service.ContributionReadException; +import org.apache.tuscany.sca.contribution.service.ContributionResolveException; +import org.apache.tuscany.sca.contribution.service.ContributionWriteException; +import org.apache.tuscany.sca.monitor.Monitor; +import org.apache.tuscany.sca.monitor.Problem; +import org.apache.tuscany.sca.monitor.Problem.Severity; + +public class ConfidentialityPolicyProcessor implements StAXArtifactProcessor { + private static final QName KEY_STORE_QNAME = new QName(Constants.SCA10_TUSCANY_NS, "keyStore"); + private static final QName TRUST_STORE_QNAME = new QName(Constants.SCA10_TUSCANY_NS, "trustStore"); + + private Monitor monitor; + + public ConfidentialityPolicyProcessor(ModelFactoryExtensionPoint modelFactories, Monitor monitor) { + this.monitor = monitor; + } + + /** + * Report a error. + * + * @param problems + * @param message + * @param model + */ + private void error(String message, Object model, Object... messageParameters) { + if (monitor != null) { + Problem problem = new ProblemImpl(this.getClass().getName(), "policy-security-validation-messages", Severity.ERROR, model, message, (Object[])messageParameters); + monitor.problem(problem); + } + } + + public QName getArtifactType() { + return ConfidentialityPolicy.NAME; + } + + public Class getModelType() { + return ConfidentialityPolicy.class; + } + + public ConfidentialityPolicy read(XMLStreamReader reader) throws ContributionReadException, XMLStreamException { + ConfidentialityPolicy policy = new ConfidentialityPolicy(); + int event = reader.getEventType(); + QName start = reader.getName(); + QName name = null; + while (true) { + switch (event) { + case START_ELEMENT: + name = reader.getName(); + if(KEY_STORE_QNAME.equals(name)) { + // + String type = reader.getAttributeValue(null, "type"); + if(type == null) { + error("RequiredAttributeKeyStoreTypeMissing", reader); + } else { + policy.setKeyStoreType(type); + } + + String file = reader.getAttributeValue(null, "file"); + if(file == null) { + error("RequiredAttributeKeyStoreFileMissing", reader); + } else { + policy.setKeyStore(file); + } + + String password = reader.getAttributeValue(null, "password"); + if(file == null) { + error("RequiredAttributeKeyStorePasswordMissing", reader); + } else { + policy.setKeyStorePassword(password); + } + + } else if(TRUST_STORE_QNAME.equals(name)) { + // + String type = reader.getAttributeValue(null, "type"); + if(type == null) { + error("RequiredAttributeTrustStoreTypeMissing", reader); + } else { + policy.setTrustStoreType(type); + } + + String file = reader.getAttributeValue(null, "file"); + if(file == null) { + error("RequiredAttributeTrusStoreFileMissing", reader); + } else { + policy.setTrustStore(file); + } + + String password = reader.getAttributeValue(null, "password"); + if(file == null) { + error("RequiredAttributeTrustStorePasswordMissing", reader); + } else { + policy.setTrustStorePassword(password); + } + + } + break; + case END_ELEMENT: + if (start.equals(reader.getName())) { + if (reader.hasNext()) { + reader.next(); + } + return policy; + } + + } + if (reader.hasNext()) { + event = reader.next(); + } else { + return policy; + } + } } + + public void write(ConfidentialityPolicy model, XMLStreamWriter writer) throws ContributionWriteException, + XMLStreamException { + // TODO Auto-generated method stub + + } + + public void resolve(ConfidentialityPolicy model, ModelResolver resolver) throws ContributionResolveException { + // TODO Auto-generated method stub + + } + +} diff --git a/branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/SecurityPolicyDefinitionsProvider.java b/branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/SecurityPolicyDefinitionsProvider.java index cfe856e0f2..c914d99365 100644 --- a/branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/SecurityPolicyDefinitionsProvider.java +++ b/branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/SecurityPolicyDefinitionsProvider.java @@ -34,16 +34,18 @@ import org.apache.tuscany.sca.provider.SCADefinitionsProviderException; /** * Provider for Policy Intents and PolicySet definitions related to security - * + * * @version $Rev$ $Date$ */ public class SecurityPolicyDefinitionsProvider implements SCADefinitionsProvider { + private static final String definitionsFile = "org/apache/tuscany/sca/policy/security/definitions.xml"; private static final String tuscanyDefinitionsFile = "org/apache/tuscany/sca/policy/security/tuscany_definitions.xml"; - private String definitionsFile = "org/apache/tuscany/sca/policy/security/definitions.xml"; + URLArtifactProcessor urlArtifactProcessor = null; public SecurityPolicyDefinitionsProvider(ExtensionPointRegistry registry) { - URLArtifactProcessorExtensionPoint documentProcessors = registry.getExtensionPoint(URLArtifactProcessorExtensionPoint.class); + URLArtifactProcessorExtensionPoint documentProcessors = + registry.getExtensionPoint(URLArtifactProcessorExtensionPoint.class); urlArtifactProcessor = (URLArtifactProcessor)documentProcessors.getProcessor(SCADefinitions.class); } @@ -51,34 +53,31 @@ public class SecurityPolicyDefinitionsProvider implements SCADefinitionsProvider SCADefinitions scaDefns = null; SCADefinitions tuscanyDefns = null; try { - // Allow privileged access to load resource. Requires RuntimePermssion in security policy. + // Allow privileged access to load resource. Requires + // RuntimePermssion in security policy. URL definitionsFileUrl = AccessController.doPrivileged(new PrivilegedAction() { public URL run() { return getClass().getClassLoader().getResource(definitionsFile); } - }); + }); URI uri = new URI(definitionsFile); - scaDefns = (SCADefinitions)urlArtifactProcessor.read(null, - uri, - definitionsFileUrl); + scaDefns = (SCADefinitions)urlArtifactProcessor.read(null, uri, definitionsFileUrl); definitionsFileUrl = AccessController.doPrivileged(new PrivilegedAction() { public URL run() { return getClass().getClassLoader().getResource(tuscanyDefinitionsFile); } - }); + }); uri = new URI(definitionsFile); - tuscanyDefns = (SCADefinitions)urlArtifactProcessor.read(null, - uri, - definitionsFileUrl); + tuscanyDefns = (SCADefinitions)urlArtifactProcessor.read(null, uri, definitionsFileUrl); SCADefinitionsUtil.aggregateSCADefinitions(tuscanyDefns, scaDefns); return scaDefns; - } catch ( Exception e ) { + } catch (Exception e) { throw new SCADefinitionsProviderException(e); } } -- cgit v1.2.3