From 7369ecc8296a0329e424596ff71c60629add3ce2 Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Wed, 21 Feb 2007 19:44:18 +0000
Subject: [PATCH] Redesign the server to support multiple key manager providers, trust manager providers, and certificate mappers, and update the components which need access to those elements so that they can specify which one they want to use. Among other things, this will provide the ability to use different certificates for different listeners, and provide template configuration entries that make it easier for users to enable SSL and/or StartTLS.
---
opends/src/server/org/opends/server/loggers/SignatureAction.java | 329 ++++++++++++++++++++++++++++--------------------------
1 files changed, 171 insertions(+), 158 deletions(-)
diff --git a/opends/src/server/org/opends/server/loggers/SignatureAction.java b/opends/src/server/org/opends/server/loggers/SignatureAction.java
index 57440af..f64398f 100644
--- a/opends/src/server/org/opends/server/loggers/SignatureAction.java
+++ b/opends/src/server/org/opends/server/loggers/SignatureAction.java
@@ -22,25 +22,25 @@
* CDDL HEADER END
*
*
- * Portions Copyright 2006 Sun Microsystems, Inc.
+ * Portions Copyright 2006-2007 Sun Microsystems, Inc.
*/
package org.opends.server.loggers;
-import java.io.BufferedInputStream;
+//import java.io.BufferedInputStream;
import java.io.File;
-import java.io.FileInputStream;
-import java.io.RandomAccessFile;
-import java.security.MessageDigest;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.Signature;
-import java.security.cert.X509Certificate;
-import javax.net.ssl.KeyManager;
-import javax.net.ssl.X509KeyManager;
+//import java.io.FileInputStream;
+//import java.io.RandomAccessFile;
+//import java.security.MessageDigest;
+//import java.security.PrivateKey;
+//import java.security.PublicKey;
+//import java.security.Signature;
+//import java.security.cert.X509Certificate;
+//import javax.net.ssl.KeyManager;
+//import javax.net.ssl.X509KeyManager;
-import org.opends.server.core.DirectoryServer;
+//import org.opends.server.core.DirectoryServer;
-import static org.opends.server.loggers.Debug.*;
+//import static org.opends.server.loggers.Debug.*;
/**
* This class implements a post rotation action that signs
@@ -101,73 +101,80 @@
*/
public boolean execute()
{
- FileInputStream fis = null;
- boolean inputStreamOpen = false;
- try
- {
- KeyManager[] keyMgrs =
- DirectoryServer.getKeyManagerProvider().getKeyManagers();
- if(keyMgrs.length == 0)
- {
- // No keys available.
- // FIXME - Log in error log.
- System.err.println("No private key available to sign with.");
- return false;
- }
- X509KeyManager mgr = (X509KeyManager) keyMgrs[0];
- PrivateKey priv = mgr.getPrivateKey(alias);
-
- Signature sig = Signature.getInstance(signatureAlgorithm);
- sig.initSign(priv);
-
- MessageDigest md = MessageDigest.getInstance(digestAlgorithm);
- md.reset();
-
- fis = new FileInputStream(originalFile);
- inputStreamOpen = true;
- BufferedInputStream bufin = new BufferedInputStream(fis);
- byte[] buffer = new byte[1024];
- int len;
- while (bufin.available() != 0)
- {
- len = bufin.read(buffer);
- md.update(buffer, 0, len);
- }
- bufin.close();
-
- // Create a hash of the log file contents.
- byte[] hash = md.digest();
- // printBytes(hash);
- sig.update(hash);
-
- // Sign the hash.
- byte[] realSig = sig.sign();
- // printBytes(realSig);
-
- // Append the signature to the end of the file.
- RandomAccessFile raf = new RandomAccessFile(originalFile, "rw");
- raf.seek(raf.length());
- raf.write(delimiter.getBytes());
- raf.write("\n".getBytes());
- raf.write(realSig);
-
- return true;
- } catch(Exception ioe)
- {
- assert debugException(CLASS_NAME, "execute", ioe);
- if(inputStreamOpen)
- {
- try
- {
- fis.close();
- } catch(Exception fe)
- {
- assert debugException(CLASS_NAME, "execute", fe);
- // Cannot do much. Ignore.
- }
- }
- return false;
- }
+ // FIXME -- It is currently not possible to sign on rotate because of the
+ // way that they key manager providers are defined. However, this function
+ // wasn't implemented in an ideal fashion anyway, so the signing capability
+ // should remain disabled until the rotation action mechanism is rewritten.
+ // The original code has been preserved here for reference purposes.
+ return false;
+//
+// FileInputStream fis = null;
+// boolean inputStreamOpen = false;
+// try
+// {
+// KeyManager[] keyMgrs =
+// DirectoryServer.getKeyManagerProvider().getKeyManagers();
+// if(keyMgrs.length == 0)
+// {
+// // No keys available.
+// // FIXME - Log in error log.
+// System.err.println("No private key available to sign with.");
+// return false;
+// }
+// X509KeyManager mgr = (X509KeyManager) keyMgrs[0];
+// PrivateKey priv = mgr.getPrivateKey(alias);
+//
+// Signature sig = Signature.getInstance(signatureAlgorithm);
+// sig.initSign(priv);
+//
+// MessageDigest md = MessageDigest.getInstance(digestAlgorithm);
+// md.reset();
+//
+// fis = new FileInputStream(originalFile);
+// inputStreamOpen = true;
+// BufferedInputStream bufin = new BufferedInputStream(fis);
+// byte[] buffer = new byte[1024];
+// int len;
+// while (bufin.available() != 0)
+// {
+// len = bufin.read(buffer);
+// md.update(buffer, 0, len);
+// }
+// bufin.close();
+//
+// // Create a hash of the log file contents.
+// byte[] hash = md.digest();
+// // printBytes(hash);
+// sig.update(hash);
+//
+// // Sign the hash.
+// byte[] realSig = sig.sign();
+// // printBytes(realSig);
+//
+// // Append the signature to the end of the file.
+// RandomAccessFile raf = new RandomAccessFile(originalFile, "rw");
+// raf.seek(raf.length());
+// raf.write(delimiter.getBytes());
+// raf.write("\n".getBytes());
+// raf.write(realSig);
+//
+// return true;
+// } catch(Exception ioe)
+// {
+// assert debugException(CLASS_NAME, "execute", ioe);
+// if(inputStreamOpen)
+// {
+// try
+// {
+// fis.close();
+// } catch(Exception fe)
+// {
+// assert debugException(CLASS_NAME, "execute", fe);
+// // Cannot do much. Ignore.
+// }
+// }
+// return false;
+// }
}
@@ -180,84 +187,90 @@
*/
public boolean verify()
{
- RandomAccessFile inFile = null;
- boolean inputStreamOpen = false;
- try
- {
- KeyManager[] keyMgrs =
- DirectoryServer.getKeyManagerProvider().getKeyManagers();
-
- if(keyMgrs.length == 0)
- {
- // No keys available.
- // FIXME - Log in error log.
- System.err.println("No public key available to verify signature with.");
- return false;
- }
-
- X509KeyManager mgr = (X509KeyManager) keyMgrs[0];
- X509Certificate[] certChain = mgr.getCertificateChain(alias);
-
- if(certChain == null || certChain.length == 0)
- {
- System.err.println("Cannot find the public key for the signature.");
- return false;
- }
-
- PublicKey pubKey = certChain[0].getPublicKey();
-
- Signature sig = Signature.getInstance(signatureAlgorithm);
- sig.initVerify(pubKey);
-
- MessageDigest md = MessageDigest.getInstance(digestAlgorithm);
- md.reset();
-
- inFile = new RandomAccessFile(originalFile, "r");
- inputStreamOpen = true;
- String line = null;
- while ((line = inFile.readLine()) != null)
- {
- if(line.equals(delimiter))
- {
- break;
- }
- // int len = line.length();
- // md.update(line.getBytes(), 0, len);
- byte[] b = (line + "\n").getBytes();
- md.update(b);
- }
-
- // Read signature
- byte[] sigToVerify = new byte[128];
- int val = inFile.read(sigToVerify, 0, 128);
- // printBytes(sigToVerify);
-
- // Create a hash of the log file contents.
- byte[] hash = md.digest();
- // printBytes(hash);
- sig.update(hash);
-
-
- // Verify the hash.
- boolean verifies = sig.verify(sigToVerify);
-
- return verifies;
- } catch(Exception ioe)
- {
- assert debugException(CLASS_NAME, "execute", ioe);
- if(inputStreamOpen)
- {
- try
- {
- inFile.close();
- } catch(Exception fe)
- {
- assert debugException(CLASS_NAME, "execute", fe);
- // Cannot do much. Ignore.
- }
- }
- return false;
- }
+ // FIXME -- It is currently not possible to sign on rotate because of the
+ // way that they key manager providers are defined. However, this function
+ // wasn't implemented in an ideal fashion anyway, so the signing capability
+ // should remain disabled until the rotation action mechanism is rewritten.
+ // The original code has been preserved here for reference purposes.
+ return false;
+// RandomAccessFile inFile = null;
+// boolean inputStreamOpen = false;
+// try
+// {
+// KeyManager[] keyMgrs =
+// DirectoryServer.getKeyManagerProvider().getKeyManagers();
+//
+// if(keyMgrs.length == 0)
+// {
+// // No keys available.
+// // FIXME - Log in error log.
+// System.err.println("No public key available to verify signature.");
+// return false;
+// }
+//
+// X509KeyManager mgr = (X509KeyManager) keyMgrs[0];
+// X509Certificate[] certChain = mgr.getCertificateChain(alias);
+//
+// if(certChain == null || certChain.length == 0)
+// {
+// System.err.println("Cannot find the public key for the signature.");
+// return false;
+// }
+//
+// PublicKey pubKey = certChain[0].getPublicKey();
+//
+// Signature sig = Signature.getInstance(signatureAlgorithm);
+// sig.initVerify(pubKey);
+//
+// MessageDigest md = MessageDigest.getInstance(digestAlgorithm);
+// md.reset();
+//
+// inFile = new RandomAccessFile(originalFile, "r");
+// inputStreamOpen = true;
+// String line = null;
+// while ((line = inFile.readLine()) != null)
+// {
+// if(line.equals(delimiter))
+// {
+// break;
+// }
+// // int len = line.length();
+// // md.update(line.getBytes(), 0, len);
+// byte[] b = (line + "\n").getBytes();
+// md.update(b);
+// }
+//
+// // Read signature
+// byte[] sigToVerify = new byte[128];
+// int val = inFile.read(sigToVerify, 0, 128);
+// // printBytes(sigToVerify);
+//
+// // Create a hash of the log file contents.
+// byte[] hash = md.digest();
+// // printBytes(hash);
+// sig.update(hash);
+//
+//
+// // Verify the hash.
+// boolean verifies = sig.verify(sigToVerify);
+//
+// return verifies;
+// } catch(Exception ioe)
+// {
+// assert debugException(CLASS_NAME, "execute", ioe);
+// if(inputStreamOpen)
+// {
+// try
+// {
+// inFile.close();
+// } catch(Exception fe)
+// {
+// assert debugException(CLASS_NAME, "execute", fe);
+// // Cannot do much. Ignore.
+// }
+// }
+// return false;
+// }
}
--
Gitblit v1.10.0