Newer
Older
Patrick Dowler
committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
package org.astrogrid.security.delegation;
import java.io.IOException;
import java.io.Writer;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import javax.security.auth.x500.X500Principal;
/**
* Abstract class for the persistence layer. Clients that provide their own
* persistence layer need to provide an extension of this class as the
* org.astrogrid.security.delegation.DelegationsImpl. When the client provided
* extension class is not available in the classpath, a default, in-memory
* implementation is used.
*/
public abstract class Delegations
{
static private Delegations instance;
static public Delegations getInstance()
{
if (instance == null)
{
// first, try to get a user-provided Delegations
// implementation class
try
{
Class<?> implClass = Class
.forName("org.astrogrid.security.delegation.DelegationsImpl");
instance = (Delegations) implClass.newInstance();
}
catch (ClassNotFoundException ex)
{
// use the default one
instance = new InMemoryDelegations();
}
catch (InstantiationException e)
{
throw new RuntimeException("Cannon instantiate DelegationImpl", e);
}
catch (IllegalAccessException e)
{
throw new RuntimeException("Cannon instantiate DelegationImpl", e);
}
}
return instance;
}
/**
* Determines the hash-key corresponding to a principal.
*
* @param principal
* The identity to be hashed.
* @return The hash.
*/
public String hash(X500Principal principal)
{
return Integer.toString(principal.hashCode());
}
/**
* Initializes a group of credentials for one identity. If there were
* already credentials for that identity, nothing is changed. If not,
* a key pair and a CSR are generated and stored; the certificate
* property is set to null.
*
* @return The hash of the distinguished name.
*/
public abstract String initializeIdentity(String identity)
throws GeneralSecurityException;
/**
* Initializes a group of credentials for one identity. If there were
* already credentials for that identity, nothing is changed. If not,
* a key pair and a CSR are generated and stored; the certificate
* property is set to null.
*
* @param principal
* The distinguished name on which to base the identity.
* @return The hash key corresponding to the distinguished name.
*/
public abstract String initializeIdentity(X500Principal principal)
throws GeneralSecurityException;
public abstract CertificateSigningRequest getCsr(String hashKey);
public abstract PrivateKey getPrivateKey(String hashKey);
public abstract X509Certificate[] getCertificates(String hashKey);
public abstract void remove(String hashKey);
/**
* Reveals whether an identity is known from the delegation records.
*/
public abstract boolean isKnown(String hashKey);
/**
* Stores a certificate for the given identity. Any previous
* certificate is overwritten. This operation is thread-safe against
* concurrent reading of the certificate.
*/
public abstract void setCertificates(String hashKey, X509Certificate[] certificates) throws InvalidKeyException;
public abstract Object[] getPrincipals();
public abstract String getName(String hashKey);
/**
* Reveals the keys held for an identity.
*
* @param hashKey
* The hash of the identity.
* @return The keys (null if identity not known).
*/
public abstract KeyPair getKeys(String hashKey);
/**
* Reveals whether a certificate is held for this identity.
*
* @param hashKey
* The hash key identifying the user.
*/
public abstract boolean hasCertificate(String hashKey);
/**
* Writes a user's certificate to a given stream, in PEM encoding.
*
* @param hashKey
* The hash key identifying the user.
* @param out
* The destination for the certificate.
*/
public abstract void writeCertificate(String hashKey, Writer out)
throws IOException;
}