org.openhealthtools.ihe.atna.nodeauth

Class SecurityDomain

java.lang.Object

org.openhealthtools.ihe.atna.nodeauth.SecurityDomain

All Implemented Interfaces:

Cloneable

public class SecurityDomain
extends Object
implements Cloneable

Contains Keystore and Truststore instances for use by secure socket and https connections, as well as protocol, debug, and cipher suite choices for secure connections.

SecurityDomain objects are managed via the SecurityDomainManager

Since:

OHF 0.1.0

Author:

Glenn Deen glenn@almaden.ibm.com

Field Summary

Fields

Modifier and Type	Field and Description
static String	DEFAULT_HTTPS_CIPHERSUITES Default CIPHER SUITE which will be used unless overriddent: "TLS_RSA_WITH_NULL_SHA,TLS_RSA_WITH_AES_128_CBC_SHA"
static String	DEFAULT_HTTPS_PROTOCOLS Default https.protocols value unless specified otherwise: "TLSv1"
static String	DEFAULT_SECURITY_DOMAIN Name of the default security domain
static String	HTTPS_CIPHERSUITES
static String	HTTPS_PROTOCOLS
static String	JAVAX_NET_DEBUG
static String	JAVAX_NET_SSL_KEYSTORE
static String	JAVAX_NET_SSL_KEYSTORE_PASSWORD
static String	JAVAX_NET_SSL_TRUSTSTORE
static String	JAVAX_NET_SSL_TRUSTSTORE_PASSWORD
protected boolean	keystoreInitialized
static String	TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA
static String	TLS_RSA_WITH_NULL_SHA TLS_RSA_WITH_NULL_SHA
protected boolean	truststoreInitialized

Constructor Summary

Constructors

Constructor and Description
SecurityDomain(String name, Properties properties) Creates a security domain that uses the default key alias from the keystore
SecurityDomain(String name, String preferredAlias, Properties properties) Properites file requires the following properties to be set Key Store: javax.net.ssl.keyStore=XXX javax.net.ssl.keyStorePassword=XXX (if not present, defaults to "") optional: Trust Store: javax.net.ssl.trustStore=XXX If this is not present, then no truststore is initialized javax.net.ssl.trustStorePassword=XXX - if not present, defaults to "" http.ciphersuites=XXX list of suites to use.

Method Summary

Modifier and Type	Method and Description
SecurityDomain	clone()
SecurityDomain	clone(String newName)
boolean	doDomainSpoofCheck()
String[]	getCipherSuites()
KeyManagerFactory	getKeyManagerFactory() Deprecated.
KeyManager[]	getKeyManagers()
KeyStore	getKeyStore()
String	getName() Returns the name of the security domain
String	getPreferredKeyAlias()
TrustManagerFactory	getTrustManagerFactory() Deprecated.
TrustManager[]	getTrustManagers()
KeyStore	getTrustStore()
protected void	initKeyStore(InputStream keystoreInputStream, char[] keystorePassword)
protected void	initStores() Initialize the key and trust stores
protected void	initTrustStore(InputStream truststoreInputStream, char[] truststorePassword)
void	restoreSystemEnvironment() Restores the System environmnet to what it was before Also see setDomainEnvironment()
void	setDomainEnvironment() Sets the System environment to support the Security Domain's settings.
void	setDomainSpoofCheck(boolean check)
void	setPreferredKeyAlias(String preferredKeyAlias, boolean validate)
void	setProperties(Properties properties)

Methods inherited from class java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

JAVAX_NET_DEBUG

public static final String JAVAX_NET_DEBUG

See Also:

Constant Field Values

JAVAX_NET_SSL_TRUSTSTORE

public static final String JAVAX_NET_SSL_TRUSTSTORE

See Also:

Constant Field Values

JAVAX_NET_SSL_KEYSTORE

public static final String JAVAX_NET_SSL_KEYSTORE

See Also:

Constant Field Values

JAVAX_NET_SSL_TRUSTSTORE_PASSWORD

public static final String JAVAX_NET_SSL_TRUSTSTORE_PASSWORD

See Also:

Constant Field Values

JAVAX_NET_SSL_KEYSTORE_PASSWORD

public static final String JAVAX_NET_SSL_KEYSTORE_PASSWORD

See Also:

Constant Field Values

HTTPS_CIPHERSUITES

public static final String HTTPS_CIPHERSUITES

See Also:

Constant Field Values

HTTPS_PROTOCOLS

public static final String HTTPS_PROTOCOLS

See Also:

Constant Field Values

TLS_RSA_WITH_AES_128_CBC_SHA

public static String TLS_RSA_WITH_AES_128_CBC_SHA

TLS_RSA_WITH_AES_128_CBC_SHA

TLS_RSA_WITH_NULL_SHA

public static String TLS_RSA_WITH_NULL_SHA

TLS_RSA_WITH_NULL_SHA

DEFAULT_HTTPS_CIPHERSUITES

public static String DEFAULT_HTTPS_CIPHERSUITES

Default CIPHER SUITE which will be used unless overriddent: "TLS_RSA_WITH_NULL_SHA,TLS_RSA_WITH_AES_128_CBC_SHA"

DEFAULT_HTTPS_PROTOCOLS

public static String DEFAULT_HTTPS_PROTOCOLS

Default https.protocols value unless specified otherwise: "TLSv1"

DEFAULT_SECURITY_DOMAIN

public static String DEFAULT_SECURITY_DOMAIN

Name of the default security domain

keystoreInitialized

protected boolean keystoreInitialized

truststoreInitialized

protected boolean truststoreInitialized

Constructor Detail

SecurityDomain

public SecurityDomain(String name,
                      Properties properties)
               throws SecurityDomainException

Creates a security domain that uses the default key alias from the keystore

Parameters:

name -

properties -

Throws:

SecurityDomainException

SecurityDomain

public SecurityDomain(String name,
                      String preferredAlias,
                      Properties properties)
               throws SecurityDomainException

Properites file requires the following properties to be set
Key Store:
javax.net.ssl.keyStore=XXX
javax.net.ssl.keyStorePassword=XXX (if not present, defaults to "")

optional:
Trust Store:
javax.net.ssl.trustStore=XXX If this is not present, then no truststore is initialized
javax.net.ssl.trustStorePassword=XXX - if not present, defaults to "" http.ciphersuites=XXX list of suites to use. IHE recommends TLS_RSA_WITH_NULL_SHA and TLS_RSA_WITH_AES_CBC_SHA
http.protocols=XXX comma seperarate list of protocols to use. IHE recommends TLSv1
Debugging options:
javax.net.debug

Parameters:

name - name of the name

preferredAlias - Keystore alias to use when doing secure handshake

properties -

Throws:

SecurityDomainException

Method Detail

setProperties

public void setProperties(Properties properties)
                   throws SecurityDomainException

Parameters:

properties -

Throws:

SecurityDomainException

setDomainEnvironment

public void setDomainEnvironment()

Sets the System environment to support the Security Domain's settings. This is used for protocols which only read their crypto settings via environment variables.
Also see restoreSystemEnvironment()

restoreSystemEnvironment

public void restoreSystemEnvironment()

Restores the System environmnet to what it was before
Also see setDomainEnvironment()

initTrustStore

protected void initTrustStore(InputStream truststoreInputStream,
                              char[] truststorePassword)
                       throws SecurityDomainException,
                              NoSuchAlgorithmException,
                              CertificateException,
                              IOException

Parameters:

truststoreInputStream -

truststorePassword -

Throws:

NoSuchAlgorithmException

CertificateException

IOException

SecurityDomainException

initKeyStore

protected void initKeyStore(InputStream keystoreInputStream,
                            char[] keystorePassword)
                     throws SecurityDomainException,
                            NoSuchAlgorithmException,
                            CertificateException,
                            UnrecoverableKeyException,
                            IOException

Parameters:

keystoreInputStream -

keystorePassword -

Throws:

NoSuchAlgorithmException

CertificateException

UnrecoverableKeyException

IOException

SecurityDomainException

initStores

protected void initStores()
                   throws SecurityDomainException

Initialize the key and trust stores

Throws:

SecurityDomainException

getKeyStore

public KeyStore getKeyStore()

Returns:

getTrustStore

public KeyStore getTrustStore()

Returns:

getKeyManagers

public KeyManager[] getKeyManagers()

Returns:

getTrustManagers

public TrustManager[] getTrustManagers()

Returns:

getKeyManagerFactory

public KeyManagerFactory getKeyManagerFactory()

Deprecated.

Returns the key manager factory, to retrieve key managers for this security domain

Returns:

getTrustManagerFactory

public TrustManagerFactory getTrustManagerFactory()

Deprecated.

Returns the trust manager factory, to retrieve trust managers for this security domain

Returns:

getName

public String getName()

Returns the name of the security domain

Returns:

getCipherSuites

public String[] getCipherSuites()

getPreferredKeyAlias

public String getPreferredKeyAlias()

setPreferredKeyAlias

public void setPreferredKeyAlias(String preferredKeyAlias,
                                 boolean validate)
                          throws SecurityDomainException

Throws:

SecurityDomainException

doDomainSpoofCheck

public boolean doDomainSpoofCheck()

setDomainSpoofCheck

public void setDomainSpoofCheck(boolean check)

clone

public SecurityDomain clone()

Overrides:

clone in class Object

clone

public SecurityDomain clone(String newName)