Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authoreutarass2009-05-27 13:17:41 -0400
committereutarass2009-05-27 13:17:41 -0400
commitf77572bc3acfdda3121c288f7f0660d22c2589fe (patch)
tree579e7f2fd1e2457535018d3fc02786e33c41d828 /plugins/org.eclipse.tm.tcf
parent6fe22546a998c07bd789881de4397a4dadf4c098 (diff)
downloadorg.eclipse.tcf-f77572bc3acfdda3121c288f7f0660d22c2589fe.tar.gz
org.eclipse.tcf-f77572bc3acfdda3121c288f7f0660d22c2589fe.tar.xz
org.eclipse.tcf-f77572bc3acfdda3121c288f7f0660d22c2589fe.zip
Secure TCF: implemented certificate based authentication
Diffstat (limited to 'plugins/org.eclipse.tm.tcf')
-rw-r--r--plugins/org.eclipse.tm.tcf/META-INF/MANIFEST.MF1
-rw-r--r--plugins/org.eclipse.tm.tcf/src/org/eclipse/tm/tcf/Activator.java12
-rw-r--r--plugins/org.eclipse.tm.tcf/src/org/eclipse/tm/tcf/ssl/TCFSecurityManager.java161
-rw-r--r--plugins/org.eclipse.tm.tcf/tcf.jarbin378097 -> 388017 bytes
4 files changed, 174 insertions, 0 deletions
diff --git a/plugins/org.eclipse.tm.tcf/META-INF/MANIFEST.MF b/plugins/org.eclipse.tm.tcf/META-INF/MANIFEST.MF
index 9111f93ff..95068868b 100644
--- a/plugins/org.eclipse.tm.tcf/META-INF/MANIFEST.MF
+++ b/plugins/org.eclipse.tm.tcf/META-INF/MANIFEST.MF
@@ -10,3 +10,4 @@ Bundle-RequiredExecutionEnvironment: J2SE-1.5
Bundle-ActivationPolicy: lazy
Eclipse-LazyStart: true
Eclipse-ExtensibleAPI: true
+Export-Package: org.eclipse.tm.tcf.ssl;version="0.2.0"
diff --git a/plugins/org.eclipse.tm.tcf/src/org/eclipse/tm/tcf/Activator.java b/plugins/org.eclipse.tm.tcf/src/org/eclipse/tm/tcf/Activator.java
index 87fc9aef4..af00e7c60 100644
--- a/plugins/org.eclipse.tm.tcf/src/org/eclipse/tm/tcf/Activator.java
+++ b/plugins/org.eclipse.tm.tcf/src/org/eclipse/tm/tcf/Activator.java
@@ -17,8 +17,10 @@ import org.eclipse.core.runtime.IStatus;
import org.eclipse.core.runtime.Platform;
import org.eclipse.core.runtime.Plugin;
import org.eclipse.core.runtime.Status;
+import org.eclipse.tm.tcf.core.ChannelTCP;
import org.eclipse.tm.tcf.protocol.ILogger;
import org.eclipse.tm.tcf.protocol.Protocol;
+import org.eclipse.tm.tcf.ssl.TCFSecurityManager;
import org.osgi.framework.Bundle;
import org.osgi.framework.BundleContext;
import org.osgi.framework.BundleEvent;
@@ -50,10 +52,20 @@ public class Activator extends Plugin {
plugin = this;
}
+ /**
+ * Returns the shared instance
+ *
+ * @return the shared instance
+ */
+ public static Activator getDefault() {
+ return plugin;
+ }
+
@Override
public void start(BundleContext context) throws Exception {
super.start(context);
debug = Platform.inDebugMode();
+ ChannelTCP.setSSLContext(TCFSecurityManager.createSSLContext());
Protocol.setLogger(new ILogger() {
public void log(String msg, Throwable x) {
diff --git a/plugins/org.eclipse.tm.tcf/src/org/eclipse/tm/tcf/ssl/TCFSecurityManager.java b/plugins/org.eclipse.tm.tcf/src/org/eclipse/tm/tcf/ssl/TCFSecurityManager.java
new file mode 100644
index 000000000..5003fbee3
--- /dev/null
+++ b/plugins/org.eclipse.tm.tcf/src/org/eclipse/tm/tcf/ssl/TCFSecurityManager.java
@@ -0,0 +1,161 @@
+/*******************************************************************************
+ * Copyright (c) 2009 Wind River Systems, Inc. and others.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ * Wind River Systems - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.tm.tcf.ssl;
+
+import java.io.BufferedInputStream;
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.net.Socket;
+import java.security.KeyFactory;
+import java.security.Principal;
+import java.security.PrivateKey;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.util.ArrayList;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509ExtendedKeyManager;
+import javax.net.ssl.X509TrustManager;
+
+import org.eclipse.tm.tcf.Activator;
+import org.eclipse.tm.tcf.core.Base64;
+import org.eclipse.tm.tcf.protocol.Protocol;
+
+
+/**
+ * This class implements keys and certificates management for secure TCF channels.
+ */
+public class TCFSecurityManager {
+
+ public static File getCertificatesDirectory() {
+ File certs = Activator.getDefault().getStateLocation().append("certificates").toFile();
+ if (!certs.exists()) certs.mkdirs();
+ return certs;
+ }
+
+ public static SSLContext createSSLContext() {
+ try {
+ final File certs = getCertificatesDirectory();
+ if (!certs.exists()) certs.mkdirs();
+ final CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ SSLContext context = SSLContext.getInstance("TLS");
+
+ X509ExtendedKeyManager km = new X509ExtendedKeyManager() {
+
+ public X509Certificate[] getCertificateChain(String alias) {
+ File f = new File(certs, "Local.cert");
+ try {
+ InputStream inp = new BufferedInputStream(new FileInputStream(f));
+ X509Certificate cert = (X509Certificate)cf.generateCertificate(inp);
+ inp.close();
+ return new X509Certificate[] { cert };
+ }
+ catch (Exception x) {
+ Protocol.log("Cannot read certificate: " + f, x);
+ return null;
+ }
+ }
+
+ public PrivateKey getPrivateKey(String alias) {
+ File f = new File(certs, "Local.priv");
+ try {
+ BufferedReader r = new BufferedReader(new InputStreamReader(new FileInputStream(f), "ASCII"));
+ StringBuffer bf = new StringBuffer();
+ boolean app = false;
+ for (;;) {
+ String s = r.readLine();
+ if (s == null) new Exception("Invalid format");
+ else if (s.indexOf("-----BEGIN ") == 0) app = true;
+ else if (s.indexOf("-----END ") == 0) break;
+ else if (app) bf.append(s);
+ }
+ r.close();
+ KeyFactory kf = KeyFactory.getInstance("RSA");
+ byte[] bytes = Base64.toByteArray(bf.toString().toCharArray());
+ return kf.generatePrivate(new PKCS8EncodedKeySpec(bytes));
+ }
+ catch (Exception x) {
+ Protocol.log("Cannot read private key: " + f, x);
+ return null;
+ }
+ }
+
+ public String[] getClientAliases(String keyType, Principal[] issuers) {
+ return new String[] { "TCF" };
+ }
+
+ public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) {
+ return "TCF";
+ }
+
+ public String[] getServerAliases(String keyType, Principal[] issuers) {
+ return new String[] { "TCF" };
+ }
+
+ public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) {
+ return "TCF";
+ }
+ };
+
+ X509TrustManager tm = new X509TrustManager() {
+
+ public void checkClientTrusted(X509Certificate[] chain, String auth_type) throws CertificateException {
+ if ("RSA".equals(auth_type) && chain != null && chain.length == 1) {
+ for (X509Certificate cert : getAcceptedIssuers()) {
+ if (cert.equals(chain[0])) return;
+ }
+ }
+ throw new CertificateException("Client certificate validation failed");
+ }
+
+ public void checkServerTrusted(X509Certificate[] chain, String auth_type) throws CertificateException {
+ if ("RSA".equals(auth_type) && chain != null && chain.length == 1) {
+ for (X509Certificate cert : getAcceptedIssuers()) {
+ if (cert.equals(chain[0])) return;
+ }
+ }
+ throw new CertificateException("Server certificate validation failed");
+ }
+
+ public X509Certificate[] getAcceptedIssuers() {
+ ArrayList<X509Certificate> list = new ArrayList<X509Certificate>();
+ for (String fnm : certs.list()) {
+ if (!fnm.endsWith(".cert")) continue;
+ try {
+ InputStream inp = new BufferedInputStream(new FileInputStream(new File(certs, fnm)));
+ X509Certificate cert = (X509Certificate)cf.generateCertificate(inp);
+ inp.close();
+ list.add(cert);
+ }
+ catch (Throwable x) {
+ Protocol.log("Cannot load certificate: " + fnm, x);
+ }
+ }
+ return list.toArray(new X509Certificate[list.size()]);
+ }
+ };
+
+ context.init(new KeyManager[] { km }, new TrustManager[] { tm }, null);
+ return context;
+ }
+ catch (Throwable x) {
+ Protocol.log("Cannot initialize SSL context", x);
+ return null;
+ }
+ }
+}
diff --git a/plugins/org.eclipse.tm.tcf/tcf.jar b/plugins/org.eclipse.tm.tcf/tcf.jar
index 16d6feb42..b283332b0 100644
--- a/plugins/org.eclipse.tm.tcf/tcf.jar
+++ b/plugins/org.eclipse.tm.tcf/tcf.jar
Binary files differ

Back to the top