Fix 3315942, merge patch provided by Jeremiah Albrant: Ask user to select client certificate

git-svn-id: http://svn.code.sf.net/p/davmail/code/trunk@1715 3d1905a2-6b24-0410-a738-b14d5a86fcbd
This commit is contained in:
mguessan 2011-06-23 22:01:06 +00:00
parent c85225384b
commit 7fef14109f
4 changed files with 510 additions and 217 deletions

View File

@ -86,6 +86,13 @@
<role>Java Contributor</role>
</roles>
</contributor>
<contributor>
<name>Jeremiah Albrant</name>
<url>http://sourceforge.net/users/?user_id=2903536</url>
<roles>
<role>Java Contributor</role>
</roles>
</contributor>
<contributor>
<name>Henning Holtschneider</name>
<email>hehol@users.sourceforge.net</email>
@ -225,7 +232,7 @@
<dependency>
<groupId>org.eclipse</groupId>
<artifactId>swt</artifactId>
<version>3.6.0</version>
<version>3.7.0</version>
<optional>true</optional>
</dependency>
<dependency>

View File

@ -128,8 +128,20 @@ public class DavGatewaySSLProtocolSocketFactory implements SecureProtocolSocketF
ManagerFactoryParameters keyStoreBuilderParameters = new KeyStoreBuilderParameters(keyStoreBuilders);
keyManagerFactory.init(keyStoreBuilderParameters);
// Get a list of key managers
KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
// Walk through the key managers and replace all X509 Key Managers with
// a specialized wrapped DavMail X509 Key Manager
for (int i = 0; i < keyManagers.length; i++) {
KeyManager keyManager = keyManagers[i];
if (keyManager instanceof X509KeyManager) {
keyManagers[i] = new DavMailX509KeyManager((X509KeyManager) keyManager);
}
}
SSLContext context = SSLContext.getInstance("SSL");
context.init(keyManagerFactory.getKeyManagers(), new TrustManager[]{new DavGatewayX509TrustManager()}, null);
context.init(keyManagers, new TrustManager[]{new DavGatewayX509TrustManager()}, null);
return context;
}
@ -140,7 +152,6 @@ public class DavGatewaySSLProtocolSocketFactory implements SecureProtocolSocketF
return this.sslcontext;
}
public Socket createSocket(String host, int port, InetAddress clientHost, int clientPort) throws IOException {
try {
return getSSLContext().getSocketFactory().createSocket(host, port, clientHost, clientPort);
@ -169,7 +180,6 @@ public class DavGatewaySSLProtocolSocketFactory implements SecureProtocolSocketF
}
}
public Socket createSocket(String host, int port) throws IOException {
try {
return getSSLContext().getSocketFactory().createSocket(host, port);

View File

@ -0,0 +1,165 @@
/*
* DavMail POP/IMAP/SMTP/CalDav/LDAP Exchange Gateway
* Copyright (C) 2011 Mickael Guessant
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
package davmail.http;
import davmail.ui.SelectCertificateDialog;
import org.apache.log4j.Logger;
import javax.net.ssl.X509KeyManager;
import java.net.Socket;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
/**
* Special X509 Key Manager that handles cases where more than one private key
* is sufficient to establish the HTTPs connection by asking the user to
* select one.
*/
public class DavMailX509KeyManager implements X509KeyManager {
protected static final Logger LOGGER = Logger.getLogger(DavMailX509KeyManager.class);
// Wrap an existing key manager to handle most of the interface as a pass through
private final X509KeyManager keyManager;
// Remember selected alias so we don't continually bug the user
private String cachedAlias;
/**
* Build the specialized key manager wrapping the default one
*
* @param keyManager original key manager
*/
public DavMailX509KeyManager(X509KeyManager keyManager) {
this.keyManager = keyManager;
}
/**
* Get the client aliases, simply pass this through to wrapped key manager
*/
public String[] getClientAliases(String string, Principal[] principals) {
return keyManager.getClientAliases(string, principals);
}
/**
* Select a client alias. Some servers are misconfigured and claim to accept
* any client certificate during the SSL handshake, however OWA only authenticates
* using a single certificate.
* <p/>
* This method allows the user to select the right client certificate
*/
public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) {
// Build a list of all aliases
ArrayList<String> aliases = new ArrayList<String>();
for (String keyTypeValue : keyType) {
String[] keyAliases = keyManager.getClientAliases(keyTypeValue, issuers);
if (keyAliases != null) {
aliases.addAll(Arrays.asList(keyAliases));
}
}
// If there are more than one show a dialog and return the selected alias
if (aliases.size() > 1) {
//If there's a saved pattern try to match it
if (cachedAlias != null) {
for (String alias : aliases) {
if (cachedAlias.equals(stripAlias(alias))) {
LOGGER.debug(alias + " matched cached alias: " + cachedAlias);
return alias;
}
}
// pattern didn't match, clear the pattern and ask user to select an alias
cachedAlias = null;
}
String[] aliasesArray = aliases.toArray(new String[aliases.size()]);
SelectCertificateDialog selectCertificateDialog = new SelectCertificateDialog(aliasesArray);
LOGGER.debug("User selected Key Alias: " + selectCertificateDialog.getSelectedAlias());
cachedAlias = stripAlias(selectCertificateDialog.getSelectedAlias().substring(10));
LOGGER.debug("Stored Key Alias Pattern: " + cachedAlias);
return selectCertificateDialog.getSelectedAlias();
// exactly one, simply return that and don't bother the user
} else if (aliases.size() == 1) {
LOGGER.debug("One Private Key found, returning that");
return aliases.get(0);
// none, return null
} else {
LOGGER.debug("No Private Keys found");
return null;
}
}
/**
* PKCS11 aliases are in the format: dd.0, dd is incremented
* every time the SSL connection is re-negotiated
*
* @param alias original alias
* @return alias without prefix
*/
protected String stripAlias(String alias) {
String value = alias;
if (value != null && value.length() > 1) {
char firstChar = value.charAt(0);
int dotIndex = value.indexOf('.');
if (firstChar >= '0' && firstChar <= '9' && dotIndex >= 0) {
value = value.substring(dotIndex+1);
}
}
return value;
}
/**
* Passthrough to wrapped keymanager
*/
public String[] getServerAliases(String string, Principal[] prncpls) {
return keyManager.getServerAliases(string, prncpls);
}
/**
* Passthrough to wrapped keymanager
*/
public String chooseServerAlias(String string, Principal[] prncpls, Socket socket) {
return keyManager.chooseServerAlias(string, prncpls, socket);
}
/**
* Passthrough to wrapped keymanager
*/
public X509Certificate[] getCertificateChain(String string) {
return keyManager.getCertificateChain(string);
}
/**
* Passthrough to wrapped keymanager
*/
public PrivateKey getPrivateKey(String string) {
return keyManager.getPrivateKey(string);
}
}

View File

@ -0,0 +1,111 @@
/*
* DavMail POP/IMAP/SMTP/CalDav/LDAP Exchange Gateway
* Copyright (C) 2011 Mickael Guessant
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
package davmail.ui;
import davmail.BundleMessage;
import davmail.ui.tray.DavGatewayTray;
import javax.swing.*;
import java.awt.*;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
/**
* Let user select a client certificate
*/
public class SelectCertificateDialog extends JDialog {
protected JList aliasListBox;
protected String selectedAlias;
/**
* Gets user selected alias.
*
* @return user selected alias
*/
public String getSelectedAlias() {
return this.selectedAlias;
}
/**
* Select a client certificate
*
* @param aliases An array of certificate aliases for the user to pick from
*/
public SelectCertificateDialog(String[] aliases) {
setAlwaysOnTop(true);
setTitle(BundleMessage.format("UI_CERTIFICATE_ALIAS_PROMPT"));
try {
setIconImage(DavGatewayTray.getFrameIcon());
} catch (NoSuchMethodError error) {
DavGatewayTray.debug(new BundleMessage("LOG_UNABLE_TO_SET_ICON_IMAGE"));
}
JPanel questionPanel = new JPanel();
questionPanel.setLayout(new BoxLayout(questionPanel, BoxLayout.Y_AXIS));
JLabel imageLabel = new JLabel();
imageLabel.setIcon(UIManager.getIcon("OptionPane.questionIcon"));
imageLabel.setText(BundleMessage.format("UI_CERTIFICATE_ALIAS_PROMPT"));
questionPanel.add(imageLabel);
aliasListBox = new JList(aliases);
aliasListBox.setMaximumSize(aliasListBox.getPreferredSize());
JPanel aliasPanel = new JPanel();
aliasPanel.setLayout(new BoxLayout(aliasPanel, BoxLayout.Y_AXIS));
aliasPanel.add(aliasListBox);
add(questionPanel, BorderLayout.NORTH);
add(aliasPanel, BorderLayout.CENTER);
add(getButtonPanel(), BorderLayout.SOUTH);
setModal(true);
pack();
// center frame
setLocation(getToolkit().getScreenSize().width / 2 -
getSize().width / 2,
getToolkit().getScreenSize().height / 2 -
getSize().height / 2);
setVisible(true);
requestFocus();
}
protected JPanel getButtonPanel() {
JPanel buttonPanel = new JPanel();
JButton okButton = new JButton(BundleMessage.format("UI_BUTTON_OK"));
JButton cancelButton = new JButton(BundleMessage.format("UI_BUTTON_CANCEL"));
okButton.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent evt) {
selectedAlias = aliasListBox.getSelectedValue().toString();
setVisible(false);
}
});
cancelButton.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent evt) {
selectedAlias = null;
setVisible(false);
}
});
buttonPanel.add(okButton);
buttonPanel.add(cancelButton);
return buttonPanel;
}
}