Initial commit from SVN.

2014-05-30 10:31:51 -07:00
commit b45e56b890
1968 changed files with 370949 additions and 0 deletions
--- a/Orb/src/com/de22/orb/security/AbstractSecurityProvider.java
+++ b/Orb/src/com/de22/orb/security/AbstractSecurityProvider.java
@@ -0,0 +1,31 @@
+/*
+ * Copyright (c) 2008 Declarative Engineering LLC.
+ * All rights reserved.  This program and the accompanying materials
+ * are made available under the terms of the Declarative Engineering LLC
+ * verson 1 which accompanies this distribution, and is available at
+ * http://declarativeengineering.com/legal/DE_Developer_License_v1.txt
+ */
+package com.de22.orb.security;
+
+public abstract class AbstractSecurityProvider {
+/**
+ * AbstractSecurityProvider constructor.
+ */
+public AbstractSecurityProvider() {
+}//AbstractSecurityProvider()//
+/**
+ * Creates a security system instance.
+ * @return The system that will manage security for a connection.
+ */
+public abstract AbstractSecuritySystem createSecuritySystem() throws Exception;
+/**
+ * Gets the client class name for this security system.
+ * @return The qualified class name for the client side security system.  The class name will be used on the client to try to instantiate the system.
+ */
+public abstract String getSecuritySystemClientClassName();
+/**
+ * Gets the metadata required to setup the client side security system.
+ * @return The security system specific metadata required by the client to setup the security system object.
+ */
+public abstract byte[] getSecuritySystemClientMetadata();
+}//AbstractSecurityProvider//
--- a/Orb/src/com/de22/orb/security/AbstractSecuritySystem.java
+++ b/Orb/src/com/de22/orb/security/AbstractSecuritySystem.java
@@ -0,0 +1,93 @@
+/*
+ * Copyright (c) 2008 Declarative Engineering LLC.
+ * All rights reserved.  This program and the accompanying materials
+ * are made available under the terms of the Declarative Engineering LLC
+ * verson 1 which accompanies this distribution, and is available at
+ * http://declarativeengineering.com/legal/DE_Developer_License_v1.txt
+ */
+package com.de22.orb.security;
+
+import java.nio.ByteBuffer;
+
+public abstract class AbstractSecuritySystem {
+	public static final int INIT_REQUIRES_SEND = 0;
+	public static final int INIT_REQUIRES_RECEIVE = 1;
+	public static final int INIT_FINISHED = 2;
+	public static final int INIT_ERROR = 3;
+	public static final int INIT_OK = 4;
+/**
+ * AbstractSecuritySystem constructor.
+ */
+public AbstractSecuritySystem() {
+}//AbstractSecuritySystem()//
+/**
+ * Initializes the security system with the metadata provided by the security provider on the server.
+ * @param metadata The metadata sent by the server and used to setup the client security system.
+ */
+public abstract void initialize(byte[] metadata) throws Exception;
+/**
+ * Resets the security system after the connection fails.
+ */
+public abstract void reset() throws Exception;
+/**
+ * Determines whether the security system requires more initialization.
+ * @return Whether the system is still initializing.
+ */
+public abstract boolean isInitializing();
+/**
+ * Determines whether the security system has sent the first initialization message.
+ * @return Whether the system has already sent an initialization message.  This is useful to determine if the client should be sending the kickoff message versus reading the response and sending the next round.
+ */
+public abstract boolean hasSentFirstInitializeMessage();
+/**
+ * Gets the size of an encrypted chunk of data.
+ * @return The maximum size of one chunk of encrypted data.
+ */
+public abstract int getEncryptedChunkSize();
+/**
+ * Gets the size of a decrypted chunk of data.
+ * @return The maximum size of one chunk of decrypted (or yet to be encrypted) data.
+ */
+public abstract int getDecryptedChunkSize();
+/**
+ * Determines whether the security system has any pending tasks that must be run.
+ * @return Whether there is a task pending.
+ */
+public abstract boolean hasPendingTask();
+/**
+ * Gets the next pending task.
+ * @return The next task needing to be run, or null if there isn't another task.
+ */
+public abstract Runnable getPendingTask();
+/**
+ * Asks the system to send the next initialization message.
+ * @param encryptedBuffer The buffer containing encrypted data.
+ * @param decryptedBuffer The buffer containing decrypted or pre-encrypted data.
+ * @return One of the INIT_ identifiers.
+ */
+public abstract int sendInitializationMessage(ByteBuffer encryptedBuffer, ByteBuffer decryptedBuffer);
+/**
+ * Receives an initialization message.
+ * @param encryptedBuffer The buffer containing encrypted data.
+ * @param decryptedBuffer The buffer containing decrypted or pre-encrypted data.
+ * @return One of the INIT_ identifiers.
+ */
+public abstract int receiveInitializationMessage(ByteBuffer encryptedBuffer, ByteBuffer decryptedBuffer);
+/**
+ * Gets the current initialization status.
+ * @return One of the INIT_ identifiers.
+ */
+public abstract int getInitializationStatus();
+/**
+ * Encrypts the data in the decrypted buffer and places it in the encrypted buffer.
+ * @param encryptedBuffer The buffer containing encrypted data.
+ * @param decryptedBuffer The buffer containing decrypted or pre-encrypted data.
+ */
+public abstract void encryptData(ByteBuffer encryptedBuffer, ByteBuffer decryptedBuffer);
+/**
+ * Decrypts the data in the encrypted buffer and places it in the decrypted buffer.
+ * @param encryptedBuffer The buffer containing encrypted data.
+ * @param decryptedBuffer The buffer containing decrypted or pre-encrypted data.
+ */
+public abstract void decryptData(ByteBuffer encryptedBuffer, ByteBuffer decryptedBuffer);
+}//AbstractSecuritySystem//
--- a/Orb/src/com/de22/orb/security/SslSecurityProvider.java
+++ b/Orb/src/com/de22/orb/security/SslSecurityProvider.java
@@ -0,0 +1,86 @@
+/*
+ * Copyright (c) 2008,2009 Declarative Engineering LLC.
+ * All rights reserved.  This program and the accompanying materials
+ * are made available under the terms of the Declarative Engineering LLC
+ * verson 1 which accompanies this distribution, and is available at
+ * http://declarativeengineering.com/legal/DE_Developer_License_v1.txt
+ */
+package com.de22.orb.security;
+
+import java.io.ByteArrayInputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+
+import com.common.debug.Debug;
+import com.common.io.StreamSupport;
+
+public class SslSecurityProvider extends AbstractSecurityProvider {
+	/** The SSL context used to create an SSL connection. */
+	private SSLContext sslContext;
+/**
+ * SslSecurityProvider constructor.
+ * @param protocol The desired SSL protocol (TLS, SSLv3).
+ * @param keyStorePath The path to the keystore file.
+ * @param keyStorePassword The password used to read the keystore file.
+ * @param keyPassword The password used to read the material for key generation.
+ */
+public SslSecurityProvider(String protocol, String keyStorePath, String keyStorePassword, String keyPassword) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException, KeyManagementException {
+	KeyStore keyStore = KeyStore.getInstance("JKS");
+	KeyManagerFactory keyManagerFactory;
+	
+	keyStore.load(new ByteArrayInputStream(StreamSupport.readBytes(new File(keyStorePath))), keyStorePassword.toCharArray());
+	keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
+	keyManagerFactory.init(keyStore, keyPassword.toCharArray());
+	sslContext = SSLContext.getInstance(protocol);
+	sslContext.init(keyManagerFactory.getKeyManagers(), null, null);
+}//SslSecurityProvider()//
+/**
+ * SslSecurityProvider constructor.
+ * @param protocol The desired SSL protocol (TLS, SSLv3).
+ * @param keyStore The keystore to use for the SSL connections.
+ * @param keyPassword The password used to read the material for key generation.
+ */
+public SslSecurityProvider(String protocol, KeyStore keyStore, String keyPassword) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException, KeyManagementException {
+	KeyManagerFactory keyManagerFactory;
+	
+	keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
+	keyManagerFactory.init(keyStore, keyPassword.toCharArray());
+	sslContext = SSLContext.getInstance(protocol);
+	sslContext.init(keyManagerFactory.getKeyManagers(), null, null);
+}//SslSecurityProvider()//
+/* (non-Javadoc)
+ * @see com.de22.orb.security.AbstractSecurityProvider#createSecuritySystem()
+ */
+public AbstractSecuritySystem createSecuritySystem() throws Exception {
+	return new SslSecuritySystem(sslContext);
+}//createSecuritySystem()//
+/* (non-Javadoc)
+ * @see com.de22.orb.security.AbstractSecurityProvider#getSecuritySystemClientClassName()
+ */
+public String getSecuritySystemClientClassName() {
+	return SslSecuritySystem.class.getName();
+}//getSecuritySystemClientClassName()//
+/* (non-Javadoc)
+ * @see com.de22.orb.security.AbstractSecurityProvider#getSecuritySystemClientMetadata()
+ */
+public byte[] getSecuritySystemClientMetadata() {
+	try {
+		return sslContext.getProtocol().getBytes("UTF8");
+	}//try//
+	catch(Throwable e) {
+		//Should never occur.//
+		Debug.log(e);
+		return null;
+	}//catch//
+}//getSecuritySystemClientMetadata()//
+}//SslSecurityProvider()//
--- a/Orb/src/com/de22/orb/security/SslSecuritySystem.java
+++ b/Orb/src/com/de22/orb/security/SslSecuritySystem.java
@@ -0,0 +1,193 @@
+/*
+ * Copyright (c) 2008 Declarative Engineering LLC.
+ * All rights reserved.  This program and the accompanying materials
+ * are made available under the terms of the Declarative Engineering LLC
+ * verson 1 which accompanies this distribution, and is available at
+ * http://declarativeengineering.com/legal/DE_Developer_License_v1.txt
+ */
+package com.de22.orb.security;
+
+import java.nio.ByteBuffer;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLEngineResult;
+import javax.net.ssl.SSLException;
+import javax.net.ssl.X509TrustManager;
+import javax.net.ssl.SSLEngineResult.HandshakeStatus;
+
+import com.common.debug.Debug;
+
+/*
+ * A Java SSL based security system.
+ */
+public class SslSecuritySystem extends AbstractSecuritySystem {
+	/** The engine that makes the SSL stuff happen. */
+	private SSLEngine engine = null;
+	/** The next task that needs to be run. */
+	private Runnable nextTask = null;
+	/** Whether the first initialization message has already been sent. */
+	private boolean hasSentFirstInitializationMessage = false;
+/**
+ * SslSecuritySystem constructor.
+ */
+public SslSecuritySystem() {
+}//SslSecuritySystem()//
+/**
+ * SslSecuritySystem constructor.
+ */
+public SslSecuritySystem(SSLContext context) throws Exception {
+	engine = context.createSSLEngine();
+	engine.setUseClientMode(false);
+	engine.setWantClientAuth(false);
+	engine.setNeedClientAuth(false);
+	engine.beginHandshake();
+	hasSentFirstInitializationMessage = false;
+}//SslSecuritySystem()//
+/* (non-Javadoc)
+ * @see com.de22.orb.security.AbstractSecuritySystem#initialize(java.lang.Object)
+ */
+public void initialize(byte[] metadata) throws Exception {
+	SSLContext sslContext = SSLContext.getInstance(metadata != null ? new String(metadata, "UTF8") : "TLS");
+	
+	sslContext.init(null, new X509TrustManager[] {new X509TrustManager() {
+		public X509Certificate[] getAcceptedIssuers() {
+			return null;
+		}
+		public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
+		}
+		public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
+		}
+	}}, null);
+	engine = sslContext.createSSLEngine();
+	engine.setUseClientMode(true);
+	engine.setWantClientAuth(false);
+	engine.setNeedClientAuth(false);
+	engine.beginHandshake();
+	hasSentFirstInitializationMessage = false;
+}//initialize()//
+/* (non-Javadoc)
+ * @see com.de22.orb.security.AbstractSecuritySystem#reset()
+ */
+public void reset() throws Exception {
+	engine.beginHandshake();
+}//reset()//
+/* (non-Javadoc)
+ * @see com.de22.orb.security.AbstractSecuritySystem#getDecryptedChunkSize()
+ */
+public int getDecryptedChunkSize() {
+	return engine.getSession().getApplicationBufferSize();
+}//getDecryptedChunkSize()//
+/* (non-Javadoc)
+ * @see com.de22.orb.security.AbstractSecuritySystem#getEncryptedChunkSize()
+ */
+public int getEncryptedChunkSize() {
+	return engine.getSession().getPacketBufferSize();
+}//getEncryptedChunkSize()//
+/* (non-Javadoc)
+ * @see com.de22.orb.security.AbstractSecuritySystem#hasPendingTask()
+ */
+public boolean hasPendingTask() {
+	if(nextTask == null) {
+		nextTask = engine.getDelegatedTask();
+	}//if//
+	
+	return nextTask != null;
+}//hasPendingTask()//
+/* (non-Javadoc)
+ * @see com.de22.orb.security.AbstractSecuritySystem#getPendingTask()
+ */
+public Runnable getPendingTask() {
+	Runnable result = nextTask;
+	
+	nextTask = null;
+	
+	if(result == null) {
+		result = engine.getDelegatedTask();
+	}//if//
+	
+	return result;
+}//getPendingTask()//
+/* (non-Javadoc)
+ * @see com.de22.orb.security.AbstractSecuritySystem#isInitializing()
+ */
+public boolean isInitializing() {
+	return engine.getHandshakeStatus() != SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING;
+}//isInitializing()//
+/* (non-Javadoc)
+ * @see com.de22.orb.security.AbstractSecuritySystem#hasSentFirstInitializeMessage()
+ */
+public boolean hasSentFirstInitializeMessage() {
+	return hasSentFirstInitializationMessage;
+}//hasSentFirstInitializeMessage()//
+/* (non-Javadoc)
+ * @see com.de22.orb.security.AbstractSecuritySystem#decryptData(java.nio.ByteBuffer, java.nio.ByteBuffer)
+ */
+public void decryptData(ByteBuffer encryptedBuffer, ByteBuffer decryptedBuffer) {
+	SSLEngineResult result;
+	
+	try {
+		result = engine.unwrap(encryptedBuffer, decryptedBuffer);
+	}//try//
+	catch(SSLException e) {
+		Debug.log(e);
+		throw new RuntimeException();
+	}//catch//
+}//decryptData()//
+/* (non-Javadoc)
+ * @see com.de22.orb.security.AbstractSecuritySystem#encryptData(java.nio.ByteBuffer, java.nio.ByteBuffer)
+ */
+public void encryptData(ByteBuffer encryptedBuffer, ByteBuffer decryptedBuffer) {
+	SSLEngineResult result;
+	
+	try {
+		result = engine.wrap(decryptedBuffer, encryptedBuffer);
+	}//try//
+	catch(SSLException e) {
+		Debug.log(e);
+		throw new RuntimeException();
+	}//catch//
+}//encryptData()//
+/* (non-Javadoc)
+ * @see com.de22.orb.security.AbstractSecuritySystem#receiveInitializationMessage(java.nio.ByteBuffer, java.nio.ByteBuffer)
+ */
+public int receiveInitializationMessage(ByteBuffer encryptedBuffer, ByteBuffer decryptedBuffer) {
+	SSLEngineResult result;
+	
+	try {
+		result = engine.unwrap(encryptedBuffer, decryptedBuffer);
+	}//try//
+	catch(SSLException e) {
+		Debug.log(e);
+		throw new RuntimeException();
+	}//catch//
+	
+	return result.getHandshakeStatus() == HandshakeStatus.NEED_UNWRAP ? INIT_REQUIRES_RECEIVE : result.getHandshakeStatus() == HandshakeStatus.NEED_WRAP ? INIT_REQUIRES_SEND : result.getHandshakeStatus() == HandshakeStatus.FINISHED || result.getHandshakeStatus() == HandshakeStatus.NOT_HANDSHAKING ? INIT_FINISHED : INIT_OK;
+}//receiveInitializationMessage()//
+/* (non-Javadoc)
+ * @see com.de22.orb.security.AbstractSecuritySystem#sendInitializationMessage(java.nio.ByteBuffer, java.nio.ByteBuffer)
+ */
+public int sendInitializationMessage(ByteBuffer encryptedBuffer, ByteBuffer decryptedBuffer) {
+	SSLEngineResult result;
+	
+	hasSentFirstInitializationMessage = true;
+	
+	try {
+		result = engine.wrap(decryptedBuffer, encryptedBuffer);
+	}//try//
+	catch(SSLException e) {
+		Debug.log(e);
+		throw new RuntimeException();
+	}//catch//
+
+	return result.getHandshakeStatus() == HandshakeStatus.NEED_UNWRAP ? INIT_REQUIRES_RECEIVE : result.getHandshakeStatus() == HandshakeStatus.NEED_WRAP ? INIT_REQUIRES_SEND : result.getHandshakeStatus() == HandshakeStatus.FINISHED || result.getHandshakeStatus() == HandshakeStatus.NOT_HANDSHAKING ? INIT_FINISHED : INIT_OK;
+}//sendInitializationMessage()//
+/* (non-Javadoc)
+ * @see com.de22.orb.security.AbstractSecuritySystem#getInitializationStatus()
+ */
+public int getInitializationStatus() {
+	return engine.getHandshakeStatus() == HandshakeStatus.NEED_UNWRAP ? INIT_REQUIRES_RECEIVE : engine.getHandshakeStatus() == HandshakeStatus.NEED_WRAP ? INIT_REQUIRES_SEND : engine.getHandshakeStatus() == HandshakeStatus.FINISHED || engine.getHandshakeStatus() == HandshakeStatus.NOT_HANDSHAKING ? INIT_FINISHED : INIT_OK;
+}//getInitializationStatus()//
+}//SslSecuritySystem//