/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership. The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License. You may obtain a copy of the License at
 * 
 *      http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

/* Configuration source file for SSL Phoenix groups */

import com.sun.jini.config.KeyStores;
import com.sun.jini.phoenix.InstantiatorPermission;

import net.jini.core.constraint.ClientAuthentication;
import net.jini.core.constraint.Integrity;
import net.jini.core.constraint.InvocationConstraint;
import net.jini.core.constraint.InvocationConstraints;
import net.jini.core.constraint.ServerAuthentication;
import net.jini.core.constraint.ServerMinPrincipal;

import net.jini.security.AuthenticationPermission;
import net.jini.constraint.BasicMethodConstraints;
import net.jini.security.BasicProxyPreparer;

import net.jini.jeri.BasicJeriExporter;
import net.jini.jeri.ProxyTrustILFactory;

import net.jini.jeri.ssl.SslServerEndpoint;

import javax.security.auth.login.LoginContext;

import java.security.Permission;
import java.util.Collections;

com.sun.jini.phoenix {

    /* JAAS Login */
    loginContext = new LoginContext("com.sun.jini.Phoenix");

    /* Public Key Certificates */
    private static users = 
	KeyStores.getKeyStore("file:prebuiltkeys/truststore", null);

    private static phoenixUser = 
	Collections.singleton(KeyStores.getX500Principal("phoenix", users));

    /* Exporters */
    private activationConstraints = 
	new BasicMethodConstraints( 
	    new InvocationConstraints( 
		new InvocationConstraint[] { Integrity.YES },
               null));

    private activationInstantiatorEndpoint = SslServerEndpoint.getInstance(0);

    instantiatorExporter =
	new BasicJeriExporter(
	    activationInstantiatorEndpoint,
            new ProxyTrustILFactory(
		activationConstraints,
                InstantiatorPermission.class));

    /* Proxy Preparers */
    private mutualAuthenticationConstraints = 
	new BasicMethodConstraints( 
	    new InvocationConstraints( 
		new InvocationConstraint[] {
		    Integrity.YES,
                    ClientAuthentication.YES,
                    ServerAuthentication.YES,
                    new ServerMinPrincipal(phoenixUser)
                    },
                null));

    systemPreparer = 
	new BasicProxyPreparer( 
	    true,
            mutualAuthenticationConstraints,
            new Permission[] { 
		new AuthenticationPermission(
		    phoenixUser,
            	    phoenixUser,
                    "connect") 
		});

    monitorPreparer = systemPreparer;

}//end com.sun.jini.phoenix