public TrustManager[] getTrustManager(String algorithm) throws KeyStoreException, NoSuchAlgorithmException, KeystoreIsLocked { if (isKeystoreLocked()) { throw new KeystoreIsLocked("Keystore '" + name + "' is locked."); } if (!loadKeystoreData()) { return null; } TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(algorithm); trustFactory.init(keystore); return trustFactory.getTrustManagers(); }
public SSLContext createSSLContext(String provider, String protocol, String algorithm, String keyStore, String keyAlias, String trustStore, long timeout) throws GeneralSecurityException { if (!this.checkForKeystoresAvailability(keyStore, keyAlias, trustStore, timeout)) { throw new GeneralSecurityException("Unable to lookup configured keystore and/or truststore"); } KeystoreInstance keyInstance = getKeystore(keyStore); if (keyInstance != null && keyInstance.isKeystoreLocked()) { throw new KeystoreIsLocked("Keystore '" + keyStore + "' is locked"); } if (keyInstance != null && keyInstance.isKeyLocked(keyAlias)) { throw new KeystoreIsLocked("Key '" + keyAlias + "' in keystore '" + keyStore + "' is locked"); } KeystoreInstance trustInstance = trustStore == null ? null : getKeystore(trustStore); if (trustInstance != null && trustInstance.isKeystoreLocked()) { throw new KeystoreIsLocked("Keystore '" + trustStore + "' is locked"); } SSLContext context; if (provider == null) { context = SSLContext.getInstance(protocol); } else { context = SSLContext.getInstance(protocol, provider); } context.init(keyInstance == null ? null : keyInstance.getKeyManager(algorithm, keyAlias), trustInstance == null ? null : trustInstance.getTrustManager(algorithm), new SecureRandom()); return context; }
public AppConfigurationEntry[] getAppConfigurationEntry(String name) { JaasRealm realm = null; for (JaasRealm r : realms) { if (r.getName().equals(name)) { if (realm == null || r.getRank() > realm.getRank()) { realm = r; } } } if (realm != null) { return realm.getEntries(); } else if (defaultConfiguration != null) { return defaultConfiguration.getAppConfigurationEntry(name); } return null; }
public List<JaasRealm> getRealms(boolean hidden) { if (hidden) { return realms; } else { Map<String, JaasRealm> map = new TreeMap<>(); for (JaasRealm realm : realms) { if (!map.containsKey(realm.getName()) || realm.getRank() > map.get(realm.getName()).getRank()) { map.put(realm.getName(), realm); } } return new ArrayList<>(map.values()); } }
@Override public Object execute() throws Exception { ShellTable table = new ShellTable(); table.column("Index"); table.column("Realm Name"); table.column("Login Module Class Name"); List<JaasRealm> realms = getRealms(hidden); if (realms != null && realms.size() > 0) { int index = 1; for (JaasRealm realm : realms) { String realmName = realm.getName(); AppConfigurationEntry[] entries = realm.getEntries(); if (entries != null && entries.length > 0) { for (AppConfigurationEntry entry : entries) { String moduleClass = (String) entry.getOptions().get(ProxyLoginModule.PROPERTY_MODULE); table.addRow().addContent(index++, realmName, moduleClass); } } } } table.print(System.out, !noFormat); return null; }
@Override public int complete(Session session, CommandLine commandLine, List<String> candidates) { StringsCompleter delegate = new StringsCompleter(); try { if (realms != null && !realms.isEmpty()) for (JaasRealm realm : realms) { delegate.getStrings().add(realm.getName()); } } catch (Exception e) { // Ignore } return delegate.complete(session, commandLine, candidates); }
/** * Finds the login module class name in the {@link JaasRealm} entries. * @param realm * @return */ private List<String> findLoginModuleClassNames(JaasRealm realm) { List<String> moduleClassNames = new LinkedList<>(); for (AppConfigurationEntry entry : realm.getEntries()) { String moduleClass = (String) entry.getOptions().get(ProxyLoginModule.PROPERTY_MODULE); if (moduleClass != null) { moduleClassNames.add(moduleClass); } } return moduleClassNames; }
private void setupSsl() throws GeneralSecurityException { SSLServerSocketFactory sssf = keystoreManager.createSSLServerFactory(null, secureProtocol, algorithm, keyStore, keyAlias, trustStore,keyStoreAvailabilityTimeout); RMIServerSocketFactory rssf = new KarafSslRMIServerSocketFactory(sssf, isClientAuth(), getRmiServerHost()); RMIClientSocketFactory rcsf = new SslRMIClientSocketFactory(); environment.put(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE, rssf); environment.put(RMIConnectorServer.RMI_CLIENT_SOCKET_FACTORY_ATTRIBUTE, rcsf); //@TODO secure RMI connector as well? //env.put("com.sun.jndi.rmi.factory.socket", rcsf); }
public SSLContext createSSLContext(String provider, String protocol, String algorithm, String keyStore, String keyAlias, String trustStore, long timeout) throws GeneralSecurityException { if (!this.checkForKeystoresAvailability(keyStore, keyAlias, trustStore, timeout)) { throw new GeneralSecurityException("Unable to lookup configured keystore and/or truststore"); } KeystoreInstance keyInstance = getKeystore(keyStore); if (keyInstance != null && keyInstance.isKeystoreLocked()) { throw new KeystoreIsLocked("Keystore '" + keyStore + "' is locked"); } if (keyInstance != null && keyInstance.isKeyLocked(keyAlias)) { throw new KeystoreIsLocked("Key '" + keyAlias + "' in keystore '" + keyStore + "' is locked"); } KeystoreInstance trustInstance = trustStore == null ? null : getKeystore(trustStore); if (trustInstance != null && trustInstance.isKeystoreLocked()) { throw new KeystoreIsLocked("Keystore '" + trustStore + "' is locked"); } SSLContext context; if (provider == null) { context = SSLContext.getInstance(protocol); } else { context = SSLContext.getInstance(protocol, provider); } context.init(keyInstance == null ? null : keyInstance.getKeyManager(algorithm, keyAlias), trustInstance == null ? null : trustInstance.getTrustManager(algorithm), new SecureRandom()); return context; }
public AppConfigurationEntry[] getAppConfigurationEntry(String name) { JaasRealm realm = null; for (JaasRealm r : realms) { if (r.getName().equals(name)) { if (realm == null || r.getRank() > realm.getRank()) { realm = r; } } } if (realm != null) { return realm.getEntries(); } else if (defaultConfiguration != null) { return defaultConfiguration.getAppConfigurationEntry(name); } return null; }
public TrustManager[] getTrustManager(String algorithm) throws KeyStoreException, NoSuchAlgorithmException, KeystoreIsLocked { if (isKeystoreLocked()) { throw new KeystoreIsLocked("Keystore '" + name + "' is locked."); } if (!loadKeystoreData()) { return null; } TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(algorithm); trustFactory.init(keystore); return trustFactory.getTrustManagers(); }
public List<JaasRealm> getRealms(boolean hidden) { if (hidden) { return realms; } else { Map<String, JaasRealm> map = new TreeMap<>(); for (JaasRealm realm : realms) { if (!map.containsKey(realm.getName()) || realm.getRank() > map.get(realm.getName()).getRank()) { map.put(realm.getName(), realm); } } return new ArrayList<>(map.values()); } }
@Override public int complete(Session session, CommandLine commandLine, List<String> candidates) { StringsCompleter delegate = new StringsCompleter(); try { if (realms != null && !realms.isEmpty()) for (JaasRealm realm : realms) { delegate.getStrings().add(realm.getName()); } } catch (Exception e) { // Ignore } return delegate.complete(session, commandLine, candidates); }
/** * Finds the login module class name in the {@link JaasRealm} entries. * @param realm * @return */ private List<String> findLoginModuleClassNames(JaasRealm realm) { List<String> moduleClassNames = new LinkedList<>(); for (AppConfigurationEntry entry : realm.getEntries()) { String moduleClass = (String) entry.getOptions().get(ProxyLoginModule.PROPERTY_MODULE); if (moduleClass != null) { moduleClassNames.add(moduleClass); } } return moduleClassNames; }
public KeyManager[] getKeyManager(String algorithm, String keyAlias) throws KeystoreIsLocked, NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException { if (isKeystoreLocked()) { throw new KeystoreIsLocked("Keystore '" + name + "' is locked."); } if (!loadKeystoreData()) { return null; } KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(algorithm); keyFactory.init(keystore, (char[]) keyPasswords.get(keyAlias)); return keyFactory.getKeyManagers(); }
@Override public Object execute() throws Exception { JaasRealm realm = (JaasRealm) session.get(JAAS_REALM); AppConfigurationEntry entry = (AppConfigurationEntry) session.get(JAAS_ENTRY); @SuppressWarnings("unchecked") Queue<JaasCommandSupport> commandQueue = (Queue<JaasCommandSupport>) session.get(JAAS_CMDS); if (realm != null && entry != null) { String moduleClass = (String) entry.getOptions().get(ProxyLoginModule.PROPERTY_MODULE); System.out.println(String.format("JAAS Realm %s/JAAS Login Module %s", realm.getName(), moduleClass)); if (commandQueue != null && !commandQueue.isEmpty()) { for (JaasCommandSupport command : commandQueue) { System.out.println(command); } } else { System.err.println("No JAAS modification command in queue"); } } else { System.err.println("No JAAS Realm/Login Module selected"); } return null; }
public KeyManager[] getKeyManager(String algorithm, String keyAlias) throws KeystoreIsLocked, NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException { if (isKeystoreLocked()) { throw new KeystoreIsLocked("Keystore '" + name + "' is locked."); } if (!loadKeystoreData()) { return null; } KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(algorithm); keyFactory.init(keystore, (char[]) keyPasswords.get(keyAlias)); return keyFactory.getKeyManagers(); }
@Override public Object execute() throws Exception { JaasRealm realm = (JaasRealm) session.get(JAAS_REALM); AppConfigurationEntry entry = (AppConfigurationEntry) session.get(JAAS_ENTRY); @SuppressWarnings("unchecked") Queue<JaasCommandSupport> commandQueue = (Queue<JaasCommandSupport>) session.get(JAAS_CMDS); if (realm != null && entry != null) { String moduleClass = (String) entry.getOptions().get(ProxyLoginModule.PROPERTY_MODULE); System.out.println(String.format("JAAS Realm %s/JAAS Login Module %s", realm.getName(), moduleClass)); if (commandQueue != null && !commandQueue.isEmpty()) { for (JaasCommandSupport command : commandQueue) { System.out.println(command); } } else { System.err.println("No JAAS modification command in queue"); } } else { System.err.println("No JAAS Realm/Login Module selected"); } return null; }