nucleus/admin/config-api/src/main/java/com/sun/enterprise/config/serverbeans/SecureAdminPrincipal.java - glassfish - Git at Google

 /*
  * Copyright (c) 1997, 2018 Oracle and/or its affiliates. All rights reserved.
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Public License v. 2.0, which is available at
  * http://www.eclipse.org/legal/epl-2.0.
  *
  * This Source Code may also be made available under the following Secondary
  * Licenses when the conditions for such availability set forth in the
  * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
  * version 2 with the GNU Classpath Exception, which is available at
  * https://www.gnu.org/software/classpath/license.html.
  *
  * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
  */

 package com.sun.enterprise.config.serverbeans;

 import com.sun.enterprise.util.LocalStringManagerImpl;
 import java.beans.PropertyVetoException;
 import org.glassfish.api.Param;
 import org.glassfish.api.admin.AdminCommandContext;
 import org.glassfish.api.admin.config.Named;
 import org.glassfish.config.support.CreationDecorator;
 import org.glassfish.config.support.CrudResolver;

 import org.jvnet.hk2.annotations.Service;
 import org.glassfish.hk2.api.PerLookup;
 import org.glassfish.hk2.api.ServiceLocator;
 import org.jvnet.hk2.config.Attribute;
 import org.jvnet.hk2.config.ConfigBeanProxy;
 import org.jvnet.hk2.config.Configured;
 import org.jvnet.hk2.config.TransactionFailure;

 import jakarta.inject.Inject;

 @Configured
 /**
  * Represents a security Principal, identified using an SSL cert, that is authorized to perform admin operations. Used
  * both to identify the DAS and instances to each other and also for any end-user cert that should be accepted as
  * authorization for admin operations.
  *
  */
 public interface SecureAdminPrincipal extends ConfigBeanProxy {

     /**
      * Sets the DN of the SecureAdminPrincipal
      *
      * @param dn the DN
      */
     @Param(primary = true)
     public void setDn(String dn);

     /**
      * Gets the distinguished name for this SecureAdminPrincipal
      *
      * @return {@link String } containing the DN
      */
     @Attribute(key = true)
     String getDn();

     /**
      * Invoked during creation of a new SecureAdminPrincipal.
      */
     @Service
     @PerLookup
     public static class CrDecorator implements CreationDecorator<SecureAdminPrincipal> {

         @Inject
         //@Named(CREATION_DECORATOR_NAME)
         private SecureAdminHelper helper;

         @Param(optional = false, name = "value", primary = true)
         private String value;

         @Param(optional = true, name = "alias", defaultValue = "false")
         private boolean isAlias = true;

         @Override
         public void decorate(AdminCommandContext context, SecureAdminPrincipal instance) throws TransactionFailure, PropertyVetoException {
             try {
                 /*
                  * The user might have specified an alias, so delegate to the
                  * helper to return the DN for that alias (or the DN if that's
                  * what the user specified).
                  */
                 instance.setDn(helper.getDN(value, isAlias));
             } catch (Exception ex) {
                 throw new TransactionFailure("create", ex);
             }
         }
     }

     /**
      * Resolves using the type and any name, with no restrictions on the name and with an optional mapping from a cert alias
      * to the name.
      * <p>
      * The similar {@link TypeAndNameResolver} restricts the name to one that excludes commas, because TypeAndNameResolver
      * uses habitat.getComponent which (ultimately) uses habitat.getInhabitantByContract which splits the name using a comma
      * to get a list of names to try to match against.
      * <p>
      * In some cases the name might actually contain a comma, so this resolver supports those cases.
      * <p>
      * This resolver also allows the caller to specify an alias instead of the name (the DN) itself, in which case the
      * resolver maps the alias to the corresponding cert's DN and uses that as the name.
      *
      * @author Tim Quinn
      */

     @Service
     @PerLookup
     public static class Resolver implements CrudResolver {

         @Param(primary = true)
         private String value;

         @Param(optional = true, name = "alias", defaultValue = "false")
         private boolean isAlias = true;

         @Inject
         ServiceLocator habitat;

         @Inject
         private SecureAdminHelper helper;

         final protected static LocalStringManagerImpl localStrings = new LocalStringManagerImpl(SecureAdminPrincipal.class);

         @Override
         public <T extends ConfigBeanProxy> T resolve(AdminCommandContext context, Class<T> type) {
             /*
              * First, convert the alias to the DN (if the name is an alias).
              */
             try {
                 value = helper.getDN(value, isAlias);
             } catch (Exception ex) {
                 throw new RuntimeException(ex);
             }

             if (!SecureAdminPrincipal.class.isAssignableFrom(type)) {
                 final String msg = localStrings.getLocalString(SecureAdminPrincipal.class,
                         "SecureAdminPrincipalResolver.configTypeNotNamed", "Config type {0} must extend {1} but does not",
                         type.getSimpleName(), Named.class.getName());
                 throw new IllegalArgumentException(msg);
             }

             /*
              * Look among all instances of this contract type for a match on the
              * full name.
              */
             for (T candidate : habitat.<T>getAllServices(type)) {
                 if (value.equals(((SecureAdminPrincipal) candidate).getDn())) {
                     return candidate;
                 }
             }
             String msg = localStrings.getLocalString(SecureAdminPrincipal.class, "SecureAdminPrincipalResolver.target_object_not_found",
                     "Cannot find a {0} with a name {1}", type.getSimpleName(), value);
             throw new RuntimeException(msg);
         }
     }
 }
	/*
	* Copyright (c) 1997, 2018 Oracle and/or its affiliates. All rights reserved.
	*
	* This program and the accompanying materials are made available under the
	* terms of the Eclipse Public License v. 2.0, which is available at
	* http://www.eclipse.org/legal/epl-2.0.
	*
	* This Source Code may also be made available under the following Secondary
	* Licenses when the conditions for such availability set forth in the
	* Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
	* version 2 with the GNU Classpath Exception, which is available at
	* https://www.gnu.org/software/classpath/license.html.
	*
	* SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
	*/

	package com.sun.enterprise.config.serverbeans;

	import com.sun.enterprise.util.LocalStringManagerImpl;
	import java.beans.PropertyVetoException;
	import org.glassfish.api.Param;
	import org.glassfish.api.admin.AdminCommandContext;
	import org.glassfish.api.admin.config.Named;
	import org.glassfish.config.support.CreationDecorator;
	import org.glassfish.config.support.CrudResolver;

	import org.jvnet.hk2.annotations.Service;
	import org.glassfish.hk2.api.PerLookup;
	import org.glassfish.hk2.api.ServiceLocator;
	import org.jvnet.hk2.config.Attribute;
	import org.jvnet.hk2.config.ConfigBeanProxy;
	import org.jvnet.hk2.config.Configured;
	import org.jvnet.hk2.config.TransactionFailure;

	import jakarta.inject.Inject;

	@Configured
	/**
	* Represents a security Principal, identified using an SSL cert, that is authorized to perform admin operations. Used
	* both to identify the DAS and instances to each other and also for any end-user cert that should be accepted as
	* authorization for admin operations.
	*
	*/
	public interface SecureAdminPrincipal extends ConfigBeanProxy {

	/**
	* Sets the DN of the SecureAdminPrincipal
	*
	* @param dn the DN
	*/
	@Param(primary = true)
	public void setDn(String dn);

	/**
	* Gets the distinguished name for this SecureAdminPrincipal
	*
	* @return {@link String } containing the DN
	*/
	@Attribute(key = true)
	String getDn();

	/**
	* Invoked during creation of a new SecureAdminPrincipal.
	*/
	@Service
	@PerLookup
	public static class CrDecorator implements CreationDecorator<SecureAdminPrincipal> {

	@Inject
	//@Named(CREATION_DECORATOR_NAME)
	private SecureAdminHelper helper;

	@Param(optional = false, name = "value", primary = true)
	private String value;

	@Param(optional = true, name = "alias", defaultValue = "false")
	private boolean isAlias = true;

	@Override
	public void decorate(AdminCommandContext context, SecureAdminPrincipal instance) throws TransactionFailure, PropertyVetoException {
	try {
	/*
	* The user might have specified an alias, so delegate to the
	* helper to return the DN for that alias (or the DN if that's
	* what the user specified).
	*/
	instance.setDn(helper.getDN(value, isAlias));
	} catch (Exception ex) {
	throw new TransactionFailure("create", ex);
	}
	}
	}

	/**
	* Resolves using the type and any name, with no restrictions on the name and with an optional mapping from a cert alias
	* to the name.
	* <p>
	* The similar {@link TypeAndNameResolver} restricts the name to one that excludes commas, because TypeAndNameResolver
	* uses habitat.getComponent which (ultimately) uses habitat.getInhabitantByContract which splits the name using a comma
	* to get a list of names to try to match against.
	* <p>
	* In some cases the name might actually contain a comma, so this resolver supports those cases.
	* <p>
	* This resolver also allows the caller to specify an alias instead of the name (the DN) itself, in which case the
	* resolver maps the alias to the corresponding cert's DN and uses that as the name.
	*
	* @author Tim Quinn
	*/

	@Service
	@PerLookup
	public static class Resolver implements CrudResolver {

	@Param(primary = true)
	private String value;

	@Param(optional = true, name = "alias", defaultValue = "false")
	private boolean isAlias = true;

	@Inject
	ServiceLocator habitat;

	@Inject
	private SecureAdminHelper helper;

	final protected static LocalStringManagerImpl localStrings = new LocalStringManagerImpl(SecureAdminPrincipal.class);

	@Override
	public <T extends ConfigBeanProxy> T resolve(AdminCommandContext context, Class<T> type) {
	/*
	* First, convert the alias to the DN (if the name is an alias).
	*/
	try {
	value = helper.getDN(value, isAlias);
	} catch (Exception ex) {
	throw new RuntimeException(ex);
	}

	if (!SecureAdminPrincipal.class.isAssignableFrom(type)) {
	final String msg = localStrings.getLocalString(SecureAdminPrincipal.class,
	"SecureAdminPrincipalResolver.configTypeNotNamed", "Config type {0} must extend {1} but does not",
	type.getSimpleName(), Named.class.getName());
	throw new IllegalArgumentException(msg);
	}

	/*
	* Look among all instances of this contract type for a match on the
	* full name.
	*/
	for (T candidate : habitat.<T>getAllServices(type)) {
	if (value.equals(((SecureAdminPrincipal) candidate).getDn())) {
	return candidate;
	}
	}
	String msg = localStrings.getLocalString(SecureAdminPrincipal.class, "SecureAdminPrincipalResolver.target_object_not_found",
	"Cannot find a {0} with a name {1}", type.getSimpleName(), value);
	throw new RuntimeException(msg);
	}
	}
	}