Google Git
Sign in
third-party-mirror / glassfish / ff472358046c28af2e77898e0d6250b4f3f0bca4 / . / appserver / security / appclient.security / src / main / java / com / sun / enterprise / security / appclient / AppClientSecurityInfoImpl.java
blob: f7ab688d9f5998603994e4dc10a1af77e0ddc7ac [file] [log] [blame]
/*
* Copyright (c) 1997, 2018 Oracle and/or its affiliates. All rights reserved.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0, which is available at
* http://www.eclipse.org/legal/epl-2.0.
*
* This Source Code may also be made available under the following Secondary
* Licenses when the conditions for such availability set forth in the
* Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
* version 2 with the GNU Classpath Exception, which is available at
* https://www.gnu.org/software/classpath/license.html.
*
* SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
*/
package com.sun.enterprise.security.appclient;
import com.sun.enterprise.security.ee.J2EESecurityManager;
import com.sun.enterprise.security.SecurityServicesUtil;
import com.sun.enterprise.security.UsernamePasswordStore;
import com.sun.enterprise.security.appclient.integration.AppClientSecurityInfo;
import com.sun.enterprise.security.auth.login.LoginCallbackHandler;
import com.sun.enterprise.security.auth.login.LoginContextDriver;
import com.sun.enterprise.security.common.ClientSecurityContext;
import com.sun.enterprise.security.common.SecurityConstants;
import com.sun.enterprise.security.common.Util;
import com.sun.enterprise.security.jmac.config.GFAuthConfigFactory;
import com.sun.enterprise.security.integration.AppClientSSL;
import com.sun.enterprise.security.ssl.SSLUtils;
import com.sun.logging.LogDomains;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import jakarta.inject.Inject;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import jakarta.security.auth.message.config.AuthConfigFactory;
import org.glassfish.appclient.client.acc.config.MessageSecurityConfig;
import org.glassfish.appclient.client.acc.config.Security;
import org.glassfish.appclient.client.acc.config.Ssl;
import org.glassfish.appclient.client.acc.config.TargetServer;
import org.jvnet.hk2.annotations.Service;
import org.glassfish.enterprise.iiop.api.IIOPSSLUtil;
/**
*
* @author Kumar
*/
@Service
public class AppClientSecurityInfoImpl implements AppClientSecurityInfo {
private static Logger _logger=null;
static {
_logger=LogDomains.getLogger(AppClientSecurityInfoImpl.class, LogDomains.SECURITY_LOGGER);
}
private static final String DEFAULT_PARSER_CLASS = "com.sun.enterprise.security.appclient.ConfigXMLParser";
private CallbackHandler callbackHandler;
private CredentialType appclientCredentialType;
boolean isJWS;
boolean useGUIAuth;
private List<TargetServer> targetServers;
private List<MessageSecurityConfig> msgSecConfigs;
@Inject
protected SSLUtils sslUtils;
@Inject
private SecurityServicesUtil secServUtil;
@Inject
private Util util;
@Inject
private IIOPSSLUtil appClientSSLUtil;
@Override
public void initializeSecurity(
List<TargetServer> tServers,
List<MessageSecurityConfig> configs, CallbackHandler handler,
CredentialType credType, String username,
char[] password, boolean isJWS, boolean useGUIAuth) {
/* security init */
this.isJWS = isJWS;
this.useGUIAuth = useGUIAuth;
this.appclientCredentialType = credType;
if (handler != null) {
this.callbackHandler = handler;
} else {
this.callbackHandler = new LoginCallbackHandler(useGUIAuth);
}
this.targetServers = tServers;
this.msgSecConfigs = configs;
SecurityManager secMgr = System.getSecurityManager();
if (!isJWS && secMgr != null && !J2EESecurityManager.class.equals(secMgr.getClass())) {
J2EESecurityManager mgr = new J2EESecurityManager();
System.setSecurityManager(mgr);
}
if (_logger.isLoggable(Level.FINE)) {
if (secMgr != null) {
_logger.fine("acc.secmgron");
} else {
_logger.fine("acc.secmgroff");
}
}
//set the parser to ConfigXMLParser
System.setProperty("config.parser", DEFAULT_PARSER_CLASS);
util.setAppClientMsgSecConfigs(msgSecConfigs);
try {
/* setup jsr 196 factory
* define default factory if it is not already defined
*/
String defaultFactory = java.security.Security.getProperty
(AuthConfigFactory.DEFAULT_FACTORY_SECURITY_PROPERTY);
_logger.fine("AuthConfigFactory obtained from java.security.Security.getProperty(\"authconfigprovider.factory\") :"
+ ((defaultFactory != null) ? defaultFactory : "NULL"));
if (defaultFactory == null) {
java.security.Security.setProperty
(AuthConfigFactory.DEFAULT_FACTORY_SECURITY_PROPERTY,
GFAuthConfigFactory.class.getName());
}
} catch (Exception e) {
_logger.log(Level.WARNING, "main.jmac_default_factory");
}
//TODO:V3 LoginContextDriver has a static variable dependency on AuditManager
//And since LoginContextDriver has too many static methods that use AuditManager
//we have to make this workaround here.
//Handles in LoginContextDriver
//LoginContextDriver.AUDIT_MANAGER = secServUtil.getAuditManager();
//secServUtil.initSecureSeed();
setSSLData(this.getTargetServers());
if (username != null || password != null) {
UsernamePasswordStore.set(username, password);
}
//why am i setting both?.
secServUtil.setCallbackHandler(callbackHandler);
util.setCallbackHandler(callbackHandler);
}
@Override
public int getCredentialEncoding(CredentialType type) {
switch(type) {
case USERNAME_PASSWORD :
return SecurityConstants.USERNAME_PASSWORD;
case CERTIFICATE :
return SecurityConstants.CERTIFICATE;
case ALL :
return SecurityConstants.ALL;
default :
throw new RuntimeException("Unknown CredentialType");
}
}
@Override
public Subject doClientLogin(CredentialType credType) {
return LoginContextDriver.doClientLogin(this.getCredentialEncoding(credType), callbackHandler);
}
private AppClientSSL convert(Ssl ssl) {
AppClientSSL appSSL = new AppClientSSL();
appSSL.setCertNickname(ssl.getCertNickname());
//appSSL.setClientAuthEnabled(ssl.isClientAuthEnabled());
appSSL.setSsl2Ciphers(ssl.getSsl2Ciphers());
appSSL.setSsl2Enabled(ssl.isSsl2Enabled());
appSSL.setSsl3Enabled(ssl.isSsl3Enabled());
appSSL.setSsl3TlsCiphers(ssl.getSsl3TlsCiphers());
appSSL.setTlsEnabled(ssl.isTlsEnabled());
appSSL.setTlsRollbackEnabled(ssl.isTlsRollbackEnabled());
return appSSL;
}
private void setSSLData(List<TargetServer> tServers) {
try {
// Set the SSL related properties for ORB
TargetServer tServer = tServers.get(0);
// TargetServer is required.
//temp solution to target-server+ change in DTD
// assuming that multiple servers can be specified but only 1st
// first one will be used.
Security security = tServer.getSecurity();
if (security == null) {
_logger.fine("No Security input set in ClientContainer.xml");
// do nothing
return;
}
Ssl ssl = security.getSsl();
if (ssl == null) {
_logger.fine("No SSL input set in ClientContainer.xml");
// do nothing
return;
}
//XXX do not use NSS in this release
//CertDb certDB = security.getCertDb();
sslUtils.setAppclientSsl(convert(ssl));
this.appClientSSLUtil.setAppClientSSL(convert(ssl));
} catch (Exception ex) {
}
}
public List<TargetServer> getTargetServers() {
return targetServers;
}
public List<MessageSecurityConfig> getMsgSecConfigs() {
return msgSecConfigs;
}
@Override
public void clearClientSecurityContext() {
ClientSecurityContext.setCurrent(null);
}
@Override
public boolean isLoginCancelled() {
boolean isCancelled = false;
if(callbackHandler instanceof LoginCallbackHandler){
isCancelled=((LoginCallbackHandler) callbackHandler).getCancelStatus();
}
return isCancelled;
}
}