Search in sources :

Example 21 with Connection

use of ch.ethz.ssh2.Connection in project wildfly by wildfly.

the class ConnectionSecurityContext method pushIdentity.

/**
     * Push a new {@link Principal} and Credential pair.
     *
     * This method is to be called before an EJB invocation is passed through it's security interceptor, at that point the
     * Principal and Credential pair can be verified.
     *
     * Note: This method should be called from within a {@link PrivilegedAction}.
     *
     * @param principal - The alternative {@link Principal} to use in verification before the next EJB is called.
     * @param credential - The credential to verify with the {@linl Principal}
     * @return A {@link ContextStateCache} that can later be used to pop the identity pushed here and restore internal state to it's previous values.
     * @throws Exception If there is a problem associating the new {@link Principal} and Credential pair.
     */
public static ContextStateCache pushIdentity(final Principal principal, final Object credential) throws Exception {
    SecurityContext current = SecurityContextAssociation.getSecurityContext();
    SecurityContext nextContext = SecurityContextFactory.createSecurityContext(principal, credential, new Subject(), "USER_DELEGATION");
    SecurityContextAssociation.setSecurityContext(nextContext);
    Connection con = RemotingContext.getConnection();
    RemotingContext.clear();
    return new ContextStateCache(con, current);
}
Also used : SecurityContext(org.jboss.security.SecurityContext) Connection(org.jboss.remoting3.Connection) Subject(javax.security.auth.Subject)

Example 22 with Connection

use of ch.ethz.ssh2.Connection in project wildfly by wildfly.

the class SimpleSecurityManager method push.

/**
     * Must be called from within a privileged action.
     *
     * @param securityDomain
     */
public void push(final String securityDomain) {
    // TODO - Handle a null securityDomain here? Yes I think so.
    final SecurityContext previous = SecurityContextAssociation.getSecurityContext();
    contexts.push(previous);
    SecurityContext current = establishSecurityContext(securityDomain);
    if (propagate && previous != null) {
        current.setSubjectInfo(getSubjectInfo(previous));
        current.setIncomingRunAs(previous.getOutgoingRunAs());
    }
    RunAs currentRunAs = current.getIncomingRunAs();
    boolean trusted = currentRunAs != null && currentRunAs instanceof RunAsIdentity;
    if (trusted == false) {
        /*
             * We should only be switching to a context based on an identity from the Remoting connection if we don't already
             * have a trusted identity - this allows for beans to reauthenticate as a different identity.
             */
        if (SecurityActions.remotingContextIsSet()) {
            // In this case the principal and credential will not have been set to set some random values.
            SecurityContextUtil util = current.getUtil();
            Connection connection = SecurityActions.remotingContextGetConnection();
            Principal p = null;
            Object credential = null;
            SecurityIdentity localIdentity = connection.getLocalIdentity();
            if (localIdentity != null) {
                p = new SimplePrincipal(localIdentity.getPrincipal().getName());
                IdentityCredentials privateCredentials = localIdentity.getPrivateCredentials();
                PasswordCredential passwordCredential = privateCredentials.getCredential(PasswordCredential.class, ClearPassword.ALGORITHM_CLEAR);
                if (passwordCredential != null) {
                    credential = new String(passwordCredential.getPassword(ClearPassword.class).getPassword());
                } else {
                    credential = new RemotingConnectionCredential(connection);
                }
            } else {
                throw SecurityLogger.ROOT_LOGGER.noUserPrincipalFound();
            }
            SecurityActions.remotingContextClear();
            util.createSubjectInfo(p, credential, null);
        }
    }
}
Also used : ClearPassword(org.wildfly.security.password.interfaces.ClearPassword) SecurityContextUtil(org.jboss.security.SecurityContextUtil) RunAs(org.jboss.security.RunAs) RunAsIdentity(org.jboss.security.RunAsIdentity) Connection(org.jboss.remoting3.Connection) PasswordCredential(org.wildfly.security.credential.PasswordCredential) SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity) SecurityContext(org.jboss.security.SecurityContext) RemotingConnectionCredential(org.jboss.as.security.remoting.RemotingConnectionCredential) Principal(java.security.Principal) SimplePrincipal(org.jboss.security.SimplePrincipal) SimplePrincipal(org.jboss.security.SimplePrincipal) IdentityCredentials(org.wildfly.security.auth.server.IdentityCredentials)

Example 23 with Connection

use of ch.ethz.ssh2.Connection in project wildfly by wildfly.

the class RemotingLoginModule method login.

@SuppressWarnings("unchecked")
@Override
public boolean login() throws LoginException {
    if (super.login() == true) {
        log.debug("super.login()==true");
        return true;
    }
    Object credential = getCredential();
    if (credential instanceof RemotingConnectionCredential) {
        Connection con = ((RemotingConnectionCredential) credential).getConnection();
        Principal up = null;
        SecurityIdentity localIdentity = con.getLocalIdentity();
        if (localIdentity != null) {
            up = new RealmUser(localIdentity.getPrincipal().getName());
        }
        // If we found a principal from the connection then authentication succeeded.
        if (up != null) {
            identity = up;
            if (getUseFirstPass()) {
                String userName = identity.getName();
                log.debugf("Storing username '%s'", userName);
                // Add the username to the shared state map
                sharedState.put("javax.security.auth.login.name", identity);
                if (useNewClientCert) {
                    SSLSession session = con.getSslSession();
                    if (session != null) {
                        try {
                            credential = session.getPeerCertificates()[0];
                            log.debug("Using new certificate as credential.");
                        } catch (SSLPeerUnverifiedException e) {
                            log.debugf("No peer certificate available for '%s'", userName);
                        }
                    }
                } else if (useClientCert) {
                    SSLSession session = con.getSslSession();
                    if (session != null) {
                        try {
                            credential = session.getPeerCertificateChain()[0];
                            log.debug("Using certificate as credential.");
                        } catch (SSLPeerUnverifiedException e) {
                            log.debugf("No peer certificate available for '%s'", userName);
                        }
                    }
                }
                sharedState.put("javax.security.auth.login.password", credential);
            }
            loginOk = true;
            return true;
        }
    }
    // username and password has been supplied to a web auth.
    return false;
}
Also used : SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity) SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException) Connection(org.jboss.remoting3.Connection) RealmUser(org.jboss.as.core.security.RealmUser) SSLSession(javax.net.ssl.SSLSession) Principal(java.security.Principal)

Example 24 with Connection

use of ch.ethz.ssh2.Connection in project cloudstack by apache.

the class SshHelper method scpTo.

public static void scpTo(String host, int port, String user, File pemKeyFile, String password, String remoteTargetDirectory, String localFile, String fileMode, int connectTimeoutInMs, int kexTimeoutInMs) throws Exception {
    com.trilead.ssh2.Connection conn = null;
    com.trilead.ssh2.SCPClient scpClient = null;
    try {
        conn = new com.trilead.ssh2.Connection(host, port);
        conn.connect(null, connectTimeoutInMs, kexTimeoutInMs);
        if (pemKeyFile == null) {
            if (!conn.authenticateWithPassword(user, password)) {
                String msg = "Failed to authentication SSH user " + user + " on host " + host;
                s_logger.error(msg);
                throw new Exception(msg);
            }
        } else {
            if (!conn.authenticateWithPublicKey(user, pemKeyFile, password)) {
                String msg = "Failed to authentication SSH user " + user + " on host " + host;
                s_logger.error(msg);
                throw new Exception(msg);
            }
        }
        scpClient = conn.createSCPClient();
        if (fileMode != null)
            scpClient.put(localFile, remoteTargetDirectory, fileMode);
        else
            scpClient.put(localFile, remoteTargetDirectory);
    } finally {
        if (conn != null)
            conn.close();
    }
}
Also used : Connection(com.trilead.ssh2.Connection) IOException(java.io.IOException)

Example 25 with Connection

use of ch.ethz.ssh2.Connection in project cloudstack by apache.

the class SshHelper method scpTo.

public static void scpTo(String host, int port, String user, File pemKeyFile, String password, String remoteTargetDirectory, byte[] data, String remoteFileName, String fileMode, int connectTimeoutInMs, int kexTimeoutInMs) throws Exception {
    com.trilead.ssh2.Connection conn = null;
    com.trilead.ssh2.SCPClient scpClient = null;
    try {
        conn = new com.trilead.ssh2.Connection(host, port);
        conn.connect(null, connectTimeoutInMs, kexTimeoutInMs);
        if (pemKeyFile == null) {
            if (!conn.authenticateWithPassword(user, password)) {
                String msg = "Failed to authentication SSH user " + user + " on host " + host;
                s_logger.error(msg);
                throw new Exception(msg);
            }
        } else {
            if (!conn.authenticateWithPublicKey(user, pemKeyFile, password)) {
                String msg = "Failed to authentication SSH user " + user + " on host " + host;
                s_logger.error(msg);
                throw new Exception(msg);
            }
        }
        scpClient = conn.createSCPClient();
        if (fileMode != null)
            scpClient.put(data, remoteFileName, remoteTargetDirectory, fileMode);
        else
            scpClient.put(data, remoteFileName, remoteTargetDirectory);
    } finally {
        if (conn != null)
            conn.close();
    }
}
Also used : Connection(com.trilead.ssh2.Connection) IOException(java.io.IOException)

Aggregations

Connection (com.trilead.ssh2.Connection)40 Session (com.trilead.ssh2.Session)31 IOException (java.io.IOException)29 InputStream (java.io.InputStream)21 CloudRuntimeException (com.cloud.utils.exception.CloudRuntimeException)8 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)8 HttpException (org.apache.commons.httpclient.HttpException)8 SCPClient (com.trilead.ssh2.SCPClient)7 Connection (okhttp3.Connection)6 Request (okhttp3.Request)6 Connection (org.jboss.remoting3.Connection)6 StreamGobbler (com.trilead.ssh2.StreamGobbler)5 MediaType (okhttp3.MediaType)5 RequestBody (okhttp3.RequestBody)5 Response (okhttp3.Response)5 ResponseBody (okhttp3.ResponseBody)5 Connection (ch.ethz.ssh2.Connection)4 File (java.io.File)4 Charset (java.nio.charset.Charset)4 Principal (java.security.Principal)4