Examples with AnonCredential com.sun.enterprise.common.iiop.security.AnonCredential used on opensource projects

Search in sources :

Example 1 with AnonCredential

use of com.sun.enterprise.common.iiop.security.AnonCredential in project Payara by payara.

the class SecurityMechanismSelector method getIdentity.

/**
 * Get the principal/distinguished name from thread local storage.
 *
 * @return the security context.
 */
private SecurityContext getIdentity() throws SecurityMechanismException {
    if (_logger.isLoggable(Level.FINE)) {
        _logger.log(Level.FINE, "Getting PRINCIPAL/DN from TLS");
    }
    SecurityContext ctx = new SecurityContext();
    final SecurityContext sCtx = ctx;
    // get stuff from the SecurityContext class
    com.sun.enterprise.security.SecurityContext scontext = com.sun.enterprise.security.SecurityContext.getCurrent();
    if ((scontext == null) || scontext.didServerGenerateCredentials()) {
        // a default guest/guest123 was created
        sCtx.identcls = AnonCredential.class;
        AccessController.doPrivileged(new PrivilegedAction<Object>() {

            @Override
            public java.lang.Object run() {
                // remove all the public and private credentials
                Subject sub = new Subject();
                sCtx.subject = sub;
                sCtx.subject.getPublicCredentials().add(new AnonCredential());
                return null;
            }
        });
        return sCtx;
    }
    Subject s = getSubjectFromSecurityCurrent();
    ctx.subject = s;
    // Figure out the credential class
    final Subject sub = s;
    Set<PasswordCredential> credSet = AccessController.doPrivileged(new PrivilegedAction<Set>() {

        @Override
        public Set run() {
            return sub.getPrivateCredentials(PasswordCredential.class);
        }
    });
    if (credSet.size() == 1) {
        ctx.identcls = GSSUPName.class;
        final Set cs = credSet;
        Subject subj = AccessController.doPrivileged(new PrivilegedAction<Subject>() {

            @Override
            public Subject run() {
                Subject ss = new Subject();
                Iterator<PasswordCredential> iter = cs.iterator();
                PasswordCredential pc = iter.next();
                GSSUPName gssname = new GSSUPName(pc.getUser(), pc.getRealm());
                ss.getPublicCredentials().add(gssname);
                return ss;
            }
        });
        ctx.subject = subj;
        return ctx;
    }
    Set pubCredSet = s.getPublicCredentials();
    if (pubCredSet.size() != 1) {
        _logger.log(Level.SEVERE, "iiop.principal_error");
        return null;
    } else {
        Iterator credIter = pubCredSet.iterator();
        if (credIter.hasNext()) {
            Object o = credIter.next();
            if (o instanceof GSSUPName) {
                ctx.identcls = GSSUPName.class;
            } else if (o instanceof X500Name) {
                ctx.identcls = X500Name.class;
            } else {
                ctx.identcls = X509CertificateCredential.class;
            }
        } else {
            _logger.log(Level.SEVERE, "iiop.credential_error");
            return null;
        }
    }
    return ctx;
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) PasswordCredential(com.sun.enterprise.security.auth.login.common.PasswordCredential) X500Name(sun.security.x509.X500Name) Subject(javax.security.auth.Subject) GSSUPName(com.sun.enterprise.common.iiop.security.GSSUPName) X509CertificateCredential(com.sun.enterprise.security.auth.login.common.X509CertificateCredential) ClientSecurityContext(com.sun.enterprise.security.common.ClientSecurityContext) SecurityContext(com.sun.enterprise.common.iiop.security.SecurityContext) Iterator(java.util.Iterator) AnonCredential(com.sun.enterprise.common.iiop.security.AnonCredential)

Example 2 with AnonCredential

use of com.sun.enterprise.common.iiop.security.AnonCredential in project Payara by payara.

the class Counter method createIdCred.

/**
 * Create an identity from an Identity Token and stores it as a public credential in the JAAS
 * subject in a security context.
 *
 * Set the identcls field in the security context.
 */
private void createIdCred(SecurityContext securityContext, IdentityToken identityToken) throws Exception {
    // used to hold DER encodings
    byte[] derEncoding;
    // Any object returned from codec.decode_value()
    Any any;
    switch(identityToken.discriminator()) {
        case ITTAbsent.value:
            if (logger.isLoggable(FINE)) {
                logger.log(FINE, "Identity token type is Absent");
            }
            securityContext.identcls = null;
            break;
        case ITTAnonymous.value:
            if (logger.isLoggable(FINE)) {
                logger.log(FINE, "Identity token type is Anonymous");
                logger.log(FINE, "Adding AnonyCredential to subject's PublicCredentials");
            }
            securityContext.subject.getPublicCredentials().add(new AnonCredential());
            securityContext.identcls = AnonCredential.class;
            break;
        case ITTDistinguishedName.value:
            // Construct a X500Name
            derEncoding = identityToken.dn();
            // Issue 5766: Decode CDR encoding if necessary
            if (isCDR(derEncoding)) {
                any = codec.decode_value(derEncoding, X501DistinguishedNameHelper.type());
                // Extract CDR encoding
                derEncoding = X501DistinguishedNameHelper.extract(any);
            }
            if (logger.isLoggable(FINE)) {
                logger.log(FINE, "Create an X500Name object from identity token");
            }
            X500Name xname = new X500Name(derEncoding);
            if (logger.isLoggable(FINE)) {
                logger.log(FINE, "Identity to be asserted is " + xname.toString());
                logger.log(FINE, "Adding X500Name to subject's PublicCredentials");
            }
            securityContext.subject.getPublicCredentials().add(xname);
            securityContext.identcls = X500Name.class;
            break;
        case ITTX509CertChain.value:
            // Construct a X509CertificateChain
            if (logger.isLoggable(FINE)) {
                logger.log(FINE, "Identity token type is a X509 Certificate Chain");
            }
            derEncoding = identityToken.certificate_chain();
            // Issue 5766: Decode CDR encoding if necessary
            if (isCDR(derEncoding)) {
                // Decode CDR encoding
                any = codec.decode_value(derEncoding, X509CertificateChainHelper.type());
                // Extract DER encoding
                derEncoding = X509CertificateChainHelper.extract(any);
            }
            DerInputStream din = new DerInputStream(derEncoding);
            /**
             * Size specified for getSequence() is 1 and is just used as a guess by the method getSequence().
             */
            DerValue[] derval = din.getSequence(1);
            X509Certificate[] certchain = new X509CertImpl[derval.length];
            /**
             * X509Certificate does not have a constructor which can be used to instantiate objects from DER
             * encodings. So use X509CertImpl extends X509Cerificate and also implements DerEncoder interface.
             */
            if (logger.isLoggable(Level.FINE)) {
                logger.log(Level.FINE, "Contents of X509 Certificate chain:");
            }
            for (int i = 0; i < certchain.length; i++) {
                certchain[i] = new X509CertImpl(derval[i]);
                if (logger.isLoggable(FINE)) {
                    logger.log(FINE, "    " + certchain[i].getSubjectDN().getName());
                }
            }
            if (logger.isLoggable(FINE)) {
                logger.log(FINE, "Creating a X509CertificateCredential object from certchain");
            }
            /**
             * The alias field in the X509CertificateCredential is currently ignored by the RI. So it is set to
             * "dummy".
             */
            X509CertificateCredential cred = new X509CertificateCredential(certchain, certchain[0].getSubjectDN().getName(), "default");
            if (logger.isLoggable(FINE)) {
                logger.log(FINE, "Adding X509CertificateCredential to subject's PublicCredentials");
            }
            securityContext.subject.getPublicCredentials().add(cred);
            securityContext.identcls = X509CertificateCredential.class;
            break;
        case ITTPrincipalName.value:
            if (logger.isLoggable(FINE)) {
                logger.log(FINE, "Identity token type is GSS Exported Name");
            }
            byte[] expname = identityToken.principal_name();
            // Issue 5766: Decode CDR encoding if necessary
            if (isCDR(expname)) {
                // Decode CDR encoding
                any = codec.decode_value(expname, GSS_NT_ExportedNameHelper.type());
                expname = GSS_NT_ExportedNameHelper.extract(any);
            }
            if (!verifyMechOID(GSSUP_MECH_OID, expname)) {
                throw new SecurityException(localStrings.getLocalString("secserverreqinterceptor.err_unknown_idassert_type", "Unknown identity assertion type."));
            }
            GSSUPName gssname = new GSSUPName(expname);
            securityContext.subject.getPublicCredentials().add(gssname);
            securityContext.identcls = GSSUPName.class;
            logger.log(FINE, "Adding GSSUPName credential to subject");
            break;
        default:
            logger.log(SEVERE, "iiop.unknown_identity");
            throw new SecurityException(localStrings.getLocalString("secserverreqinterceptor.err_unknown_idassert_type", "Unknown identity assertion type."));
    }
}
Also used : X500Name(sun.security.x509.X500Name) Any(org.omg.CORBA.Any) X509Certificate(java.security.cert.X509Certificate) GSSUPName(com.sun.enterprise.common.iiop.security.GSSUPName) X509CertificateCredential(com.sun.enterprise.security.auth.login.common.X509CertificateCredential) DerValue(sun.security.util.DerValue) X509CertImpl(sun.security.x509.X509CertImpl) DerInputStream(sun.security.util.DerInputStream) AnonCredential(com.sun.enterprise.common.iiop.security.AnonCredential)

Aggregations

AnonCredential (com.sun.enterprise.common.iiop.security.AnonCredential)2 GSSUPName (com.sun.enterprise.common.iiop.security.GSSUPName)2 X509CertificateCredential (com.sun.enterprise.security.auth.login.common.X509CertificateCredential)2 X500Name (sun.security.x509.X500Name)2 SecurityContext (com.sun.enterprise.common.iiop.security.SecurityContext)1 PasswordCredential (com.sun.enterprise.security.auth.login.common.PasswordCredential)1 ClientSecurityContext (com.sun.enterprise.security.common.ClientSecurityContext)1 X509Certificate (java.security.cert.X509Certificate)1 HashSet (java.util.HashSet)1 Iterator (java.util.Iterator)1 Set (java.util.Set)1 Subject (javax.security.auth.Subject)1 Any (org.omg.CORBA.Any)1 DerInputStream (sun.security.util.DerInputStream)1 DerValue (sun.security.util.DerValue)1 X509CertImpl (sun.security.x509.X509CertImpl)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial