Example 1 with SSLUtils
use of com.sun.enterprise.security.ssl.SSLUtils in project Payara by payara.
the class ConnectionManager method getSecureConnection.
/**
* creates a connection to the loadbalancer
* @param contextRoot context root that will be used in constructing the URL
* @throws java.io.IOException
* @return HTTPS connection to the load balancer.
*/
private HttpsURLConnection getSecureConnection(String contextRoot) throws IOException {
if (_lbHost == null || _lbPort == null) {
String msg = LbLogUtil.getStringManager().getString("LbDeviceNotConfigured", _lbName);
throw new IOException(msg);
}
HttpsURLConnection conn = null;
URL url = null;
try {
// ---------------------------------
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {
}
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {
}
} };
// Install the all-trusting trust manager
SSLContext sc = SSLContext.getInstance(TLS);
ServiceLocator habitat = Globals.getDefaultHabitat();
SSLUtils sslUtils = habitat.getService(SSLUtils.class);
sc.init(sslUtils.getKeyManagers(), trustAllCerts, new java.security.SecureRandom());
// ---------------------------------
url = new URL(HTTPS_PROTOCOL, _lbHost, Integer.parseInt(_lbPort), contextRoot);
if (_lbProxyHost != null && _lbProxyPort != null) {
Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(_lbProxyHost, Integer.parseInt(_lbProxyPort)));
conn = (HttpsURLConnection) url.openConnection(proxy);
} else {
conn = (HttpsURLConnection) url.openConnection();
}
conn.setSSLSocketFactory(sc.getSocketFactory());
HostnameVerifier hnv = new SSLHostNameVerifier();
conn.setDefaultHostnameVerifier(hnv);
} catch (Exception e) {
throw new IOException(e.getMessage(), e);
}
return conn;
}
Also used :
InetSocketAddress(java.net.InetSocketAddress)
IOException(java.io.IOException)
SSLContext(javax.net.ssl.SSLContext)
URL(java.net.URL)
IOException(java.io.IOException)
TrustManager(javax.net.ssl.TrustManager)
X509TrustManager(javax.net.ssl.X509TrustManager)
HostnameVerifier(javax.net.ssl.HostnameVerifier)
ServiceLocator(org.glassfish.hk2.api.ServiceLocator)
Proxy(java.net.Proxy)
X509TrustManager(javax.net.ssl.X509TrustManager)
HttpsURLConnection(javax.net.ssl.HttpsURLConnection)
SSLUtils(com.sun.enterprise.security.ssl.SSLUtils)
Example 2 with SSLUtils
use of com.sun.enterprise.security.ssl.SSLUtils in project Payara by payara.
the class CertificateDialog method initbox.
private void initbox() {
GridBagLayout gridbag = new GridBagLayout();
GridBagConstraints c = new GridBagConstraints();
pnl2.setLayout(gridbag);
getContentPane().setLayout(new CardLayout());
int gridx = 0;
int gridy = 0;
passField = new JPasswordField(20);
userField = new JTextField(20);
choiceList = new JList();
if (nameCallback != null) {
c.gridx = gridx++;
c.gridy = gridy;
c.anchor = GridBagConstraints.CENTER;
c.insets = new Insets(20, 10, 10, 2);
JLabel jl = new JLabel(nameCallback.getPrompt() + ": ");
gridbag.setConstraints(jl, c);
pnl2.add(jl);
c.gridx = gridx++;
c.gridy = gridy++;
c.fill = GridBagConstraints.HORIZONTAL;
c.insets = new Insets(20, 3, 10, 10);
userField.setText(nameCallback.getDefaultName());
gridbag.setConstraints(userField, c);
userField.selectAll();
pnl2.add(userField);
}
if (passwordCallback != null) {
gridx = 0;
c.gridx = gridx++;
c.gridy = gridy;
c.anchor = GridBagConstraints.CENTER;
c.insets = new Insets(20, 10, 10, 2);
JLabel l = new JLabel(passwordCallback.getPrompt());
gridbag.setConstraints(l, c);
pnl2.add(l);
c.gridx = gridx++;
c.gridy = gridy++;
c.fill = GridBagConstraints.HORIZONTAL;
c.insets = new Insets(20, 3, 10, 10);
gridbag.setConstraints(passField, c);
pnl2.add(passField);
}
if (choiceCallback != null) {
/*
* For getting the KeyStore Password from the user
*/
lbl = new JLabel(localStrings.getLocalString("enterprise.security.keystore", "Enter the KeyStore Password "));
// adding the password field
keystorePassword = new JPasswordField(20);
kpPanel.add(lbl);
kpPanel.add(keystorePassword);
/* get the keystore password */
final SSLUtils sslUtils = Globals.get(SSLUtils.class);
// ok button For keystore password
okForKP = new JButton(localStrings.getLocalString("enterprise.security.ok", " OK "));
okForKP.setActionCommand("ok");
okForKP.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent ae) {
char[] passKPFromUser = keystorePassword.getPassword();
if (sslUtils.verifyMasterPassword(passKPFromUser)) {
okForKP.setEnabled(false);
cancelForKP.setEnabled(false);
keystorePassword.setEditable(false);
CardLayout cl = (CardLayout) (getContentPane()).getLayout();
cl.show(getContentPane(), pnlCertificateList);
} else {
String errmessage = localStrings.getLocalString("enterprise.security.IncorrectKeystorePassword", "Incorrect Keystore Password");
GUIErrorDialog guierr = new GUIErrorDialog(errmessage);
guierr.setVisible(true);
}
Arrays.fill(passKPFromUser, ' ');
}
});
cancelForKP = new JButton(localStrings.getLocalString("enterprise.security.cancel", "Cancel"));
cancelForKP.setActionCommand("cancel");
cancelForKP.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent ae) {
if (choiceCallback != null)
choiceCallback.setSelectedIndex(-1);
frame.dispose();
}
});
bpanel.add(okForKP);
bpanel.add(cancelForKP);
pnl.add(kpPanel);
pnl.add(bpanel);
// Adding the certificate lists.
gridx = 0;
c.gridx = gridx++;
c.gridy = gridy;
c.anchor = GridBagConstraints.CENTER;
c.insets = new Insets(20, 10, 10, 2);
JLabel l = new JLabel(choiceCallback.getPrompt());
gridbag.setConstraints(l, c);
pnl2.add(l);
c.gridx = gridx++;
c.gridy = gridy++;
c.fill = GridBagConstraints.HORIZONTAL;
c.insets = new Insets(20, 3, 10, 10);
String[] choices = choiceCallback.getChoices();
choiceList.setListData(choices);
gridbag.setConstraints(choiceList, c);
pnl2.add(choiceList);
}
okButton = new JButton(localStrings.getLocalString("enterprise.security.ok", " OK "));
// XXX I18N
okButton.setActionCommand("ok");
okButton.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent ae) {
username = userField.getText();
if (username.trim().length() > 0)
nameCallback.setName(username);
if (passwordCallback != null) {
char[] pass = passField.getPassword();
// if(passphrase.trim().length() > 0) {
passwordCallback.setPassword(pass);
// }
}
if (choiceCallback != null) {
int idx = choiceList.getSelectedIndex();
if (idx != -1)
choiceCallback.setSelectedIndex(idx);
}
frame.dispose();
}
});
cancelButton = new JButton(localStrings.getLocalString("enterprise.security.cancel", "Cancel"));
cancelButton.setActionCommand("cancel");
cancelButton.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent ae) {
if (choiceCallback != null) {
choiceCallback.setSelectedIndex(-1);
} else {
username = null;
if (passphrase != null) {
Arrays.fill(passphrase, ' ');
}
frame.dispose();
}
}
});
super.addWindowListener(new WindowAdapter() {
public void windowClosing(WindowEvent we) {
// send a fail back
if (choiceCallback != null)
choiceCallback.setSelectedIndex(-1);
frame.dispose();
}
});
JPanel buttonPanel = new JPanel();
buttonPanel.setLayout(gridbag);
c.insets = new Insets(5, 0, 5, 15);
c.gridx = 0;
c.gridy = 0;
c.anchor = GridBagConstraints.CENTER;
c.fill = GridBagConstraints.NONE;
gridbag.setConstraints(okButton, c);
buttonPanel.add(okButton);
c.gridx = 2;
c.insets = new Insets(5, 15, 5, 0);
gridbag.setConstraints(cancelButton, c);
buttonPanel.add(cancelButton);
c.gridx = 0;
c.gridy = gridy++;
c.gridwidth = 2;
c.insets = new Insets(0, 0, 5, 0);
c.fill = GridBagConstraints.HORIZONTAL;
c.anchor = GridBagConstraints.WEST;
gridbag.setConstraints(buttonPanel, c);
pnl2.add(buttonPanel);
getContentPane().add(pnl, pnlKeyStorePassword);
getContentPane().add(pnl2, pnlCertificateList);
CardLayout cl = (CardLayout) (getContentPane()).getLayout();
if (choiceCallback != null) {
/* first get the password to the keystore */
cl.show(getContentPane(), pnlKeyStorePassword);
} else {
cl.show(getContentPane(), pnlCertificateList);
}
pack();
setSize(getPreferredSize());
}
Also used :
SSLUtils(com.sun.enterprise.security.ssl.SSLUtils)
Example 3 with SSLUtils
use of com.sun.enterprise.security.ssl.SSLUtils in project Payara by payara.
the class SSLSocketFactory method initStoresAtStartup.
// V3: to break dependency of SSLUtils on this class
// public static void setManagers(KeyManager[] kmgrs, TrustManager[] tmgrs) {
// keyManagers = kmgrs;
// trustManagers = tmgrs;
// }
// V3: Copied from SSLUtils to break dependency of SSLUtils on this class
public static synchronized void initStoresAtStartup() throws Exception {
if (initialized) {
return;
}
ServiceLocator habitat = Globals.getDefaultHabitat();
SSLUtils sslUtils = habitat.getService(SSLUtils.class);
keyManagers = sslUtils.getKeyManagers();
trustManagers = sslUtils.getTrustManagers();
// Creating a default SSLContext and HttpsURLConnection for clients
// that use Https
SSLContext ctx = SSLContext.getInstance("TLS");
String keyAlias = System.getProperty(SSLUtils.HTTPS_OUTBOUND_KEY_ALIAS);
KeyManager[] kMgrs = sslUtils.getKeyManagers();
if (keyAlias != null && keyAlias.length() > 0 && kMgrs != null) {
for (int i = 0; i < kMgrs.length; i++) {
kMgrs[i] = new J2EEKeyManager((X509KeyManager) kMgrs[i], keyAlias);
}
}
ctx.init(kMgrs, sslUtils.getTrustManagers(), null);
HttpsURLConnection.setDefaultSSLSocketFactory(ctx.getSocketFactory());
initialized = true;
}
Also used :
ServiceLocator(org.glassfish.hk2.api.ServiceLocator)
X509KeyManager(javax.net.ssl.X509KeyManager)
SSLContext(javax.net.ssl.SSLContext)
J2EEKeyManager(com.sun.enterprise.security.ssl.J2EEKeyManager)
X509KeyManager(javax.net.ssl.X509KeyManager)
KeyManager(javax.net.ssl.KeyManager)
J2EEKeyManager(com.sun.enterprise.security.ssl.J2EEKeyManager)
SSLUtils(com.sun.enterprise.security.ssl.SSLUtils)
Example 4 with SSLUtils
use of com.sun.enterprise.security.ssl.SSLUtils in project Payara by payara.
the class RestUtil method initialize.
// ******************************************************************************************************************
// Jersey client methods
// ******************************************************************************************************************
public static ClientBuilder initialize(ClientBuilder clientBuilder) {
try {
ServiceLocator habitat = SecurityServicesUtil.getInstance().getHabitat();
SecureAdmin secureAdmin = habitat.getService(SecureAdmin.class);
final SSLContext sslContext = habitat.<SSLUtils>getService(SSLUtils.class).getAdminSSLContext(SecureAdmin.Util.DASAlias(secureAdmin), null);
// Instruct Jersey to use HostNameVerifier and SSLContext provided by us.
clientBuilder.hostnameVerifier(new BasicHostnameVerifier()).sslContext(sslContext).register(CsrfProtectionFilter.class);
} catch (Exception ex) {
GuiUtil.getLogger().warning("RestUtil.initialize() failed");
if (GuiUtil.getLogger().isLoggable(Level.FINE)) {
ex.printStackTrace();
}
}
return clientBuilder;
}
Also used :
ServiceLocator(org.glassfish.hk2.api.ServiceLocator)
SecureAdmin(com.sun.enterprise.config.serverbeans.SecureAdmin)
SSLContext(javax.net.ssl.SSLContext)
SSLUtils(com.sun.enterprise.security.ssl.SSLUtils)
IOException(java.io.IOException)
ParserConfigurationException(javax.xml.parsers.ParserConfigurationException)
SAXException(org.xml.sax.SAXException)
Example 5 with SSLUtils
use of com.sun.enterprise.security.ssl.SSLUtils in project Payara by payara.
the class ProxyImpl method addAuthenticationInfo.
/**
* Use SSL to authenticate
*/
private Client addAuthenticationInfo(Client client, Server server, ServiceLocator habitat) {
SecureAdmin secureAdmin = habitat.getService(SecureAdmin.class);
// TODO need to get hardcoded "TLS" from corresponding ServerRemoteAdminCommand constant);
final SSLContext sslContext = habitat.<SSLUtils>getService(SSLUtils.class).getAdminSSLContext(SecureAdmin.Util.DASAlias(secureAdmin), "TLS");
// Instruct Jersey to use HostNameVerifier and SSLContext provided by us.
final ClientBuilder clientBuilder = ClientBuilder.newBuilder().withConfig(client.getConfiguration()).hostnameVerifier(new BasicHostnameVerifier(server.getAdminHost())).sslContext(sslContext);
return clientBuilder.build();
}
Also used :
SecureAdmin(com.sun.enterprise.config.serverbeans.SecureAdmin)
SSLContext(javax.net.ssl.SSLContext)
SSLUtils(com.sun.enterprise.security.ssl.SSLUtils)
ClientBuilder(javax.ws.rs.client.ClientBuilder)
Aggregations
SSLUtils (com.sun.enterprise.security.ssl.SSLUtils)5
SSLContext (javax.net.ssl.SSLContext)4
ServiceLocator (org.glassfish.hk2.api.ServiceLocator)3
SecureAdmin (com.sun.enterprise.config.serverbeans.SecureAdmin)2
IOException (java.io.IOException)2
J2EEKeyManager (com.sun.enterprise.security.ssl.J2EEKeyManager)1
InetSocketAddress (java.net.InetSocketAddress)1
Proxy (java.net.Proxy)1
URL (java.net.URL)1
HostnameVerifier (javax.net.ssl.HostnameVerifier)1
HttpsURLConnection (javax.net.ssl.HttpsURLConnection)1
KeyManager (javax.net.ssl.KeyManager)1
TrustManager (javax.net.ssl.TrustManager)1
X509KeyManager (javax.net.ssl.X509KeyManager)1
X509TrustManager (javax.net.ssl.X509TrustManager)1
ClientBuilder (javax.ws.rs.client.ClientBuilder)1
ParserConfigurationException (javax.xml.parsers.ParserConfigurationException)1
SAXException (org.xml.sax.SAXException)1
