Search in sources :

Example 1 with PasswordAdapter

use of com.sun.enterprise.security.store.PasswordAdapter in project Payara by payara.

the class BaseContainerCallbackHandler method processSecretKey.

private void processSecretKey(SecretKeyCallback secretKeyCallback) {
    if (_logger.isLoggable(Level.FINE)) {
        _logger.log(Level.FINE, "JMAC: In SecretKeyCallback Processor");
    }
    String alias = ((SecretKeyCallback.AliasRequest) secretKeyCallback.getRequest()).getAlias();
    if (alias != null) {
        try {
            PasswordAdapter passwordAdapter = null;
            // Switch.APPCLIENT_CONTAINER) {
            if (SecurityServicesUtil.getInstance().isACC()) {
                passwordAdapter = new PasswordAdapter(System.getProperty(CLIENT_SECRET_KEYSTORE), System.getProperty(CLIENT_SECRET_KEYSTORE_PASSWORD).toCharArray());
            } else {
                passwordAdapter = masterPasswordHelper.getMasterPasswordAdapter();
            }
            secretKeyCallback.setKey(passwordAdapter.getPasswordSecretKeyForAlias(alias));
        } catch (Exception e) {
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE, "JMAC: In SecretKeyCallback Processor: " + " Error reading key ! for alias " + alias, e);
            }
            secretKeyCallback.setKey(null);
        }
    } else {
        // Dont bother about checking for principal
        // we dont support that feature - typically
        // used in an environment with kerberos
        // Principal p = secretKeyCallback.getPrincipal();
        secretKeyCallback.setKey(null);
        if (_logger.isLoggable(Level.WARNING)) {
            _logger.log(Level.WARNING, "jmac.unsupportreadprinciple");
        }
    }
}
Also used : PasswordAdapter(com.sun.enterprise.security.store.PasswordAdapter) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) KeyStoreException(java.security.KeyStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) LoginException(com.sun.enterprise.security.auth.login.common.LoginException) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) IOException(java.io.IOException)

Example 2 with PasswordAdapter

use of com.sun.enterprise.security.store.PasswordAdapter in project Payara by payara.

the class NativeRemoteCommandsBase method expandPasswordAlias.

/**
 * Obtains the real password from the domain specific keystore given an alias
 * @param host host that we are connecting to
 * @param alias password alias of form ${ALIAS=xxx}
 * @return real password of ssh user, null if not found
 */
String expandPasswordAlias(String host, String alias, boolean verifyConn) {
    String expandedPassword = null;
    boolean connStatus = false;
    try {
        File domainsDirFile = DomainDirs.getDefaultDomainsDir();
        // get the list of domains
        File[] files = domainsDirFile.listFiles(new FileFilter() {

            public boolean accept(File f) {
                return f.isDirectory();
            }
        });
        for (File f : files) {
            // the following property is required for initializing the password helper
            System.setProperty(SystemPropertyConstants.INSTANCE_ROOT_PROPERTY, f.getAbsolutePath());
            try {
                final PasswordAdapter pa = new PasswordAdapter(null);
                final boolean exists = pa.aliasExists(alias);
                if (exists) {
                    String mPass = getMasterPassword(f.getName());
                    expandedPassword = new PasswordAdapter(mPass.toCharArray()).getPasswordForAlias(alias);
                }
            } catch (Exception e) {
                if (logger.isLoggable(Level.FINER)) {
                    logger.finer(StringUtils.cat(": ", alias, e.getMessage()));
                }
                logger.warning(Strings.get("GetPasswordFailure", f.getName()));
                continue;
            }
            if (expandedPassword != null) {
                SSHLauncher sshL = new SSHLauncher();
                if (host != null) {
                    sshpassword = expandedPassword;
                    sshL.init(getRemoteUser(), host, getRemotePort(), sshpassword, null, null, logger);
                    connStatus = sshL.checkPasswordAuth();
                    if (!connStatus) {
                        logger.warning(Strings.get("PasswordAuthFailure", f.getName()));
                    }
                } else {
                    sshkeypassphrase = expandedPassword;
                    if (verifyConn) {
                        sshL.init(getRemoteUser(), hosts[0], getRemotePort(), sshpassword, getSshKeyFile(), sshkeypassphrase, logger);
                        connStatus = sshL.checkConnection();
                        if (!connStatus) {
                            logger.warning(Strings.get("PasswordAuthFailure", f.getName()));
                        }
                    }
                }
                if (connStatus) {
                    break;
                }
            }
        }
    } catch (IOException ioe) {
        if (logger.isLoggable(Level.FINER)) {
            logger.finer(ioe.getMessage());
        }
    }
    return expandedPassword;
}
Also used : SSHLauncher(org.glassfish.cluster.ssh.launcher.SSHLauncher) PasswordAdapter(com.sun.enterprise.security.store.PasswordAdapter)

Example 3 with PasswordAdapter

use of com.sun.enterprise.security.store.PasswordAdapter in project Payara by payara.

the class RepositoryManager method getClearPasswordForAlias.

/**
 * retrieve clear password from password alias keystore
 *
 * @param config
 * @param password
 * @param alias for which the clear text password would returns
 * @throws RepositoryException
 */
public String getClearPasswordForAlias(RepositoryConfig config, String password, String alias) throws RepositoryException {
    final PEFileLayout layout = getFileLayout(config);
    final File passwordAliases = layout.getPasswordAliasKeystore();
    try {
        PasswordAdapter p = new PasswordAdapter(passwordAliases.getAbsolutePath(), password.toCharArray());
        String clearPwd = p.getPasswordForAlias(alias);
        return clearPwd;
    } catch (Exception ex) {
        return null;
    }
}
Also used : PEFileLayout(com.sun.enterprise.admin.servermgmt.pe.PEFileLayout) PasswordAdapter(com.sun.enterprise.security.store.PasswordAdapter) ZipFile(com.sun.enterprise.util.zip.ZipFile)

Example 4 with PasswordAdapter

use of com.sun.enterprise.security.store.PasswordAdapter in project Payara by payara.

the class MasterPasswordFileManager method createMasterPasswordFile.

/**
 * Create the master password keystore. This routine can also modify the master password
 * if the keystore already exists
 * @param config
 * @param masterPassword
 * @throws RepositoryException
 */
protected void createMasterPasswordFile(RepositoryConfig config, String masterPassword) throws RepositoryException {
    final PEFileLayout layout = getFileLayout(config);
    final File pwdFile = layout.getMasterPasswordFile();
    try {
        PasswordAdapter p = new PasswordAdapter(pwdFile.getAbsolutePath(), getMasterPasswordPassword());
        p.setPasswordForAlias(MASTER_PASSWORD_ALIAS, masterPassword.getBytes());
        FileProtectionUtility.chmod0600(pwdFile);
    } catch (Exception ex) {
        throw new RepositoryException(_strMgr.getString("masterPasswordFileNotCreated", pwdFile), ex);
    }
}
Also used : PEFileLayout(com.sun.enterprise.admin.servermgmt.pe.PEFileLayout) PasswordAdapter(com.sun.enterprise.security.store.PasswordAdapter) File(java.io.File)

Example 5 with PasswordAdapter

use of com.sun.enterprise.security.store.PasswordAdapter in project Payara by payara.

the class RepositoryManager method changePasswordAliasKeystorePassword.

/*
     * public void validateAdminUserAndPassword(RepositoryConfig config, String
     * user, String password) throws RepositoryException { try { //Read in
     * domain.xml. This will fail with a ConfigException if there is no
     * domain.xml final PEFileLayout layout = getFileLayout(config);
     * ConfigContext configContext = getConfigContext(config); //Fetch the name
     * of the realm for the DAS system jmx connector String dasName =
     * ServerHelper.getDAS(configContext).getName(); JmxConnector conn =
     * ServerHelper.getServerSystemConnector(configContext, dasName); String
     * realmName = conn.getAuthRealmName(); SecurityService security =
     * ServerHelper.getConfigForServer(configContext,
     * dasName).getSecurityService(); //Load in the file realm //Before loading
     * the realm, we must ensure that com.sun.aas.instanceRoot //is set
     * correcty, since the keyfile is most likely referenced using this. //In
     * addition java.security.auth.login.config must be setup. String oldRoot =
     * System.getProperty(SystemPropertyConstants.INSTANCE_ROOT_PROPERTY);
     * String oldConf = System.getProperty("java.security.auth.login.config");
     * GFSystem.setProperty(SystemPropertyConstants.INSTANCE_ROOT_PROPERTY,
     * layout.getRepositoryDir().getAbsolutePath());
     * GFSystem.setProperty("java.security.auth.login.config",
     * layout.getLoginConf().getAbsolutePath());
     * RealmConfig.createRealms(realmName, new AuthRealm[]
     * {security.getAuthRealmByName(realmName)}); //Restore previous values just
     * in case. if (oldRoot != null) {
     * GFSystem.setProperty(SystemPropertyConstants.INSTANCE_ROOT_PROPERTY,
     * oldRoot); } if (oldConf != null) {
     * GFSystem.setProperty("java.security.auth.login.config", oldConf); }
     * //Finally do the authentication of user and password final
     * ASJMXAuthenticator authenticator = new ASJMXAuthenticator();
     * authenticator.setRealmName(realmName); authenticator.setLoginDriver(new
     * ASLoginDriverImpl()); authenticator.authenticate(new String[] {user,
     * password}); } catch (Exception ex) { throw new RepositoryException(
     * _strMgr.getString("couldNotValidateMasterPassword", user), ex); } }
     */
/**
 * Change the password protecting the password alias keystore
 *
 * @param config
 * @param oldPassword old password
 * @param newPassword new password
 * @throws RepositoryException
 */
protected void changePasswordAliasKeystorePassword(RepositoryConfig config, String oldPassword, String newPassword) throws RepositoryException {
    final PEFileLayout layout = getFileLayout(config);
    final File passwordAliases = layout.getPasswordAliasKeystore();
    // Change the password of the keystore alias file
    if (passwordAliases.exists()) {
        try {
            PasswordAdapter p = new PasswordAdapter(passwordAliases.getAbsolutePath(), oldPassword.toCharArray());
            p.changePassword(newPassword.toCharArray());
        } catch (Exception ex) {
            throw new RepositoryException(_strMgr.getString("passwordAliasPasswordNotChanged", passwordAliases), ex);
        }
    }
}
Also used : PEFileLayout(com.sun.enterprise.admin.servermgmt.pe.PEFileLayout) PasswordAdapter(com.sun.enterprise.security.store.PasswordAdapter) ZipFile(com.sun.enterprise.util.zip.ZipFile)

Aggregations

PasswordAdapter (com.sun.enterprise.security.store.PasswordAdapter)11 PEFileLayout (com.sun.enterprise.admin.servermgmt.pe.PEFileLayout)5 File (java.io.File)4 ZipFile (com.sun.enterprise.util.zip.ZipFile)3 IOException (java.io.IOException)2 CommandException (org.glassfish.api.admin.CommandException)2 RepositoryException (com.sun.enterprise.admin.servermgmt.RepositoryException)1 LoginException (com.sun.enterprise.security.auth.login.common.LoginException)1 MiniXmlParserException (com.sun.enterprise.universal.xml.MiniXmlParserException)1 UnknownHostException (java.net.UnknownHostException)1 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)1 KeyStoreException (java.security.KeyStoreException)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)1 CommandValidationException (org.glassfish.api.admin.CommandValidationException)1 SSHLauncher (org.glassfish.cluster.ssh.launcher.SSHLauncher)1