use of com.sun.enterprise.security.store.PasswordAdapter in project Payara by payara.
the class BaseContainerCallbackHandler method processSecretKey.
private void processSecretKey(SecretKeyCallback secretKeyCallback) {
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "JMAC: In SecretKeyCallback Processor");
}
String alias = ((SecretKeyCallback.AliasRequest) secretKeyCallback.getRequest()).getAlias();
if (alias != null) {
try {
PasswordAdapter passwordAdapter = null;
// Switch.APPCLIENT_CONTAINER) {
if (SecurityServicesUtil.getInstance().isACC()) {
passwordAdapter = new PasswordAdapter(System.getProperty(CLIENT_SECRET_KEYSTORE), System.getProperty(CLIENT_SECRET_KEYSTORE_PASSWORD).toCharArray());
} else {
passwordAdapter = masterPasswordHelper.getMasterPasswordAdapter();
}
secretKeyCallback.setKey(passwordAdapter.getPasswordSecretKeyForAlias(alias));
} catch (Exception e) {
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "JMAC: In SecretKeyCallback Processor: " + " Error reading key ! for alias " + alias, e);
}
secretKeyCallback.setKey(null);
}
} else {
// Dont bother about checking for principal
// we dont support that feature - typically
// used in an environment with kerberos
// Principal p = secretKeyCallback.getPrincipal();
secretKeyCallback.setKey(null);
if (_logger.isLoggable(Level.WARNING)) {
_logger.log(Level.WARNING, "jmac.unsupportreadprinciple");
}
}
}
use of com.sun.enterprise.security.store.PasswordAdapter in project Payara by payara.
the class NativeRemoteCommandsBase method expandPasswordAlias.
/**
* Obtains the real password from the domain specific keystore given an alias
* @param host host that we are connecting to
* @param alias password alias of form ${ALIAS=xxx}
* @return real password of ssh user, null if not found
*/
String expandPasswordAlias(String host, String alias, boolean verifyConn) {
String expandedPassword = null;
boolean connStatus = false;
try {
File domainsDirFile = DomainDirs.getDefaultDomainsDir();
// get the list of domains
File[] files = domainsDirFile.listFiles(new FileFilter() {
public boolean accept(File f) {
return f.isDirectory();
}
});
for (File f : files) {
// the following property is required for initializing the password helper
System.setProperty(SystemPropertyConstants.INSTANCE_ROOT_PROPERTY, f.getAbsolutePath());
try {
final PasswordAdapter pa = new PasswordAdapter(null);
final boolean exists = pa.aliasExists(alias);
if (exists) {
String mPass = getMasterPassword(f.getName());
expandedPassword = new PasswordAdapter(mPass.toCharArray()).getPasswordForAlias(alias);
}
} catch (Exception e) {
if (logger.isLoggable(Level.FINER)) {
logger.finer(StringUtils.cat(": ", alias, e.getMessage()));
}
logger.warning(Strings.get("GetPasswordFailure", f.getName()));
continue;
}
if (expandedPassword != null) {
SSHLauncher sshL = new SSHLauncher();
if (host != null) {
sshpassword = expandedPassword;
sshL.init(getRemoteUser(), host, getRemotePort(), sshpassword, null, null, logger);
connStatus = sshL.checkPasswordAuth();
if (!connStatus) {
logger.warning(Strings.get("PasswordAuthFailure", f.getName()));
}
} else {
sshkeypassphrase = expandedPassword;
if (verifyConn) {
sshL.init(getRemoteUser(), hosts[0], getRemotePort(), sshpassword, getSshKeyFile(), sshkeypassphrase, logger);
connStatus = sshL.checkConnection();
if (!connStatus) {
logger.warning(Strings.get("PasswordAuthFailure", f.getName()));
}
}
}
if (connStatus) {
break;
}
}
}
} catch (IOException ioe) {
if (logger.isLoggable(Level.FINER)) {
logger.finer(ioe.getMessage());
}
}
return expandedPassword;
}
use of com.sun.enterprise.security.store.PasswordAdapter in project Payara by payara.
the class RepositoryManager method getClearPasswordForAlias.
/**
* retrieve clear password from password alias keystore
*
* @param config
* @param password
* @param alias for which the clear text password would returns
* @throws RepositoryException
*/
public String getClearPasswordForAlias(RepositoryConfig config, String password, String alias) throws RepositoryException {
final PEFileLayout layout = getFileLayout(config);
final File passwordAliases = layout.getPasswordAliasKeystore();
try {
PasswordAdapter p = new PasswordAdapter(passwordAliases.getAbsolutePath(), password.toCharArray());
String clearPwd = p.getPasswordForAlias(alias);
return clearPwd;
} catch (Exception ex) {
return null;
}
}
use of com.sun.enterprise.security.store.PasswordAdapter in project Payara by payara.
the class MasterPasswordFileManager method createMasterPasswordFile.
/**
* Create the master password keystore. This routine can also modify the master password
* if the keystore already exists
* @param config
* @param masterPassword
* @throws RepositoryException
*/
protected void createMasterPasswordFile(RepositoryConfig config, String masterPassword) throws RepositoryException {
final PEFileLayout layout = getFileLayout(config);
final File pwdFile = layout.getMasterPasswordFile();
try {
PasswordAdapter p = new PasswordAdapter(pwdFile.getAbsolutePath(), getMasterPasswordPassword());
p.setPasswordForAlias(MASTER_PASSWORD_ALIAS, masterPassword.getBytes());
FileProtectionUtility.chmod0600(pwdFile);
} catch (Exception ex) {
throw new RepositoryException(_strMgr.getString("masterPasswordFileNotCreated", pwdFile), ex);
}
}
use of com.sun.enterprise.security.store.PasswordAdapter in project Payara by payara.
the class RepositoryManager method changePasswordAliasKeystorePassword.
/*
* public void validateAdminUserAndPassword(RepositoryConfig config, String
* user, String password) throws RepositoryException { try { //Read in
* domain.xml. This will fail with a ConfigException if there is no
* domain.xml final PEFileLayout layout = getFileLayout(config);
* ConfigContext configContext = getConfigContext(config); //Fetch the name
* of the realm for the DAS system jmx connector String dasName =
* ServerHelper.getDAS(configContext).getName(); JmxConnector conn =
* ServerHelper.getServerSystemConnector(configContext, dasName); String
* realmName = conn.getAuthRealmName(); SecurityService security =
* ServerHelper.getConfigForServer(configContext,
* dasName).getSecurityService(); //Load in the file realm //Before loading
* the realm, we must ensure that com.sun.aas.instanceRoot //is set
* correcty, since the keyfile is most likely referenced using this. //In
* addition java.security.auth.login.config must be setup. String oldRoot =
* System.getProperty(SystemPropertyConstants.INSTANCE_ROOT_PROPERTY);
* String oldConf = System.getProperty("java.security.auth.login.config");
* GFSystem.setProperty(SystemPropertyConstants.INSTANCE_ROOT_PROPERTY,
* layout.getRepositoryDir().getAbsolutePath());
* GFSystem.setProperty("java.security.auth.login.config",
* layout.getLoginConf().getAbsolutePath());
* RealmConfig.createRealms(realmName, new AuthRealm[]
* {security.getAuthRealmByName(realmName)}); //Restore previous values just
* in case. if (oldRoot != null) {
* GFSystem.setProperty(SystemPropertyConstants.INSTANCE_ROOT_PROPERTY,
* oldRoot); } if (oldConf != null) {
* GFSystem.setProperty("java.security.auth.login.config", oldConf); }
* //Finally do the authentication of user and password final
* ASJMXAuthenticator authenticator = new ASJMXAuthenticator();
* authenticator.setRealmName(realmName); authenticator.setLoginDriver(new
* ASLoginDriverImpl()); authenticator.authenticate(new String[] {user,
* password}); } catch (Exception ex) { throw new RepositoryException(
* _strMgr.getString("couldNotValidateMasterPassword", user), ex); } }
*/
/**
* Change the password protecting the password alias keystore
*
* @param config
* @param oldPassword old password
* @param newPassword new password
* @throws RepositoryException
*/
protected void changePasswordAliasKeystorePassword(RepositoryConfig config, String oldPassword, String newPassword) throws RepositoryException {
final PEFileLayout layout = getFileLayout(config);
final File passwordAliases = layout.getPasswordAliasKeystore();
// Change the password of the keystore alias file
if (passwordAliases.exists()) {
try {
PasswordAdapter p = new PasswordAdapter(passwordAliases.getAbsolutePath(), oldPassword.toCharArray());
p.changePassword(newPassword.toCharArray());
} catch (Exception ex) {
throw new RepositoryException(_strMgr.getString("passwordAliasPasswordNotChanged", passwordAliases), ex);
}
}
}
Aggregations