use of javax.security.auth.message.callback.PrivateKeyCallback in project jetty.project by eclipse.
the class ServletCallbackHandler method handle.
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (Callback callback : callbacks) {
// jaspi to server communication
if (callback instanceof CallerPrincipalCallback) {
_callerPrincipals.set((CallerPrincipalCallback) callback);
} else if (callback instanceof GroupPrincipalCallback) {
_groupPrincipals.set((GroupPrincipalCallback) callback);
} else if (callback instanceof PasswordValidationCallback) {
PasswordValidationCallback passwordValidationCallback = (PasswordValidationCallback) callback;
Subject subject = passwordValidationCallback.getSubject();
UserIdentity user = _loginService.login(passwordValidationCallback.getUsername(), passwordValidationCallback.getPassword(), null);
if (user != null) {
passwordValidationCallback.setResult(true);
passwordValidationCallback.getSubject().getPrincipals().addAll(user.getSubject().getPrincipals());
passwordValidationCallback.getSubject().getPrivateCredentials().add(user);
}
} else if (callback instanceof CredentialValidationCallback) {
CredentialValidationCallback credentialValidationCallback = (CredentialValidationCallback) callback;
Subject subject = credentialValidationCallback.getSubject();
LoginCallback loginCallback = new LoginCallbackImpl(subject, credentialValidationCallback.getUsername(), credentialValidationCallback.getCredential());
UserIdentity user = _loginService.login(credentialValidationCallback.getUsername(), credentialValidationCallback.getCredential(), null);
if (user != null) {
loginCallback.setUserPrincipal(user.getUserPrincipal());
credentialValidationCallback.getSubject().getPrivateCredentials().add(loginCallback);
credentialValidationCallback.setResult(true);
credentialValidationCallback.getSubject().getPrincipals().addAll(user.getSubject().getPrincipals());
credentialValidationCallback.getSubject().getPrivateCredentials().add(user);
}
} else // TODO implement these
if (callback instanceof CertStoreCallback) {
} else if (callback instanceof PrivateKeyCallback) {
} else if (callback instanceof SecretKeyCallback) {
} else if (callback instanceof TrustStoreCallback) {
} else {
throw new UnsupportedCallbackException(callback);
}
}
}
use of javax.security.auth.message.callback.PrivateKeyCallback in project Payara by payara.
the class BaseContainerCallbackHandler method processCallback.
/**
* gets the appropriate callback processor and hands the callback to
* processor to process the callback.
*/
protected void processCallback(Callback callback) throws UnsupportedCallbackException {
if (callback instanceof CallerPrincipalCallback) {
processCallerPrincipal((CallerPrincipalCallback) callback);
} else if (callback instanceof GroupPrincipalCallback) {
processGroupPrincipal((GroupPrincipalCallback) callback);
} else if (callback instanceof PasswordValidationCallback) {
processPasswordValidation((PasswordValidationCallback) callback);
} else if (callback instanceof PrivateKeyCallback) {
processPrivateKey((PrivateKeyCallback) callback);
} else if (callback instanceof TrustStoreCallback) {
TrustStoreCallback tstoreCallback = (TrustStoreCallback) callback;
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "JMAC: In TrustStoreCallback Processor");
}
tstoreCallback.setTrustStore(sslUtils.getMergedTrustStore());
} else if (callback instanceof CertStoreCallback) {
processCertStore((CertStoreCallback) callback);
} else if (callback instanceof SecretKeyCallback) {
processSecretKey((SecretKeyCallback) callback);
} else {
// the isSupportedCallback method already takes care of this case
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "JMAC: UnsupportedCallback : " + callback.getClass().getName());
}
throw new UnsupportedCallbackException(callback);
}
}
use of javax.security.auth.message.callback.PrivateKeyCallback in project tomee by apache.
the class ConnectorCallbackHandler method handle.
public void handle(final Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (final Callback callback : callbacks) {
// jaspi to server communication
if (callback instanceof CallerPrincipalCallback) {
callerPrincipal = ((CallerPrincipalCallback) callback).getPrincipal();
} else if (callback instanceof GroupPrincipalCallback) {
groupsArray = ((GroupPrincipalCallback) callback).getGroups();
} else if (callback instanceof PasswordValidationCallback) {
final PasswordValidationCallback passwordValidationCallback = (PasswordValidationCallback) callback;
final String userName = passwordValidationCallback.getUsername();
final char[] password = passwordValidationCallback.getPassword();
final SecurityService securityService = SystemInstance.get().getComponent(SecurityService.class);
try {
final Object loginObj = securityService.login(securityRealmName, userName, password == null ? "" : new String(password));
securityService.associate(loginObj);
callerPrincipal = securityService.getCallerPrincipal();
passwordValidationCallback.setResult(true);
} catch (final LoginException e) {
passwordValidationCallback.setResult(false);
}
} else // server to jaspi communication
if (callback instanceof CertStoreCallback) {
// NOPMD
// TODO implement me
} else if (callback instanceof PrivateKeyCallback) {
// NOPMD
// TODO implement me
} else if (callback instanceof SecretKeyCallback) {
// NOPMD
// TODO implement me
} else if (callback instanceof TrustStoreCallback) {
// NOPMD
// TODO implement me
} else {
throw new UnsupportedCallbackException(callback);
}
}
}
use of javax.security.auth.message.callback.PrivateKeyCallback in project Payara by payara.
the class BaseContainerCallbackHandler method processPrivateKey.
private void processPrivateKey(PrivateKeyCallback privKeyCallback) {
KeyStore[] kstores = secSup.getKeyStores();
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "JMAC: In PrivateKeyCallback Processor");
}
// make sure we have a keystore
if (kstores == null || kstores.length == 0) {
// cannot get any information
privKeyCallback.setKey(null, null);
return;
}
// get the request type
PrivateKeyCallback.Request req = privKeyCallback.getRequest();
PrivateKey privKey = null;
Certificate[] certs = null;
if (req == null) {
// no request type - set default key
PrivateKeyEntry pke = getDefaultPrivateKeyEntry(kstores);
if (pke != null) {
privKey = pke.getPrivateKey();
certs = pke.getCertificateChain();
}
privKeyCallback.setKey(privKey, certs);
return;
}
// find key based on request type
try {
if (req instanceof PrivateKeyCallback.AliasRequest) {
PrivateKeyCallback.AliasRequest aReq = (PrivateKeyCallback.AliasRequest) req;
String alias = aReq.getAlias();
PrivateKeyEntry privKeyEntry;
if (alias == null) {
// use default key
privKeyEntry = getDefaultPrivateKeyEntry(kstores);
} else {
privKeyEntry = sslUtils.getPrivateKeyEntryFromTokenAlias(alias);
}
if (privKeyEntry != null) {
privKey = privKeyEntry.getPrivateKey();
certs = privKeyEntry.getCertificateChain();
}
} else if (req instanceof PrivateKeyCallback.IssuerSerialNumRequest) {
PrivateKeyCallback.IssuerSerialNumRequest isReq = (PrivateKeyCallback.IssuerSerialNumRequest) req;
X500Principal issuer = isReq.getIssuer();
BigInteger serialNum = isReq.getSerialNum();
if (issuer != null && serialNum != null) {
boolean found = false;
for (int i = 0; i < kstores.length && !found; i++) {
Enumeration aliases = kstores[i].aliases();
while (aliases.hasMoreElements() && !found) {
String nextAlias = (String) aliases.nextElement();
PrivateKey key = secSup.getPrivateKeyForAlias(nextAlias, i);
if (key != null) {
Certificate[] certificates = kstores[i].getCertificateChain(nextAlias);
// check issuer/serial
X509Certificate eeCert = (X509Certificate) certificates[0];
if (eeCert.getIssuerX500Principal().equals(issuer) && eeCert.getSerialNumber().equals(serialNum)) {
privKey = key;
certs = certificates;
found = true;
}
}
}
}
}
} else if (req instanceof PrivateKeyCallback.SubjectKeyIDRequest) {
PrivateKeyCallback.SubjectKeyIDRequest skReq = (PrivateKeyCallback.SubjectKeyIDRequest) req;
byte[] subjectKeyID = skReq.getSubjectKeyID();
if (subjectKeyID != null) {
boolean found = false;
// In DER, subjectKeyID will be an OCTET STRING of OCTET STRING
DerValue derValue1 = new DerValue(DerValue.tag_OctetString, subjectKeyID);
DerValue derValue2 = new DerValue(DerValue.tag_OctetString, derValue1.toByteArray());
byte[] derSubjectKeyID = derValue2.toByteArray();
for (int i = 0; i < kstores.length && !found; i++) {
Enumeration aliases = kstores[i].aliases();
while (aliases.hasMoreElements() && !found) {
String nextAlias = (String) aliases.nextElement();
PrivateKey key = secSup.getPrivateKeyForAlias(nextAlias, i);
if (key != null) {
Certificate[] certificates = kstores[i].getCertificateChain(nextAlias);
X509Certificate eeCert = (X509Certificate) certificates[0];
// Extension: SubjectKeyIdentifier
byte[] derSubKeyID = eeCert.getExtensionValue(SUBJECT_KEY_IDENTIFIER_OID);
if (derSubKeyID != null && Arrays.equals(derSubKeyID, derSubjectKeyID)) {
privKey = key;
certs = certificates;
found = true;
}
}
}
}
}
} else if (req instanceof PrivateKeyCallback.DigestRequest) {
PrivateKeyCallback.DigestRequest dReq = (PrivateKeyCallback.DigestRequest) req;
byte[] digest = dReq.getDigest();
String algorithm = dReq.getAlgorithm();
PrivateKeyEntry privKeyEntry = null;
if (digest == null) {
// get default key
privKeyEntry = getDefaultPrivateKeyEntry(kstores);
} else {
if (algorithm == null) {
algorithm = DEFAULT_DIGEST_ALGORITHM;
}
MessageDigest md = MessageDigest.getInstance(algorithm);
privKeyEntry = getPrivateKeyEntry(kstores, md, digest);
}
if (privKeyEntry != null) {
privKey = privKeyEntry.getPrivateKey();
certs = privKeyEntry.getCertificateChain();
}
} else {
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "invalid request type: " + req.getClass().getName());
}
}
} catch (Exception e) {
// KeyStoreException
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "JMAC: In PrivateKeyCallback Processor: " + " Error reading key !", e);
}
} finally {
privKeyCallback.setKey(privKey, certs);
}
}
use of javax.security.auth.message.callback.PrivateKeyCallback in project Payara by payara.
the class BaseContainerCallbackHandler method processCallback.
/**
* gets the appropriate callback processor and hands the callback to processor to process the
* callback.
*/
protected void processCallback(Callback callback) throws UnsupportedCallbackException {
if (callback instanceof CallerPrincipalCallback) {
processCallerPrincipal((CallerPrincipalCallback) callback);
} else if (callback instanceof GroupPrincipalCallback) {
processGroupPrincipal((GroupPrincipalCallback) callback);
} else if (callback instanceof PasswordValidationCallback) {
processPasswordValidation((PasswordValidationCallback) callback);
} else if (callback instanceof PrivateKeyCallback) {
processPrivateKey((PrivateKeyCallback) callback);
} else if (callback instanceof TrustStoreCallback) {
TrustStoreCallback tstoreCallback = (TrustStoreCallback) callback;
if (_logger.isLoggable(FINE)) {
_logger.log(FINE, "JASPIC: In TrustStoreCallback Processor");
}
tstoreCallback.setTrustStore(sslUtils.getMergedTrustStore());
} else if (callback instanceof CertStoreCallback) {
processCertStore((CertStoreCallback) callback);
} else if (callback instanceof SecretKeyCallback) {
processSecretKey((SecretKeyCallback) callback);
} else {
// the isSupportedCallback method already takes care of this case
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "JASPIC: UnsupportedCallback : " + callback.getClass().getName());
}
throw new UnsupportedCallbackException(callback);
}
}
Aggregations