Example 1 with PrivateKeyCallback
use of javax.security.auth.message.callback.PrivateKeyCallback in project jetty.project by eclipse.
the class ServletCallbackHandler method handle.
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (Callback callback : callbacks) {
// jaspi to server communication
if (callback instanceof CallerPrincipalCallback) {
_callerPrincipals.set((CallerPrincipalCallback) callback);
} else if (callback instanceof GroupPrincipalCallback) {
_groupPrincipals.set((GroupPrincipalCallback) callback);
} else if (callback instanceof PasswordValidationCallback) {
PasswordValidationCallback passwordValidationCallback = (PasswordValidationCallback) callback;
Subject subject = passwordValidationCallback.getSubject();
UserIdentity user = _loginService.login(passwordValidationCallback.getUsername(), passwordValidationCallback.getPassword(), null);
if (user != null) {
passwordValidationCallback.setResult(true);
passwordValidationCallback.getSubject().getPrincipals().addAll(user.getSubject().getPrincipals());
passwordValidationCallback.getSubject().getPrivateCredentials().add(user);
}
} else if (callback instanceof CredentialValidationCallback) {
CredentialValidationCallback credentialValidationCallback = (CredentialValidationCallback) callback;
Subject subject = credentialValidationCallback.getSubject();
LoginCallback loginCallback = new LoginCallbackImpl(subject, credentialValidationCallback.getUsername(), credentialValidationCallback.getCredential());
UserIdentity user = _loginService.login(credentialValidationCallback.getUsername(), credentialValidationCallback.getCredential(), null);
if (user != null) {
loginCallback.setUserPrincipal(user.getUserPrincipal());
credentialValidationCallback.getSubject().getPrivateCredentials().add(loginCallback);
credentialValidationCallback.setResult(true);
credentialValidationCallback.getSubject().getPrincipals().addAll(user.getSubject().getPrincipals());
credentialValidationCallback.getSubject().getPrivateCredentials().add(user);
}
} else // TODO implement these
if (callback instanceof CertStoreCallback) {
} else if (callback instanceof PrivateKeyCallback) {
} else if (callback instanceof SecretKeyCallback) {
} else if (callback instanceof TrustStoreCallback) {
} else {
throw new UnsupportedCallbackException(callback);
}
}
}
Also used :
LoginCallback(org.eclipse.jetty.security.authentication.LoginCallback)
SecretKeyCallback(javax.security.auth.message.callback.SecretKeyCallback)
TrustStoreCallback(javax.security.auth.message.callback.TrustStoreCallback)
CertStoreCallback(javax.security.auth.message.callback.CertStoreCallback)
UserIdentity(org.eclipse.jetty.server.UserIdentity)
CredentialValidationCallback(org.eclipse.jetty.security.jaspi.callback.CredentialValidationCallback)
Subject(javax.security.auth.Subject)
CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback)
LoginCallbackImpl(org.eclipse.jetty.security.authentication.LoginCallbackImpl)
GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback)
TrustStoreCallback(javax.security.auth.message.callback.TrustStoreCallback)
LoginCallback(org.eclipse.jetty.security.authentication.LoginCallback)
GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback)
PasswordValidationCallback(javax.security.auth.message.callback.PasswordValidationCallback)
CredentialValidationCallback(org.eclipse.jetty.security.jaspi.callback.CredentialValidationCallback)
CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback)
CertStoreCallback(javax.security.auth.message.callback.CertStoreCallback)
PrivateKeyCallback(javax.security.auth.message.callback.PrivateKeyCallback)
SecretKeyCallback(javax.security.auth.message.callback.SecretKeyCallback)
Callback(javax.security.auth.callback.Callback)
PasswordValidationCallback(javax.security.auth.message.callback.PasswordValidationCallback)
PrivateKeyCallback(javax.security.auth.message.callback.PrivateKeyCallback)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
Example 2 with PrivateKeyCallback
use of javax.security.auth.message.callback.PrivateKeyCallback in project Payara by payara.
the class BaseContainerCallbackHandler method processCallback.
/**
* gets the appropriate callback processor and hands the callback to
* processor to process the callback.
*/
protected void processCallback(Callback callback) throws UnsupportedCallbackException {
if (callback instanceof CallerPrincipalCallback) {
processCallerPrincipal((CallerPrincipalCallback) callback);
} else if (callback instanceof GroupPrincipalCallback) {
processGroupPrincipal((GroupPrincipalCallback) callback);
} else if (callback instanceof PasswordValidationCallback) {
processPasswordValidation((PasswordValidationCallback) callback);
} else if (callback instanceof PrivateKeyCallback) {
processPrivateKey((PrivateKeyCallback) callback);
} else if (callback instanceof TrustStoreCallback) {
TrustStoreCallback tstoreCallback = (TrustStoreCallback) callback;
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "JMAC: In TrustStoreCallback Processor");
}
tstoreCallback.setTrustStore(sslUtils.getMergedTrustStore());
} else if (callback instanceof CertStoreCallback) {
processCertStore((CertStoreCallback) callback);
} else if (callback instanceof SecretKeyCallback) {
processSecretKey((SecretKeyCallback) callback);
} else {
// the isSupportedCallback method already takes care of this case
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "JMAC: UnsupportedCallback : " + callback.getClass().getName());
}
throw new UnsupportedCallbackException(callback);
}
}
Also used :
CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback)
GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback)
SecretKeyCallback(javax.security.auth.message.callback.SecretKeyCallback)
TrustStoreCallback(javax.security.auth.message.callback.TrustStoreCallback)
CertStoreCallback(javax.security.auth.message.callback.CertStoreCallback)
PasswordValidationCallback(javax.security.auth.message.callback.PasswordValidationCallback)
PrivateKeyCallback(javax.security.auth.message.callback.PrivateKeyCallback)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
Example 3 with PrivateKeyCallback
use of javax.security.auth.message.callback.PrivateKeyCallback in project tomee by apache.
the class ConnectorCallbackHandler method handle.
public void handle(final Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (final Callback callback : callbacks) {
// jaspi to server communication
if (callback instanceof CallerPrincipalCallback) {
callerPrincipal = ((CallerPrincipalCallback) callback).getPrincipal();
} else if (callback instanceof GroupPrincipalCallback) {
groupsArray = ((GroupPrincipalCallback) callback).getGroups();
} else if (callback instanceof PasswordValidationCallback) {
final PasswordValidationCallback passwordValidationCallback = (PasswordValidationCallback) callback;
final String userName = passwordValidationCallback.getUsername();
final char[] password = passwordValidationCallback.getPassword();
final SecurityService securityService = SystemInstance.get().getComponent(SecurityService.class);
try {
final Object loginObj = securityService.login(securityRealmName, userName, password == null ? "" : new String(password));
securityService.associate(loginObj);
callerPrincipal = securityService.getCallerPrincipal();
passwordValidationCallback.setResult(true);
} catch (final LoginException e) {
passwordValidationCallback.setResult(false);
}
} else // server to jaspi communication
if (callback instanceof CertStoreCallback) {
// NOPMD
// TODO implement me
} else if (callback instanceof PrivateKeyCallback) {
// NOPMD
// TODO implement me
} else if (callback instanceof SecretKeyCallback) {
// NOPMD
// TODO implement me
} else if (callback instanceof TrustStoreCallback) {
// NOPMD
// TODO implement me
} else {
throw new UnsupportedCallbackException(callback);
}
}
}
Also used :
SecretKeyCallback(javax.security.auth.message.callback.SecretKeyCallback)
TrustStoreCallback(javax.security.auth.message.callback.TrustStoreCallback)
CertStoreCallback(javax.security.auth.message.callback.CertStoreCallback)
CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback)
GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback)
TrustStoreCallback(javax.security.auth.message.callback.TrustStoreCallback)
GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback)
PasswordValidationCallback(javax.security.auth.message.callback.PasswordValidationCallback)
CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback)
CertStoreCallback(javax.security.auth.message.callback.CertStoreCallback)
PrivateKeyCallback(javax.security.auth.message.callback.PrivateKeyCallback)
SecretKeyCallback(javax.security.auth.message.callback.SecretKeyCallback)
Callback(javax.security.auth.callback.Callback)
SecurityService(org.apache.openejb.spi.SecurityService)
PasswordValidationCallback(javax.security.auth.message.callback.PasswordValidationCallback)
LoginException(javax.security.auth.login.LoginException)
PrivateKeyCallback(javax.security.auth.message.callback.PrivateKeyCallback)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
Example 4 with PrivateKeyCallback
use of javax.security.auth.message.callback.PrivateKeyCallback in project Payara by payara.
the class BaseContainerCallbackHandler method processPrivateKey.
private void processPrivateKey(PrivateKeyCallback privKeyCallback) {
KeyStore[] kstores = secSup.getKeyStores();
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "JMAC: In PrivateKeyCallback Processor");
}
// make sure we have a keystore
if (kstores == null || kstores.length == 0) {
// cannot get any information
privKeyCallback.setKey(null, null);
return;
}
// get the request type
PrivateKeyCallback.Request req = privKeyCallback.getRequest();
PrivateKey privKey = null;
Certificate[] certs = null;
if (req == null) {
// no request type - set default key
PrivateKeyEntry pke = getDefaultPrivateKeyEntry(kstores);
if (pke != null) {
privKey = pke.getPrivateKey();
certs = pke.getCertificateChain();
}
privKeyCallback.setKey(privKey, certs);
return;
}
// find key based on request type
try {
if (req instanceof PrivateKeyCallback.AliasRequest) {
PrivateKeyCallback.AliasRequest aReq = (PrivateKeyCallback.AliasRequest) req;
String alias = aReq.getAlias();
PrivateKeyEntry privKeyEntry;
if (alias == null) {
// use default key
privKeyEntry = getDefaultPrivateKeyEntry(kstores);
} else {
privKeyEntry = sslUtils.getPrivateKeyEntryFromTokenAlias(alias);
}
if (privKeyEntry != null) {
privKey = privKeyEntry.getPrivateKey();
certs = privKeyEntry.getCertificateChain();
}
} else if (req instanceof PrivateKeyCallback.IssuerSerialNumRequest) {
PrivateKeyCallback.IssuerSerialNumRequest isReq = (PrivateKeyCallback.IssuerSerialNumRequest) req;
X500Principal issuer = isReq.getIssuer();
BigInteger serialNum = isReq.getSerialNum();
if (issuer != null && serialNum != null) {
boolean found = false;
for (int i = 0; i < kstores.length && !found; i++) {
Enumeration aliases = kstores[i].aliases();
while (aliases.hasMoreElements() && !found) {
String nextAlias = (String) aliases.nextElement();
PrivateKey key = secSup.getPrivateKeyForAlias(nextAlias, i);
if (key != null) {
Certificate[] certificates = kstores[i].getCertificateChain(nextAlias);
// check issuer/serial
X509Certificate eeCert = (X509Certificate) certificates[0];
if (eeCert.getIssuerX500Principal().equals(issuer) && eeCert.getSerialNumber().equals(serialNum)) {
privKey = key;
certs = certificates;
found = true;
}
}
}
}
}
} else if (req instanceof PrivateKeyCallback.SubjectKeyIDRequest) {
PrivateKeyCallback.SubjectKeyIDRequest skReq = (PrivateKeyCallback.SubjectKeyIDRequest) req;
byte[] subjectKeyID = skReq.getSubjectKeyID();
if (subjectKeyID != null) {
boolean found = false;
// In DER, subjectKeyID will be an OCTET STRING of OCTET STRING
DerValue derValue1 = new DerValue(DerValue.tag_OctetString, subjectKeyID);
DerValue derValue2 = new DerValue(DerValue.tag_OctetString, derValue1.toByteArray());
byte[] derSubjectKeyID = derValue2.toByteArray();
for (int i = 0; i < kstores.length && !found; i++) {
Enumeration aliases = kstores[i].aliases();
while (aliases.hasMoreElements() && !found) {
String nextAlias = (String) aliases.nextElement();
PrivateKey key = secSup.getPrivateKeyForAlias(nextAlias, i);
if (key != null) {
Certificate[] certificates = kstores[i].getCertificateChain(nextAlias);
X509Certificate eeCert = (X509Certificate) certificates[0];
// Extension: SubjectKeyIdentifier
byte[] derSubKeyID = eeCert.getExtensionValue(SUBJECT_KEY_IDENTIFIER_OID);
if (derSubKeyID != null && Arrays.equals(derSubKeyID, derSubjectKeyID)) {
privKey = key;
certs = certificates;
found = true;
}
}
}
}
}
} else if (req instanceof PrivateKeyCallback.DigestRequest) {
PrivateKeyCallback.DigestRequest dReq = (PrivateKeyCallback.DigestRequest) req;
byte[] digest = dReq.getDigest();
String algorithm = dReq.getAlgorithm();
PrivateKeyEntry privKeyEntry = null;
if (digest == null) {
// get default key
privKeyEntry = getDefaultPrivateKeyEntry(kstores);
} else {
if (algorithm == null) {
algorithm = DEFAULT_DIGEST_ALGORITHM;
}
MessageDigest md = MessageDigest.getInstance(algorithm);
privKeyEntry = getPrivateKeyEntry(kstores, md, digest);
}
if (privKeyEntry != null) {
privKey = privKeyEntry.getPrivateKey();
certs = privKeyEntry.getCertificateChain();
}
} else {
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "invalid request type: " + req.getClass().getName());
}
}
} catch (Exception e) {
// KeyStoreException
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "JMAC: In PrivateKeyCallback Processor: " + " Error reading key !", e);
}
} finally {
privKeyCallback.setKey(privKey, certs);
}
}
Also used :
PrivateKey(java.security.PrivateKey)
DerValue(sun.security.util.DerValue)
MessageDigest(java.security.MessageDigest)
Enumeration(java.util.Enumeration)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
KeyStoreException(java.security.KeyStoreException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
LoginException(com.sun.enterprise.security.auth.login.common.LoginException)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
IOException(java.io.IOException)
X500Principal(javax.security.auth.x500.X500Principal)
BigInteger(java.math.BigInteger)
PrivateKeyCallback(javax.security.auth.message.callback.PrivateKeyCallback)
PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 5 with PrivateKeyCallback
use of javax.security.auth.message.callback.PrivateKeyCallback in project Payara by payara.
the class BaseContainerCallbackHandler method processCallback.
/**
* gets the appropriate callback processor and hands the callback to processor to process the
* callback.
*/
protected void processCallback(Callback callback) throws UnsupportedCallbackException {
if (callback instanceof CallerPrincipalCallback) {
processCallerPrincipal((CallerPrincipalCallback) callback);
} else if (callback instanceof GroupPrincipalCallback) {
processGroupPrincipal((GroupPrincipalCallback) callback);
} else if (callback instanceof PasswordValidationCallback) {
processPasswordValidation((PasswordValidationCallback) callback);
} else if (callback instanceof PrivateKeyCallback) {
processPrivateKey((PrivateKeyCallback) callback);
} else if (callback instanceof TrustStoreCallback) {
TrustStoreCallback tstoreCallback = (TrustStoreCallback) callback;
if (_logger.isLoggable(FINE)) {
_logger.log(FINE, "JASPIC: In TrustStoreCallback Processor");
}
tstoreCallback.setTrustStore(sslUtils.getMergedTrustStore());
} else if (callback instanceof CertStoreCallback) {
processCertStore((CertStoreCallback) callback);
} else if (callback instanceof SecretKeyCallback) {
processSecretKey((SecretKeyCallback) callback);
} else {
// the isSupportedCallback method already takes care of this case
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "JASPIC: UnsupportedCallback : " + callback.getClass().getName());
}
throw new UnsupportedCallbackException(callback);
}
}
Also used :
CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback)
GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback)
SecretKeyCallback(javax.security.auth.message.callback.SecretKeyCallback)
TrustStoreCallback(javax.security.auth.message.callback.TrustStoreCallback)
CertStoreCallback(javax.security.auth.message.callback.CertStoreCallback)
PasswordValidationCallback(javax.security.auth.message.callback.PasswordValidationCallback)
PrivateKeyCallback(javax.security.auth.message.callback.PrivateKeyCallback)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
Aggregations
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)6
PrivateKeyCallback (javax.security.auth.message.callback.PrivateKeyCallback)6
CallerPrincipalCallback (javax.security.auth.message.callback.CallerPrincipalCallback)4
CertStoreCallback (javax.security.auth.message.callback.CertStoreCallback)4
GroupPrincipalCallback (javax.security.auth.message.callback.GroupPrincipalCallback)4
PasswordValidationCallback (javax.security.auth.message.callback.PasswordValidationCallback)4
SecretKeyCallback (javax.security.auth.message.callback.SecretKeyCallback)4
TrustStoreCallback (javax.security.auth.message.callback.TrustStoreCallback)4
LoginException (com.sun.enterprise.security.auth.login.common.LoginException)2
IOException (java.io.IOException)2
BigInteger (java.math.BigInteger)2
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)2
KeyStore (java.security.KeyStore)2
PrivateKeyEntry (java.security.KeyStore.PrivateKeyEntry)2
KeyStoreException (java.security.KeyStoreException)2
MessageDigest (java.security.MessageDigest)2
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2
PrivateKey (java.security.PrivateKey)2
Certificate (java.security.cert.Certificate)2
X509Certificate (java.security.cert.X509Certificate)2
