Search in sources :

Example 1 with PrivateKeyCallback

use of javax.security.auth.message.callback.PrivateKeyCallback in project jetty.project by eclipse.

the class ServletCallbackHandler method handle.

public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (Callback callback : callbacks) {
        // jaspi to server communication
        if (callback instanceof CallerPrincipalCallback) {
            _callerPrincipals.set((CallerPrincipalCallback) callback);
        } else if (callback instanceof GroupPrincipalCallback) {
            _groupPrincipals.set((GroupPrincipalCallback) callback);
        } else if (callback instanceof PasswordValidationCallback) {
            PasswordValidationCallback passwordValidationCallback = (PasswordValidationCallback) callback;
            Subject subject = passwordValidationCallback.getSubject();
            UserIdentity user = _loginService.login(passwordValidationCallback.getUsername(), passwordValidationCallback.getPassword(), null);
            if (user != null) {
                passwordValidationCallback.setResult(true);
                passwordValidationCallback.getSubject().getPrincipals().addAll(user.getSubject().getPrincipals());
                passwordValidationCallback.getSubject().getPrivateCredentials().add(user);
            }
        } else if (callback instanceof CredentialValidationCallback) {
            CredentialValidationCallback credentialValidationCallback = (CredentialValidationCallback) callback;
            Subject subject = credentialValidationCallback.getSubject();
            LoginCallback loginCallback = new LoginCallbackImpl(subject, credentialValidationCallback.getUsername(), credentialValidationCallback.getCredential());
            UserIdentity user = _loginService.login(credentialValidationCallback.getUsername(), credentialValidationCallback.getCredential(), null);
            if (user != null) {
                loginCallback.setUserPrincipal(user.getUserPrincipal());
                credentialValidationCallback.getSubject().getPrivateCredentials().add(loginCallback);
                credentialValidationCallback.setResult(true);
                credentialValidationCallback.getSubject().getPrincipals().addAll(user.getSubject().getPrincipals());
                credentialValidationCallback.getSubject().getPrivateCredentials().add(user);
            }
        } else // TODO implement these
        if (callback instanceof CertStoreCallback) {
        } else if (callback instanceof PrivateKeyCallback) {
        } else if (callback instanceof SecretKeyCallback) {
        } else if (callback instanceof TrustStoreCallback) {
        } else {
            throw new UnsupportedCallbackException(callback);
        }
    }
}
Also used : LoginCallback(org.eclipse.jetty.security.authentication.LoginCallback) SecretKeyCallback(javax.security.auth.message.callback.SecretKeyCallback) TrustStoreCallback(javax.security.auth.message.callback.TrustStoreCallback) CertStoreCallback(javax.security.auth.message.callback.CertStoreCallback) UserIdentity(org.eclipse.jetty.server.UserIdentity) CredentialValidationCallback(org.eclipse.jetty.security.jaspi.callback.CredentialValidationCallback) Subject(javax.security.auth.Subject) CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback) LoginCallbackImpl(org.eclipse.jetty.security.authentication.LoginCallbackImpl) GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback) TrustStoreCallback(javax.security.auth.message.callback.TrustStoreCallback) LoginCallback(org.eclipse.jetty.security.authentication.LoginCallback) GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback) PasswordValidationCallback(javax.security.auth.message.callback.PasswordValidationCallback) CredentialValidationCallback(org.eclipse.jetty.security.jaspi.callback.CredentialValidationCallback) CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback) CertStoreCallback(javax.security.auth.message.callback.CertStoreCallback) PrivateKeyCallback(javax.security.auth.message.callback.PrivateKeyCallback) SecretKeyCallback(javax.security.auth.message.callback.SecretKeyCallback) Callback(javax.security.auth.callback.Callback) PasswordValidationCallback(javax.security.auth.message.callback.PasswordValidationCallback) PrivateKeyCallback(javax.security.auth.message.callback.PrivateKeyCallback) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)

Example 2 with PrivateKeyCallback

use of javax.security.auth.message.callback.PrivateKeyCallback in project Payara by payara.

the class BaseContainerCallbackHandler method processCallback.

/**
 * gets the appropriate callback processor and hands the callback to
 * processor to process the callback.
 */
protected void processCallback(Callback callback) throws UnsupportedCallbackException {
    if (callback instanceof CallerPrincipalCallback) {
        processCallerPrincipal((CallerPrincipalCallback) callback);
    } else if (callback instanceof GroupPrincipalCallback) {
        processGroupPrincipal((GroupPrincipalCallback) callback);
    } else if (callback instanceof PasswordValidationCallback) {
        processPasswordValidation((PasswordValidationCallback) callback);
    } else if (callback instanceof PrivateKeyCallback) {
        processPrivateKey((PrivateKeyCallback) callback);
    } else if (callback instanceof TrustStoreCallback) {
        TrustStoreCallback tstoreCallback = (TrustStoreCallback) callback;
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "JMAC: In TrustStoreCallback Processor");
        }
        tstoreCallback.setTrustStore(sslUtils.getMergedTrustStore());
    } else if (callback instanceof CertStoreCallback) {
        processCertStore((CertStoreCallback) callback);
    } else if (callback instanceof SecretKeyCallback) {
        processSecretKey((SecretKeyCallback) callback);
    } else {
        // the isSupportedCallback method already takes care of this case
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "JMAC: UnsupportedCallback : " + callback.getClass().getName());
        }
        throw new UnsupportedCallbackException(callback);
    }
}
Also used : CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback) GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback) SecretKeyCallback(javax.security.auth.message.callback.SecretKeyCallback) TrustStoreCallback(javax.security.auth.message.callback.TrustStoreCallback) CertStoreCallback(javax.security.auth.message.callback.CertStoreCallback) PasswordValidationCallback(javax.security.auth.message.callback.PasswordValidationCallback) PrivateKeyCallback(javax.security.auth.message.callback.PrivateKeyCallback) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)

Example 3 with PrivateKeyCallback

use of javax.security.auth.message.callback.PrivateKeyCallback in project tomee by apache.

the class ConnectorCallbackHandler method handle.

public void handle(final Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (final Callback callback : callbacks) {
        // jaspi to server communication
        if (callback instanceof CallerPrincipalCallback) {
            callerPrincipal = ((CallerPrincipalCallback) callback).getPrincipal();
        } else if (callback instanceof GroupPrincipalCallback) {
            groupsArray = ((GroupPrincipalCallback) callback).getGroups();
        } else if (callback instanceof PasswordValidationCallback) {
            final PasswordValidationCallback passwordValidationCallback = (PasswordValidationCallback) callback;
            final String userName = passwordValidationCallback.getUsername();
            final char[] password = passwordValidationCallback.getPassword();
            final SecurityService securityService = SystemInstance.get().getComponent(SecurityService.class);
            try {
                final Object loginObj = securityService.login(securityRealmName, userName, password == null ? "" : new String(password));
                securityService.associate(loginObj);
                callerPrincipal = securityService.getCallerPrincipal();
                passwordValidationCallback.setResult(true);
            } catch (final LoginException e) {
                passwordValidationCallback.setResult(false);
            }
        } else // server to jaspi communication
        if (callback instanceof CertStoreCallback) {
        // NOPMD
        // TODO implement me
        } else if (callback instanceof PrivateKeyCallback) {
        // NOPMD
        // TODO implement me
        } else if (callback instanceof SecretKeyCallback) {
        // NOPMD
        // TODO implement me
        } else if (callback instanceof TrustStoreCallback) {
        // NOPMD
        // TODO implement me
        } else {
            throw new UnsupportedCallbackException(callback);
        }
    }
}
Also used : SecretKeyCallback(javax.security.auth.message.callback.SecretKeyCallback) TrustStoreCallback(javax.security.auth.message.callback.TrustStoreCallback) CertStoreCallback(javax.security.auth.message.callback.CertStoreCallback) CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback) GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback) TrustStoreCallback(javax.security.auth.message.callback.TrustStoreCallback) GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback) PasswordValidationCallback(javax.security.auth.message.callback.PasswordValidationCallback) CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback) CertStoreCallback(javax.security.auth.message.callback.CertStoreCallback) PrivateKeyCallback(javax.security.auth.message.callback.PrivateKeyCallback) SecretKeyCallback(javax.security.auth.message.callback.SecretKeyCallback) Callback(javax.security.auth.callback.Callback) SecurityService(org.apache.openejb.spi.SecurityService) PasswordValidationCallback(javax.security.auth.message.callback.PasswordValidationCallback) LoginException(javax.security.auth.login.LoginException) PrivateKeyCallback(javax.security.auth.message.callback.PrivateKeyCallback) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)

Example 4 with PrivateKeyCallback

use of javax.security.auth.message.callback.PrivateKeyCallback in project Payara by payara.

the class BaseContainerCallbackHandler method processPrivateKey.

private void processPrivateKey(PrivateKeyCallback privKeyCallback) {
    KeyStore[] kstores = secSup.getKeyStores();
    if (_logger.isLoggable(Level.FINE)) {
        _logger.log(Level.FINE, "JMAC: In PrivateKeyCallback Processor");
    }
    // make sure we have a keystore
    if (kstores == null || kstores.length == 0) {
        // cannot get any information
        privKeyCallback.setKey(null, null);
        return;
    }
    // get the request type
    PrivateKeyCallback.Request req = privKeyCallback.getRequest();
    PrivateKey privKey = null;
    Certificate[] certs = null;
    if (req == null) {
        // no request type - set default key
        PrivateKeyEntry pke = getDefaultPrivateKeyEntry(kstores);
        if (pke != null) {
            privKey = pke.getPrivateKey();
            certs = pke.getCertificateChain();
        }
        privKeyCallback.setKey(privKey, certs);
        return;
    }
    // find key based on request type
    try {
        if (req instanceof PrivateKeyCallback.AliasRequest) {
            PrivateKeyCallback.AliasRequest aReq = (PrivateKeyCallback.AliasRequest) req;
            String alias = aReq.getAlias();
            PrivateKeyEntry privKeyEntry;
            if (alias == null) {
                // use default key
                privKeyEntry = getDefaultPrivateKeyEntry(kstores);
            } else {
                privKeyEntry = sslUtils.getPrivateKeyEntryFromTokenAlias(alias);
            }
            if (privKeyEntry != null) {
                privKey = privKeyEntry.getPrivateKey();
                certs = privKeyEntry.getCertificateChain();
            }
        } else if (req instanceof PrivateKeyCallback.IssuerSerialNumRequest) {
            PrivateKeyCallback.IssuerSerialNumRequest isReq = (PrivateKeyCallback.IssuerSerialNumRequest) req;
            X500Principal issuer = isReq.getIssuer();
            BigInteger serialNum = isReq.getSerialNum();
            if (issuer != null && serialNum != null) {
                boolean found = false;
                for (int i = 0; i < kstores.length && !found; i++) {
                    Enumeration aliases = kstores[i].aliases();
                    while (aliases.hasMoreElements() && !found) {
                        String nextAlias = (String) aliases.nextElement();
                        PrivateKey key = secSup.getPrivateKeyForAlias(nextAlias, i);
                        if (key != null) {
                            Certificate[] certificates = kstores[i].getCertificateChain(nextAlias);
                            // check issuer/serial
                            X509Certificate eeCert = (X509Certificate) certificates[0];
                            if (eeCert.getIssuerX500Principal().equals(issuer) && eeCert.getSerialNumber().equals(serialNum)) {
                                privKey = key;
                                certs = certificates;
                                found = true;
                            }
                        }
                    }
                }
            }
        } else if (req instanceof PrivateKeyCallback.SubjectKeyIDRequest) {
            PrivateKeyCallback.SubjectKeyIDRequest skReq = (PrivateKeyCallback.SubjectKeyIDRequest) req;
            byte[] subjectKeyID = skReq.getSubjectKeyID();
            if (subjectKeyID != null) {
                boolean found = false;
                // In DER, subjectKeyID will be an OCTET STRING of OCTET STRING
                DerValue derValue1 = new DerValue(DerValue.tag_OctetString, subjectKeyID);
                DerValue derValue2 = new DerValue(DerValue.tag_OctetString, derValue1.toByteArray());
                byte[] derSubjectKeyID = derValue2.toByteArray();
                for (int i = 0; i < kstores.length && !found; i++) {
                    Enumeration aliases = kstores[i].aliases();
                    while (aliases.hasMoreElements() && !found) {
                        String nextAlias = (String) aliases.nextElement();
                        PrivateKey key = secSup.getPrivateKeyForAlias(nextAlias, i);
                        if (key != null) {
                            Certificate[] certificates = kstores[i].getCertificateChain(nextAlias);
                            X509Certificate eeCert = (X509Certificate) certificates[0];
                            // Extension: SubjectKeyIdentifier
                            byte[] derSubKeyID = eeCert.getExtensionValue(SUBJECT_KEY_IDENTIFIER_OID);
                            if (derSubKeyID != null && Arrays.equals(derSubKeyID, derSubjectKeyID)) {
                                privKey = key;
                                certs = certificates;
                                found = true;
                            }
                        }
                    }
                }
            }
        } else if (req instanceof PrivateKeyCallback.DigestRequest) {
            PrivateKeyCallback.DigestRequest dReq = (PrivateKeyCallback.DigestRequest) req;
            byte[] digest = dReq.getDigest();
            String algorithm = dReq.getAlgorithm();
            PrivateKeyEntry privKeyEntry = null;
            if (digest == null) {
                // get default key
                privKeyEntry = getDefaultPrivateKeyEntry(kstores);
            } else {
                if (algorithm == null) {
                    algorithm = DEFAULT_DIGEST_ALGORITHM;
                }
                MessageDigest md = MessageDigest.getInstance(algorithm);
                privKeyEntry = getPrivateKeyEntry(kstores, md, digest);
            }
            if (privKeyEntry != null) {
                privKey = privKeyEntry.getPrivateKey();
                certs = privKeyEntry.getCertificateChain();
            }
        } else {
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE, "invalid request type: " + req.getClass().getName());
            }
        }
    } catch (Exception e) {
        // KeyStoreException
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "JMAC: In PrivateKeyCallback Processor: " + " Error reading key !", e);
        }
    } finally {
        privKeyCallback.setKey(privKey, certs);
    }
}
Also used : PrivateKey(java.security.PrivateKey) DerValue(sun.security.util.DerValue) MessageDigest(java.security.MessageDigest) Enumeration(java.util.Enumeration) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) KeyStoreException(java.security.KeyStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) LoginException(com.sun.enterprise.security.auth.login.common.LoginException) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) IOException(java.io.IOException) X500Principal(javax.security.auth.x500.X500Principal) BigInteger(java.math.BigInteger) PrivateKeyCallback(javax.security.auth.message.callback.PrivateKeyCallback) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 5 with PrivateKeyCallback

use of javax.security.auth.message.callback.PrivateKeyCallback in project Payara by payara.

the class BaseContainerCallbackHandler method processCallback.

/**
 * gets the appropriate callback processor and hands the callback to processor to process the
 * callback.
 */
protected void processCallback(Callback callback) throws UnsupportedCallbackException {
    if (callback instanceof CallerPrincipalCallback) {
        processCallerPrincipal((CallerPrincipalCallback) callback);
    } else if (callback instanceof GroupPrincipalCallback) {
        processGroupPrincipal((GroupPrincipalCallback) callback);
    } else if (callback instanceof PasswordValidationCallback) {
        processPasswordValidation((PasswordValidationCallback) callback);
    } else if (callback instanceof PrivateKeyCallback) {
        processPrivateKey((PrivateKeyCallback) callback);
    } else if (callback instanceof TrustStoreCallback) {
        TrustStoreCallback tstoreCallback = (TrustStoreCallback) callback;
        if (_logger.isLoggable(FINE)) {
            _logger.log(FINE, "JASPIC: In TrustStoreCallback Processor");
        }
        tstoreCallback.setTrustStore(sslUtils.getMergedTrustStore());
    } else if (callback instanceof CertStoreCallback) {
        processCertStore((CertStoreCallback) callback);
    } else if (callback instanceof SecretKeyCallback) {
        processSecretKey((SecretKeyCallback) callback);
    } else {
        // the isSupportedCallback method already takes care of this case
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "JASPIC: UnsupportedCallback : " + callback.getClass().getName());
        }
        throw new UnsupportedCallbackException(callback);
    }
}
Also used : CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback) GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback) SecretKeyCallback(javax.security.auth.message.callback.SecretKeyCallback) TrustStoreCallback(javax.security.auth.message.callback.TrustStoreCallback) CertStoreCallback(javax.security.auth.message.callback.CertStoreCallback) PasswordValidationCallback(javax.security.auth.message.callback.PasswordValidationCallback) PrivateKeyCallback(javax.security.auth.message.callback.PrivateKeyCallback) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)

Aggregations

UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)6 PrivateKeyCallback (javax.security.auth.message.callback.PrivateKeyCallback)6 CallerPrincipalCallback (javax.security.auth.message.callback.CallerPrincipalCallback)4 CertStoreCallback (javax.security.auth.message.callback.CertStoreCallback)4 GroupPrincipalCallback (javax.security.auth.message.callback.GroupPrincipalCallback)4 PasswordValidationCallback (javax.security.auth.message.callback.PasswordValidationCallback)4 SecretKeyCallback (javax.security.auth.message.callback.SecretKeyCallback)4 TrustStoreCallback (javax.security.auth.message.callback.TrustStoreCallback)4 LoginException (com.sun.enterprise.security.auth.login.common.LoginException)2 IOException (java.io.IOException)2 BigInteger (java.math.BigInteger)2 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)2 KeyStore (java.security.KeyStore)2 PrivateKeyEntry (java.security.KeyStore.PrivateKeyEntry)2 KeyStoreException (java.security.KeyStoreException)2 MessageDigest (java.security.MessageDigest)2 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2 PrivateKey (java.security.PrivateKey)2 Certificate (java.security.cert.Certificate)2 X509Certificate (java.security.cert.X509Certificate)2