Example 1 with KeystoreInstance
use of org.apache.karaf.jaas.config.KeystoreInstance in project karaf by apache.
the class Activator method start.
@Override
public void start(final BundleContext context) throws Exception {
ProxyLoginModule.init(context.getBundle(0).getBundleContext());
final OsgiKeystoreManager keystoreManager = new OsgiKeystoreManager();
keystoreInstanceServiceTracker = new ServiceTracker<>(context, KeystoreInstance.class, new ServiceTrackerCustomizer<KeystoreInstance, KeystoreInstance>() {
@Override
public KeystoreInstance addingService(ServiceReference<KeystoreInstance> reference) {
KeystoreInstance service = context.getService(reference);
keystoreManager.register(service, null);
return service;
}
@Override
public void modifiedService(ServiceReference<KeystoreInstance> reference, KeystoreInstance service) {
}
@Override
public void removedService(ServiceReference<KeystoreInstance> reference, KeystoreInstance service) {
keystoreManager.unregister(service, null);
context.ungetService(reference);
}
});
keystoreInstanceServiceTracker.open();
osgiConfiguration = new OsgiConfiguration();
osgiConfiguration.init();
jaasRealmServiceTracker = new ServiceTracker<>(context, JaasRealm.class, new ServiceTrackerCustomizer<JaasRealm, JaasRealm>() {
@Override
public JaasRealm addingService(ServiceReference<JaasRealm> reference) {
JaasRealm service = context.getService(reference);
osgiConfiguration.register(service, null);
return service;
}
@Override
public void modifiedService(ServiceReference<JaasRealm> reference, JaasRealm service) {
}
@Override
public void removedService(ServiceReference<JaasRealm> reference, JaasRealm service) {
osgiConfiguration.unregister(service, null);
}
});
jaasRealmServiceTracker.open();
registration = context.registerService(KeystoreManager.class, keystoreManager, null);
}
Also used :
JaasRealm(org.apache.karaf.jaas.config.JaasRealm)
KeystoreManager(org.apache.karaf.jaas.config.KeystoreManager)
ServiceTrackerCustomizer(org.osgi.util.tracker.ServiceTrackerCustomizer)
KeystoreInstance(org.apache.karaf.jaas.config.KeystoreInstance)
ServiceReference(org.osgi.framework.ServiceReference)
Example 2 with KeystoreInstance
use of org.apache.karaf.jaas.config.KeystoreInstance in project karaf by apache.
the class OsgiKeystoreManager method createSSLContext.
public SSLContext createSSLContext(String provider, String protocol, String algorithm, String keyStore, String keyAlias, String trustStore, long timeout) throws GeneralSecurityException {
if (!this.checkForKeystoresAvailability(keyStore, keyAlias, trustStore, timeout)) {
throw new GeneralSecurityException("Unable to lookup configured keystore and/or truststore");
}
KeystoreInstance keyInstance = getKeystore(keyStore);
if (keyInstance != null && keyInstance.isKeystoreLocked()) {
throw new KeystoreIsLocked("Keystore '" + keyStore + "' is locked");
}
if (keyInstance != null && keyInstance.isKeyLocked(keyAlias)) {
throw new KeystoreIsLocked("Key '" + keyAlias + "' in keystore '" + keyStore + "' is locked");
}
KeystoreInstance trustInstance = trustStore == null ? null : getKeystore(trustStore);
if (trustInstance != null && trustInstance.isKeystoreLocked()) {
throw new KeystoreIsLocked("Keystore '" + trustStore + "' is locked");
}
SSLContext context;
if (provider == null) {
context = SSLContext.getInstance(protocol);
} else {
context = SSLContext.getInstance(protocol, provider);
}
context.init(keyInstance == null ? null : keyInstance.getKeyManager(algorithm, keyAlias), trustInstance == null ? null : trustInstance.getTrustManager(algorithm), new SecureRandom());
return context;
}
Also used :
KeystoreIsLocked(org.apache.karaf.jaas.config.KeystoreIsLocked)
GeneralSecurityException(java.security.GeneralSecurityException)
SecureRandom(java.security.SecureRandom)
SSLContext(javax.net.ssl.SSLContext)
KeystoreInstance(org.apache.karaf.jaas.config.KeystoreInstance)
Example 3 with KeystoreInstance
use of org.apache.karaf.jaas.config.KeystoreInstance in project karaf by apache.
the class OsgiKeystoreManager method checkForKeystoresAvailability.
/**
* Purely check for the availability of provided key stores and key
*
* @param keyStore
* @param keyAlias
* @param trustStore
* @param timeout
*/
private boolean checkForKeystoresAvailability(String keyStore, String keyAlias, String trustStore, long timeout) throws GeneralSecurityException {
long start = System.currentTimeMillis();
while (true) {
KeystoreInstance keyInstance = getKeystore(keyStore);
KeystoreInstance trustInstance = trustStore == null ? null : getKeystore(trustStore);
if (keyStore != null && keyInstance == null) {
logger.info("Keystore {} not found", keyStore);
} else if (keyStore != null && keyInstance.isKeystoreLocked()) {
logger.info("Keystore {} locked", keyStore);
} else if (keyStore != null && keyAlias != null && keyInstance.isKeyLocked(keyAlias)) {
logger.info("Keystore's key {} locked", keyAlias);
} else if (trustStore != null && trustInstance == null) {
logger.info("Truststore {} not found", trustStore);
} else if (trustStore != null && trustInstance.isKeystoreLocked()) {
logger.info("Truststore {} locked", keyStore);
} else {
return true;
}
if (System.currentTimeMillis() - start < timeout) {
try {
Thread.sleep(1000);
} catch (InterruptedException e) {
throw new GeneralSecurityException("Interrupted", e);
}
} else {
return false;
}
}
}
Also used :
GeneralSecurityException(java.security.GeneralSecurityException)
KeystoreInstance(org.apache.karaf.jaas.config.KeystoreInstance)
Example 4 with KeystoreInstance
use of org.apache.karaf.jaas.config.KeystoreInstance in project karaf by apache.
the class Activator method doStart.
protected void doStart() throws Exception {
// Verify dependencies
ConfigurationAdmin configurationAdmin = getTrackedService(ConfigurationAdmin.class);
KeystoreManager keystoreManager = getTrackedService(KeystoreManager.class);
if (configurationAdmin == null || keystoreManager == null) {
return;
}
String rmiRegistryHost = getString("rmiRegistryHost", "");
int rmiRegistryPort = getInt("rmiRegistryPort", 1099);
String rmiServerHost = getString("rmiServerHost", "0.0.0.0");
int rmiServerPort = getInt("rmiServerPort", 44444);
String jmxRealm = getString("jmxRealm", "karaf");
String serviceUrl = getString("serviceUrl", "service:jmx:rmi://" + rmiServerHost + ":" + rmiServerPort + "/jndi/rmi://" + rmiRegistryHost + ":" + rmiRegistryPort + "/karaf-" + System.getProperty("karaf.name"));
boolean daemon = getBoolean("daemon", true);
boolean threaded = getBoolean("threaded", true);
ObjectName objectName = new ObjectName(getString("objectName", "connector:name=rmi"));
long keyStoreAvailabilityTimeout = getLong("keyStoreAvailabilityTimeout", 5000);
String authenticatorType = getString("authenticatorType", "password");
final boolean secured = getBoolean("secured", false);
String secureAlgorithm = getString("secureAlgorithm", "default");
String secureProtocol = getString("secureProtocol", "TLS");
String keyStore = getString("keyStore", "karaf.ks");
String keyAlias = getString("keyAlias", "karaf");
String trustStore = getString("trustStore", "karaf.ts");
boolean createRmiRegistry = getBoolean("createRmiRegistry", true);
boolean locateRmiRegistry = getBoolean("locateRmiRegistry", true);
boolean locateExistingMBeanServerIfPossible = getBoolean("locateExistingMBeanServerIfPossible", true);
KarafMBeanServerGuard guard = new KarafMBeanServerGuard();
guard.setConfigAdmin(configurationAdmin);
rmiRegistryFactory = new RmiRegistryFactory();
rmiRegistryFactory.setCreate(createRmiRegistry);
rmiRegistryFactory.setLocate(locateRmiRegistry);
rmiRegistryFactory.setHost(rmiRegistryHost);
rmiRegistryFactory.setPort(rmiRegistryPort);
rmiRegistryFactory.setBundleContext(bundleContext);
rmiRegistryFactory.init();
mbeanServerFactory = new MBeanServerFactory();
mbeanServerFactory.setLocateExistingServerIfPossible(locateExistingMBeanServerIfPossible);
mbeanServerFactory.init();
MBeanServer mbeanServer = mbeanServerFactory.getServer();
JaasAuthenticator jaasAuthenticator = new JaasAuthenticator();
jaasAuthenticator.setRealm(jmxRealm);
connectorServerFactory = new ConnectorServerFactory();
connectorServerFactory.setServer(mbeanServer);
connectorServerFactory.setServiceUrl(serviceUrl);
connectorServerFactory.setGuard(guard);
connectorServerFactory.setRmiServerHost(rmiServerHost);
connectorServerFactory.setDaemon(daemon);
connectorServerFactory.setThreaded(threaded);
connectorServerFactory.setObjectName(objectName);
Map<String, Object> environment = new HashMap<>();
environment.put("jmx.remote.authenticator", jaasAuthenticator);
try {
connectorServerFactory.setEnvironment(environment);
connectorServerFactory.setKeyStoreAvailabilityTimeout(keyStoreAvailabilityTimeout);
connectorServerFactory.setAuthenticatorType(authenticatorType);
connectorServerFactory.setSecured(secured);
connectorServerFactory.setAlgorithm(secureAlgorithm);
connectorServerFactory.setSecureProtocol(secureProtocol);
connectorServerFactory.setKeyStore(keyStore);
connectorServerFactory.setKeyAlias(keyAlias);
connectorServerFactory.setTrustStore(trustStore);
connectorServerFactory.setKeystoreManager(keystoreManager);
connectorServerFactory.init();
} catch (Exception e) {
LOG.error("Can't init JMXConnectorServer: " + e.getMessage());
}
JMXSecurityMBeanImpl securityMBean = new JMXSecurityMBeanImpl();
securityMBean.setMBeanServer(mbeanServer);
securityMBean.setGuard(guard);
registerMBean(securityMBean, "type=security,area=jmx");
register(MBeanServer.class, mbeanServer);
keystoreInstanceServiceTracker = new ServiceTracker<>(bundleContext, KeystoreInstance.class, new ServiceTrackerCustomizer<KeystoreInstance, KeystoreInstance>() {
@Override
public KeystoreInstance addingService(ServiceReference<KeystoreInstance> reference) {
if (secured) {
try {
connectorServerFactory.init();
} catch (Exception e) {
LOG.error("Can't re-init JMXConnectorServer with SSL enabled when register a keystore:" + e.getMessage());
}
}
return null;
}
@Override
public void modifiedService(ServiceReference<KeystoreInstance> reference, KeystoreInstance service) {
}
@Override
public void removedService(ServiceReference<KeystoreInstance> reference, KeystoreInstance service) {
if (secured) {
try {
connectorServerFactory.init();
} catch (Exception e) {
LOG.error("Can't re-init JMXConnectorServer with SSL enabled when unregister a keystore: " + e.getMessage());
}
}
}
});
keystoreInstanceServiceTracker.open();
}
Also used :
KeystoreManager(org.apache.karaf.jaas.config.KeystoreManager)
KarafMBeanServerGuard(org.apache.karaf.management.KarafMBeanServerGuard)
HashMap(java.util.HashMap)
ServiceTrackerCustomizer(org.osgi.util.tracker.ServiceTrackerCustomizer)
ConnectorServerFactory(org.apache.karaf.management.ConnectorServerFactory)
ObjectName(javax.management.ObjectName)
ServiceReference(org.osgi.framework.ServiceReference)
RmiRegistryFactory(org.apache.karaf.management.RmiRegistryFactory)
JaasAuthenticator(org.apache.karaf.management.JaasAuthenticator)
ConfigurationAdmin(org.osgi.service.cm.ConfigurationAdmin)
KeystoreInstance(org.apache.karaf.jaas.config.KeystoreInstance)
MBeanServerFactory(org.apache.karaf.management.MBeanServerFactory)
MBeanServer(javax.management.MBeanServer)
Aggregations
KeystoreInstance (org.apache.karaf.jaas.config.KeystoreInstance)4
GeneralSecurityException (java.security.GeneralSecurityException)2
KeystoreManager (org.apache.karaf.jaas.config.KeystoreManager)2
ServiceReference (org.osgi.framework.ServiceReference)2
ServiceTrackerCustomizer (org.osgi.util.tracker.ServiceTrackerCustomizer)2
SecureRandom (java.security.SecureRandom)1
HashMap (java.util.HashMap)1
MBeanServer (javax.management.MBeanServer)1
ObjectName (javax.management.ObjectName)1
SSLContext (javax.net.ssl.SSLContext)1
JaasRealm (org.apache.karaf.jaas.config.JaasRealm)1
KeystoreIsLocked (org.apache.karaf.jaas.config.KeystoreIsLocked)1
ConnectorServerFactory (org.apache.karaf.management.ConnectorServerFactory)1
JaasAuthenticator (org.apache.karaf.management.JaasAuthenticator)1
KarafMBeanServerGuard (org.apache.karaf.management.KarafMBeanServerGuard)1
MBeanServerFactory (org.apache.karaf.management.MBeanServerFactory)1
RmiRegistryFactory (org.apache.karaf.management.RmiRegistryFactory)1
ConfigurationAdmin (org.osgi.service.cm.ConfigurationAdmin)1
