use of org.apache.karaf.jaas.config.KeystoreManager in project karaf by apache.
the class Activator method start.
@Override
public void start(final BundleContext context) throws Exception {
ProxyLoginModule.init(context.getBundle(0).getBundleContext());
final OsgiKeystoreManager keystoreManager = new OsgiKeystoreManager();
keystoreInstanceServiceTracker = new ServiceTracker<>(context, KeystoreInstance.class, new ServiceTrackerCustomizer<KeystoreInstance, KeystoreInstance>() {
@Override
public KeystoreInstance addingService(ServiceReference<KeystoreInstance> reference) {
KeystoreInstance service = context.getService(reference);
keystoreManager.register(service, null);
return service;
}
@Override
public void modifiedService(ServiceReference<KeystoreInstance> reference, KeystoreInstance service) {
}
@Override
public void removedService(ServiceReference<KeystoreInstance> reference, KeystoreInstance service) {
keystoreManager.unregister(service, null);
context.ungetService(reference);
}
});
keystoreInstanceServiceTracker.open();
osgiConfiguration = new OsgiConfiguration();
osgiConfiguration.init();
jaasRealmServiceTracker = new ServiceTracker<>(context, JaasRealm.class, new ServiceTrackerCustomizer<JaasRealm, JaasRealm>() {
@Override
public JaasRealm addingService(ServiceReference<JaasRealm> reference) {
JaasRealm service = context.getService(reference);
osgiConfiguration.register(service, null);
return service;
}
@Override
public void modifiedService(ServiceReference<JaasRealm> reference, JaasRealm service) {
}
@Override
public void removedService(ServiceReference<JaasRealm> reference, JaasRealm service) {
osgiConfiguration.unregister(service, null);
}
});
jaasRealmServiceTracker.open();
registration = context.registerService(KeystoreManager.class, keystoreManager, null);
}
use of org.apache.karaf.jaas.config.KeystoreManager in project karaf by apache.
the class Activator method doStart.
protected void doStart() throws Exception {
// Verify dependencies
ConfigurationAdmin configurationAdmin = getTrackedService(ConfigurationAdmin.class);
KeystoreManager keystoreManager = getTrackedService(KeystoreManager.class);
if (configurationAdmin == null || keystoreManager == null) {
return;
}
EventAdminLogger logger = null;
if (getBoolean("audit.eventadmin.enabled", true)) {
try {
logger = new EventAdminLoggerImpl(bundleContext);
} catch (Throwable ignore) {
// Ignore the listener if EventAdmin package isn't present
}
}
if (logger == null) {
logger = new EventAdminLogger() {
@Override
public void close() {
}
@Override
public void log(String methodName, String[] signature, Object result, Throwable error, Object... params) {
}
};
}
eventAdminLogger = logger;
String rmiRegistryHost = getString("rmiRegistryHost", "");
int rmiRegistryPort = getInt("rmiRegistryPort", 1099);
String rmiServerHost = getString("rmiServerHost", "0.0.0.0");
int rmiServerPort = getInt("rmiServerPort", 44444);
String jmxRealm = getString("jmxRealm", "karaf");
String serviceUrl = getString("serviceUrl", "service:jmx:rmi://" + rmiServerHost + ":" + rmiServerPort + "/jndi/rmi://" + rmiRegistryHost + ":" + rmiRegistryPort + "/karaf-" + System.getProperty("karaf.name"));
boolean daemon = getBoolean("daemon", true);
boolean threaded = getBoolean("threaded", true);
ObjectName objectName = new ObjectName(getString("objectName", "connector:name=rmi"));
long keyStoreAvailabilityTimeout = getLong("keyStoreAvailabilityTimeout", 5000);
String authenticatorType = getString("authenticatorType", "password");
final boolean secured = getBoolean("secured", false);
String secureAlgorithm = getString("secureAlgorithm", "default");
String secureProtocol = getString("secureProtocol", "TLS");
String keyStore = getString("keyStore", "karaf.ks");
String keyAlias = getString("keyAlias", "karaf");
String trustStore = getString("trustStore", "karaf.ts");
boolean createRmiRegistry = getBoolean("createRmiRegistry", true);
boolean locateRmiRegistry = getBoolean("locateRmiRegistry", true);
boolean locateExistingMBeanServerIfPossible = getBoolean("locateExistingMBeanServerIfPossible", true);
KarafMBeanServerGuard guard = new KarafMBeanServerGuard();
guard.setLogger(eventAdminLogger);
guard.setConfigAdmin(configurationAdmin);
rmiRegistryFactory = new RmiRegistryFactory();
rmiRegistryFactory.setCreate(createRmiRegistry);
rmiRegistryFactory.setLocate(locateRmiRegistry);
rmiRegistryFactory.setHost(rmiRegistryHost);
rmiRegistryFactory.setPort(rmiRegistryPort);
rmiRegistryFactory.setBundleContext(bundleContext);
rmiRegistryFactory.init();
mbeanServerFactory = new MBeanServerFactory();
mbeanServerFactory.setLocateExistingServerIfPossible(locateExistingMBeanServerIfPossible);
mbeanServerFactory.init();
MBeanServer mbeanServer = mbeanServerFactory.getServer();
mbeanServer = new EventAdminMBeanServerWrapper(mbeanServer, eventAdminLogger);
JaasAuthenticator jaasAuthenticator = new JaasAuthenticator();
jaasAuthenticator.setRealm(jmxRealm);
connectorServerFactory = new ConnectorServerFactory();
connectorServerFactory.setServer(mbeanServer);
connectorServerFactory.setServiceUrl(serviceUrl);
connectorServerFactory.setGuard(guard);
connectorServerFactory.setRmiServerHost(rmiServerHost);
connectorServerFactory.setDaemon(daemon);
connectorServerFactory.setThreaded(threaded);
connectorServerFactory.setObjectName(objectName);
Map<String, Object> environment = new HashMap<>();
environment.put("jmx.remote.authenticator", jaasAuthenticator);
try {
connectorServerFactory.setEnvironment(environment);
connectorServerFactory.setKeyStoreAvailabilityTimeout(keyStoreAvailabilityTimeout);
connectorServerFactory.setAuthenticatorType(authenticatorType);
connectorServerFactory.setSecured(secured);
connectorServerFactory.setAlgorithm(secureAlgorithm);
connectorServerFactory.setSecureProtocol(secureProtocol);
connectorServerFactory.setKeyStore(keyStore);
connectorServerFactory.setKeyAlias(keyAlias);
connectorServerFactory.setTrustStore(trustStore);
connectorServerFactory.setKeystoreManager(keystoreManager);
connectorServerFactory.init();
} catch (Exception e) {
LOG.error("Can't init JMXConnectorServer: " + e.getMessage());
}
JMXSecurityMBeanImpl securityMBean = new JMXSecurityMBeanImpl();
securityMBean.setMBeanServer(mbeanServer);
securityMBean.setGuard(guard);
registerMBean(securityMBean, "type=security,area=jmx");
register(MBeanServer.class, mbeanServer);
if (secured) {
keystoreInstanceServiceTracker = new ServiceTracker<>(bundleContext, KeystoreInstance.class, new ServiceTrackerCustomizer<KeystoreInstance, KeystoreInstance>() {
@Override
public KeystoreInstance addingService(ServiceReference<KeystoreInstance> reference) {
try {
connectorServerFactory.init();
} catch (Exception e) {
LOG.error("Can't re-init JMXConnectorServer with SSL enabled when register a keystore:" + e.getMessage());
}
return null;
}
@Override
public void modifiedService(ServiceReference<KeystoreInstance> reference, KeystoreInstance service) {
}
@Override
public void removedService(ServiceReference<KeystoreInstance> reference, KeystoreInstance service) {
try {
connectorServerFactory.init();
} catch (Exception e) {
LOG.error("Can't re-init JMXConnectorServer with SSL enabled when unregister a keystore: " + e.getMessage());
}
}
});
keystoreInstanceServiceTracker.open();
}
}
use of org.apache.karaf.jaas.config.KeystoreManager in project karaf by apache.
the class LDAPOptions method setupSsl.
protected void setupSsl(Hashtable<String, Object> env) throws NamingException {
BundleContext bundleContext = FrameworkUtil.getBundle(LDAPOptions.class).getBundleContext();
ServiceReference<KeystoreManager> ref = null;
try {
LOGGER.debug("Setting up SSL");
env.put(Context.SECURITY_PROTOCOL, "ssl");
env.put("java.naming.ldap.factory.socket", ManagedSSLSocketFactory.class.getName());
ref = bundleContext.getServiceReference(KeystoreManager.class);
KeystoreManager manager = bundleContext.getService(ref);
SSLSocketFactory factory = manager.createSSLFactory(getSslProvider(), getSslProtocol(), getSslAlgorithm(), getSslKeystore(), getSslKeyAlias(), getSslTrustStore(), getSslTimeout());
ManagedSSLSocketFactory.setSocketFactory(new ManagedSSLSocketFactory(factory));
Thread.currentThread().setContextClassLoader(ManagedSSLSocketFactory.class.getClassLoader());
} catch (Exception e) {
throw new NamingException("Unable to setup SSL support for LDAP: " + e.getMessage());
} finally {
bundleContext.ungetService(ref);
}
}
Aggregations