Search in sources :

Example 1 with KeystoreManager

use of org.apache.karaf.jaas.config.KeystoreManager in project karaf by apache.

the class Activator method start.

@Override
public void start(final BundleContext context) throws Exception {
    ProxyLoginModule.init(context.getBundle(0).getBundleContext());
    final OsgiKeystoreManager keystoreManager = new OsgiKeystoreManager();
    keystoreInstanceServiceTracker = new ServiceTracker<>(context, KeystoreInstance.class, new ServiceTrackerCustomizer<KeystoreInstance, KeystoreInstance>() {

        @Override
        public KeystoreInstance addingService(ServiceReference<KeystoreInstance> reference) {
            KeystoreInstance service = context.getService(reference);
            keystoreManager.register(service, null);
            return service;
        }

        @Override
        public void modifiedService(ServiceReference<KeystoreInstance> reference, KeystoreInstance service) {
        }

        @Override
        public void removedService(ServiceReference<KeystoreInstance> reference, KeystoreInstance service) {
            keystoreManager.unregister(service, null);
            context.ungetService(reference);
        }
    });
    keystoreInstanceServiceTracker.open();
    osgiConfiguration = new OsgiConfiguration();
    osgiConfiguration.init();
    jaasRealmServiceTracker = new ServiceTracker<>(context, JaasRealm.class, new ServiceTrackerCustomizer<JaasRealm, JaasRealm>() {

        @Override
        public JaasRealm addingService(ServiceReference<JaasRealm> reference) {
            JaasRealm service = context.getService(reference);
            osgiConfiguration.register(service, null);
            return service;
        }

        @Override
        public void modifiedService(ServiceReference<JaasRealm> reference, JaasRealm service) {
        }

        @Override
        public void removedService(ServiceReference<JaasRealm> reference, JaasRealm service) {
            osgiConfiguration.unregister(service, null);
        }
    });
    jaasRealmServiceTracker.open();
    registration = context.registerService(KeystoreManager.class, keystoreManager, null);
}
Also used : JaasRealm(org.apache.karaf.jaas.config.JaasRealm) KeystoreManager(org.apache.karaf.jaas.config.KeystoreManager) ServiceTrackerCustomizer(org.osgi.util.tracker.ServiceTrackerCustomizer) KeystoreInstance(org.apache.karaf.jaas.config.KeystoreInstance) ServiceReference(org.osgi.framework.ServiceReference)

Example 2 with KeystoreManager

use of org.apache.karaf.jaas.config.KeystoreManager in project karaf by apache.

the class Activator method doStart.

protected void doStart() throws Exception {
    // Verify dependencies
    ConfigurationAdmin configurationAdmin = getTrackedService(ConfigurationAdmin.class);
    KeystoreManager keystoreManager = getTrackedService(KeystoreManager.class);
    if (configurationAdmin == null || keystoreManager == null) {
        return;
    }
    EventAdminLogger logger = null;
    if (getBoolean("audit.eventadmin.enabled", true)) {
        try {
            logger = new EventAdminLoggerImpl(bundleContext);
        } catch (Throwable ignore) {
        // Ignore the listener if EventAdmin package isn't present
        }
    }
    if (logger == null) {
        logger = new EventAdminLogger() {

            @Override
            public void close() {
            }

            @Override
            public void log(String methodName, String[] signature, Object result, Throwable error, Object... params) {
            }
        };
    }
    eventAdminLogger = logger;
    String rmiRegistryHost = getString("rmiRegistryHost", "");
    int rmiRegistryPort = getInt("rmiRegistryPort", 1099);
    String rmiServerHost = getString("rmiServerHost", "0.0.0.0");
    int rmiServerPort = getInt("rmiServerPort", 44444);
    String jmxRealm = getString("jmxRealm", "karaf");
    String serviceUrl = getString("serviceUrl", "service:jmx:rmi://" + rmiServerHost + ":" + rmiServerPort + "/jndi/rmi://" + rmiRegistryHost + ":" + rmiRegistryPort + "/karaf-" + System.getProperty("karaf.name"));
    boolean daemon = getBoolean("daemon", true);
    boolean threaded = getBoolean("threaded", true);
    ObjectName objectName = new ObjectName(getString("objectName", "connector:name=rmi"));
    long keyStoreAvailabilityTimeout = getLong("keyStoreAvailabilityTimeout", 5000);
    String authenticatorType = getString("authenticatorType", "password");
    final boolean secured = getBoolean("secured", false);
    String secureAlgorithm = getString("secureAlgorithm", "default");
    String secureProtocol = getString("secureProtocol", "TLS");
    String keyStore = getString("keyStore", "karaf.ks");
    String keyAlias = getString("keyAlias", "karaf");
    String trustStore = getString("trustStore", "karaf.ts");
    boolean createRmiRegistry = getBoolean("createRmiRegistry", true);
    boolean locateRmiRegistry = getBoolean("locateRmiRegistry", true);
    boolean locateExistingMBeanServerIfPossible = getBoolean("locateExistingMBeanServerIfPossible", true);
    KarafMBeanServerGuard guard = new KarafMBeanServerGuard();
    guard.setLogger(eventAdminLogger);
    guard.setConfigAdmin(configurationAdmin);
    rmiRegistryFactory = new RmiRegistryFactory();
    rmiRegistryFactory.setCreate(createRmiRegistry);
    rmiRegistryFactory.setLocate(locateRmiRegistry);
    rmiRegistryFactory.setHost(rmiRegistryHost);
    rmiRegistryFactory.setPort(rmiRegistryPort);
    rmiRegistryFactory.setBundleContext(bundleContext);
    rmiRegistryFactory.init();
    mbeanServerFactory = new MBeanServerFactory();
    mbeanServerFactory.setLocateExistingServerIfPossible(locateExistingMBeanServerIfPossible);
    mbeanServerFactory.init();
    MBeanServer mbeanServer = mbeanServerFactory.getServer();
    mbeanServer = new EventAdminMBeanServerWrapper(mbeanServer, eventAdminLogger);
    JaasAuthenticator jaasAuthenticator = new JaasAuthenticator();
    jaasAuthenticator.setRealm(jmxRealm);
    connectorServerFactory = new ConnectorServerFactory();
    connectorServerFactory.setServer(mbeanServer);
    connectorServerFactory.setServiceUrl(serviceUrl);
    connectorServerFactory.setGuard(guard);
    connectorServerFactory.setRmiServerHost(rmiServerHost);
    connectorServerFactory.setDaemon(daemon);
    connectorServerFactory.setThreaded(threaded);
    connectorServerFactory.setObjectName(objectName);
    Map<String, Object> environment = new HashMap<>();
    environment.put("jmx.remote.authenticator", jaasAuthenticator);
    try {
        connectorServerFactory.setEnvironment(environment);
        connectorServerFactory.setKeyStoreAvailabilityTimeout(keyStoreAvailabilityTimeout);
        connectorServerFactory.setAuthenticatorType(authenticatorType);
        connectorServerFactory.setSecured(secured);
        connectorServerFactory.setAlgorithm(secureAlgorithm);
        connectorServerFactory.setSecureProtocol(secureProtocol);
        connectorServerFactory.setKeyStore(keyStore);
        connectorServerFactory.setKeyAlias(keyAlias);
        connectorServerFactory.setTrustStore(trustStore);
        connectorServerFactory.setKeystoreManager(keystoreManager);
        connectorServerFactory.init();
    } catch (Exception e) {
        LOG.error("Can't init JMXConnectorServer: " + e.getMessage());
    }
    JMXSecurityMBeanImpl securityMBean = new JMXSecurityMBeanImpl();
    securityMBean.setMBeanServer(mbeanServer);
    securityMBean.setGuard(guard);
    registerMBean(securityMBean, "type=security,area=jmx");
    register(MBeanServer.class, mbeanServer);
    if (secured) {
        keystoreInstanceServiceTracker = new ServiceTracker<>(bundleContext, KeystoreInstance.class, new ServiceTrackerCustomizer<KeystoreInstance, KeystoreInstance>() {

            @Override
            public KeystoreInstance addingService(ServiceReference<KeystoreInstance> reference) {
                try {
                    connectorServerFactory.init();
                } catch (Exception e) {
                    LOG.error("Can't re-init JMXConnectorServer with SSL enabled when register a keystore:" + e.getMessage());
                }
                return null;
            }

            @Override
            public void modifiedService(ServiceReference<KeystoreInstance> reference, KeystoreInstance service) {
            }

            @Override
            public void removedService(ServiceReference<KeystoreInstance> reference, KeystoreInstance service) {
                try {
                    connectorServerFactory.init();
                } catch (Exception e) {
                    LOG.error("Can't re-init JMXConnectorServer with SSL enabled when unregister a keystore: " + e.getMessage());
                }
            }
        });
        keystoreInstanceServiceTracker.open();
    }
}
Also used : KeystoreManager(org.apache.karaf.jaas.config.KeystoreManager) HashMap(java.util.HashMap) ServiceTrackerCustomizer(org.osgi.util.tracker.ServiceTrackerCustomizer) JaasAuthenticator(org.apache.karaf.management.JaasAuthenticator) MBeanServer(javax.management.MBeanServer) KarafMBeanServerGuard(org.apache.karaf.management.KarafMBeanServerGuard) ConnectorServerFactory(org.apache.karaf.management.ConnectorServerFactory) ObjectName(javax.management.ObjectName) ServiceReference(org.osgi.framework.ServiceReference) RmiRegistryFactory(org.apache.karaf.management.RmiRegistryFactory) ConfigurationAdmin(org.osgi.service.cm.ConfigurationAdmin) KeystoreInstance(org.apache.karaf.jaas.config.KeystoreInstance) MBeanServerFactory(org.apache.karaf.management.MBeanServerFactory)

Example 3 with KeystoreManager

use of org.apache.karaf.jaas.config.KeystoreManager in project karaf by apache.

the class LDAPOptions method setupSsl.

protected void setupSsl(Hashtable<String, Object> env) throws NamingException {
    BundleContext bundleContext = FrameworkUtil.getBundle(LDAPOptions.class).getBundleContext();
    ServiceReference<KeystoreManager> ref = null;
    try {
        LOGGER.debug("Setting up SSL");
        env.put(Context.SECURITY_PROTOCOL, "ssl");
        env.put("java.naming.ldap.factory.socket", ManagedSSLSocketFactory.class.getName());
        ref = bundleContext.getServiceReference(KeystoreManager.class);
        KeystoreManager manager = bundleContext.getService(ref);
        SSLSocketFactory factory = manager.createSSLFactory(getSslProvider(), getSslProtocol(), getSslAlgorithm(), getSslKeystore(), getSslKeyAlias(), getSslTrustStore(), getSslTimeout());
        ManagedSSLSocketFactory.setSocketFactory(new ManagedSSLSocketFactory(factory));
        Thread.currentThread().setContextClassLoader(ManagedSSLSocketFactory.class.getClassLoader());
    } catch (Exception e) {
        throw new NamingException("Unable to setup SSL support for LDAP: " + e.getMessage());
    } finally {
        bundleContext.ungetService(ref);
    }
}
Also used : KeystoreManager(org.apache.karaf.jaas.config.KeystoreManager) NamingException(javax.naming.NamingException) SSLSocketFactory(javax.net.ssl.SSLSocketFactory) NamingException(javax.naming.NamingException) BundleContext(org.osgi.framework.BundleContext)

Aggregations

KeystoreManager (org.apache.karaf.jaas.config.KeystoreManager)3 KeystoreInstance (org.apache.karaf.jaas.config.KeystoreInstance)2 ServiceReference (org.osgi.framework.ServiceReference)2 ServiceTrackerCustomizer (org.osgi.util.tracker.ServiceTrackerCustomizer)2 HashMap (java.util.HashMap)1 MBeanServer (javax.management.MBeanServer)1 ObjectName (javax.management.ObjectName)1 NamingException (javax.naming.NamingException)1 SSLSocketFactory (javax.net.ssl.SSLSocketFactory)1 JaasRealm (org.apache.karaf.jaas.config.JaasRealm)1 ConnectorServerFactory (org.apache.karaf.management.ConnectorServerFactory)1 JaasAuthenticator (org.apache.karaf.management.JaasAuthenticator)1 KarafMBeanServerGuard (org.apache.karaf.management.KarafMBeanServerGuard)1 MBeanServerFactory (org.apache.karaf.management.MBeanServerFactory)1 RmiRegistryFactory (org.apache.karaf.management.RmiRegistryFactory)1 BundleContext (org.osgi.framework.BundleContext)1 ConfigurationAdmin (org.osgi.service.cm.ConfigurationAdmin)1