Skip to content

Commit

Permalink
Removed now unused HandlerContext, and did some cleaning
Browse files Browse the repository at this point in the history 
Signed-off-by: Arjan Tijms <arjan.tijms@omnifish.ee>
  • Loading branch information
@arjantijms
arjantijms committed Sep 18, 2023
1 parent 4c01561 commit 1356303
Show file tree
Hide file tree
Showing 7 changed files with 111 additions and 206 deletions.
58 changes: 26 additions & 32 deletions ...er/security/core-ee/src/main/java/com/sun/enterprise/security/jmac/AuthMessagePolicy.java
View file
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2022 Contributors to the Eclipse Foundation
* Copyright (c) 2022, 2023 Contributors to the Eclipse Foundation.
* Copyright (c) 1997, 2020 Oracle and/or its affiliates. All rights reserved.
*
* This program and the accompanying materials are made available under the
Expand All @@ -23,7 +23,6 @@

import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;

Expand Down Expand Up @@ -53,8 +52,6 @@ public class AuthMessagePolicy {
private static final String HANDLER_CLASS_PROPERTY = "security.jmac.config.ConfigHelper.CallbackHandler";
private static final String DEFAULT_HANDLER_CLASS = "com.sun.enterprise.security.jmac.callback.ContainerCallbackHandler";

// for HttpServlet profile

private static String handlerClassName;

private AuthMessagePolicy() {
Expand Down Expand Up @@ -91,11 +88,11 @@ public static MessageSecurityBindingDescriptor getMessageSecurityBinding(String
return null;
}

public static MessagePolicy getMessagePolicy(ProtectionDescriptor pd) {
public static MessagePolicy getMessagePolicy(ProtectionDescriptor protectionDescriptor) {
MessagePolicy messagePolicy = null;
if (pd != null) {
String source = pd.getAttributeValue(ProtectionDescriptor.AUTH_SOURCE);
String recipient = pd.getAttributeValue(ProtectionDescriptor.AUTH_RECIPIENT);
if (protectionDescriptor != null) {
String source = protectionDescriptor.getAttributeValue(ProtectionDescriptor.AUTH_SOURCE);
String recipient = protectionDescriptor.getAttributeValue(ProtectionDescriptor.AUTH_RECIPIENT);
messagePolicy = org.glassfish.epicyro.config.helper.AuthMessagePolicy.getMessagePolicy(source, recipient);
}

Expand All @@ -119,23 +116,23 @@ public static MessagePolicy[] getSOAPPolicies(MessageSecurityBindingDescriptor b
MessagePolicy responsePolicy = null;

if (binding != null) {
ArrayList<MessageSecurityDescriptor> msgSecDescs = null;
List<MessageSecurityDescriptor> messageSecurityDescriptors = null;
String layer = binding.getValue(AUTH_LAYER);
if (SOAP.equals(layer)) {
msgSecDescs = binding.getMessageSecurityDescriptors();
messageSecurityDescriptors = binding.getMessageSecurityDescriptors();
}

if (msgSecDescs != null) {
if (messageSecurityDescriptors != null) {
if (onePolicy) {
if (msgSecDescs.size() > 0) {
MessageSecurityDescriptor msd = msgSecDescs.get(0);
requestPolicy = getMessagePolicy(msd.getRequestProtectionDescriptor());
responsePolicy = getMessagePolicy(msd.getResponseProtectionDescriptor());
if (messageSecurityDescriptors.size() > 0) {
MessageSecurityDescriptor messageSecurityDescriptor = messageSecurityDescriptors.get(0);
requestPolicy = getMessagePolicy(messageSecurityDescriptor.getRequestProtectionDescriptor());
responsePolicy = getMessagePolicy(messageSecurityDescriptor.getResponseProtectionDescriptor());
}
} else { // try to match
MessageSecurityDescriptor matchMsd = null;
for (int i = 0; i < msgSecDescs.size(); i++) {
MessageSecurityDescriptor msd = msgSecDescs.get(i);
for (int i = 0; i < messageSecurityDescriptors.size(); i++) {
MessageSecurityDescriptor msd = messageSecurityDescriptors.get(i);
List<MessageDescriptor> msgDescs = msd.getMessageDescriptors();
for (int j = i + 1; j < msgDescs.size(); j++) {
// XXX don't know how to get JavaMethod from operation
Expand Down Expand Up @@ -180,7 +177,7 @@ public static boolean oneSOAPPolicy(MessageSecurityBindingDescriptor binding) {

MessageSecurityDescriptor msd = msgSecDescs.get(i);

// determine if all the different messageSecurityDesriptors have the
// Determine if all the different messageSecurityDesriptors have the
// same policy which will help us interpret the effective policy if
// we cannot determine the opcode of a request at runtime.
for (int j = 0; j < msgSecDescs.size(); j++) {
Expand All @@ -193,7 +190,7 @@ public static boolean oneSOAPPolicy(MessageSecurityBindingDescriptor binding) {
return onePolicy;
}

public static SunWebApp getSunWebApp(Map properties) {
public static SunWebApp getSunWebApp(Map<String, Object> properties) {
if (properties == null) {
return null;
}
Expand All @@ -203,32 +200,29 @@ public static SunWebApp getSunWebApp(Map properties) {
}

public static String getProviderID(SunWebApp sunWebApp) {
String providerID = null;
if (sunWebApp != null) {
providerID = sunWebApp.getAttributeValue(SunWebApp.HTTPSERVLET_SECURITY_PROVIDER);
if (sunWebApp == null) {
return null;
}

return providerID;
return sunWebApp.getAttributeValue(SunWebApp.HTTPSERVLET_SECURITY_PROVIDER);
}


public static CallbackHandler getDefaultCallbackHandler() {
// get the default handler class
try {
CallbackHandler rvalue = (CallbackHandler) AppservAccessController.doPrivileged(new PrivilegedExceptionAction() {
return AppservAccessController.doPrivileged(new PrivilegedExceptionAction<CallbackHandler>() {
@Override
public Object run() throws Exception {
ClassLoader loader = Thread.currentThread().getContextClassLoader();
public CallbackHandler run() throws Exception {
if (handlerClassName == null) {
handlerClassName = System.getProperty(HANDLER_CLASS_PROPERTY, DEFAULT_HANDLER_CLASS);
}
final String className = handlerClassName;
Class<?> c = Class.forName(className, true, loader);
return c.getDeclaredConstructor().newInstance();

return (CallbackHandler)
Class.forName(handlerClassName, true, Thread.currentThread().getContextClassLoader())
.getDeclaredConstructor()
.newInstance();
}
});
return rvalue;

} catch (PrivilegedActionException pae) {
throw new RuntimeException(pae.getException());
}
Expand Down
23 changes: 11 additions & 12 deletions ...r/security/core-ee/src/main/java/com/sun/enterprise/security/jmac/ConfigDomainParser.java
View file
@@ -1,4 +1,5 @@
/*
* Copyright (c) 2022, 2023 Contributors to the Eclipse Foundation.
* Copyright (c) 1997, 2021 Oracle and/or its affiliates. All rights reserved.
*
* This program and the accompanying materials are made available under the
Expand Down Expand Up @@ -54,8 +55,8 @@ public class ConfigDomainParser implements ConfigParser {
private static final Logger _logger = LogDomains.getLogger(ConfigDomainParser.class, LogDomains.SECURITY_LOGGER);
private static final Pattern PROPERTY_PATTERN = Pattern.compile("\\$\\{\\{(.*?)}}|\\$\\{(.*?)}");

// configuration info
private Map<String, AuthModulesLayerConfig> configMap = new HashMap<>();
// The authentication modules per layer (SOAP or Servlet)
private Map<String, AuthModulesLayerConfig> authModuleLayers = new HashMap<>();
private Set<String> layersWithDefault = new HashSet<>();

public ConfigDomainParser() {
Expand All @@ -68,45 +69,43 @@ public void initialize(Object service) throws IOException {
}

if (service instanceof SecurityService) {
processServerConfig((SecurityService) service, configMap);
processServerConfig((SecurityService) service, authModuleLayers);
}
}

@Override
public Map<String, AuthModulesLayerConfig> getAuthModuleLayers() {
return configMap;
return authModuleLayers;
}

@Override
public Set<String> getLayersWithDefault() {
return layersWithDefault;
}

private void processServerConfig(SecurityService service, Map<String, AuthModulesLayerConfig> newConfig) throws IOException {
List<MessageSecurityConfig> configList = service.getMessageSecurityConfig();
private void processServerConfig(SecurityService service, Map<String, AuthModulesLayerConfig> newAuthModuleLayers) throws IOException {
List<MessageSecurityConfig> messageSecurityConfigs = service.getMessageSecurityConfig();

if (configList != null) {
if (messageSecurityConfigs != null) {

for (MessageSecurityConfig messageSecurityConfig : configList) {
for (MessageSecurityConfig messageSecurityConfig : messageSecurityConfigs) {

// single message-security-config for each auth-layer
// auth-layer is synonymous with intercept

String authLayer = parseInterceptEntry(messageSecurityConfig, newConfig);
String authLayer = parseInterceptEntry(messageSecurityConfig, newAuthModuleLayers);

List<ProviderConfig> providers = messageSecurityConfig.getProviderConfig();

if (providers != null) {
for (ProviderConfig provider : providers) {
parseIDEntry(provider, newConfig, authLayer);
parseIDEntry(provider, newAuthModuleLayers, authLayer);
}
}
}
}
}



private String parseInterceptEntry(MessageSecurityConfig msgConfig, Map<String, AuthModulesLayerConfig> newConfig) throws IOException {
String authLayer = msgConfig.getAuthLayer();
String defaultServerID = msgConfig.getDefaultProvider();
Expand Down
24 changes: 2 additions & 22 deletions ...-ee/src/main/java/com/sun/enterprise/security/jmac/callback/ContainerCallbackHandler.java
View file
@@ -1,4 +1,5 @@
/*
* Copyright (c) 2023 Contributors to the Eclipse Foundation.
* Copyright (c) 1997, 2018 Oracle and/or its affiliates. All rights reserved.
*
* This program and the accompanying materials are made available under the
Expand Down Expand Up @@ -33,16 +34,13 @@
import org.jvnet.hk2.annotations.Service;

import com.sun.enterprise.security.SecurityServicesUtil;
//V3:Commented import com.sun.enterprise.Switch;
import com.sun.enterprise.security.jmac.config.CallbackHandlerConfig;
import com.sun.enterprise.security.jmac.config.HandlerContext;

/**
* @author Shing Wai Chan
*/
@Service
@ContractsProvided({ ContainerCallbackHandler.class, CallbackHandler.class })
public final class ContainerCallbackHandler implements CallbackHandler, CallbackHandlerConfig {
public final class ContainerCallbackHandler implements CallbackHandler {
private CallbackHandler handler = null;

public ContainerCallbackHandler() {
Expand All @@ -58,22 +56,4 @@ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallback
handler.handle(callbacks);
}

@Override
public void setHandlerContext(HandlerContext handlerContext) {
((CallbackHandlerConfig) handler).setHandlerContext(handlerContext);
}

public void setHandlerContext(String realm) {
final String fRealmName = realm;
HandlerContext handlerContext = new HandlerContext() {

@Override
public String getRealmName() {
return fRealmName;
}
};
// TODO
// ((BaseContainerCallbackHandler) handler).setHandlerContext(handlerContext);
}

}
24 changes: 18 additions & 6 deletions ...src/main/java/com/sun/enterprise/security/jmac/callback/GlassFishBaseCallbackHandler.java
View file
@@ -1,3 +1,19 @@
/*
* Copyright (c) 2023 Contributors to the Eclipse Foundation.
* Copyright (c) 1997, 2020 Oracle and/or its affiliates. All rights reserved.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0, which is available at
* http://www.eclipse.org/legal/epl-2.0.
*
* This Source Code may also be made available under the following Secondary
* Licenses when the conditions for such availability set forth in the
* Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
* version 2 with the GNU Classpath Exception, which is available at
* https://www.gnu.org/software/classpath/license.html.
*
* SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
*/
package com.sun.enterprise.security.jmac.callback;

import static com.sun.logging.LogDomains.SECURITY_LOGGER;
Expand All @@ -16,12 +32,11 @@

import javax.crypto.SecretKey;

import org.glassfish.epicyro.config.helper.BaseCallbackHandler;
import org.glassfish.internal.api.Globals;
import org.glassfish.security.common.MasterPassword;
import org.glassfish.epicyro.config.helper.BaseCallbackHandler;

import com.sun.enterprise.security.SecurityServicesUtil;
import com.sun.enterprise.security.jmac.config.HandlerContext;
import com.sun.enterprise.security.ssl.SSLUtils;
import com.sun.enterprise.security.store.PasswordAdapter;
import com.sun.enterprise.server.pluggable.SecuritySupport;
Expand All @@ -34,12 +49,9 @@ public abstract class GlassFishBaseCallbackHandler extends BaseCallbackHandler {

private static final Logger LOG = LogDomains.getLogger(GlassFishBaseCallbackHandler.class, SECURITY_LOGGER, false);

private static final String DEFAULT_DIGEST_ALGORITHM = "SHA-1";
private static final String CLIENT_SECRET_KEYSTORE = "com.sun.appserv.client.secretKeyStore";
private static final String CLIENT_SECRET_KEYSTORE_PASSWORD = "com.sun.appserv.client.secretKeyStorePassword";

protected HandlerContext handlerContext;

protected final SSLUtils sslUtils;
protected final SecuritySupport securitySupport;
protected final MasterPassword masterPasswordHelper;
Expand Down Expand Up @@ -114,7 +126,7 @@ protected void processSecretKey(SecretKeyCallback secretKeyCallback) {

secretKeyCallback.setKey(passwordAdapter.getPasswordSecretKeyForAlias(alias));
} catch (Exception e) {
LOG.log(FINE, e, () -> "JMAC: In SecretKeyCallback Processor: " + " Error reading key ! for alias " + alias);
LOG.log(FINE, e, () -> "Jakarta Authentication: In SecretKeyCallback Processor: " + " Error reading key ! for alias " + alias);
secretKeyCallback.setKey(null);
}
} else {
Expand Down
26 changes: 0 additions & 26 deletions .../core-ee/src/main/java/com/sun/enterprise/security/jmac/config/CallbackHandlerConfig.java
View file

This file was deleted.

26 changes: 0 additions & 26 deletions ...ecurity/core-ee/src/main/java/com/sun/enterprise/security/jmac/config/HandlerContext.java
View file

This file was deleted.

0 comments on commit 1356303

Please sign in to comment.