[jboss-cvs] JBossAS SVN: r59905 - in branches/Branch_4_2/security/src/main/org/jboss/security: plugins and 1 other directory.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon Jan 22 03:06:26 EST 2007
Author: scott.stark at jboss.org
Date: 2007-01-22 03:06:26 -0500 (Mon, 22 Jan 2007)
New Revision: 59905
Modified:
branches/Branch_4_2/security/src/main/org/jboss/security/SecurityActions.java
branches/Branch_4_2/security/src/main/org/jboss/security/Util.java
branches/Branch_4_2/security/src/main/org/jboss/security/plugins/JaasSecurityDomain.java
branches/Branch_4_2/security/src/main/org/jboss/security/plugins/JaasSecurityDomainMBean.java
Log:
JBAS-2895, Factor out the {CLASS} and {EXT} password load logic for reuse outside of the JaasSecurityDomain
Modified: branches/Branch_4_2/security/src/main/org/jboss/security/SecurityActions.java
===================================================================
--- branches/Branch_4_2/security/src/main/org/jboss/security/SecurityActions.java 2007-01-22 08:05:05 UTC (rev 59904)
+++ branches/Branch_4_2/security/src/main/org/jboss/security/SecurityActions.java 2007-01-22 08:06:26 UTC (rev 59905)
@@ -21,9 +21,16 @@
*/
package org.jboss.security;
+import java.io.BufferedReader;
+import java.io.InputStream;
+import java.io.InputStreamReader;
import java.security.AccessController;
import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+import org.jboss.logging.Logger;
+
/**
* Priviledged actions for this package
*
@@ -32,6 +39,8 @@
*/
class SecurityActions
{
+ private static final Logger log = Logger.getLogger(SecurityActions.class);
+
interface SystemPropertyAction
{
SystemPropertyAction PRIVILEGED = new SystemPropertyAction()
@@ -63,7 +72,61 @@
String getProperty(final String name, final String defaultValue);
}
+ interface RuntimeActions
+ {
+ RuntimeActions PRIVILEGED = new RuntimeActions()
+ {
+ public String execCmd(final String cmd)
+ throws Exception
+ {
+ try
+ {
+ String line = AccessController.doPrivileged(
+ new PrivilegedExceptionAction<String>()
+ {
+ public String run() throws Exception
+ {
+ return NON_PRIVILEGED.execCmd(cmd);
+ }
+ }
+ );
+ return line;
+ }
+ catch(PrivilegedActionException e)
+ {
+ throw e.getException();
+ }
+ }
+ };
+ RuntimeActions NON_PRIVILEGED = new RuntimeActions()
+ {
+ public String execCmd(final String cmd)
+ throws Exception
+ {
+ Runtime rt = Runtime.getRuntime();
+ Process p = rt.exec(cmd);
+ InputStream stdin = p.getInputStream();
+ BufferedReader reader = new BufferedReader(new InputStreamReader(stdin));
+ String line = reader.readLine();
+ stdin.close();
+ int exitCode = p.waitFor();
+ log.debug("Command exited with: "+exitCode);
+ return line;
+ }
+ };
+ String execCmd(String cmd) throws Exception;
+ }
+ private static class GetTCLAction implements PrivilegedAction
+ {
+ static PrivilegedAction ACTION = new GetTCLAction();
+ public Object run()
+ {
+ ClassLoader loader = Thread.currentThread().getContextClassLoader();
+ return loader;
+ }
+ }
+
static String getProperty(final String name, final String defaultValue)
{
SecurityManager sm = System.getSecurityManager();
@@ -78,4 +141,27 @@
}
return prop;
}
+
+ static ClassLoader getContextClassLoader()
+ {
+ ClassLoader loader = (ClassLoader) AccessController.doPrivileged(GetTCLAction.ACTION);
+ return loader;
+ }
+
+ public static String execCmd(String cmd)
+ throws Exception
+ {
+ SecurityManager sm = System.getSecurityManager();
+ String line;
+ if( sm != null )
+ {
+ line = RuntimeActions.PRIVILEGED.execCmd(cmd);
+ }
+ else
+ {
+ line = RuntimeActions.NON_PRIVILEGED.execCmd(cmd);
+ }
+ return line;
+ }
+
}
Modified: branches/Branch_4_2/security/src/main/org/jboss/security/Util.java
===================================================================
--- branches/Branch_4_2/security/src/main/org/jboss/security/Util.java 2007-01-22 08:05:05 UTC (rev 59904)
+++ branches/Branch_4_2/security/src/main/org/jboss/security/Util.java 2007-01-22 08:06:26 UTC (rev 59905)
@@ -33,7 +33,9 @@
import java.security.Provider;
import java.security.Security;
import java.security.SecureRandom;
+import java.util.ArrayList;
import java.util.Random;
+import java.util.StringTokenizer;
import org.jboss.crypto.JBossSXProvider;
import org.jboss.crypto.digest.DigestCallback;
@@ -593,4 +595,124 @@
}
return data;
}
+
+ /**
+ * Execute a password load command to obtain the char[] contents of a
+ * password.
+ * @param passwordCmd - A command to execute to obtain the plaintext
+ * password. The format is one of:
+ * '{EXT}...' where the '...' is the exact command
+ * line that will be passed to the Runtime.exec(String) method to execute a
+ * platform command. The first line of the command output is used as the
+ * password.
+ * '{CLASS}classname[:ctorargs]' where the '[:ctorargs]' is an optional
+ * string delimited by the ':' from the classname that will be passed to the
+ * classname ctor. The ctorargs itself is a comma delimited list of strings.
+ * The password is obtained from classname by invoking a
+ * 'char[] toCharArray()' method if found, otherwise, the 'String toString()'
+ * method is used.
+ * @throws Exception
+ */
+ public static char[] loadPassword(String passwordCmd)
+ throws Exception
+ {
+ char[] password = null;
+ String passwordCmdType = null;
+
+ // Look for a {...} prefix indicating a password command
+ if( passwordCmd.charAt(0) == '{' )
+ {
+ StringTokenizer tokenizer = new StringTokenizer(passwordCmd, "{}");
+ passwordCmdType = tokenizer.nextToken();
+ passwordCmd = tokenizer.nextToken();
+ }
+ else
+ {
+ // Its just the password string
+ password = passwordCmd.toCharArray();
+ }
+
+ if( password == null )
+ {
+ // Load the password
+ if( passwordCmdType.equals("EXT") )
+ password = execPasswordCmd(passwordCmd);
+ else if( passwordCmdType.equals("CLASS") )
+ password = invokePasswordClass(passwordCmd);
+ else
+ throw new IllegalArgumentException("Unknown passwordCmdType: "+passwordCmdType);
+ }
+ return password;
+ }
+
+ /**
+ * Execute a Runtime command to load a password.
+ * @param passwordCmd
+ * @return
+ * @throws Exception
+ */
+ private static char[] execPasswordCmd(String passwordCmd)
+ throws Exception
+ {
+ log.debug("Executing command: "+passwordCmd);
+ String password = SecurityActions.execCmd(passwordCmd);
+ return password.toCharArray();
+ }
+
+ private static char[] invokePasswordClass(String passwordCmd)
+ throws Exception
+ {
+ char[] password = null;
+
+ // Check for a ctor argument delimited by ':'
+ String classname = passwordCmd;
+ String ctorArgs = null;
+ int colon = passwordCmd.indexOf(':');
+ if( colon > 0 )
+ {
+ classname = passwordCmd.substring(0, colon);
+ ctorArgs = passwordCmd.substring(colon+1);
+ }
+ log.debug("Loading class: "+classname+", ctorArgs="+ctorArgs);
+ ClassLoader loader = SecurityActions.getContextClassLoader();
+ Class c = loader.loadClass(classname);
+ Object instance = null;
+ // Check for a ctor(String,...) if ctorArg is not null
+ if( ctorArgs != null )
+ {
+ Object[] args = ctorArgs.split(",");
+ Class[] sig = new Class[args.length];
+ ArrayList<Class> sigl = new ArrayList<Class>();
+ for(int n = 0; n < args.length; n ++)
+ sigl.add(String.class);
+ sigl.toArray(sig);
+ Constructor ctor = c.getConstructor(sig);
+ instance = ctor.newInstance(args);
+ }
+ else
+ {
+ // Use the default ctor
+ instance = c.newInstance();
+ }
+
+ // Look for a toCharArray() method
+ try
+ {
+ log.debug("Checking for toCharArray");
+ Class[] sig = {};
+ Method toCharArray = c.getMethod("toCharArray", sig);
+ Object[] args = {};
+ log.debug("Invoking toCharArray");
+ password = (char[]) toCharArray.invoke(instance, args);
+ }
+ catch(NoSuchMethodException e)
+ {
+ log.debug("No toCharArray found, invoking toString");
+ String tmp = instance.toString();
+ if( tmp != null )
+ password = tmp.toCharArray();
+ }
+ return password;
+ }
+
}
Modified: branches/Branch_4_2/security/src/main/org/jboss/security/plugins/JaasSecurityDomain.java
===================================================================
--- branches/Branch_4_2/security/src/main/org/jboss/security/plugins/JaasSecurityDomain.java 2007-01-22 08:05:05 UTC (rev 59904)
+++ branches/Branch_4_2/security/src/main/org/jboss/security/plugins/JaasSecurityDomain.java 2007-01-22 08:06:26 UTC (rev 59905)
@@ -21,18 +21,13 @@
*/
package org.jboss.security.plugins;
-import java.io.BufferedReader;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.lang.reflect.Constructor;
-import java.lang.reflect.Method;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.KeyStore;
import java.util.Arrays;
-import java.util.StringTokenizer;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
@@ -132,10 +127,6 @@
private URL keyStoreURL;
/** The keystore password for loading */
private char[] keyStorePassword;
- /** A command string to execute to obtain the keyStorePassword */
- private String keyStorePasswordCmd;
- /** The type of command string: EXT, CLASS */
- private String keyStorePasswordCmdType;
/** The secret key that corresponds to the keystore password */
private SecretKey cipherKey;
/** The encode/decode cipher algorigthm */
@@ -239,20 +230,9 @@
}
public void setKeyStorePass(String password)
+ throws Exception
{
- this.keyStorePassword = null;
- // Look for a {...} prefix indicating a password command
- if( password.charAt(0) == '{' )
- {
- StringTokenizer tokenizer = new StringTokenizer(password, "{}");
- this.keyStorePasswordCmdType = tokenizer.nextToken();
- this.keyStorePasswordCmd = tokenizer.nextToken();
- }
- else
- {
- // Its just the keystore password string
- this.keyStorePassword = password.toCharArray();
- }
+ this.keyStorePassword = Util.loadPassword(password);
}
public String getTrustStoreType()
@@ -420,23 +400,13 @@
private void loadKeystorePassword()
throws Exception
{
- if( keyStorePassword == null )
- {
- if( keyStorePasswordCmdType.equals("EXT") )
- execPasswordCmd();
- else if( keyStorePasswordCmdType.equals("CLASS") )
- invokePasswordClass();
- else
- throw new IllegalArgumentException("Unknown keyStorePasswordCmdType: "+keyStorePasswordCmdType);
- }
-
// Create the PBE secret key
cipherSpec = new PBEParameterSpec(salt, iterationCount);
PBEKeySpec keySpec = new PBEKeySpec(keyStorePassword);
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBEwithMD5andDES");
cipherKey = factory.generateSecret(keySpec);
}
-
+
private void loadKeyAndTrustStore()
throws Exception
{
@@ -467,75 +437,6 @@
}
}
- private void execPasswordCmd()
- throws Exception
- {
- log.debug("Executing command: "+keyStorePasswordCmd);
- Runtime rt = Runtime.getRuntime();
- Process p = rt.exec(keyStorePasswordCmd);
- InputStream stdin = p.getInputStream();
- BufferedReader reader = new BufferedReader(new InputStreamReader(stdin));
- String password = reader.readLine();
- stdin.close();
- int exitCode = p.waitFor();
- log.debug("Command exited with: "+exitCode);
- keyStorePassword = password.toCharArray();
- }
- /**
- *
- * @throws Exception
- */
- private void invokePasswordClass()
- throws Exception
- {
- keyStorePassword = null;
-
- // Check for a ctor argument delimited by ':'
- String classname = keyStorePasswordCmd;
- String ctorArg = null;
- int colon = keyStorePasswordCmd.indexOf(':');
- if( colon > 0 )
- {
- classname = keyStorePasswordCmd.substring(0, colon);
- ctorArg = keyStorePasswordCmd.substring(colon+1);
- }
- log.debug("Loading class: "+classname+", ctorArg="+ctorArg);
- ClassLoader loader = SubjectActions.getContextClassLoader();
- Class c = loader.loadClass(classname);
- Object instance = null;
- // Check for a ctor(String) if ctorArg is not null
- if( ctorArg != null )
- {
- Class[] sig = {String.class};
- Constructor ctor = c.getConstructor(sig);
- Object[] args = {ctorArg};
- instance = ctor.newInstance(args);
- }
- else
- {
- // Use the default ctor
- instance = c.newInstance();
- }
-
- // Look for a toCharArray() method
- try
- {
- log.debug("Checking for toCharArray");
- Class[] sig = {};
- Method toCharArray = c.getMethod("toCharArray", sig);
- Object[] args = {};
- log.debug("Invoking toCharArray");
- keyStorePassword = (char[]) toCharArray.invoke(instance, args);
- }
- catch(NoSuchMethodException e)
- {
- log.debug("No toCharArray found, invoking toString");
- String tmp = instance.toString();
- if( tmp != null )
- keyStorePassword = tmp.toCharArray();
- }
- }
-
private URL validateStoreURL(String storeURL) throws IOException
{
URL url = null;
Modified: branches/Branch_4_2/security/src/main/org/jboss/security/plugins/JaasSecurityDomainMBean.java
===================================================================
--- branches/Branch_4_2/security/src/main/org/jboss/security/plugins/JaasSecurityDomainMBean.java 2007-01-22 08:05:05 UTC (rev 59904)
+++ branches/Branch_4_2/security/src/main/org/jboss/security/plugins/JaasSecurityDomainMBean.java 2007-01-22 08:06:26 UTC (rev 59905)
@@ -51,7 +51,8 @@
public void setKeyStoreURL(String storeURL) throws IOException;
/** Set the credential string for the KeyStore.
*/
- public void setKeyStorePass(String password);
+ public void setKeyStorePass(String password)
+ throws Exception;
/** Get the type of the trust store
* @return the type of the trust store
More information about the jboss-cvs-commits
mailing list