/** * Overridden to allow for authentication based on client certificates. * Connections being added will be authenticated based on their certificate * chain and the JAAS module specified through the JAAS framework. NOTE: The * security context's username will be set to the first UserPrincipal * created by the login module. * * @param context The context for the incoming Connection. * @param info The ConnectionInfo Command representing the incoming * connection. */ @Override public void addConnection(ConnectionContext context, ConnectionInfo info) throws Exception { if (context.getSecurityContext() == null) { if (!(info.getTransportContext() instanceof X509Certificate[])) { throw new SecurityException("Unable to authenticate transport without SSL certificate."); } // Set the TCCL since it seems JAAS needs it to find the login // module classes. ClassLoader original = Thread.currentThread().getContextClassLoader(); Thread.currentThread().setContextClassLoader(JaasAuthenticationBroker.class.getClassLoader()); try { SecurityContext s = authenticate(info.getUserName(), info.getPassword(), (X509Certificate[]) info.getTransportContext()); context.setSecurityContext(s); } finally { Thread.currentThread().setContextClassLoader(original); } } super.addConnection(context, info); }
private boolean isSSL(ConnectionContext context, ConnectionInfo info) throws Exception { boolean sslCapable = false; Connector connector = context.getConnector(); if (connector instanceof TransportConnector) { TransportConnector transportConnector = (TransportConnector) connector; sslCapable = transportConnector.getServer().isSslServer(); } // AMQ-5943, also check if transport context carries X509 cert if (!sslCapable && info.getTransportContext() instanceof X509Certificate[]) { sslCapable = true; } return sslCapable; }
public KapuaConnectionContext(String brokerId, ConnectionInfo info) { authDestinations = new ArrayList<>(); this.brokerId = brokerId; userName = info.getUserName(); clientId = info.getClientId(); clientIp = info.getClientIp(); connectionId = info.getConnectionId().getValue(); if(info.getTransportContext() instanceof Certificate[]) { clientCertificates = (Certificate[]) info.getTransportContext(); } }
if (!(info.getTransportContext() instanceof X509Certificate[])) { throw new SecurityException("Unable to authenticate transport without SSL certificate."); CallbackHandler callback = new JaasCertificateCallbackHandler((X509Certificate[])info.getTransportContext()); LoginContext lc = new LoginContext(jaasConfiguration, callback); lc.login(); SecurityContext s = new JaasCertificateSecurityContext(dnName, subject, (X509Certificate[])info.getTransportContext()); context.setSecurityContext(s); } catch (Exception e) {
/** * Overridden to allow for authentication based on client certificates. * Connections being added will be authenticated based on their certificate * chain and the JAAS module specified through the JAAS framework. NOTE: The * security context's username will be set to the first UserPrincipal * created by the login module. * * @param context The context for the incoming Connection. * @param info The ConnectionInfo Command representing the incoming * connection. */ @Override public void addConnection(ConnectionContext context, ConnectionInfo info) throws Exception { if (context.getSecurityContext() == null) { if (!(info.getTransportContext() instanceof X509Certificate[])) { throw new SecurityException("Unable to authenticate transport without SSL certificate."); } // Set the TCCL since it seems JAAS needs it to find the login // module classes. ClassLoader original = Thread.currentThread().getContextClassLoader(); Thread.currentThread().setContextClassLoader(JaasAuthenticationBroker.class.getClassLoader()); try { SecurityContext s = authenticate(info.getUserName(), info.getPassword(), (X509Certificate[]) info.getTransportContext()); context.setSecurityContext(s); } finally { Thread.currentThread().setContextClassLoader(original); } } super.addConnection(context, info); }
/** * Overridden to allow for authentication based on client certificates. * Connections being added will be authenticated based on their certificate * chain and the JAAS module specified through the JAAS framework. NOTE: The * security context's username will be set to the first UserPrincipal * created by the login module. * * @param context The context for the incoming Connection. * @param info The ConnectionInfo Command representing the incoming * connection. */ @Override public void addConnection(ConnectionContext context, ConnectionInfo info) throws Exception { if (context.getSecurityContext() == null) { if (!(info.getTransportContext() instanceof X509Certificate[])) { throw new SecurityException("Unable to authenticate transport without SSL certificate."); } // Set the TCCL since it seems JAAS needs it to find the login // module classes. ClassLoader original = Thread.currentThread().getContextClassLoader(); Thread.currentThread().setContextClassLoader(JaasAuthenticationBroker.class.getClassLoader()); try { SecurityContext s = authenticate(info.getUserName(), info.getPassword(), (X509Certificate[]) info.getTransportContext()); context.setSecurityContext(s); } finally { Thread.currentThread().setContextClassLoader(original); } } super.addConnection(context, info); }
private boolean isSSL(ConnectionContext context, ConnectionInfo info) throws Exception { boolean sslCapable = false; Connector connector = context.getConnector(); if (connector instanceof TransportConnector) { TransportConnector transportConnector = (TransportConnector) connector; sslCapable = transportConnector.getServer().isSslServer(); } // AMQ-5943, also check if transport context carries X509 cert if (!sslCapable && info.getTransportContext() instanceof X509Certificate[]) { sslCapable = true; } return sslCapable; }
/** * Overridden to allow for authentication based on client certificates. * Connections being added will be authenticated based on their certificate * chain and the JAAS module specified through the JAAS framework. NOTE: The * security context's username will be set to the first UserPrincipal * created by the login module. * * @param context The context for the incoming Connection. * @param info The ConnectionInfo Command representing the incoming * connection. */ @Override public void addConnection(ConnectionContext context, ConnectionInfo info) throws Exception { if (context.getSecurityContext() == null) { if (!(info.getTransportContext() instanceof X509Certificate[])) { throw new SecurityException("Unable to authenticate transport without SSL certificate."); } // Set the TCCL since it seems JAAS needs it to find the login // module classes. ClassLoader original = Thread.currentThread().getContextClassLoader(); Thread.currentThread().setContextClassLoader(JaasAuthenticationBroker.class.getClassLoader()); try { SecurityContext s = authenticate(info.getUserName(), info.getPassword(), (X509Certificate[]) info.getTransportContext()); context.setSecurityContext(s); } finally { Thread.currentThread().setContextClassLoader(original); } } super.addConnection(context, info); }
private boolean isSSL(ConnectionContext context, ConnectionInfo info) throws Exception { boolean sslCapable = false; Connector connector = context.getConnector(); if (connector instanceof TransportConnector) { TransportConnector transportConnector = (TransportConnector) connector; sslCapable = transportConnector.getServer().isSslServer(); } // AMQ-5943, also check if transport context carries X509 cert if (!sslCapable && info.getTransportContext() instanceof X509Certificate[]) { sslCapable = true; } return sslCapable; }
private boolean isSSL(ConnectionContext context, ConnectionInfo info) throws Exception { boolean sslCapable = false; Connector connector = context.getConnector(); if (connector instanceof TransportConnector) { TransportConnector transportConnector = (TransportConnector) connector; sslCapable = transportConnector.getServer().isSslServer(); } // AMQ-5943, also check if transport context carries X509 cert if (!sslCapable && info.getTransportContext() instanceof X509Certificate[]) { sslCapable = true; } return sslCapable; }
if (context.getConnectionState().getInfo().getTransportContext() instanceof X509Certificate[]) { X509Certificate ownerCert = ((X509Certificate[]) context.getConnectionState().getInfo().getTransportContext())[0]; String certificateDigest = null; try {