PAYARA-2627 remove X500 class

appserver/security/ejb.security/src/main/java/com/sun/enterprise/iiop/security/SecClientRequestInterceptor.java

@@ -63,7 +63,7 @@
 import org.omg.IOP.*;
 import sun.security.util.DerOutputStream;
 import sun.security.util.DerValue;
-import sun.security.x509.X500Name;
+import javax.security.auth.x500.X500Principal;
 
 /**
  * This class implements a client side security request interceptor for CSIV2. It is used to send
@@ -184,11 +184,10 @@ private IdentityToken createIdToken(java.lang.Object cred, Class cls, ORB orb) t
         Any any = orb.create_any();
         idtok = new IdentityToken();
 
-        if (X500Name.class.isAssignableFrom(cls)) {
+        if (X500Principal.class.isAssignableFrom(cls)) {
             _logger.log(Level.FINE, "Constructing an X500 DN Identity Token");
-            X500Name credname = (X500Name) cred;
-            credname.encode(dos); // ASN.1 encoding
-            X501DistinguishedNameHelper.insert(any, dos.toByteArray());
+            X500Principal credname = (X500Principal) cred;
+            X501DistinguishedNameHelper.insert(any, credname.getEncoded());
 
             /* IdentityToken with CDR encoded X501 name */
             idtok.dn(codec.encode_value(any));

appserver/security/ejb.security/src/main/java/com/sun/enterprise/iiop/security/SecServerRequestInterceptor.java

@@ -107,7 +107,7 @@
 
 import sun.security.util.DerInputStream;
 import sun.security.util.DerValue;
-import sun.security.x509.X500Name;
+import javax.security.auth.x500.X500Principal;
 import sun.security.x509.X509CertImpl;
 
 /**
@@ -186,7 +186,7 @@ private SASContextBody createContextError(int status) {
      */
     private SASContextBody createContextError(int major, int minor) {
         if (logger.isLoggable(FINE)) {
-            logger.log(FINE, "Creating ContextError message: major code = " + major + "minor code= " + minor);
+            logger.log(FINE, "Creating ContextError message: major code = {0}minor code= {1}", new Object[]{major, minor});
         }
 
         byte error_token[] = {};
@@ -231,8 +231,6 @@ private SASContextBody createCompleteEstablishContext(int status) {
      */
     private ServiceContext createSvcContext(SASContextBody sasContextBody, ORB orb) {
 
-        ServiceContext serviceContext = null;
-
         Any any = orb.create_any();
         SASContextBodyHelper.insert(any, sasContextBody);
 
@@ -243,7 +241,7 @@ private ServiceContext createSvcContext(SASContextBody sasContextBody, ORB orb)
             logger.log(Level.SEVERE, "iiop.encode_exception", e);
         }
 
-        serviceContext = new ServiceContext();
+        ServiceContext serviceContext = new ServiceContext();
         serviceContext.context_id = SECURITY_ATTRIBUTE_SERVICE_ID;
         serviceContext.context_data = cdr_encoded_saselm;
 
@@ -283,7 +281,7 @@ private void createIdCred(SecurityContext securityContext, IdentityToken identit
             break;
 
         case ITTDistinguishedName.value:
-            // Construct a X500Name
+            // Construct a X500Principal
 
             derEncoding = identityToken.dn();
 
@@ -296,18 +294,18 @@ private void createIdCred(SecurityContext securityContext, IdentityToken identit
             }
 
             if (logger.isLoggable(FINE)) {
-                logger.log(FINE, "Create an X500Name object from identity token");
+                logger.log(FINE, "Create an X500Principal object from identity token");
             }
 
-            X500Name xname = new X500Name(derEncoding);
+            X500Principal xname = new X500Principal(derEncoding);
 
             if (logger.isLoggable(FINE)) {
-                logger.log(FINE, "Identity to be asserted is " + xname.toString());
-                logger.log(FINE, "Adding X500Name to subject's PublicCredentials");
+                logger.log(FINE, "Identity to be asserted is {0}", xname.toString());
+                logger.log(FINE, "Adding X500Principal to subject's PublicCredentials");
             }
 
             securityContext.subject.getPublicCredentials().add(xname);
-            securityContext.identcls = X500Name.class;
+            securityContext.identcls = X500Principal.class;
             break;
 
         case ITTX509CertChain.value:

appserver/security/ejb.security/src/main/java/com/sun/enterprise/iiop/security/SecurityMechanismSelector.java

@@ -59,24 +59,12 @@
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
-import javax.inject.Inject;
-import javax.inject.Singleton;
 import javax.net.ssl.SSLSession;
 import javax.net.ssl.SSLSocket;
 // GSS Related Functionality
 import javax.security.auth.Subject;
 
-import org.glassfish.api.admin.ProcessEnvironment;
-import org.glassfish.api.admin.ProcessEnvironment.ProcessType;
-import org.glassfish.api.invocation.ComponentInvocation;
-import org.glassfish.api.invocation.InvocationManager;
-import org.glassfish.enterprise.iiop.api.GlassFishORBHelper;
-import org.glassfish.enterprise.iiop.api.ProtocolManager;
 import org.glassfish.enterprise.iiop.impl.GlassFishORBManager;
-import org.glassfish.hk2.api.PostConstruct;
-import org.glassfish.internal.api.ORBLocator;
-import org.ietf.jgss.Oid;
-import org.jvnet.hk2.annotations.Service;
 import org.omg.CORBA.ORB;
 
 import com.sun.corba.ee.org.omg.CSI.ITTAnonymous;
@@ -110,13 +98,26 @@
 import com.sun.enterprise.security.auth.login.common.X509CertificateCredential;
 import com.sun.enterprise.security.auth.realm.Realm;
 import com.sun.enterprise.security.common.ClientSecurityContext;
-import com.sun.enterprise.security.common.SecurityConstants;
 import com.sun.enterprise.security.ssl.SSLUtils;
 import com.sun.enterprise.util.LocalStringManagerImpl;
 import com.sun.enterprise.util.Utility;
 import com.sun.logging.LogDomains;
 
-import sun.security.x509.X500Name;
+import org.glassfish.api.admin.ProcessEnvironment;
+import org.glassfish.api.admin.ProcessEnvironment.ProcessType;
+import org.glassfish.api.invocation.ComponentInvocation;
+import org.glassfish.enterprise.iiop.api.GlassFishORBHelper;
+import org.glassfish.enterprise.iiop.api.ProtocolManager;
+
+import org.jvnet.hk2.annotations.Service;
+import org.glassfish.hk2.api.PostConstruct;
+import org.glassfish.internal.api.ORBLocator;
+
+import javax.inject.Singleton;
+
+import javax.inject.Inject;
+import javax.security.auth.x500.X500Principal;
+import org.ietf.jgss.Oid;
 
 /**
  * This class is responsible for making various decisions for selecting security information to be
@@ -790,8 +791,8 @@ public Subject run() {
                 Object o = credIter.next();
                 if (o instanceof GSSUPName) {
                     ctx.identcls = GSSUPName.class;
-                } else if (o instanceof X500Name) {
-                    ctx.identcls = X500Name.class;
+                } else if (o instanceof X500Principal) {
+                    ctx.identcls = X500Principal.class;
                 } else {
                     ctx.identcls = X509CertificateCredential.class;
                 }
@@ -1307,15 +1308,15 @@ public SecurityContext evaluateTrust(SecurityContext securityContext, byte[] obj
                 // Note: if the target object is not an EJB, no security ctx is needed.
                 return null;
             } else {
-                // Set the transport principal in subject and return the X500Name class
-                SecurityContext newSecurityContext = new SecurityContext();
-                X500Name x500Name = (X500Name) certChain[0].getSubjectDN();
-                newSecurityContext.subject = new Subject();
-                newSecurityContext.subject.getPublicCredentials().add(x500Name);
-                newSecurityContext.identcls = X500Name.class;
-                newSecurityContext.authcls = null;
-
-                return newSecurityContext;
+                // Set the transport principal in subject and
+                // return the X500Principal class
+                securityContext = new SecurityContext();
+                X500Principal x500principal = certChain[0].getSubjectX500Principal();
+                securityContext.subject = new Subject();
+                securityContext.subject.getPublicCredentials().add(x500principal);
+                securityContext.identcls = X500Principal.class;
+                securityContext.authcls = null;
+                return securityContext;
             }
         }
 

appserver/security/webintegration/src/main/java/com/sun/web/security/RealmAdapter.java

@@ -136,6 +136,7 @@
 import com.sun.web.security.realmadapter.JaspicRealm;
 
 import fish.payara.nucleus.requesttracing.RequestTracingService;
+import fish.payara.notification.requesttracing.RequestTraceSpan;
 
 /**
  * This is the realm adapter used to authenticate users and authorize access to web resources. The authenticate method
@@ -1396,7 +1397,7 @@ public void setCurrentSecurityContext(Principal principal) {
     private Subject createSubjectWithCerts(X509Certificate[] certificates) {
         Subject subject = new Subject();
 
-        subject.getPublicCredentials().add(certificates[0].getSubjectDN());
+        subject.getPublicCredentials().add(certificates[0].getSubjectX500Principal());
         subject.getPublicCredentials().add(asList(certificates));
 
         return subject;

nucleus/security/core/src/main/java/com/sun/enterprise/common/iiop/security/SecurityContext.java

@@ -54,47 +54,57 @@
  */
 
 /**
- * A subject is used a container for passing the security context information in the service context
- * field. The security context information in the subject must be stored either as a private or a
- * public credential according to the following convention:
- *
- * PasswordCredential: Client authentication will be performed using the username and password in
- * the PasswordCredential. PasswordCredential must be passed as a PrivateCredential.
- *
- * X500Name: DN name specified in X500Name will be asserted. X500Name must be passed as a
- * PublicCredential.
- *
- * GSSUPName: Identity specified in GSSUPName will be asserted. GSSUPName must be passed as a
- * PublicCredential.
- *
- * X509CertificateCredential: The certificate chain in the credential will be asserted. The
- * credential must be passed as a PublicCredential.
- *
- * AnonCredential: Anonymous identity will be asserted. Credential must be passed as a
- * PublicCredential.
- *
- * Class fields in the SecurityContext are used for credential selection. There are two class
- * fields: authcls and identcls.
- *
- * authcls is a Class object that identifies the credential for client authentication.
- *
- * identcls is a Class object that identifies the credential for identity assertion.
- *
- * The following semantics must be observed:
- *
- * 1. A client authentication token is always passed as a private credential. authcls set to the
- * class of the authentication token
- *
- * 2. An identity token is always passed as a public credential. identcls is set to the class of the
- * identity token.
- *
- * 3. authcls is set to null if there is no client auth token
- *
- * 4. identcls is set to null if there is no ident token
- *
- * 5. There must not be more than one instance of class identified by authcls or identcls. However,
- * there can be one instance of identcls *and* authcls (this allows both a client auth token and an
- * identity token to be passed across the interface).
+ *  A subject is used a container for passing the security context
+ *  information in the service context field. The security context
+ *  information in the subject must be stored either as a private or
+ *  a public credential according to the following convention:
+ *
+ *    PasswordCredential:
+ *      Client authentication will be performed using the username
+ *      and password in the PasswordCredential. PasswordCredential
+ *      must be passed as a PrivateCredential.
+ *
+ *    X500Principal:
+ *      DN name specified in X500Principal will be asserted. X500Principal must 
+ *      be passed as a PublicCredential.
+ *
+ *    GSSUPName:
+ *      Identity specified in GSSUPName will be asserted. GSSUPName must
+ *      be passed as a PublicCredential.
+ *
+ *    X509CertificateCredential:
+ *      The certificate chain in the credential will be asserted. The 
+ *      credential must be passed as a PublicCredential.
+ *
+ *    AnonCredential:
+ *      Anonymous identity will be asserted. Credential must be passed
+ *      as a PublicCredential.
+ *
+ *    Class fields in the SecurityContext are used for credential selection.
+ *    There are two class fields: authcls and identcls.
+ *    
+ *    authcls is a Class object that identifies the credential for 
+ *    client authentication.
+ *          
+ *    identcls is a Class object that identifies the credential for
+ *    identity assertion.
+ *
+ *  The following semantics must be observed:
+ * 
+ *  1. A client authentication token is always passed as a private
+ *     credential. authcls set to the class of the authentication token
+ *     
+ *  2. An identity token is always passed as a public credential.
+ *     identcls is set to the class of the identity token.
+ *  
+ *  3. authcls is set to null if there is no client auth token
+ * 
+ *  4. identcls is set to null if there is no ident token
+ *
+ *  5. There must not be more than one instance of class identified
+ *     by authcls or identcls. However, there can be one instance of
+ *     identcls *and* authcls (this allows both a client auth token
+ *     and an identity token to be passed across the interface).
  */
 public class SecurityContext {
 

nucleus/security/core/src/main/java/com/sun/enterprise/security/auth/JaspicToJaasBridge.java

@@ -138,10 +138,9 @@ public static Subject jaasX500Login(Subject subject, X500Principal x500Principal
 
         String callerPrincipalName = "";
         try {
-            final X500Name x500Name = new X500Name(x500Principal.getName(X500Principal.RFC1779));
-            callerPrincipalName = x500Name.toString();
+            callerPrincipalName = x500Principal.getName(X500Principal.RFC1779);
 
-            privileged(() -> validSubject.getPublicCredentials().add(x500Name));
+            privileged(() -> validSubject.getPublicCredentials().add(x500Principal));
 
             CertificateRealm certRealm = (CertificateRealm) Realm.getInstance(CertificateRealm.AUTH_TYPE);
             String jaasCtx = certRealm.getJAASContext();
@@ -153,7 +152,7 @@ public static Subject jaasX500Login(Subject subject, X500Principal x500Principal
             }
 
             // Sets security context
-            certRealm.authenticate(validSubject, x500Name);
+            certRealm.authenticate(validSubject, x500Principal);
         } catch (Exception ex) {
             _logger.log(INFO, auditAtnRefusedError, callerPrincipalName);
 

nucleus/security/core/src/main/java/com/sun/enterprise/security/auth/WebAndEjbToJaasBridge.java

@@ -86,8 +86,7 @@
 import com.sun.enterprise.security.auth.realm.Realm;
 import com.sun.enterprise.security.auth.realm.certificate.CertificateRealm;
 import com.sun.enterprise.security.auth.realm.file.FileRealm;
-
-import sun.security.x509.X500Name;
+import javax.security.auth.x500.X500Principal;
 
 /**
  * This class contains a collection of methods that are used by the Web and EJB containers
@@ -187,7 +186,7 @@ public static void login(Subject subject, Class<?> cls) throws LoginException {
         } else if (cls.equals(GSSUPName.class)) {
             doGSSUPLogin(subject);
 
-        } else if (cls.equals(X500Name.class)) {
+        } else if (cls.equals(X500Principal.class)) {
             doX500Login(subject, null);
 
         } else {
@@ -207,8 +206,8 @@ public static void doX500Login(Subject subject, String appModuleID) throws Login
         String user = null;
         String realmName = null;
         try {
-            X500Name x500name = getPublicCredentials(subject, X500Name.class);
-            user = x500name.getName();
+            X500Principal x500principal = getPublicCredentials(subject, X500Principal.class);
+            user = x500principal.getName();
 
             // In the RI-inherited implementation this directly creates
             // some credentials and sets the security context. This means
@@ -230,7 +229,7 @@ public static void doX500Login(Subject subject, String appModuleID) throws Login
                     LoginContext lg = new LoginContext(jaasCtx, subject, new ServerLoginCallbackHandler(user, null, appModuleID));
                     lg.login();
                 }
-                certRealm.authenticate(subject, x500name);
+                certRealm.authenticate(subject, x500principal);
                 realmName = CertificateRealm.AUTH_TYPE;
 
                 auditAuthenticate(user, realmName, true);

nucleus/security/core/src/main/java/com/sun/enterprise/security/auth/login/LoginContextDriver.java

@@ -155,7 +155,7 @@ public static Subject doClientLogin(int type, CallbackHandler handler) throws Lo
             return subject;
         }
     }
-
+    
     /**
      * Perform logout on the client side.
      *