Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FISH-5836 FISH-5837 Refactor EJB Security to Use Public APIs and Fix Improper Formatting in GSSUtils #5485

Merged
merged 2 commits into from
Nov 4, 2021
Merged

FISH-5836 FISH-5837 Refactor EJB Security to Use Public APIs and Fix Improper Formatting in GSSUtils #5485

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7bdd394
FISH-5836 Replaced DER code using sun private packages to use public …
arjantijms Feb 4, 2021
a5ae9d5
FISH-5837 #23424 ejb30/sec TCK failures
hussainnm Mar 20, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
72 changes: 35 additions & 37 deletions ...ejb.security/src/main/java/com/sun/enterprise/iiop/security/CSIV2TaggedComponentInfo.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 1997-2012 Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997-2021 Oracle and/or its affiliates. All rights reserved.
*
* The contents of this file are subject to the terms of either the GNU
* General Public License Version 2 only ("GPL") or the Common Development
Expand Down Expand Up @@ -37,42 +37,13 @@
* only if the new code is made subject to such option by the copyright
* holder.
*/
// Portions Copyright [2018-2020] [Payara Foundation and/or its affiliates]
// Portions Copyright [2018-2021] [Payara Foundation and/or its affiliates]
package com.sun.enterprise.iiop.security;

import static com.sun.enterprise.deployment.EjbIORConfigurationDescriptor.NONE;
import static com.sun.enterprise.deployment.EjbIORConfigurationDescriptor.REQUIRED;
import static com.sun.enterprise.deployment.EjbIORConfigurationDescriptor.SUPPORTED;
import static com.sun.enterprise.iiop.security.GSSUtils.GSSUP_MECH_OID;
import static com.sun.enterprise.util.Utility.getLocalAddress;
import static com.sun.enterprise.util.Utility.intToShort;
import static com.sun.logging.LogDomains.SECURITY_LOGGER;
import static java.util.logging.Level.FINE;
import static java.util.logging.Level.SEVERE;

import java.io.IOException;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;

import com.sun.enterprise.deployment.MethodPermission;
import org.glassfish.enterprise.iiop.api.GlassFishORBHelper;
import org.glassfish.enterprise.iiop.impl.CSIv2Policy;
import org.glassfish.internal.api.ORBLocator;
import org.glassfish.pfl.basic.func.UnaryFunction;
import org.glassfish.security.common.Role;
import org.omg.CORBA.INV_POLICY;
import org.omg.CORBA.ORB;
import org.omg.PortableInterceptor.IORInfo;

import com.sun.corba.ee.impl.encoding.CDRInputObject;
import com.sun.corba.ee.impl.encoding.CDROutputObject;
import com.sun.corba.ee.impl.encoding.EncapsInputStream;
import com.sun.corba.ee.org.omg.CSIIOP.AS_ContextSec;
// The following classes are generated from CSIIOP.idl
import com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech;
import com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMechList;
import com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMechListHelper;
Expand All @@ -96,7 +67,34 @@
import com.sun.corba.ee.spi.ior.iiop.IIOPProfileTemplate;
import com.sun.enterprise.deployment.EjbDescriptor;
import com.sun.enterprise.deployment.EjbIORConfigurationDescriptor;
import com.sun.enterprise.deployment.MethodPermission;
import com.sun.logging.LogDomains;
import org.glassfish.enterprise.iiop.api.GlassFishORBHelper;
import org.glassfish.enterprise.iiop.impl.CSIv2Policy;
import org.glassfish.internal.api.ORBLocator;
import org.glassfish.pfl.basic.func.UnaryFunction;
import org.glassfish.security.common.Role;
import org.ietf.jgss.GSSException;
import org.omg.CORBA.INV_POLICY;
import org.omg.CORBA.ORB;
import org.omg.PortableInterceptor.IORInfo;

import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;

import static com.sun.enterprise.deployment.EjbIORConfigurationDescriptor.NONE;
import static com.sun.enterprise.deployment.EjbIORConfigurationDescriptor.REQUIRED;
import static com.sun.enterprise.deployment.EjbIORConfigurationDescriptor.SUPPORTED;
import static com.sun.enterprise.iiop.security.GSSUtils.GSSUP_MECH_OID;
import static com.sun.enterprise.util.Utility.getLocalAddress;
import static com.sun.enterprise.util.Utility.intToShort;
import static com.sun.logging.LogDomains.SECURITY_LOGGER;
import static java.util.logging.Level.FINE;
import static java.util.logging.Level.SEVERE;

/**
* This is the class that manages the CSIV2 tagged component information in the IORs. Note: For
Expand Down Expand Up @@ -322,7 +320,7 @@ private interface DescriptorMaker extends UnaryFunction<EjbIORConfigurationDescr
* CompoundSecMech here will cause getSecurityMechanisms to fail, as it supports only one
* CompoundSecMech.
*/
private CompoundSecMech[] createCompoundSecMechs(DescriptorMaker maker, EjbDescriptor ejbDescriptor) throws IOException {
private CompoundSecMech[] createCompoundSecMechs(DescriptorMaker maker, EjbDescriptor ejbDescriptor) throws GSSException {

if (logger.isLoggable(FINE)) {
logger.log(FINE, "IIOP: Creating CompoundSecMech");
Expand Down Expand Up @@ -377,8 +375,8 @@ private CompoundSecMech[] createCompoundSecMechs(DescriptorMaker maker, EjbDescr
return mechList;
}

private CompoundSecMech[] createCompoundSecMechs(List<SocketInfo> socketInfos, EjbDescriptor ejbDescriptor)
throws IOException {
private CompoundSecMech[] createCompoundSecMechs(final List<SocketInfo> socketInfos, EjbDescriptor ejbDescriptor)
throws GSSException {

DescriptorMaker maker = new DescriptorMaker() {
@Override
Expand All @@ -390,7 +388,7 @@ public org.omg.IOP.TaggedComponent evaluate(EjbIORConfigurationDescriptor iorDes
return createCompoundSecMechs(maker, ejbDescriptor);
}

private CompoundSecMech[] createCompoundSecMechs(int sslPort, EjbDescriptor ejbDescriptor) throws IOException {
private CompoundSecMech[] createCompoundSecMechs(final int sslPort, final EjbDescriptor ejbDescriptor) throws GSSException {

DescriptorMaker maker = new DescriptorMaker() {
@Override
Expand All @@ -405,7 +403,7 @@ public org.omg.IOP.TaggedComponent evaluate(EjbIORConfigurationDescriptor iorDes
/**
* Create the AS layer context within a compound mechanism definition.
*/
public AS_ContextSec createASContextSec(EjbIORConfigurationDescriptor iorDescriptor, String realmName) throws IOException {
public AS_ContextSec createASContextSec(EjbIORConfigurationDescriptor iorDescriptor, String realmName) throws GSSException {
int targetSupports = 0;
int targetRequires = 0;
byte[] clientAuthenticationMmechanism = {};
Expand Down Expand Up @@ -462,7 +460,7 @@ public AS_ContextSec createASContextSec(EjbIORConfigurationDescriptor iorDescrip
/**
* Create the SAS layer context within a compound mechanism definition.
*/
public SAS_ContextSec createSASContextSec(EjbIORConfigurationDescriptor iorDescriptor) throws IOException {
public SAS_ContextSec createSASContextSec(EjbIORConfigurationDescriptor iorDescriptor) throws GSSException {
int targetSupports = 0; // target_supports = 0 means that target supports ITTAbsent
int targetRequires = 0;
ServiceConfiguration[] privilegeAuthorities = new ServiceConfiguration[0];
Expand Down
10 changes: 5 additions & 5 deletions ...rver/security/ejb.security/src/main/java/com/sun/enterprise/iiop/security/GSSUPToken.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 1997-2011 Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997-2021 Oracle and/or its affiliates. All rights reserved.
*
* The contents of this file are subject to the terms of either the GNU
* General Public License Version 2 only ("GPL") or the Common Development
Expand Down Expand Up @@ -37,7 +37,7 @@
* only if the new code is made subject to such option by the copyright
* holder.
*/
// Portions Copyright [2018-2019] [Payara Foundation and/or its affiliates]
// Portions Copyright [2018-2021] [Payara Foundation and/or its affiliates]
package com.sun.enterprise.iiop.security;

/**
Expand All @@ -52,11 +52,11 @@
import com.sun.enterprise.security.auth.login.common.PasswordCredential;
import com.sun.enterprise.util.Utility;
import com.sun.logging.LogDomains;
import org.ietf.jgss.GSSException;
import org.omg.CORBA.Any;
import org.omg.CORBA.ORB;
import org.omg.IOP.Codec;

import java.io.IOException;
import java.util.StringTokenizer;
import java.util.logging.Level;

Expand Down Expand Up @@ -329,7 +329,7 @@ private GSSUPToken(ORB orb, Codec codec, byte[] authtok) throws SecurityMechanis
if (target_name != null && target_name.length != 0) {
targetNameRealm = new String(GSSUtils.importName(GSSUtils.GSSUP_MECH_OID, target_name));
}
} catch (IOException ex) {
} catch (GSSException ex) {
_logger.log(Level.FINE, null, ex);
}
if (targetNameRealm != null && !DEFAULT_REALM_NAME.equals(targetNameRealm)) {
Expand All @@ -346,7 +346,7 @@ private GSSUPToken(ORB orb, Codec codec, byte[] authtok) throws SecurityMechanis
*
* @return byte[] the byte array representation of the GSSToken
*/
byte[] getGSSToken() throws IOException {
byte[] getGSSToken() throws GSSException {
if (_logger.isLoggable(Level.FINER)) {
_logger.log(Level.FINER, "IIOP:GSSUP mech token : " + GSSUtils.dumpHex(cdr_encoded_token));
}
Expand Down
Loading