-
Notifications
You must be signed in to change notification settings - Fork 280
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[ELY-1996] SSLContext to support delegation to alternate instances ba…
…sed on peer information.
- Loading branch information
Showing
18 changed files
with
1,696 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,78 @@ | ||
| <?xml version="1.0" encoding="UTF-8"?> | ||
| <project xmlns="http://maven.apache.org/POM/4.0.0" | ||
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
| xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> | ||
| <parent> | ||
| <groupId>org.wildfly.security</groupId> | ||
| <artifactId>wildfly-elytron-parent</artifactId> | ||
| <version>1.14.3.CR1-SNAPSHOT</version> | ||
| <relativePath>../pom.xml</relativePath> | ||
| </parent> | ||
|
|
||
| <modelVersion>4.0.0</modelVersion> | ||
|
|
||
| <artifactId>wildfly-elytron-dynamic-ssl</artifactId> | ||
|
|
||
| <name>WildFly Elytron - Dynamic SSL</name> | ||
| <description>WildFly Security Dynamic SSL Implementation</description> | ||
| <dependencies> | ||
| <dependency> | ||
| <groupId>org.jboss.logging</groupId> | ||
| <artifactId>jboss-logging-annotations</artifactId> | ||
| <scope>provided</scope> | ||
| </dependency> | ||
| <dependency> | ||
| <groupId>org.jboss.logging</groupId> | ||
| <artifactId>jboss-logging</artifactId> | ||
| <scope>provided</scope> | ||
| </dependency> | ||
| <dependency> | ||
| <groupId>org.jboss.logging</groupId> | ||
| <artifactId>jboss-logging-processor</artifactId> | ||
| <scope>provided</scope> | ||
| </dependency> | ||
| <dependency> | ||
| <groupId>org.jboss.logmanager</groupId> | ||
| <artifactId>jboss-logmanager</artifactId> | ||
| <scope>provided</scope> | ||
| </dependency> | ||
| <dependency> | ||
| <groupId>org.wildfly.security</groupId> | ||
| <artifactId>wildfly-elytron-client</artifactId> | ||
| </dependency> | ||
| <dependency> | ||
| <groupId>org.kohsuke.metainf-services</groupId> | ||
| <artifactId>metainf-services</artifactId> | ||
| <scope>provided</scope> | ||
| </dependency> | ||
| <dependency> | ||
| <groupId>org.wildfly.common</groupId> | ||
| <artifactId>wildfly-common</artifactId> | ||
| <scope>compile</scope> | ||
| <!-- scope is compile ELY-1153 --> | ||
| </dependency> | ||
|
|
||
| <!--test dependencies--> | ||
| <dependency> | ||
| <groupId>junit</groupId> | ||
| <artifactId>junit</artifactId> | ||
| <scope>test</scope> | ||
| </dependency> | ||
| <!-- Mock Web Server --> | ||
| <dependency> | ||
| <groupId>com.squareup.okhttp3</groupId> | ||
| <artifactId>mockwebserver</artifactId> | ||
| <scope>test</scope> | ||
| </dependency> | ||
| <dependency> | ||
| <groupId>org.mock-server</groupId> | ||
| <artifactId>mockserver-netty</artifactId> | ||
| <scope>test</scope> | ||
| </dependency> | ||
| <dependency> | ||
| <groupId>org.wildfly.client</groupId> | ||
| <artifactId>wildfly-client-config</artifactId> | ||
| <scope>test</scope> | ||
| </dependency> | ||
| </dependencies> | ||
| </project> |
52 changes: 52 additions & 0 deletions
52
dynamic-ssl/src/main/java/org/wildfly/security/dynamic/ssl/DynamicSSLContext.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| /* | ||
| * JBoss, Home of Professional Open Source. | ||
| * Copyright 2021 Red Hat, Inc., and individual contributors | ||
| * as indicated by the @author tags. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
| package org.wildfly.security.dynamic.ssl; | ||
|
|
||
| import javax.net.ssl.SSLContext; | ||
| import java.security.NoSuchAlgorithmException; | ||
|
|
||
| /** | ||
| * SSLContext that resolves which SSLContext to use based on peer's host and port information. | ||
| */ | ||
| public final class DynamicSSLContext extends SSLContext { | ||
|
|
||
| private static SSLContext resolverSSLContext(DynamicSSLContextSPI dynamicSSLContextSPIImpl) throws NoSuchAlgorithmException, DynamicSSLContextException { | ||
| return dynamicSSLContextSPIImpl.getConfiguredDefault() == null ? | ||
| SSLContext.getDefault() : dynamicSSLContextSPIImpl.getConfiguredDefault(); | ||
| } | ||
|
|
||
| /** | ||
| * This constructor uses ServiceLoader to find provider of DynamicSSLContextSPI on classpath. | ||
| */ | ||
| public DynamicSSLContext() throws NoSuchAlgorithmException { | ||
| // this does not use provider and protocol from DynamicSSLContextSPI implementation found on classpath | ||
| // to avoid this ServiceLoader.load would have to be called 3 times in separate static method | ||
| super(new DynamicSSLContextSpiImpl(), SSLContext.getDefault().getProvider(), SSLContext.getDefault().getProtocol()); | ||
| } | ||
|
|
||
| /** | ||
| * This constructor uses received DynamicSSLContextSPI implementation or finds it on classpath if received is null. | ||
| * | ||
| * @param dynamicSSLContextSPIImpl DynamicSSLContextSPI implementation to use. If null then ServiceLoader is used to locate it on classpath. | ||
| */ | ||
| public DynamicSSLContext(DynamicSSLContextSPI dynamicSSLContextSPIImpl) throws NoSuchAlgorithmException, DynamicSSLContextException { | ||
| super(new DynamicSSLContextSpiImpl(dynamicSSLContextSPIImpl), | ||
| resolverSSLContext(dynamicSSLContextSPIImpl).getProvider(), | ||
| resolverSSLContext(dynamicSSLContextSPIImpl).getProtocol()); | ||
| } | ||
| } |
39 changes: 39 additions & 0 deletions
39
dynamic-ssl/src/main/java/org/wildfly/security/dynamic/ssl/DynamicSSLContextException.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| /* | ||
| * JBoss, Home of Professional Open Source. | ||
| * Copyright 2021 Red Hat, Inc., and individual contributors | ||
| * as indicated by the @author tags. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
| package org.wildfly.security.dynamic.ssl; | ||
|
|
||
| /** | ||
| * Exception to indicate a failure related to the DynamicSSLContext. | ||
| */ | ||
| public class DynamicSSLContextException extends Exception { | ||
|
|
||
| public DynamicSSLContextException() { | ||
| } | ||
|
|
||
| public DynamicSSLContextException(String msg) { | ||
| super(msg); | ||
| } | ||
|
|
||
| public DynamicSSLContextException(String message, Throwable cause) { | ||
| super(message, cause); | ||
| } | ||
|
|
||
| public DynamicSSLContextException(Throwable cause) { | ||
| super(cause); | ||
| } | ||
| } |
88 changes: 88 additions & 0 deletions
88
dynamic-ssl/src/main/java/org/wildfly/security/dynamic/ssl/DynamicSSLContextImpl.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,88 @@ | ||
| /* | ||
| * JBoss, Home of Professional Open Source. | ||
| * Copyright 2021 Red Hat, Inc., and individual contributors | ||
| * as indicated by the @author tags. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| package org.wildfly.security.dynamic.ssl; | ||
|
|
||
| import org.kohsuke.MetaInfServices; | ||
| import org.wildfly.common.Assert; | ||
| import org.wildfly.security.auth.client.AuthenticationContext; | ||
| import org.wildfly.security.auth.client.AuthenticationContextConfigurationClient; | ||
|
|
||
| import javax.net.ssl.SSLContext; | ||
| import java.net.URI; | ||
| import java.security.AccessController; | ||
| import java.security.GeneralSecurityException; | ||
| import java.security.PrivilegedAction; | ||
| import java.util.List; | ||
|
|
||
| /** | ||
| * Elytron client implementation of DynamicSSLContextSPI. It uses configuration from either provided instance of AuthenticationContext | ||
| * or from current AuthenticationContext if a configuration was not provided. | ||
| */ | ||
| @MetaInfServices(value = DynamicSSLContextSPI.class) | ||
| public class DynamicSSLContextImpl implements DynamicSSLContextSPI { | ||
|
|
||
| private final AuthenticationContextConfigurationClient AUTH_CONTEXT_CLIENT = | ||
| AccessController.doPrivileged((PrivilegedAction<AuthenticationContextConfigurationClient>) AuthenticationContextConfigurationClient::new); | ||
| private AuthenticationContext authenticationContext; | ||
| private SSLContext configuredDefaultSSLContext; | ||
| private List<SSLContext> configuredSSLContexts; | ||
|
|
||
| public DynamicSSLContextImpl() throws GeneralSecurityException { | ||
| } | ||
|
|
||
| public DynamicSSLContextImpl(AuthenticationContext authenticationContext) throws GeneralSecurityException { | ||
| Assert.assertNotNull("authenticationContext"); | ||
| this.authenticationContext = authenticationContext; | ||
| this.configuredSSLContexts = AUTH_CONTEXT_CLIENT.getConfiguredSSLContexts(authenticationContext); | ||
| this.configuredDefaultSSLContext = AUTH_CONTEXT_CLIENT.getDefaultSSLContext(authenticationContext); | ||
| } | ||
|
|
||
| @Override | ||
| public SSLContext getConfiguredDefault() throws DynamicSSLContextException { | ||
| if (this.configuredDefaultSSLContext != null) { | ||
| return this.configuredDefaultSSLContext; | ||
| } | ||
| try { | ||
| return AUTH_CONTEXT_CLIENT.getDefaultSSLContext(AuthenticationContext.captureCurrent()); | ||
| } catch (GeneralSecurityException e) { | ||
| throw ElytronMessages.log.cannotObtainDefaultSSLContext(e); | ||
| } | ||
| } | ||
|
|
||
| @Override | ||
| public List<SSLContext> getConfiguredSSLContexts() throws DynamicSSLContextException { | ||
| if (this.configuredSSLContexts != null) { | ||
| return this.configuredSSLContexts; | ||
| } | ||
| try { | ||
| return AUTH_CONTEXT_CLIENT.getConfiguredSSLContexts(AuthenticationContext.captureCurrent()); | ||
| } catch (GeneralSecurityException e) { | ||
| throw ElytronMessages.log.cannotObtainConfiguredSSLContexts(e); | ||
| } | ||
| } | ||
|
|
||
| @Override | ||
| public SSLContext getSSLContext(URI uri) throws DynamicSSLContextException { | ||
| try { | ||
| return AUTH_CONTEXT_CLIENT.getSSLContext(uri, authenticationContext == null ? AuthenticationContext.captureCurrent() : authenticationContext); | ||
| } catch (GeneralSecurityException e) { | ||
| throw ElytronMessages.log.cannotObtainSSLContextForGivenURI(e); | ||
| } | ||
| } | ||
| } |
Oops, something went wrong.