Example #1
0
 /**
  * Returns SSLContext with TESTED_SECURITY_PROTOCOL protocol and sets up keys.
  *
  * @return - SSLContext with a protocol specified by TESTED_SECURITY_PROTOCOL.
  */
 public static SSLContext getContext() {
   try {
     java.security.Security.setProperty("jdk.tls.disabledAlgorithms", "");
     java.security.Security.setProperty("jdk.certpath.disabledAlgorithms", "");
     KeyStore ks = KeyStore.getInstance("JKS");
     KeyStore ts = KeyStore.getInstance("JKS");
     char[] passphrase = PASSWD.toCharArray();
     try (FileInputStream keyFileStream = new FileInputStream(KEY_FILE_NAME)) {
       ks.load(keyFileStream, passphrase);
     }
     try (FileInputStream trustFileStream = new FileInputStream(TRUST_FILE_NAME)) {
       ts.load(trustFileStream, passphrase);
     }
     KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
     kmf.init(ks, passphrase);
     TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
     tmf.init(ts);
     SSLContext sslCtx = SSLContext.getInstance(TESTED_SECURITY_PROTOCOL);
     sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
     return sslCtx;
   } catch (KeyStoreException
       | IOException
       | NoSuchAlgorithmException
       | CertificateException
       | UnrecoverableKeyException
       | KeyManagementException ex) {
     throw new Error("Unexpected exception", ex);
   }
 }
Example #2
0
 private static void initSystemProperties() {
   // currently we support IPv4 only
   System.setProperty("java.net.preferIPv4Stack", "true");
   // disable DNS caches
   Security.setProperty("networkaddress.cache.ttl", "0");
   Security.setProperty("networkaddress.cache.negative.ttl", "0");
 }
 public static void init() {
   System.setProperty(
       WMStaticConstants.HTTP_PROXY_HOST,
       StaticResourceFactory.getProperty(
           WMStaticConstants.WEALTH_MGMT_MODULE_NAME, WMStaticConstants.HTTP_PROXY_HOST));
   System.setProperty(
       WMStaticConstants.HTTP_PROXY_PORT,
       StaticResourceFactory.getProperty(
           WMStaticConstants.WEALTH_MGMT_MODULE_NAME, WMStaticConstants.HTTP_PROXY_PORT));
   Security.setProperty("ssl.SocketFactory.provider", "com.ibm.jsse2.SSLSocketFactoryImpl");
   Security.setProperty(
       "ssl.ServerSocketFactory.provider", "com.ibm.jsse2.SSLServerSocketFactoryImpl");
 }
Example #4
0
  private static Properties getImapMailProperties(Account account) {
    Properties props = new Properties();

    if (account.getReceiveProtocolType().contains("gmail")) {
      props.put("mail.imap.host", "imap.gmail.com");
      props.put("mail.imap.port", "143");
      props.put("mail.imap.auth", "true");
      props.put("mail.store.protocol", "imap");
      props.put("mail.imap.starttls.enable", "true");
      props.put("mail.imap.socketFactory.port", "993");
      props.put("mail.imap.socketFactory.class", "javax.net.ssl.SSLSocketFactory");
      props.put("mail.iamp.socketFactory.fallback", "false");
    } else {

      props.setProperty("mail.imap.port", account.getReceivePort());
      props.setProperty("mail.imap.connectiontimeout", "30000");
      if ("ssl".equals(account.getReceiveTs())) {
        Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
        props.setProperty("mail.imap.socketFactory.class", "javax.net.ssl.SSLSocketFactory");
        props.setProperty("mail.imap.socketFactory.fallback", "false");
        props.setProperty("mail.imap.socketFactory.port", account.getReceivePort());
      } else if ("tls".equals(account.getReceiveTs())) {
        props.setProperty("mail.imap.starttls.enable", "true");
        java.security.Security.setProperty(
            "ssl.SocketFactory.provider", "com.archermind.txtbl.mail.DummySSLSocketFactory");
      }
    }

    return props;
  }
Example #5
0
  public static void initCore() throws InitializationFailedException {
    java.security.Security.setProperty("networkaddress.cache.ttl", "0");
    if (System.getProperty("unicorn.home") == null) {
      try {
        URL frameworkDir = Framework.class.getResource("Framework.class");
        if (frameworkDir.getProtocol() != "jar") {
          File unicornHome = new File(frameworkDir.toURI());
          for (int i = 0; i < 6; i++) unicornHome = unicornHome.getParentFile();
          System.setProperty("unicorn.home", unicornHome.getAbsolutePath());
        }
      } catch (URISyntaxException e) {
        throw new InitializationFailedException(e.getMessage(), e);
      }
    }

    // Log4j initialization attempt
    URL log4jURL = Framework.class.getResource("/unicorn_log4j.xml");
    if (log4jURL != null) {
      DOMConfigurator.configure(log4jURL);
      logger.info("OK - Log4j successfully initialized");
      logger.debug("> Used log4j.xml file: " + log4jURL.toString());
    } else {
      logger.warn("Log4j config file \"log4j.xml\" could not be found in classpath.");
      logger.warn("Log4j will not be initialized");
    }
  }
  // Steps:
  // 1. Install unlimited strength encryption jar files in jre/lib/security
  // (e.g. http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html)
  // 2. run kinit
  // 3. Set system properties, e.g.:
  //    -Djava.security.krb5.realm=10GEN.ME -Djavax.security.auth.useSubjectCredsOnly=false
  // -Djava.security.krb5.kdc=kdc.10gen.me
  // auth.login.defaultCallbackHandler=name of class that implements
  // javax.security.auth.callback.CallbackHandler
  // You may also need to define realms and domain_realm entries in your krb5.conf file (in /etc by
  // default)
  public static void main(String[] args) throws UnknownHostException, InterruptedException {
    // Set this property to avoid the default behavior where the program prompts on the command line
    // for username/password
    Security.setProperty("auth.login.defaultCallbackHandler", "DefaultSecurityCallbackHandler");

    String server = args[0];
    String user = args[1];
    String dbName = args[2];

    MongoClient mongo =
        new MongoClient(
            new MongoClientAuthority(
                new ServerAddress(server),
                new MongoClientCredentials(user, MongoClientCredentials.GSSAPI_MECHANISM)),
            new MongoClientOptions.Builder().socketKeepAlive(true).socketTimeout(30000).build());
    DB testDB = mongo.getDB(dbName);
    System.out.println("Find     one: " + testDB.getCollection("test").findOne());
    System.out.println("Count: " + testDB.getCollection("test").count());
    WriteResult writeResult = testDB.getCollection("test").insert(new BasicDBObject());
    System.out.println("Write result: " + writeResult);

    System.out.println();

    System.out.println("Count: " + testDB.getCollection("test").count());
  }
Example #7
0
 // Check that the Security package.access control works.
 public void testPackageAccess() {
   String script = "new javax.print.PrintException();";
   Security.setProperty("package.access", "javax.print");
   // This should throw an ACE because its codeBase does not allow access to javax.print
   assertExecute(
       script,
       "/groovy/security/javax/print/deny",
       new RuntimePermission("accessClassInPackage.javax.print"));
   // This should not throw an ACE because groovy.policy grants the codeBase access to javax.print
   assertExecute(script, "/groovy/security/javax/print/allow", null);
 }
Example #8
0
    @Override
    public void init() throws ServletException {
      java.security.Security.setProperty("networkaddress.cache.ttl", "-1");
      // java.security.Security.setProperty("networkaddress.cache.negative.ttl",
      // "60");// second

      loadIPs();

      startQueryThread();

      super.init();
    }
Example #9
0
 public static void main(String[] args) throws Exception {
   Security.setProperty("krb5.kdc.bad.policy", "");
   BadKdc.go(
       "121212222222(32){1,2}121212222222(32){1,2}",
       "121212222222(32){1,2}121212222222(32){1,2}",
       // refresh
       "121212222222(32){1,2}121212222222(32){1,2}",
       // k3 off k2 on
       "121212(22){1,2}121212(22){1,2}",
       // k1 on
       "(12){2,4}");
 }
Example #10
0
 private static Properties getPop3MailProperties(Account account) {
   Properties props = new Properties();
   props.setProperty("mail.pop3.port", account.getReceivePort());
   props.setProperty("mail.pop3.connectiontimeout", "30000");
   if ("ssl".equals(account.getReceiveTs())) {
     Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
     props.setProperty("mail.pop3.socketFactory.class", "javax.net.ssl.SSLSocketFactory");
     props.setProperty("mail.pop3.socketFactory.fallback", "false");
     props.setProperty("mail.pop3.socketFactory.port", account.getReceivePort());
   } else if ("tls".equals(account.getReceiveTs())) {
     props.setProperty("mail.pop3.starttls.enable", "true");
     java.security.Security.setProperty(
         "ssl.SocketFactory.provider", "com.archermind.txtbl.mail.DummySSLSocketFactory");
   }
   return props;
 }
  /**
   * Get ip address of target hosts. <br>
   * if target hosts 'a.com:1.1.1.1' add 'a.com' & '1.1.1.1' <br>
   * if target hosts ':1.1.1.1' add : '1.1.1.1' <br>
   * if target hosts '1.1.1.1' add : '1.1.1.1' <br>
   * <br>
   * Add controller host<br>
   */
  private void initAccessOfHosts() {
    String[] hostsList = etcHosts.split(",");
    for (String hosts : hostsList) {
      String[] addresses = hosts.split(":");
      if (addresses.length > 1) {
        allowedHost.add(addresses[0]);
        allowedHost.add(addresses[addresses.length - 1]);
      } else {
        allowedHost.add(hosts);
      }
    }

    // add controller host
    allowedHost.add(consoleIP);
    try {
      java.security.Security.setProperty("networkaddress.cache.ttl", "0");
    } catch (Exception e) {
      // Fall through
    }
  }
Example #12
0
 /**
  * Writes a JAAS login config file, which contains as many as useful entries, including JGSS style
  * initiator/acceptor and normal JAAS entries with names using existing OneKDC principals.
  *
  * @throws java.lang.Exception if anything goes wrong
  */
 public void writeJAASConf() throws IOException {
   System.setProperty("java.security.auth.login.config", JAAS_CONF);
   File f = new File(JAAS_CONF);
   FileOutputStream fos = new FileOutputStream(f);
   fos.write(
       ("com.sun.security.jgss.krb5.initiate {\n"
               + "    com.sun.security.auth.module.Krb5LoginModule required;\n};\n"
               + "com.sun.security.jgss.krb5.accept {\n"
               + "    com.sun.security.auth.module.Krb5LoginModule required\n"
               + "    principal=\""
               + SERVER
               + "\"\n"
               + "    useKeyTab=true\n"
               + "    isInitiator=false\n"
               + "    storeKey=true;\n};\n"
               + "client {\n"
               + "    com.sun.security.auth.module.Krb5LoginModule required;\n};\n"
               + "server {\n"
               + "    com.sun.security.auth.module.Krb5LoginModule required\n"
               + "    principal=\""
               + SERVER
               + "\"\n"
               + "    useKeyTab=true\n"
               + "    storeKey=true;\n};\n"
               + "backend {\n"
               + "    com.sun.security.auth.module.Krb5LoginModule required\n"
               + "    principal=\""
               + BACKEND
               + "\"\n"
               + "    useKeyTab=true\n"
               + "    storeKey=true\n"
               + "    isInitiator=false;\n};\n")
           .getBytes());
   fos.close();
   f.deleteOnExit();
   Security.setProperty("auth.login.defaultCallbackHandler", "OneKDC$CallbackForClient");
 }
  private static void configure(String propertiesFile) throws IOException {

    if (propertiesFile != null) {
      loadProperties(propertiesFile);
    }

    // ensure the JVM will refresh the cached IP values of AWS resources (e.g. service endpoints).
    java.security.Security.setProperty("networkaddress.cache.ttl", "60");

    String workerId = InetAddress.getLocalHost().getCanonicalHostName() + ":" + UUID.randomUUID();
    LOG.info("Using workerId: " + workerId);

    // Get credentials from IMDS. If unsuccessful, get them from the credential profiles file.
    AWSCredentialsProvider credentialsProvider = null;
    try {
      credentialsProvider = new InstanceProfileCredentialsProvider();
      // Verify we can fetch credentials from the provider
      credentialsProvider.getCredentials();
      LOG.info("Obtained credentials from the IMDS.");
    } catch (AmazonClientException e) {
      LOG.info("Unable to obtain credentials from the IMDS, trying classpath properties", e);
      credentialsProvider = new ProfileCredentialsProvider();
      // Verify we can fetch credentials from the provider
      credentialsProvider.getCredentials();
      LOG.info("Obtained credentials from the properties file.");
    }

    LOG.info(
        "Using credentials with access key id: "
            + credentialsProvider.getCredentials().getAWSAccessKeyId());

    kinesisClientLibConfiguration =
        new KinesisClientLibConfiguration(
                applicationName, streamName, credentialsProvider, workerId)
            .withInitialPositionInStream(initialPositionInStream)
            .withRegionName(kinesisEndpoint);
  }
Example #14
0
  public void initialize() throws Exception {
    Security.setProperty("networkaddress.cache.ttl", AWS_RECOMMENDED_DNS_CACHE_TTL);
    AbstractNavigation.DEFAULT_AUTOCOMMIT_DELAY = 2000;

    String defaultEncoding = System.getProperty("file.encoding");
    if (!defaultEncoding.equals("UTF-8")) {
      logger.warn("default encoding " + defaultEncoding + " is not UTF-8");
    }

    initContainer();
    initPlugins();
    initGui();
    documentLauncher =
        url ->
            new Thread(
                    () -> {
                      try {
                        Desktop.getDesktop().browse(new URI(url));
                      } catch (IOException | URISyntaxException e) {
                        logger.error("failed to open uri", e);
                      }
                    })
                .start();
  }
  /* (non-Javadoc)
   * @see org.claros.commons.mail.protocols.FetchProtocol#connect(int)
   */
  public ConnectionMetaHandler connect(int connectType)
      throws SystemException, ConnectionException, ServerDownException {
    try {
      try {
        disconnect();
        try {
          Thread.sleep(2000);
        } catch (Exception k) {
        }
      } catch (Exception k) {
      }

      if (handler == null || !handler.getStore().isConnected()) {
        Properties props = new Properties();

        if (profile.getFetchSSL() != null && profile.getFetchSSL().toLowerCase().equals("true")) {
          Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());

          Security.setProperty(
              "ssl.SocketFactory.provider",
              "org.claros.commons.mail.protocols.DummySSLSocketFactory");
          props.setProperty("mail.store.protocol", "pop3");
          props.setProperty("mail.pop3.host", profile.getFetchServer());
          props.setProperty("mail.pop3.port", profile.getFetchPort());

          props.setProperty(
              "mail.pop3.socketFactory.class",
              "org.claros.commons.mail.protocols.DummySSLSocketFactory");
          props.setProperty("mail.pop3.socketFactory.fallback", "false");
          props.setProperty("mail.pop3.port", profile.getFetchPort());
          props.setProperty("mail.pop3.socketFactory.port", profile.getFetchPort());
        }

        Session session = Session.getInstance(props);
        handler = new ConnectionMetaHandler();
        handler.setStore(session.getStore(profile.getProtocol()));
        handler
            .getStore()
            .connect(
                profile.getFetchServer(),
                profile.getIFetchPort(),
                auth.getUsername(),
                auth.getPassword());
        handler.setMbox(handler.getStore().getDefaultFolder());
        handler.setMbox(handler.getMbox().getFolder(Constants.FOLDER_INBOX(profile)));
        handler.getMbox().open(connectType);

        // storing the folder in map
        pop3Folders.put(auth.getUsername(), handler.getMbox());

        handler.setTotalMessagesCount(handler.getMbox().getMessageCount());
      }
    } catch (AuthenticationFailedException e) {
      System.out.println(
          "Pop3 Mailbox was busy with another session and there is a read write lock. A few minutes later when the lock is released everything will be fine.");
    } catch (NoSuchProviderException e) {
      System.out.println(profile.getProtocol() + " provider could not be found.");
      throw new SystemException(e);
    } catch (MessagingException e) {
      System.out.println("Connection could not be established.");
      throw new ConnectionException(e);
    } catch (Exception e) {
      e.printStackTrace();
    }
    return handler;
  }
 // Required by GreenMail.
 static {
   Security.setProperty("ssl.SocketFactory.provider", DummySSLSocketFactory.class.getName());
 }
Example #17
0
 // Test to prevent scripts from invoking the groovy compiler.  This is done by restricting access
 // to the org.codehaus.groovy packages.
 public void testMetaClassTest() {
   Security.setProperty("package.access", "org.codehaus.groovy");
   assertExecute(
       new File("src/test/org/codehaus/groovy/classgen/MetaClassTest.groovy"),
       new RuntimePermission("accessClassInPackage.org.codehaus.groovy"));
 }