Package com.sun.enterprise.admin.util

Class SecureAdminClientManager

java.lang.Object

com.sun.enterprise.admin.util.SecureAdminClientManager

public class SecureAdminClientManager
extends Object

Encapsulates the implementation of secure admin.

A process that needs to send admin messages to another server and might not have a user-provided username and password should inject this class and invoke

invalid reference

#initClientAuthentication(char[], boolean)

before it sends a message to the admin listener. The code which actually prepares the message can then retrieve the initialized information from this class in constructing the outbound admin message.

The class offers static accessors to the important values so, for example, RemoteAdminCommand (which is not a service and it therefore not subject to injection) can retrieve what it needs to build the outbound admin request.

This allows us to support CLI commands which need to connect to the DAS securely but will have neither a user-provided master password nor a human who we could prompt for the master password.

Author:

Tim Quinn

Method Summary

Modifier and Type	Method	Description
String	configuredAdminIndicatorValue()
static KeyManager[]	getKeyManagers()	Returns KeyManagers which access the SSL key store for use in performing client cert authentication.
static void	initClientAuthentication(char[] commandMasterPassword, boolean isInteractive, String serverName, String nodeDir, String node, File nodeDirRoot)	Prepares the manager so SSL/TLS will provide the correct client cert when connecting to a remote admin port.
boolean	isEnabled()	Reports whether the secure admin is enabled, according to the current configuration.
KeyManager[]	keyManagers()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

getKeyManagers

public static KeyManager[] getKeyManagers()

Returns KeyManagers which access the SSL key store for use in performing client cert authentication. The returned KeyManagers will most likely be passed to

invalid reference

SSLContext.init

.

Returns:

KeyManagers

initClientAuthentication

public static void initClientAuthentication(char[] commandMasterPassword,
 boolean isInteractive,
 String serverName,
 String nodeDir,
 String node,
 File nodeDirRoot)

Prepares the manager so SSL/TLS will provide the correct client cert when connecting to a remote admin port. The main result of invoking this method is to build an array of KeyManagers which can be passed to SSLContext.initClientAuthentication so SSL can use the managers to find certs that meet the requirements of the partner on the other end of the connection.

This method opens the keystore, so it will need the master password. The calling command should pass the master password which the user specified in the file specified by the --passwordfile option (if any). Because the user-provided password might be wrong or missing, the caller also indicates whether a human user is present to respond to a prompt for the password. This will not be the case, for example, during an unattended start-up of an instance.

The caller also provides at least one of the server name, the node directory, or the node. These are used to locate where the domain.xml file is that contains security config information we need.

Parameters:

commandMasterPassword - master password provided by the user on the command line; null if none

isInteractive - whether the caller is in a context where a human could be prompted to enter a password

serverName - name of the server where domain.xml resides

nodeDir - directory of the node where domain.xml resides

node - name of the node whose directory contains domain.xml

isEnabled

public boolean isEnabled()

Reports whether the secure admin is enabled, according to the current configuration.

Returns:

if secure admin is enabled

keyManagers

public KeyManager[] keyManagers()

configuredAdminIndicatorValue

public String configuredAdminIndicatorValue()