From e256374f40f6a2f3e532305c608b664e23f2a737 Mon Sep 17 00:00:00 2001 From: JavaJoeS Date: Tue, 18 Feb 2025 06:24:00 -0500 Subject: [PATCH 1/2] Condensed Authentication bundle --- .../org.eclipse.core.security/.classpath | 57 +++ .../org.eclipse.core.security/.project | 28 ++ .../org.eclipse.core.resources.prefs | 2 + .../.settings/org.eclipse.jdt.core.prefs | 8 + .../.settings/org.eclipse.m2e.core.prefs | 4 + .../.settings/org.eclipse.pde.core.prefs | 3 + .../org.eclipse.pde.ds.annotations.prefs | 6 + .../META-INF/MANIFEST.MF | 29 ++ .../OSGI-INF/Subscriber.xml | 8 + .../org.eclipse.core.security/about.html | 36 ++ .../build.properties | 22 + .../icons/icons8-password-48.png | Bin 0 -> 640 bytes .../plugin.properties | 23 + .../org.eclipse.core.security/plugin.xml | 24 + .../pom-for-review.xml | 73 +++ .../org.eclipse.core.security/pom.xml.ORIG | 84 ++++ .../core/security/ActivateSecurity.java | 247 ++++++++++ .../core/security/ContextFactoryConsumer.java | 40 ++ .../security/encryption/NormalizeGCM.java | 59 +++ .../core/security/encryption/SecureGCM.java | 65 +++ .../encryption/SecurityOpRequest.java | 33 ++ .../identification/FingerprintX509.java | 67 +++ .../PkiPasswordGrabberWidget.java | 111 +++++ .../identification/PublishPasswordUpdate.java | 75 +++ .../PublishPasswordUpdateIfc.java | 25 + .../incoming/DotPkiPropertiesRequired.java | 99 ++++ .../security/incoming/InBoundController.java | 66 +++ .../security/incoming/IncomingSubscriber.java | 104 +++++ .../incoming/IncomingSystemProperty.java | 112 +++++ .../security/incoming/PublicKeySecurity.java | 42 ++ .../incoming/SecurityFileSnapshot.java | 310 +++++++++++++ .../security/incoming/TemplateForPKIfile.java | 100 ++++ .../security/managers/AuthenticationBase.java | 286 ++++++++++++ .../managers/AuthenticationService.java | 20 + .../security/managers/ConfigureTrust.java | 123 +++++ .../security/managers/CustomKeyManager.java | 217 +++++++++ .../security/managers/KeyStoreManager.java | 437 ++++++++++++++++++ .../core/security/managers/KeystoreSetup.java | 222 +++++++++ .../security/managers/PkiCallbackHandler.java | 29 ++ .../security/managers/PkiLoadParameter.java | 75 +++ .../security/state/X509SecurityState.java | 47 ++ .../util/EclipseKeyStoreCollection.java | 87 ++++ .../core/security/util/KeyStoreFormat.java | 33 ++ .../org/eclipse/core/security/util/PKI.java | 92 ++++ .../core/security/util/PKIProperties.java | 186 ++++++++ 45 files changed, 3816 insertions(+) create mode 100644 runtime/bundles/org.eclipse.core.security/.classpath create mode 100644 runtime/bundles/org.eclipse.core.security/.project create mode 100644 runtime/bundles/org.eclipse.core.security/.settings/org.eclipse.core.resources.prefs create mode 100644 runtime/bundles/org.eclipse.core.security/.settings/org.eclipse.jdt.core.prefs create mode 100644 runtime/bundles/org.eclipse.core.security/.settings/org.eclipse.m2e.core.prefs create mode 100644 runtime/bundles/org.eclipse.core.security/.settings/org.eclipse.pde.core.prefs create mode 100644 runtime/bundles/org.eclipse.core.security/.settings/org.eclipse.pde.ds.annotations.prefs create mode 100644 runtime/bundles/org.eclipse.core.security/META-INF/MANIFEST.MF create mode 100644 runtime/bundles/org.eclipse.core.security/OSGI-INF/Subscriber.xml create mode 100644 runtime/bundles/org.eclipse.core.security/about.html create mode 100644 runtime/bundles/org.eclipse.core.security/build.properties create mode 100644 runtime/bundles/org.eclipse.core.security/icons/icons8-password-48.png create mode 100644 runtime/bundles/org.eclipse.core.security/plugin.properties create mode 100644 runtime/bundles/org.eclipse.core.security/plugin.xml create mode 100644 runtime/bundles/org.eclipse.core.security/pom-for-review.xml create mode 100644 runtime/bundles/org.eclipse.core.security/pom.xml.ORIG create mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/ActivateSecurity.java create mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/ContextFactoryConsumer.java create mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/encryption/NormalizeGCM.java create mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/encryption/SecureGCM.java create mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/encryption/SecurityOpRequest.java create mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/identification/FingerprintX509.java create mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/identification/PkiPasswordGrabberWidget.java create mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/identification/PublishPasswordUpdate.java create mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/identification/PublishPasswordUpdateIfc.java create mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/DotPkiPropertiesRequired.java create mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/InBoundController.java create mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/IncomingSubscriber.java create mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/IncomingSystemProperty.java create mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/PublicKeySecurity.java create mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/SecurityFileSnapshot.java create mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/TemplateForPKIfile.java create mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/AuthenticationBase.java create mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/AuthenticationService.java create mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/ConfigureTrust.java create mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/CustomKeyManager.java create mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/KeyStoreManager.java create mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/KeystoreSetup.java create mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/PkiCallbackHandler.java create mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/PkiLoadParameter.java create mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/state/X509SecurityState.java create mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/util/EclipseKeyStoreCollection.java create mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/util/KeyStoreFormat.java create mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/util/PKI.java create mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/util/PKIProperties.java diff --git a/runtime/bundles/org.eclipse.core.security/.classpath b/runtime/bundles/org.eclipse.core.security/.classpath new file mode 100644 index 00000000000..1a0d0b1d99b --- /dev/null +++ b/runtime/bundles/org.eclipse.core.security/.classpath @@ -0,0 +1,57 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/runtime/bundles/org.eclipse.core.security/.project b/runtime/bundles/org.eclipse.core.security/.project new file mode 100644 index 00000000000..5dcd66d9c27 --- /dev/null +++ b/runtime/bundles/org.eclipse.core.security/.project @@ -0,0 +1,28 @@ + + + org.eclipse.core.pki + + + + + + org.eclipse.jdt.core.javabuilder + + + + + org.eclipse.pde.ManifestBuilder + + + + + org.eclipse.pde.SchemaBuilder + + + + + + org.eclipse.pde.PluginNature + org.eclipse.jdt.core.javanature + + diff --git a/runtime/bundles/org.eclipse.core.security/.settings/org.eclipse.core.resources.prefs b/runtime/bundles/org.eclipse.core.security/.settings/org.eclipse.core.resources.prefs new file mode 100644 index 00000000000..99f26c0203a --- /dev/null +++ b/runtime/bundles/org.eclipse.core.security/.settings/org.eclipse.core.resources.prefs @@ -0,0 +1,2 @@ +eclipse.preferences.version=1 +encoding/=UTF-8 diff --git a/runtime/bundles/org.eclipse.core.security/.settings/org.eclipse.jdt.core.prefs b/runtime/bundles/org.eclipse.core.security/.settings/org.eclipse.jdt.core.prefs new file mode 100644 index 00000000000..7808d37d739 --- /dev/null +++ b/runtime/bundles/org.eclipse.core.security/.settings/org.eclipse.jdt.core.prefs @@ -0,0 +1,8 @@ +eclipse.preferences.version=1 +org.eclipse.jdt.core.compiler.codegen.targetPlatform=18 +org.eclipse.jdt.core.compiler.compliance=18 +org.eclipse.jdt.core.compiler.problem.enablePreviewFeatures=disabled +org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning +org.eclipse.jdt.core.compiler.problem.reportPreviewFeatures=ignore +org.eclipse.jdt.core.compiler.release=disabled +org.eclipse.jdt.core.compiler.source=18 \ No newline at end of file diff --git a/runtime/bundles/org.eclipse.core.security/.settings/org.eclipse.m2e.core.prefs b/runtime/bundles/org.eclipse.core.security/.settings/org.eclipse.m2e.core.prefs new file mode 100644 index 00000000000..f897a7f1cb2 --- /dev/null +++ b/runtime/bundles/org.eclipse.core.security/.settings/org.eclipse.m2e.core.prefs @@ -0,0 +1,4 @@ +activeProfiles= +eclipse.preferences.version=1 +resolveWorkspaceProjects=true +version=1 diff --git a/runtime/bundles/org.eclipse.core.security/.settings/org.eclipse.pde.core.prefs b/runtime/bundles/org.eclipse.core.security/.settings/org.eclipse.pde.core.prefs new file mode 100644 index 00000000000..706f07e8a5d --- /dev/null +++ b/runtime/bundles/org.eclipse.core.security/.settings/org.eclipse.pde.core.prefs @@ -0,0 +1,3 @@ +eclipse.preferences.version=1 +pluginProject.extensions=true +resolve.requirebundle=false diff --git a/runtime/bundles/org.eclipse.core.security/.settings/org.eclipse.pde.ds.annotations.prefs b/runtime/bundles/org.eclipse.core.security/.settings/org.eclipse.pde.ds.annotations.prefs new file mode 100644 index 00000000000..8a427256a59 --- /dev/null +++ b/runtime/bundles/org.eclipse.core.security/.settings/org.eclipse.pde.ds.annotations.prefs @@ -0,0 +1,6 @@ +eclipse.preferences.version=1 +enabled=true +path=OSGI-INF +validationErrorLevel=error +validationErrorLevel.missingImplicitUnbindMethod=error +generateBundleActivationPolicyLazy=true diff --git a/runtime/bundles/org.eclipse.core.security/META-INF/MANIFEST.MF b/runtime/bundles/org.eclipse.core.security/META-INF/MANIFEST.MF new file mode 100644 index 00000000000..e849f76959f --- /dev/null +++ b/runtime/bundles/org.eclipse.core.security/META-INF/MANIFEST.MF @@ -0,0 +1,29 @@ +Manifest-Version: 1.0 +Bundle-ManifestVersion: 2 +Bundle-Name: Security Option +Bundle-Localization: plugin +Bundle-ClassPath: ., org.eclipse.core.security +Bundle-SymbolicName: org.eclipse.core.security; singleton:=true +Require-Bundle: org.eclipse.ecf;bundle-version="3.12.0", + org.eclipse.equinox.common;bundle-version="3.12.0", + org.eclipse.ui.workbench, + org.eclipse.ui, + org.eclipse.debug.core, + org.eclipse.osgi;bundle-version="3.4.0", + org.eclipse.core.runtime +Bundle-Version: 1.0.4.qualifier +Bundle-Activator: org.eclipse.core.security.ActivateSecurity +Export-Package: org.eclipse.core.security;version="0.0.0" +Import-Package: org.apache.felix.service.command.annotations;version="[1.0.0,2.0.0)", + org.eclipse.core.internal.net, + org.eclipse.core.net.proxy, + org.eclipse.core.resources, + org.eclipse.core.runtime;version="3.7.0", + org.eclipse.ecf.core.security;version="[3.1.0,4.0.0)", + org.eclipse.jface.dialogs, + org.osgi.annotation.bundle;version="[2.0.0,3.0.0)", + org.osgi.framework;resolution:=optional, + org.osgi.service.component.annotations;resolution:=optional +Bundle-Vendor: Delmarva Security +Automatic-Module-Name: org.eclipse.core.security +Bundle-ActivationPolicy: lazy diff --git a/runtime/bundles/org.eclipse.core.security/OSGI-INF/Subscriber.xml b/runtime/bundles/org.eclipse.core.security/OSGI-INF/Subscriber.xml new file mode 100644 index 00000000000..90c7f66c68e --- /dev/null +++ b/runtime/bundles/org.eclipse.core.security/OSGI-INF/Subscriber.xml @@ -0,0 +1,8 @@ + + + + + + + + \ No newline at end of file diff --git a/runtime/bundles/org.eclipse.core.security/about.html b/runtime/bundles/org.eclipse.core.security/about.html new file mode 100644 index 00000000000..164f781a8fd --- /dev/null +++ b/runtime/bundles/org.eclipse.core.security/about.html @@ -0,0 +1,36 @@ + + + + +About + + +

About This Content

+ +

November 30, 2017

+

License

+ +

+ The Eclipse Foundation makes available all content in this plug-in + ("Content"). Unless otherwise indicated below, the Content + is provided to you under the terms and conditions of the Eclipse + Public License Version 2.0 ("EPL"). A copy of the EPL is + available at http://www.eclipse.org/legal/epl-2.0. + For purposes of the EPL, "Program" will mean the Content. +

+ +

+ If you did not receive this Content directly from the Eclipse + Foundation, the Content is being redistributed by another party + ("Redistributor") and different terms and conditions may + apply to your use of any object code in the Content. Check the + Redistributor's license that was provided with the Content. If no such + license exists, contact the Redistributor. Unless otherwise indicated + below, the terms and conditions of the EPL still apply to any source + code in the Content and such source code may be obtained at http://www.eclipse.org. +

+ + + \ No newline at end of file diff --git a/runtime/bundles/org.eclipse.core.security/build.properties b/runtime/bundles/org.eclipse.core.security/build.properties new file mode 100644 index 00000000000..1b4fe053116 --- /dev/null +++ b/runtime/bundles/org.eclipse.core.security/build.properties @@ -0,0 +1,22 @@ +############################################################################### +# Copyright (c) 2025 Security Team and others. +# +# This program and the accompanying materials +# are made available under the terms of the Eclipse Public License 2.0 +# which accompanies this distribution, and is available at +# https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Security Team - initial API and implementation +############################################################################### +source.. = src/ +output.. = bin/ +bin.includes = META-INF/,\ + .,\ + plugin.properties,\ + plugin.xml,\ + icons/, \ + about.html +src.includes = about.html diff --git a/runtime/bundles/org.eclipse.core.security/icons/icons8-password-48.png b/runtime/bundles/org.eclipse.core.security/icons/icons8-password-48.png new file mode 100644 index 0000000000000000000000000000000000000000..3aefb07473cb978e64d8286e5ee5217e6ed0d89c GIT binary patch literal 640 zcmV-`0)PF9P)1RCt{2STRrAKooupQyFmoL}6|+MMd2pR0@9r`VT68LMtUq zty)E5W?-N>Cj*4kX&c|cfCMUe=adn%dV&cguDY~U!;!=WJNBvElRnAv`M&pk@4d4n z10)zV*Ly}NUn7jS2t$uhe%Xh-miH)Mlh1%|QFFbV&G;9aaS;tj3F{TI)(zFe!zr8c zkA&h)bn(9-_Yj63Bu6IVcUbo+q1e8!@FCrB8l4|js^VqUMu{g3cWuU3 zX>Ydf@>QE+bCii{nw^kiGektM?&6EEy)}ySgyPRT`zgLpN&HD(oq0m>>*w~-OjHgz zGB)Gi)HBgI@SacJ07FNu{C&g^njn;)-tGe5n~dteN%v3Y)YjMcy_XN=t5KX+`6l|E zkRKvtZkw?=8E+{aeUpsZNXht0Y)hJw zlDJSP^s&5@OMN|vYQWzFF$|@Je+fzpxzyMFKX|Z#`dh1?M3Oh&S*fr4aSiAKFa|bF z2ZR}+ap6`#=nM#ptOdHpKqdPsyN`N=Iu-D<7U_;cIl_;vP8o_?nkd8B_jOndHDJQT aBa2@ZWr0lDv~L3d0000 + + + + + + + + diff --git a/runtime/bundles/org.eclipse.core.security/pom-for-review.xml b/runtime/bundles/org.eclipse.core.security/pom-for-review.xml new file mode 100644 index 00000000000..1d01b827067 --- /dev/null +++ b/runtime/bundles/org.eclipse.core.security/pom-for-review.xml @@ -0,0 +1,73 @@ + + + + 4.0.0 + + org.eclipse + bundles + 0.0.1-SNAPSHOT + ../.polyglot.pom.tycho + + org.eclipse.core.security + 1.0.4-SNAPSHOT + eclipse-plugin + [bundle] Security Option + + Delmarva Security + + + src + src/test/java + + + org.codehaus.mojo + build-helper-maven-plugin + + + eclipse-classpath-add-source-1 + initialize + + add-source + + + + src + + + + + eclipse-classpath-add-source-2 + initialize + + add-source + + + + src + + + + + eclipse-classpath-add-test-source-3 + initialize + + add-test-source + + + + src/test/resources + + + + + + + + diff --git a/runtime/bundles/org.eclipse.core.security/pom.xml.ORIG b/runtime/bundles/org.eclipse.core.security/pom.xml.ORIG new file mode 100644 index 00000000000..a3529c81698 --- /dev/null +++ b/runtime/bundles/org.eclipse.core.security/pom.xml.ORIG @@ -0,0 +1,84 @@ + + 4.0.0 + + org.eclipse + marketplacepki + 0.0.1-SNAPSHOT + + security + org.eclipse.core.pki + 1.0.3-SNAPSHOT + eclipse-plugin + + UTF-8 + + + + + + org.eclipse.tycho + tycho-maven-plugin + ${tycho.version} + true + + + org.eclipse.tycho + tycho-versions-plugin + + + org.eclipse.tycho + tycho-compiler-plugin + ${tycho.version} + + true + BREE + true + 17 + 17 + + + + org.eclipse.tycho + tycho-eclipse-plugin + ${tycho.version} + + + + org.eclipse.tycho + tycho-packaging-plugin + ${tycho.version} + + + validate + + build-qualifier + + + default + + + + + false + default + ${tycho.buildqualifier.format} + + ${project.artifactId}_${unqualifiedVersion}.${buildQualifier} + + + + + org.eclipse.tycho + tycho-p2-publisher-plugin + ${tycho.version} + + true + + + + + + + \ No newline at end of file diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/ActivateSecurity.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/ActivateSecurity.java new file mode 100644 index 00000000000..0e83f1982c2 --- /dev/null +++ b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/ActivateSecurity.java @@ -0,0 +1,247 @@ +/******************************************************************************* + * Copyright (c) 2025 Eclipse Platform, Security Group and others. + * + * This program and the accompanying materials + * are made available under the terms of the Eclipse Public License 2.0 + * which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + * + * Contributors: + * Eclipse Platform - initial API and implementation + *******************************************************************************/ +package org.eclipse.core.security; + +import org.eclipse.core.runtime.ServiceCaller; + +import java.security.KeyManagementException; +import java.security.KeyStore; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.util.Optional; +import java.util.Properties; +import java.util.concurrent.TimeUnit; +import java.util.Collection; +import java.util.Enumeration; +import java.util.List; +import java.io.File; +import java.security.SecureRandom; +import java.security.cert.Certificate; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.KeyManager; +import javax.net.ssl.SSLContext; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; +import javax.swing.text.html.parser.Element; + +import org.eclipse.core.resources.IWorkspaceRoot; +import org.eclipse.core.resources.ResourcesPlugin; +import org.eclipse.core.resources.IResource; +import org.eclipse.core.resources.IMarker; +import org.eclipse.core.runtime.RegistryFactory; +import org.eclipse.core.runtime.spi.RegistryStrategy; +import org.eclipse.core.security.incoming.InBoundController; +import org.eclipse.core.security.state.X509SecurityState; +import org.eclipse.core.security.identification.PublishPasswordUpdateIfc; +import org.eclipse.core.security.identification.PublishPasswordUpdate; +import org.eclipse.core.runtime.IExtensionRegistry; +import org.eclipse.core.runtime.CoreException; +import org.eclipse.core.runtime.ILog; +import org.eclipse.core.runtime.IProgressMonitor; +import org.eclipse.core.runtime.IAdapterFactory; +import org.eclipse.core.runtime.QualifiedName; +import org.eclipse.core.runtime.Platform; +import org.eclipse.ui.IStartup; +import org.eclipse.ui.IWorkbench; +import org.eclipse.ui.PlatformUI; +import org.osgi.framework.BundleActivator; +import org.osgi.framework.Bundle; +import org.osgi.framework.BundleContext; +import org.osgi.framework.ServiceReference; +import org.osgi.util.tracker.ServiceTracker; +import org.osgi.util.tracker.ServiceTrackerCustomizer; + +import org.osgi.service.component.annotations.Activate; +import org.osgi.service.component.annotations.Component; + +//import org.eclipse.ecf.internal.core.ECFPlugin; +//import org.eclipse.ecf.internal.ssl.ECFSSLSocketFactory; +//import org.eclipse.ecf.core.security.SSLContextFactory; + + +public class ActivateSecurity implements BundleActivator, IStartup, ServiceTrackerCustomizer { + public static final String ID = "org.eclipse.core.security"; //$NON-NLS-1$ + private static ActivateSecurity instance; + static boolean isPkcs11Installed = false; + public static boolean isKeyStoreLoaded = false; + private BundleContext context; + //protected ECFSSLSocketFactory ecfSSLSocketFactory; + + protected SSLContext sslContext; + + private ServiceTracker subscriberServiceTracker; + private static final ServiceCaller logger = new ServiceCaller(ActivateSecurity.class, ILog.class); + protected static KeyStore keyStore = null; + + Optional keystoreContainer = null; + private static final int DIGITAL_SIGNATURE = 0; + private static final int KEY_CERT_SIGN = 5; + private static final int CRL_SIGN = 6; + + + public ActivateSecurity() { + super(); + setInstance(this); + } + + @Override + public void start(BundleContext context) throws Exception { + ActivateSecurity.getInstance().context=context; + Startup(); + } + @Override + public void earlyStartup() { + // required by implementation + } + + @Override + public void stop(BundleContext context) throws Exception { + context=null; + if (subscriberServiceTracker != null) { + subscriberServiceTracker.close(); + subscriberServiceTracker = null; + } + } + + public static ActivateSecurity getInstance() { + return instance; + } + + public static void setInstance(ActivateSecurity instance) { + ActivateSecurity.instance = instance; + } + + public void log(String message) { + logger.call(logger -> logger.info(message)); + } + + public BundleContext getContext() { + return context; + } + public void Startup() { + /* + * Initialize preliminary PKCS settings + */ + + X509SecurityState.getInstance().setPKCS11on(false); + X509SecurityState.getInstance().setPKCS12on(false); + try { + ActivateSecurity.getInstance().log("ActivateSecurity Begin Controller process."); + InBoundController.getInstance().controller(); + } catch(Exception e) { + ActivateSecurity.getInstance().log("ActivateSecurity could not Run."); + } + + + ActivateSecurity.getInstance().log("ActivateSecurity Controller process complete."); + + + // Create and open Service tracker + this.subscriberServiceTracker = + new ServiceTracker( + ActivateSecurity.getInstance().context, + PublishPasswordUpdateIfc.class,this); + this.subscriberServiceTracker.open(); + } + + public void completeSecureContext() { + //containerContext(); + + ActivateSecurity.getInstance().log("ActivateSecurity setup SSLContextFactory."); + //BundleContext ecfContext = ECFPlugin.getDefault().getContext(); + + //extractServicesInfo( ecfContext.getBundle(), ecfContext); + + try { + //ecfSSLSocketFactory = (ECFSSLSocketFactory) ecfContext.getServiceReference(ECFSSLSocketFactory.class); + //ActivateSecurity.getInstance().log("ActivateSecurity service access done SSLSocketFactory."); + //TimeUnit.SECONDS.sleep(10); + //ecfSSLSocketFactory.getSSLContext("TLS").setDefault( SSLContext.getDefault() ); + + //SSLContext sctx = ecfSSLSocketFactory.getSSLContext("TLS"); + //ActivateSecurity.getInstance().log("ActivateSecurity Got the context."); + //sctx.setDefault( SSLContext.getDefault()); + + //ActivateSecurity.getInstance().log("ActivateSecurity SSLContext for TLS has been set."); + } catch (Exception e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + + } + // Fetching ServiceReferernces exposed by the bundle + public static void extractServicesInfo(Bundle bundle, BundleContext bundleContext) { + ServiceReference[] registeredServices = bundle.getRegisteredServices(); + if (registeredServices != null) { + for (ServiceReference registeredService : bundle.getRegisteredServices()) { + // Fetching any property of the Service + ActivateSecurity.getInstance().log("service.pid: " + registeredService.getProperty("service.pid")); + + // Fetch Service from ServiceReference + ActivateSecurity.getInstance().log("Service: " + bundleContext.getService(registeredService)); + } + } + } + + public SSLContext getSSLContext() { + return sslContext; + } + + public void setSSLContext(SSLContext context) { + this.sslContext = context; + } + + public boolean isKeyStoreLoaded() { + return isKeyStoreLoaded; + } + + public void setKeyStoreLoaded(boolean isKeyStoreLoaded) { + ActivateSecurity.isKeyStoreLoaded = isKeyStoreLoaded; + } + + private static boolean isDigitalSignature(boolean[] ba) { + if (ba != null) { + return ba[DIGITAL_SIGNATURE] && !ba[KEY_CERT_SIGN] && !ba[CRL_SIGN]; + } else { + return false; + } + } + /** + * NOTE: The method will be called when the Service is discovered. + */ + public PublishPasswordUpdateIfc addingService( + ServiceReference reference) { + // XXX Here is where the ITimeService is received, when discovered. + System.out.println("ITimeServicePublishPasswordUpdateIfc discovered!"); + System.out.println("Service Reference="+reference); + // Get the time service proxy + PublishPasswordUpdateIfc subscriberService = this.context.getService(reference); + System.out.println("Calling Service="+subscriberService); + // Call the service! + //Long time = timeService.getCurrentTime(); + // Print out the result + //System.out.println("Call Done. Current time given by ITimeService.getCurrentTime() is: "+time); + return subscriberService; + } + public void modifiedService(ServiceReference reference, + PublishPasswordUpdateIfc service) { + // do nothing + } + public void removedService(ServiceReference reference, + PublishPasswordUpdateIfc service) { + System.out.println("SubscriberService undiscovered!"); + } +} \ No newline at end of file diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/ContextFactoryConsumer.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/ContextFactoryConsumer.java new file mode 100644 index 00000000000..beb0d721771 --- /dev/null +++ b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/ContextFactoryConsumer.java @@ -0,0 +1,40 @@ +package org.eclipse.core.security; + + +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; + +import javax.net.ssl.SSLContext; + +import org.eclipse.ecf.core.security.SSLContextFactory; +import org.osgi.service.component.annotations.Component; +import org.osgi.service.component.annotations.Reference; + +import org.eclipse.ecf.internal.core.ECFPlugin; +import org.eclipse.ecf.internal.ssl.ECFSSLSocketFactory; +import org.eclipse.ecf.core.security.SSLContextFactory; + +@Component(immediate=true) +public class ContextFactoryConsumer { + + @Reference + void bindSSLContextFactory(SSLContextFactory sslContextFactory) { + System.out.println("Got it "+ sslContextFactory); + // Now get PKIJoe SSLContext + try { + SSLContext sslContext = sslContextFactory.getInstance("TLS", "PKIJoe"); + // # do stuff with sslContext here! + System.out.println("sslContext="+sslContext); + } catch (NoSuchAlgorithmException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (NoSuchProviderException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + } + + void unbindSSLContextFactory(SSLContextFactory sslContextFactory) { + System.out.println("Ungot it "+ sslContextFactory); + } +} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/encryption/NormalizeGCM.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/encryption/NormalizeGCM.java new file mode 100644 index 00000000000..0cad48a4707 --- /dev/null +++ b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/encryption/NormalizeGCM.java @@ -0,0 +1,59 @@ +/******************************************************************************* + * Copyright (c) 2025 IBM Corporation and others. + * + * This program and the accompanying materials + * are made available under the terms of the Eclipse Public License 2.0 + * which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + * + * Contributors: + * IBM Corporation - initial API and implementation + *******************************************************************************/ +package org.eclipse.core.security.encryption; + +import java.security.spec.KeySpec; +import java.util.Arrays; +import java.util.Base64; + +import javax.crypto.Cipher; +import javax.crypto.SecretKey; +import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.GCMParameterSpec; +import javax.crypto.spec.PBEKeySpec; +import javax.crypto.spec.SecretKeySpec; + +public class NormalizeGCM { + private static final String CIPHER_ALGORITHM = "AES/GCM/NoPadding"; //$NON-NLS-1$ + private static final String FACTORY_INSTANCE = "PBKDF2WithHmacSHA512"; //$NON-NLS-1$ + private static final int GCM_IV_LENGTH = 12; + private static final int KEY_LENGTH = 256; + private static final int ITERATION_COUNT = 65536; + private static NormalizeGCM DECRYPT; + private NormalizeGCM() {} + public static NormalizeGCM getInstance() { + if (DECRYPT == null) { + DECRYPT = new NormalizeGCM(); + } + return DECRYPT; + } + public String decrypt(String strToDecrypt, String secretKey, String salt) { + try { + byte[] encryptedData = Base64.getDecoder().decode(strToDecrypt); + byte[] initVector = Arrays.copyOfRange(encryptedData, 0, GCM_IV_LENGTH); + GCMParameterSpec spec = new GCMParameterSpec(KEY_LENGTH / 2, initVector); + SecretKeyFactory factory = SecretKeyFactory.getInstance(FACTORY_INSTANCE); + KeySpec keySpec = new PBEKeySpec(secretKey.toCharArray(), salt.getBytes(), ITERATION_COUNT, KEY_LENGTH); + SecretKey tmp = factory.generateSecret(keySpec); + SecretKeySpec secretKeySpec = new SecretKeySpec(tmp.getEncoded(), "AES"); //$NON-NLS-1$ + Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM); + cipher.init(Cipher.DECRYPT_MODE, secretKeySpec, spec); + byte[] decryptedText = cipher.doFinal(encryptedData, GCM_IV_LENGTH, encryptedData.length - GCM_IV_LENGTH); + return new String(decryptedText, "UTF-8"); //$NON-NLS-1$ + } catch (Exception e) { + e.printStackTrace(); + return null; + } + } +} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/encryption/SecureGCM.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/encryption/SecureGCM.java new file mode 100644 index 00000000000..23498777273 --- /dev/null +++ b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/encryption/SecureGCM.java @@ -0,0 +1,65 @@ +/******************************************************************************* + * Copyright (c) 2025 Eclipse Platform, Security Group and others. + * + * This program and the accompanying materials + * are made available under the terms of the Eclipse Public License 2.0 + * which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + * + * Contributors: + * Eclipse Platform - initial API and implementation + *******************************************************************************/ +package org.eclipse.core.security.encryption; + +import java.security.SecureRandom; +import java.security.spec.KeySpec; +import java.util.Base64; + +import javax.crypto.Cipher; +import javax.crypto.SecretKey; +import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.GCMParameterSpec; +import javax.crypto.spec.PBEKeySpec; +import javax.crypto.spec.SecretKeySpec; + +public class SecureGCM { + + private static final String CIPHER_ALGORITHM = "AES/GCM/NoPadding"; //$NON-NLS-1$ + private static final String FACTORY_INSTANCE = "PBKDF2WithHmacSHA512"; //$NON-NLS-1$ + private static final int GCM_IV_LENGTH = 12; + private static final int KEY_LENGTH = 256; + private static final int ITERATION_COUNT = 65536; + private static SecureGCM ENCRYPT; + private SecureGCM() {} + public static SecureGCM getInstance() { + if (ENCRYPT == null) { + ENCRYPT = new SecureGCM(); + } + return ENCRYPT; + } + + public String encrypt(String strToEncrypt, String secretKey, String salt) { + try { + SecureRandom secureRandom = SecureRandom.getInstanceStrong(); + byte[] iv = new byte[GCM_IV_LENGTH]; + secureRandom.nextBytes(iv); + GCMParameterSpec spec = new GCMParameterSpec(KEY_LENGTH / 2, iv); + SecretKeyFactory factory = SecretKeyFactory.getInstance(FACTORY_INSTANCE); + KeySpec skey = new PBEKeySpec(secretKey.toCharArray(), salt.getBytes(), ITERATION_COUNT, KEY_LENGTH); + SecretKey tmp = factory.generateSecret(skey); + SecretKeySpec secretKeySpec = new SecretKeySpec(tmp.getEncoded(), "AES"); //$NON-NLS-1$ + Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM); + cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, spec); + byte[] cipherText = cipher.doFinal(strToEncrypt.getBytes("UTF-8")); //$NON-NLS-1$ + byte[] encryptedData = new byte[iv.length + cipherText.length]; + System.arraycopy(iv, 0, encryptedData, 0, iv.length); + System.arraycopy(cipherText, 0, encryptedData, iv.length, cipherText.length); + return Base64.getEncoder().encodeToString(encryptedData); + } catch (Exception e) { + e.printStackTrace(); + return null; + } + } +} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/encryption/SecurityOpRequest.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/encryption/SecurityOpRequest.java new file mode 100644 index 00000000000..12683f0526d --- /dev/null +++ b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/encryption/SecurityOpRequest.java @@ -0,0 +1,33 @@ +/******************************************************************************* + * Copyright (c) 2025 Eclipse Platform, Security Group and others. + * + * This program and the accompanying materials + * are made available under the terms of the Eclipse Public License 2.0 + * which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + * + * Contributors: + * Eclipse Platform - initial API and implementation + *******************************************************************************/ +package org.eclipse.core.security.encryption; + +public class SecurityOpRequest { + private static SecurityOpRequest INSTANCE; + private SecurityOpRequest() {} + public static SecurityOpRequest getInstance() { + if (INSTANCE == null) { + INSTANCE = new SecurityOpRequest(); + } + return INSTANCE; + } + public boolean isConnected=false; + + public boolean getConnected() { + return isConnected; + } + public void setConnected(boolean b) { + isConnected=b; + } +} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/identification/FingerprintX509.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/identification/FingerprintX509.java new file mode 100644 index 00000000000..60c644535b1 --- /dev/null +++ b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/identification/FingerprintX509.java @@ -0,0 +1,67 @@ +/******************************************************************************* + * Copyright (c) 2025 Eclipse Platform, Security Group and others. + * + * This program and the accompanying materials + * are made available under the terms of the Eclipse Public License 2.0 + * which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + * + * Contributors: + * Eclipse Platform - initial API and implementation + *******************************************************************************/ +package org.eclipse.core.security.identification; + +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.security.cert.Certificate; +import java.security.cert.CertificateEncodingException; + +public class FingerprintX509 { + private static FingerprintX509 INSTANCE; + private static final char[] HEX= {'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'}; + private static final String cryptoAlg = "SHA-256"; //$NON-NLS-1$ + private FingerprintX509() {} + public static FingerprintX509 getInstance() { + if (INSTANCE == null) { + INSTANCE = new FingerprintX509(); + } + return INSTANCE; + } + + public String getFingerPrint(Certificate cert, String alg) { + String fingerPrint=null; + byte[] encodedCert=null; + + try { + alg = cryptoAlg; + encodedCert = cert.getEncoded(); + MessageDigest md = MessageDigest.getInstance(alg); + md.update(encodedCert); + byte[] digest = md.digest(); + fingerPrint = getHexValue(digest); + + } catch (CertificateEncodingException e) { + e.printStackTrace(); + } catch (NoSuchAlgorithmException e) { + e.printStackTrace(); + } + return fingerPrint; + } + protected String getHexValue( byte[] bytes ) { + StringBuffer sb = new StringBuffer(bytes.length * 2); + try { + for( int i=0; i < bytes.length; i++) { + sb.append(HEX[(bytes[i] & 0xf0) >> 4 ]); + sb.append(HEX[bytes[i] & 0xf]); + if ( i < bytes.length-1) { + sb.append(":"); //$NON-NLS-1$ + } + } + } catch (Exception e) { + e.printStackTrace(); + } + return sb.toString(); + } +} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/identification/PkiPasswordGrabberWidget.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/identification/PkiPasswordGrabberWidget.java new file mode 100644 index 00000000000..ef0793d2ba5 --- /dev/null +++ b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/identification/PkiPasswordGrabberWidget.java @@ -0,0 +1,111 @@ +/******************************************************************************* + * Copyright (c) 2025 Eclipse Platform, Security Group and others. + * + * This program and the accompanying materials + * are made available under the terms of the Eclipse Public License 2.0 + * which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + * + * Contributors: + * Eclipse Platform - initial API and implementation + *******************************************************************************/ +package org.eclipse.core.security.identification; + +import java.util.Optional; + +import javax.swing.Icon; +import javax.swing.ImageIcon; +import javax.swing.JFrame; +import javax.swing.JLabel; +import javax.swing.JOptionPane; +import javax.swing.JPanel; +import javax.swing.JPasswordField; +import javax.swing.SwingConstants; + +import org.eclipse.core.security.managers.KeyStoreManager; +import org.eclipse.core.security.util.KeyStoreFormat; + + +public class PkiPasswordGrabberWidget implements Runnable { + JFrame frame = null; + Icon icon = null; + private static PkiPasswordGrabberWidget INSTANCE; + JPasswordField pword = null; + private PkiPasswordGrabberWidget() {} + public static PkiPasswordGrabberWidget getInstance() { + if (INSTANCE == null) { + INSTANCE = new PkiPasswordGrabberWidget(); + } + return INSTANCE; + } + @Override + public void run() { + try { + String pw = getInput(); + System.setProperty("javax.net.ssl.keyStorePassword", pw); + } catch(Exception e) { + e.printStackTrace(); + } + } + public String getInput() { + + Optional keystoreContainer = null; + JPanel panel = new JPanel(); + JLabel label = new JLabel("Enter Password:");//$NON-NLS-1$ + JLabel blankie = new JLabel("\n", SwingConstants.CENTER);//$NON-NLS-1$ + pword = new JPasswordField(17); + String pw=null; + panel.add(label); + panel.add(blankie); + panel.add(pword); + try { + + icon = new ImageIcon(getClass().getResource("/icons/icons8-password-48.png"));//$NON-NLS-1$ + } catch (Exception iconErr) { + } + + panel.requestFocus(); + char[] password = null; + while (true) { + String[] options = new String[] {"cancel", "submit"};//$NON-NLS-1$ + + //showOptionDialog(Component parentComponent, + // Object message, String title, int optionType, + // int messageType, Icon icon, Object[] options, + // Object initialValue) + + int option = JOptionPane.showOptionDialog(null, panel, "Eclipse PKI Password/PiN Entry", + JOptionPane.INFORMATION_MESSAGE, JOptionPane.PLAIN_MESSAGE, + icon, options, options[1]);//$NON-NLS-1$ + + if (option == 0) { + JOptionPane.showMessageDialog(null,"CANCELED",null, + JOptionPane.ERROR_MESSAGE);//$NON-NLS-1$ + break; + } else if(option == 1) { + password = pword.getPassword(); + pw=new String(password); + System.setProperty("javax.net.ssl.keyStorePassword", pw); //$NON-NLS-1$ + + keystoreContainer = Optional + .ofNullable(KeyStoreManager.getInstance().getKeyStore(System.getProperty("javax.net.ssl.keyStore"), //$NON-NLS-1$ + System.getProperty("javax.net.ssl.keyStorePassword"), //$NON-NLS-1$ + KeyStoreFormat.valueOf(System.getProperty("javax.net.ssl.keyStoreType")))); //$NON-NLS-1$ + if ((keystoreContainer.isEmpty()) || (!(KeyStoreManager.getInstance().isKeyStoreInitialized()))) { + JOptionPane.showMessageDialog(null,"Incorrect Password",null, + JOptionPane.ERROR_MESSAGE);//$NON-NLS-1$ + System.clearProperty("javax.net.ssl.keyStorePassword"); //$NON-NLS-1$ + pword.setText("");//$NON-NLS-1$ + } else { + PublishPasswordUpdate.getInstance().publishMessage(pw); + break; + } + } else { + break; + } + } + return pw; + } +} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/identification/PublishPasswordUpdate.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/identification/PublishPasswordUpdate.java new file mode 100644 index 00000000000..5afafaaee8e --- /dev/null +++ b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/identification/PublishPasswordUpdate.java @@ -0,0 +1,75 @@ +/******************************************************************************* + * Copyright (c) 2025 Eclipse Platform, Security Group and others. + * + * This program and the accompanying materials + * are made available under the terms of the Eclipse Public License 2.0 + * which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + * + * Contributors: + * Eclipse Platform - initial API and implementation + *******************************************************************************/ + +package org.eclipse.core.security.identification; + +import java.util.ArrayList; +import java.util.List; +import java.util.concurrent.Flow.*; +import java.util.concurrent.Executors; +import java.util.concurrent.ExecutorService; + +import org.eclipse.core.security.ActivateSecurity; +import org.osgi.service.component.annotations.Component; +import org.osgi.service.component.annotations.Reference; +@Component(immediate = true) +public class PublishPasswordUpdate implements PublishPasswordUpdateIfc { + private static PublishPasswordUpdate INSTANCE; + private final ExecutorService executor = Executors.newFixedThreadPool(10); + private List> subscribers = new ArrayList<>(); + + private PublishPasswordUpdate() { + } + + public static PublishPasswordUpdate getInstance() { + if (INSTANCE == null) { + INSTANCE = new PublishPasswordUpdate(); + } + return INSTANCE; + } + + public void subscribe(Subscriber subscriber) { + subscribers.add(subscriber); + } + + public int getSubscriberCount() { + return subscribers.size(); + } + + public void publishMessage(String message) { + subscribers.forEach(subscriber -> { + executor.submit(() -> { + subscriber.onNext(message); + }); + }); + } + + public void close() { + subscribers.forEach(Subscriber::onComplete); + executor.shutdown(); + } + + @Reference + void bindSubscriberService(PublishPasswordUpdateIfc updateService) { + // Call the service and print out result! + //System.out.println("Current time on remote is: " + updateService.close()); + System.out.println("SUBSCRIBER COUNT:"+updateService.getSubscriberCount()); + ActivateSecurity.getInstance().log("PublishPasswordUpdate bindSubscriberService"); + } + + // Called by DS upon ITimeService undiscovery + void unbindSubscriberService(PublishPasswordUpdateIfc updateService) { + System.out.println("Undiscovered ITimeService via DS. Instance=" + updateService); + } +} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/identification/PublishPasswordUpdateIfc.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/identification/PublishPasswordUpdateIfc.java new file mode 100644 index 00000000000..e0f24788ad3 --- /dev/null +++ b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/identification/PublishPasswordUpdateIfc.java @@ -0,0 +1,25 @@ +/******************************************************************************* + * Copyright (c) 2025 Eclipse Platform, Security Group and others. + * + * This program and the accompanying materials + * are made available under the terms of the Eclipse Public License 2.0 + * which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + * + * Contributors: + * Eclipse Platform - initial API and implementation + *******************************************************************************/ +package org.eclipse.core.security.identification; + +import java.util.concurrent.Flow.Publisher; +import java.util.concurrent.Flow.Subscriber; + +public interface PublishPasswordUpdateIfc extends Publisher{ + + public void subscribe(Subscriber subscriber); + public int getSubscriberCount(); + public void publishMessage(String message); + public void close(); +} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/DotPkiPropertiesRequired.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/DotPkiPropertiesRequired.java new file mode 100644 index 00000000000..e67de8c2b6f --- /dev/null +++ b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/DotPkiPropertiesRequired.java @@ -0,0 +1,99 @@ +/******************************************************************************* + * Copyright (c) 2025 Eclipse Platform, Security Group and others. + * + * This program and the accompanying materials + * are made available under the terms of the Eclipse Public License 2.0 + * which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + * + * Contributors: + * Eclipse Platform - initial API and implementation + *******************************************************************************/ +package org.eclipse.core.security.incoming; + +import java.nio.channels.Channels; +import java.nio.channels.FileChannel; +import java.nio.channels.FileLock; +import java.nio.file.Files; +import java.nio.file.Path; +import java.nio.file.StandardOpenOption; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.LinkedList; +import java.util.List; +import java.util.Optional; +import java.util.Properties; +import java.util.Set; + +import org.eclipse.core.security.ActivateSecurity; + +public class DotPkiPropertiesRequired { + + private static DotPkiPropertiesRequired INSTANCE; + List list = get(); + private DotPkiPropertiesRequired() {} + + public static DotPkiPropertiesRequired getInstance() { + if (INSTANCE == null) { + INSTANCE = new DotPkiPropertiesRequired(); + } + return INSTANCE; + } + + public boolean testFile(Path path) { + Properties properties=new Properties(); + try { + if (Files.exists(path)) { + final FileChannel channel = FileChannel.open(path, StandardOpenOption.READ); + final FileLock lock = channel.lock(0L, Long.MAX_VALUE, true); + properties.load(Channels.newInputStream(channel)); + Set keys=properties.keySet(); + lock.close(); + for ( Object key: keys ) { + isProperty((String)key); + } + if ( list.isEmpty()) { + return true; + } else { + Optional pkiType = Optional.ofNullable(properties.get("javax.net.ssl.keyStoreType")); + if ( !(pkiType.isEmpty())) { + if (pkiType.get().toString().contains("12")) { //PKCS12 type. no cfg needed, no provider needed + isProperty("javax.net.ssl.cfgFileLocation"); + isProperty("javax.net.ssl.keyStoreProvider"); + } + } + if (!(list.isEmpty())) { + ActivateSecurity.getInstance().log("Missing properies;"+ list.toString());// $NON-NLS-1$ + return true; + } else { + return true; + } + } + } else { + ActivateSecurity.getInstance().log("NO PKI config file detected in $HOME/.eclipse");// $NON-NLS-1$ + } + + } catch (Exception e) { + e.printStackTrace(); + } + + return false; + } + private void isProperty(String s) { + if ( list.contains(s)) { + list.remove(s); + } + + } + private List get() { + List l = new LinkedList(); + l = Arrays.asList("javax.net.ssl.trustStore","javax.net.ssl.trustStoreType", + "javax.net.ssl.trustStorePassword","javax.net.ssl.keyStoreType", + "javax.net.ssl.keyStoreProvider","javax.net.ssl.cfgFileLocation", + "javax.net.ssl.keyStore"); + List list = new ArrayList(l); + return list; + } +} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/InBoundController.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/InBoundController.java new file mode 100644 index 00000000000..8fc219aa8f8 --- /dev/null +++ b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/InBoundController.java @@ -0,0 +1,66 @@ +/******************************************************************************* + * Copyright (c) 2023 Eclipse Platform, Security Group and others. + * + * This program and the accompanying materials + * are made available under the terms of the Eclipse Public License 2.0 + * which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + * + * Contributors: + * Eclipse Platform - initial API and implementation + *******************************************************************************/ +package org.eclipse.core.security.incoming; + +import java.security.KeyStore; +import java.util.Optional; + +import org.eclipse.core.security.ActivateSecurity; +import org.eclipse.core.security.managers.AuthenticationBase; +import org.eclipse.core.security.managers.KeyStoreManager; +import org.eclipse.core.security.managers.KeystoreSetup; +import org.eclipse.core.security.state.X509SecurityState; + +public class InBoundController { + private static InBoundController INSTANCE; + protected final String pin = "#Gone2Boat@Bay"; //$NON-NLS-1$ + Optional keystoreContainer = null;//$NON-NLS-1$ + protected static KeyStore keyStore = null;//$NON-NLS-1$ + private InBoundController() { + } + + public static InBoundController getInstance() { + if (INSTANCE == null) { + INSTANCE = new InBoundController(); + } + return INSTANCE; + } + + public void controller() { + Optional keystoreTypeContainer = null; + Optional decryptedPw; + /* + * First see if parameters were passed into eclipse via the command line -D + */ + keystoreTypeContainer = Optional.ofNullable(System.getProperty("javax.net.ssl.keyStoreType")); //$NON-NLS-1$ + + Optional testKeyContainer = Optional.ofNullable( + System.getProperty("core.key")); + if (!(testKeyContainer.isEmpty() )) { + String testKey = testKeyContainer.get().toString().trim(); + if (testKey.equalsIgnoreCase("eclipse.core.pki.testing")) { + return; + } + } + if (keystoreTypeContainer.isEmpty()) { + // + // Incoming parameter as -DkeystoreType was empty so CHECK in .pki file + // + + if (PublicKeySecurity.getInstance().isTurnedOn()) { + PublicKeySecurity.getInstance().getPkiPropertyFile(pin); + } + } + } +} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/IncomingSubscriber.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/IncomingSubscriber.java new file mode 100644 index 00000000000..a5b40306c12 --- /dev/null +++ b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/IncomingSubscriber.java @@ -0,0 +1,104 @@ +/******************************************************************************* + * Copyright (c) 2025 Eclipse Platform, Security Group and others. + * + * This program and the accompanying materials + * are made available under the terms of the Eclipse Public License 2.0 + * which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + * + * Contributors: + * Eclipse Platform - initial API and implementation + *******************************************************************************/ +package org.eclipse.core.security.incoming; + +import java.security.KeyStore; +import java.util.Optional; +import java.util.concurrent.Flow.Subscriber; +import java.util.concurrent.Flow.Subscription; + +import org.eclipse.core.security.ActivateSecurity; +import org.eclipse.core.security.managers.AuthenticationBase; +import org.eclipse.core.security.managers.KeyStoreManager; +import org.eclipse.core.security.managers.KeystoreSetup; +import org.eclipse.core.security.state.X509SecurityState; + +import org.eclipse.ecf.core.security.SSLContextFactory; + +import org.osgi.framework.BundleContext; +import org.osgi.util.tracker.ServiceTracker; + + +public class IncomingSubscriber implements Subscriber { + private static IncomingSubscriber INSTANCE; + protected final String pin = "#Gone2Boat@Bay"; //$NON-NLS-1$ + Optional keystoreContainer = null;//$NON-NLS-1$ + protected static KeyStore keyStore = null;//$NON-NLS-1$ + public static IncomingSubscriber getInstance() { + if (INSTANCE == null) { + INSTANCE = new IncomingSubscriber(); + } + return INSTANCE; + } + @Override + public void onSubscribe(Subscription subscription) { + } + @Override + public void onNext(Object item) { + publishedIncoming(); + } + public void publishedIncoming() { + Optional keystoreTypeContainer = null; + Optional decryptedPw; + ActivateSecurity.getInstance().log("IncomingSubscriber processing event."); + + if (IncomingSystemProperty.getInstance().checkType()) { + if (IncomingSystemProperty.getInstance().checkKeyStore(pin)) { + KeystoreSetup setup = KeystoreSetup.getInstance(); + if (X509SecurityState.getInstance().isTrustOn()) { + setup.installKeystore(); + setup.setPkiContext(); + } + if (X509SecurityState.getInstance().isPKCS12on()) { + setup.installKeystore(); + setup.setPkiContext(); + } + if (X509SecurityState.getInstance().isPKCS11on()) { + String pkcs11Pin = "";//$NON-NLS-1$ + ActivateSecurity.getInstance().log("Processing PKCS11 setup.");//$NON-NLS-1$ + + decryptedPw = Optional.ofNullable(System.getProperty("javax.net.ssl.keyStorePassword")); + if (!decryptedPw.isEmpty()) { + pkcs11Pin = decryptedPw.get(); + } + keystoreContainer = Optional + .ofNullable(AuthenticationBase.getInstance().initialize(pkcs11Pin.toCharArray()));// $NON-NLS-1$ + if (keystoreContainer.isEmpty()) { + ActivateSecurity.getInstance().log("Failed to Load a Keystore."); //$NON-NLS-1$ + X509SecurityState.getInstance().setPKCS11on(false); + System.clearProperty("javax.net.ssl.keyStoreType"); //$NON-NLS-1$ + System.clearProperty("javax.net.ssl.keyStore"); //$NON-NLS-1$ + System.clearProperty("javax.net.ssl.keyStoreProvider"); //$NON-NLS-1$ + System.clearProperty("javax.net.ssl.keyStorePassword"); //$NON-NLS-1$ + SecurityFileSnapshot.getInstance().restoreProperties(); + } else { + ActivateSecurity.getInstance().log("A Keystore and Password are detected."); //$NON-NLS-1$ + keyStore = keystoreContainer.get(); + KeyStoreManager.getInstance().setKeyStore(keyStore); + ActivateSecurity.getInstance().setKeyStoreLoaded(true); + setup.setPkiContext(); + } + } + } + } + } + @Override + public void onError(Throwable throwable) { + } + @Override + public void onComplete() { + + } + +} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/IncomingSystemProperty.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/IncomingSystemProperty.java new file mode 100644 index 00000000000..c1cc6625f5d --- /dev/null +++ b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/IncomingSystemProperty.java @@ -0,0 +1,112 @@ +/******************************************************************************* + * Copyright (c) 2025 Eclipse Platform, Security Group and others. + * + * This program and the accompanying materials + * are made available under the terms of the Eclipse Public License 2.0 + * which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + * + * Contributors: + * Eclipse Platform - initial API and implementation + *******************************************************************************/ +package org.eclipse.core.security.incoming; + +import java.util.Optional; +import org.eclipse.core.security.ActivateSecurity; +import org.eclipse.core.security.encryption.NormalizeGCM; +import org.eclipse.core.security.state.X509SecurityState; + +public class IncomingSystemProperty { + private static IncomingSystemProperty INSTANCE; + private IncomingSystemProperty() {} + public static IncomingSystemProperty getInstance() { + if (INSTANCE == null) { + INSTANCE = new IncomingSystemProperty(); + } + return INSTANCE; + } + + public boolean checkType() { + Optional type = null; + + type = Optional.ofNullable(System.getProperty("javax.net.ssl.keyStoreType")); //$NON-NLS-1$ + if (type.isEmpty()) { + ActivateSecurity.getInstance().log("Continue without javax.net.ssl.keyStoreType.");//$NON-NLS-1$ + X509SecurityState.getInstance().setTrustOn(true); + return true; + } + if (type.get().equalsIgnoreCase("PKCS11")) { //$NON-NLS-1$ + X509SecurityState.getInstance().setPKCS11on(true); + return true; + } + if (type.get().equalsIgnoreCase("PKCS12")) { //$NON-NLS-1$ + X509SecurityState.getInstance().setPKCS12on(true); + return true; + } + return false; + } + + public boolean checkKeyStore(String pin) { + byte[] salt = new byte[16]; + Optional keyStore = null; + Optional keyStorePassword = null; + Optional PasswordEncrypted = null; + Optional PasswordDecrypted = null; + keyStore = Optional.ofNullable(System.getProperty("javax.net.ssl.keyStore")); //$NON-NLS-1$ + if (keyStore.isEmpty()) { + X509SecurityState.getInstance().setPKCS11on(false); + X509SecurityState.getInstance().setPKCS12on(false); + //ActivateSecurity.getInstance().log("No Keystore is set, javax.net.ssl.keyStore."); //$NON-NLS-1$ + //return false; + } + keyStorePassword = Optional.ofNullable(System.getProperty("javax.net.ssl.keyStorePassword")); //$NON-NLS-1$ + if (keyStorePassword.isEmpty()) { + //ActivateSecurity.getInstance().log("A Keystore Password is required, javax.net.ssl.keyStorePassword"); //$NON-NLS-1$ + //return false; + } else { + PasswordDecrypted = Optional.ofNullable(System.getProperty("javax.net.ssl.decryptedPassword")); //$NON-NLS-1$ + PasswordEncrypted = Optional.ofNullable(System.getProperty("javax.net.ssl.encryptedPassword")); //$NON-NLS-1$ + if ((PasswordEncrypted.isEmpty()) || (!(PasswordDecrypted.isEmpty()))) { + // Password is not encrypted + } else { + if (PasswordEncrypted.get().toString().equalsIgnoreCase("true")) { //$NON-NLS-1$ + salt = new String(System.getProperty("user.name") + pin).getBytes(); //$NON-NLS-1$ + String passwd = NormalizeGCM.getInstance().decrypt(keyStorePassword.get().toString(), pin, + new String(salt)); + System.setProperty("javax.net.ssl.keyStorePassword", passwd); //$NON-NLS-1$ + } + } + } + return true; + } + + public boolean checkTrustStoreType() { + Optional type = null; + + type = Optional.ofNullable(System.getProperty("javax.net.ssl.trustStoreType")); //$NON-NLS-1$ + if (type.isEmpty()) { + ActivateSecurity.getInstance().log("No incoming javax.net.ssl.trustStoreType."); //$NON-NLS-1$ + return false; + } + return true; + + } + + public boolean checkTrustStore() { + Optional trustStore = null; + Optional trustStorePassword = null; + trustStore = Optional.ofNullable(System.getProperty("javax.net.ssl.trustStore")); //$NON-NLS-1$ + if (trustStore.isEmpty()) { + ActivateSecurity.getInstance().log("No truststore is set, javax.net.ssl.trustStore."); //$NON-NLS-1$ + return false; + } + trustStorePassword = Optional.ofNullable(System.getProperty("javax.net.ssl.trustStorePassword")); //$NON-NLS-1$ + if (trustStorePassword.isEmpty()) { + ActivateSecurity.getInstance().log("A truststore Password is required, javax.net.ssl.trustStorePassword."); //$NON-NLS-1$ + return false; + } + return true; + } +} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/PublicKeySecurity.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/PublicKeySecurity.java new file mode 100644 index 00000000000..d2092456481 --- /dev/null +++ b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/PublicKeySecurity.java @@ -0,0 +1,42 @@ +/******************************************************************************* + * Copyright (c) 2025 Eclipse Platform, Security Group and others. + * + * This program and the accompanying materials + * are made available under the terms of the Eclipse Public License 2.0 + * which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + * + * Contributors: + * Eclipse Platform - initial API and implementation + *******************************************************************************/ +package org.eclipse.core.security.incoming; + +import java.util.Properties; + +public class PublicKeySecurity { + + private static PublicKeySecurity INSTANCE; + protected byte[] salt = new byte[16]; + + private PublicKeySecurity() {} + public static PublicKeySecurity getInstance() { + if (INSTANCE == null) { + INSTANCE = new PublicKeySecurity(); + } + return INSTANCE; + } + + public boolean isTurnedOn() { + return SecurityFileSnapshot.getInstance().image(); + } + public void setupPKIfile() { + SecurityFileSnapshot.getInstance().createPKI(); + } + + public Properties getPkiPropertyFile(String pin) { + salt = new String(System.getProperty("user.name") + pin).getBytes(); //$NON-NLS-1$ + return SecurityFileSnapshot.getInstance().load(pin, new String(salt)); + } +} \ No newline at end of file diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/SecurityFileSnapshot.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/SecurityFileSnapshot.java new file mode 100644 index 00000000000..fff2b680809 --- /dev/null +++ b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/SecurityFileSnapshot.java @@ -0,0 +1,310 @@ +/******************************************************************************* + * Copyright (c) 2025 Eclipse Platform, Security Group and others. + * + * This program and the accompanying materials + * are made available under the terms of the Eclipse Public License 2.0 + * which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + * + * Contributors: + * Eclipse Platform - initial API and implementation + *******************************************************************************/ +package org.eclipse.core.security.incoming; + +import java.io.IOException; +import java.io.OutputStream; +import java.io.InputStream; +import java.nio.channels.Channels; +import java.nio.channels.FileChannel; +import java.nio.channels.FileLock; +import java.nio.charset.Charset; +import java.nio.file.FileSystems; +import java.nio.file.Files; +import java.nio.file.Path; +import java.nio.file.Paths; +import java.nio.file.StandardOpenOption; +import java.nio.file.attribute.PosixFileAttributeView; +import java.nio.file.attribute.PosixFilePermission; +import java.text.SimpleDateFormat; +import java.util.ArrayList; +import java.util.Date; +import java.util.Map.Entry; +import java.util.Optional; +import java.util.Properties; +import java.util.Set; + +import org.eclipse.core.security.ActivateSecurity; +import org.eclipse.core.security.encryption.NormalizeGCM; +import org.eclipse.core.security.encryption.SecureGCM; +import org.eclipse.core.security.encryption.SecurityOpRequest; +import org.eclipse.core.security.identification.PkiPasswordGrabberWidget; +import org.eclipse.core.security.identification.PublishPasswordUpdate; + +public class SecurityFileSnapshot { + + private static SecurityFileSnapshot INSTANCE; + Path pkiFile = null; + Path userM2Home = null; + Path userHome = null; + Path userDotEclipseHome = null; + Properties originalProperties = new Properties(); + public static final String DotEclipse = ".eclipse"; + public static final String USER_HOME = System.getProperty("user.home"); //$NON-NLS-1$ + + private SecurityFileSnapshot() {} + + public static SecurityFileSnapshot getInstance() { + if (INSTANCE == null) { + INSTANCE = new SecurityFileSnapshot(); + } + return INSTANCE; + } + public boolean image() { + /* + * CHeck if .pki file is present. + */ + try { + Optional eclipseHome = Optional.ofNullable(Files.exists(Paths.get(USER_HOME))); // $NON-NLS-1$ + if (!(eclipseHome.isEmpty())) { + if (Files.exists(Paths.get(USER_HOME + FileSystems.getDefault().getSeparator() + DotEclipse + + FileSystems.getDefault().getSeparator() + ".pki"))) { + + userDotEclipseHome = Paths.get(USER_HOME + FileSystems.getDefault().getSeparator() + DotEclipse + + FileSystems.getDefault().getSeparator() + ".pki"); + if (!DotPkiPropertiesRequired.getInstance().testFile(userDotEclipseHome)) { + TemplateForPKIfile.getInstance().setup(); + return false; + } + } else { + /* + * This would be the completion of this bundle, + * since no configuration has been detected + */ + ActivateSecurity.getInstance().log("NO PKI file detected");// $NON-NLS-1$ + /* + * Files.createFile(Paths.get(USER_HOME+ + * FileSystems.getDefault().getSeparator()+DotEclipse+ + * FileSystems.getDefault().getSeparator()+ ".pki")); + */ + TemplateForPKIfile.getInstance().setup(); + return false; + } + } + + } catch (Exception e1) { + e1.printStackTrace(); + } + + if (Files.exists(userDotEclipseHome)) { + ActivateSecurity.getInstance().log("A PKI config file detected;"+ userDotEclipseHome.toString());// $NON-NLS-1$ + return true; + } + return false; + } + public boolean createPKI() { + Optional eclipseHome = Optional.ofNullable(Files.exists(Paths.get(USER_HOME))); // $NON-NLS-1$ + if (!(eclipseHome.isEmpty())) { + if (!(Files.exists(Paths.get(USER_HOME + FileSystems.getDefault().getSeparator() + DotEclipse + + FileSystems.getDefault().getSeparator() + ".pki")))) { + String pkiFileFQN=USER_HOME + FileSystems.getDefault().getSeparator() + DotEclipse + + FileSystems.getDefault().getSeparator() + ".pki"; + + userDotEclipseHome = Paths.get(pkiFileFQN); + // create the PKI file + try { + Files.createFile(userDotEclipseHome); + } catch (IOException e) { + e.printStackTrace(); + } + isSecurityFileRequired(pkiFileFQN); + return true; + } else { + //PKI file already exists + return false; + } + } + return false; + } + + public Properties load(String password, String salt) { + Properties properties = new Properties(); + String passwd = null; + try { + IncomingSubscriber subscriber = IncomingSubscriber.getInstance(); + FileChannel fileChannel = FileChannel.open(userDotEclipseHome, StandardOpenOption.READ); + FileChannel updateChannel = FileChannel.open(userDotEclipseHome, StandardOpenOption.WRITE); + FileLock lock = fileChannel.lock(0L, Long.MAX_VALUE, true); + InputStream fileInputStream = Channels.newInputStream(fileChannel); + properties.load(fileInputStream); + originalProperties.putAll(properties); + for (Entry entry : properties.entrySet()) { + entry.setValue(entry.getValue().toString().trim()); + } + + Optional passwdContainer = Optional + .ofNullable(properties.getProperty("javax.net.ssl.keyStorePassword")); //$NON-NLS-1$ + Optional encryptedPasswd = Optional + .ofNullable(properties.getProperty("javax.net.ssl.encryptedPassword")); //$NON-NLS-1$ + if (passwdContainer.isEmpty()) { + Optional keyStoreContainer = Optional.ofNullable( + properties.getProperty("javax.net.ssl.keyStore")); //$NON-NLS-1$ + if (!(keyStoreContainer.isEmpty() )) { + System.setProperty("javax.net.ssl.keyStore", keyStoreContainer.get().toString().trim()); + } + Optional keyStoreTypeContainer = Optional.ofNullable( + properties.getProperty("javax.net.ssl.keyStoreType")); //$NON-NLS-1$ + if (!(keyStoreTypeContainer.isEmpty() )) { + String keyStoreType = keyStoreTypeContainer.get().toString().trim(); + if (keyStoreType.equalsIgnoreCase("PKCS12" )) { //$NON-NLS-1$ + System.setProperty("javax.net.ssl.keyStoreType", keyStoreType);//$NON-NLS-1$ + // get the passwd from console + //PokeInConsole.PASSWD.get(); + try { + try { + Optional testKeyContainer = Optional.ofNullable( + System.getProperty("core.key")); + if (!(testKeyContainer.isEmpty() )) { + String testKey = testKeyContainer.get().toString().trim(); + if (testKey.equalsIgnoreCase("eclipse.core.pki.testing")) { + return properties; + } + } + } catch (Exception e) { + e.printStackTrace(); + } + PublishPasswordUpdate.getInstance().subscribe(subscriber); + PkiPasswordGrabberWidget runner = PkiPasswordGrabberWidget.getInstance(); + Thread t1 = new Thread(runner); + t1.start(); + + } catch(Exception xe) { + // User may have said cancel + } + + + } else { + System.setProperty("javax.net.ssl.keyStorePassword", "");//$NON-NLS-1$ + } + } + } else { + if ((encryptedPasswd.isEmpty()) && (!(passwdContainer.isEmpty()))) { + + properties.setProperty("javax.net.ssl.encryptedPassword", "true"); //$NON-NLS-1$ //$NON-NLS-2$ + passwd = passwdContainer.get(); + properties.setProperty("javax.net.ssl.keyStorePassword", //$NON-NLS-1$ + SecureGCM.getInstance().encrypt(passwd, password, salt)); + OutputStream os = Channels.newOutputStream(updateChannel); + properties.save(os, null); + // After saving encrypted passwd to properties file, switch to unencrypted + properties.setProperty("javax.net.ssl.keyStorePassword", passwd); //$NON-NLS-1$ + SecurityOpRequest.getInstance().setConnected(true); + PublishPasswordUpdate.getInstance().publishMessage(passwd); + } else { + String ePasswd = passwdContainer.get(); + passwd = NormalizeGCM.getInstance().decrypt(ePasswd, password, salt); + System.setProperty("javax.net.ssl.decryptedPassword", "true"); //$NON-NLS-1$ //$NON-NLS-2$ + properties.setProperty("javax.net.ssl.keyStorePassword", passwd); //$NON-NLS-1$ + properties.setProperty("javax.net.ssl.decryptedPassword", "true"); //$NON-NLS-1$ //$NON-NLS-2$ + + } + subscriber.publishedIncoming(); + } + + properties.setProperty("javax.net.ssl.decryptedPassword", "true"); //$NON-NLS-1$ //$NON-NLS-2$ + + System.getProperties().putAll(properties); + + lock.release(); + ActivateSecurity.getInstance().log("Loaded PKI System Properties");// $NON-NLS-1$ + } catch (IOException e) { + e.printStackTrace(); + } + return properties; + } + + public void restoreProperties() { + try { + Files.deleteIfExists(userDotEclipseHome); + Files.createFile(userDotEclipseHome); + FileChannel updateChannel = FileChannel.open(userDotEclipseHome, StandardOpenOption.WRITE); + OutputStream os = Channels.newOutputStream(updateChannel); + String date = new SimpleDateFormat("dd-MM-yyyy").format(new Date()); + originalProperties.store(os, "Restored to Original:" + date); + os.flush(); + os.close(); + } catch (Exception e) { + e.printStackTrace(); + } + + } + + private static void isSecurityFileRequired(String securityFileLocation) { + Path dir = null; + StringBuilder sb = new StringBuilder(); + + try { + sb.append(securityFileLocation); + sb.append(FileSystems.getDefault().getSeparator()); + dir = Paths.get(sb.toString()); + try { + //just in case it hasnt been created yet + Files.createDirectories(dir); + } catch(Exception createFileErr) {} + + Path path = Paths.get(sb.toString()); + + if (!(path.toFile().exists())) { + Files.deleteIfExists(path); + Files.createFile(path); + Charset charset = Charset.forName("UTF-8");//$NON-NLS-1$ + ArrayList a = fileContents(); + if (FileSystems.getDefault().supportedFileAttributeViews().contains("posix")) { //$NON-NLS-1$ + PosixFileAttributeView posixAttributes = Files.getFileAttributeView(path, + PosixFileAttributeView.class); + Set permissions = posixAttributes.readAttributes().permissions(); + permissions.remove(PosixFilePermission.GROUP_READ); + posixAttributes.setPermissions(permissions); + Files.write(path, a, charset, StandardOpenOption.TRUNCATE_EXISTING); + + permissions.remove(PosixFilePermission.OWNER_WRITE); + posixAttributes.setPermissions(permissions); + } else { + Files.write(path, a, charset, StandardOpenOption.TRUNCATE_EXISTING); + Files.setAttribute(path, "dos:hidden", Boolean.valueOf(true));//$NON-NLS-1$ + } + } + + } catch (IOException e) { + e.printStackTrace(); + } + } + + private static ArrayList fileContents() { + + ArrayList a = new ArrayList<>(); + + try { + a.add("javax.net.ssl.trustStoreType=" + System.getProperty("javax.net.ssl.trustStoreType"));//$NON-NLS-1$ //$NON-NLS-2$ + a.add("javax.net.ssl.trustStorePassword=" + System.getProperty("javax.net.ssl.trustStorePassword"));//$NON-NLS-1$ //$NON-NLS-2$ + a.add("javax.net.ssl.trustStore=" + System.getProperty("javax.net.ssl.trustStore"));//$NON-NLS-1$ //$NON-NLS-2$ + a.add("");//$NON-NLS-1$ + + if (System.getProperty("javax.net.ssl.keyStoreType") != null) {//$NON-NLS-1$ + a.add("javax.net.ssl.keyStoreType=" + System.getProperty("javax.net.ssl.keyStoreType"));//$NON-NLS-1$ //$NON-NLS-2$ + a.add("javax.net.ssl.keyStore=" + System.getProperty("javax.net.ssl.keyStore")); //$NON-NLS-1$ //$NON-NLS-2$ + if (System.getProperty("javax.net.ssl.keyStoreType").equalsIgnoreCase("PKCS12")) { //$NON-NLS-1$ //$NON-NLS-2$ + + } else { + a.add("javax.net.ssl.keyStorePassword=");//$NON-NLS-1$ + a.add("javax.net.ssl.keyStoreProvider=" + System.getProperty("javax.net.ssl.keyStoreProvider")); //$NON-NLS-1$ //$NON-NLS-2$ + } + } + + } catch (Exception e) { + e.printStackTrace(); + } + return a; + } +} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/TemplateForPKIfile.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/TemplateForPKIfile.java new file mode 100644 index 00000000000..71356bd1e58 --- /dev/null +++ b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/TemplateForPKIfile.java @@ -0,0 +1,100 @@ +/******************************************************************************* + * Copyright (c) 2025 IBM Corporation and others. + * + * This program and the accompanying materials + * are made available under the terms of the Eclipse Public License 2.0 + * which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + * + * Contributors: + * IBM Corporation - initial API and implementation + *******************************************************************************/ +package org.eclipse.core.security.incoming; + +import java.io.IOException; +import java.nio.file.FileSystems; +import java.nio.file.Files; +import java.nio.file.Path; +import java.nio.file.Paths; +import java.nio.file.StandardOpenOption; + +public class TemplateForPKIfile { + + private static TemplateForPKIfile INSTANCE; + public final String hashTag = "############################################################"; //$NON-NLS-1$ + public final String shortHashTag = "################"; //$NON-NLS-1$ + public static final String DotEclipse = ".eclipse";//$NON-NLS-1$ + public final String USER_HOME = System.getProperty("user.home"); //$NON-NLS-1$ + Path userM2Home = null; + private TemplateForPKIfile() {} + public static TemplateForPKIfile getInstance() { + if (INSTANCE == null) { + INSTANCE = new TemplateForPKIfile(); + } + return INSTANCE; + } + public void setup() { + try { + Path path = Paths.get(USER_HOME+ + FileSystems.getDefault().getSeparator()+DotEclipse+ + FileSystems.getDefault().getSeparator()+ + "pki.template"); + if (!(Files.exists(path))) { + createTemplate(path); + } + } catch (Exception e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + + } + public void createTemplate(Path path) { + String editTag = "Edit this File, Save as .pki"; //$NON-NLS-1$ + try { + Files.createFile(path); + Files.write(path, (hashTag + System.lineSeparator()).getBytes(), StandardOpenOption.APPEND); + Files.write(path, (hashTag + System.lineSeparator()).getBytes(), StandardOpenOption.APPEND); + Files.write(path, shortHashTag.getBytes(), StandardOpenOption.APPEND); + Files.write(path, editTag.getBytes(), StandardOpenOption.APPEND); + Files.write(path, (shortHashTag + System.lineSeparator()).getBytes(), StandardOpenOption.APPEND); + Files.write(path, (hashTag + System.lineSeparator()).getBytes(), StandardOpenOption.APPEND); + Files.write(path, (hashTag + System.lineSeparator()).getBytes(), StandardOpenOption.APPEND); + Files.write(path, ((buildBuffer()) + System.lineSeparator()).getBytes(), StandardOpenOption.APPEND); + + } catch (IOException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + } + public String buildBuffer() { + StringBuilder b = new StringBuilder(); + b.append("javax.net.ssl.keyStore="); //$NON-NLS-1$ + b.append("[Fully quallified name of your Keystore File]"); //$NON-NLS-1$ + b.append(System.lineSeparator()); + b.append("javax.net.ssl.keyStorePassword="); //$NON-NLS-1$ + b.append("[Eclipse will encrypt this entry]"); //$NON-NLS-1$ + b.append(System.lineSeparator()); + b.append("javax.net.ssl.keyStoreType="); //$NON-NLS-1$ + b.append("[types allowed; PCKS11, PKCS12]"); //$NON-NLS-1$ + b.append(System.lineSeparator()); + b.append("javax.net.ssl.keyStoreProvider="); //$NON-NLS-1$ + b.append("[SunPKCS11, PKCS12]"); //$NON-NLS-1$ + b.append(System.lineSeparator()); + b.append("javax.net.ssl.trustStore="); //$NON-NLS-1$ + b.append("[Fully quallified name of your Truststore File]"); //$NON-NLS-1$ + b.append(System.lineSeparator()); + b.append("javax.net.ssl.trustStorePassword="); //$NON-NLS-1$ + b.append(System.lineSeparator()); + b.append("javax.net.ssl.trustStoreType="); //$NON-NLS-1$ + b.append(System.lineSeparator()); + b.append(hashTag); + b.append(System.lineSeparator()); + return b.toString(); + } + + public static void main(String[] args) { + TemplateForPKIfile.getInstance().setup(); + } +} \ No newline at end of file diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/AuthenticationBase.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/AuthenticationBase.java new file mode 100644 index 00000000000..be1b64c6c78 --- /dev/null +++ b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/AuthenticationBase.java @@ -0,0 +1,286 @@ +/******************************************************************************* + * Copyright (c) 2025 Eclipse Platform, Security Group and others. + * + * This program and the accompanying materials + * are made available under the terms of the Eclipse Public License 2.0 + * which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + * + * Contributors: + * Eclipse Platform - initial API and implementation + *******************************************************************************/ +package org.eclipse.core.security.managers; + +import java.lang.reflect.Method; +import java.nio.file.Files; +import java.nio.file.Paths; +import java.security.InvalidParameterException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchProviderException; +import java.security.Provider; +import java.security.ProviderException; +import java.security.SecureRandom; +import java.security.Security; +import java.util.ArrayList; +import java.util.Optional; + +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.KeyManager; +import javax.net.ssl.SSLContext; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; + +import org.eclipse.core.security.ActivateSecurity; +import org.eclipse.core.security.util.EclipseKeyStoreCollection; + + +public class AuthenticationBase implements AuthenticationService { + + private static AuthenticationBase INSTANCE; + protected SSLContext sslContext; + protected String pin; + static KeyStore.PasswordProtection pp = new KeyStore.PasswordProtection("".toCharArray()); //$NON-NLS-1$ + protected boolean is9; + protected String pkiProvider = "SunPKCS11"; // or could be FIPS provider :SunPKCS11-FIPS //$NON-NLS-1$ + protected String providerName = null; + protected String cfgDirectory = null; + protected String fingerprint; + KeyStore keyStore = null; + private AuthenticationBase() {} + public static AuthenticationBase getInstance() { + if (INSTANCE == null) { + INSTANCE = new AuthenticationBase(); + } + return INSTANCE; + } + + @Override + public KeyStore initialize(char[] p) { + pp = new KeyStore.PasswordProtection(p); + String pin = new String(p); + try { + + OptionalkeyStoreContainer = Optional.ofNullable(configure()); + if (keyStoreContainer.isEmpty() ) { + return null; + } else { + keyStore=keyStoreContainer.get(); + } + try { + /* + * Only load the store if the pin is a valuye other than the default setting of + * "pin" Otherwise the store will be preloaded by the default loading of the + * keystore, dynamically + */ + if (!(pin.equalsIgnoreCase("pin"))) { //$NON-NLS-1$ + PkiCallbackHandler pkiCB = new PkiCallbackHandler(); + PkiLoadParameter lp = new PkiLoadParameter(); + lp.setWaitForSlot(true); + lp.setProtectionParameter(pp); + + lp.setEventHandler(pkiCB); + keyStore.load(lp); + sslContext=AuthenticationBase.INSTANCE.setSSLContext(keyStore); + ActivateSecurity.getInstance().log("SSL context PROTOCOL:"+sslContext.getProtocol()); //$NON-NLS-1$ + } + + } catch (Exception e) { + /* + * An incorrect PiN could have been entered. AND thats OK, they can try again. + */ + ActivateSecurity.getInstance().log("Unable to load KeyStore, Bad Pin?"); //$NON-NLS-1$ + return null; + } + System.setProperty("javax.net.ssl.keyStoreProvider", "SunPKCS11"); //$NON-NLS-1$ //$NON-NLS-2$ + System.setProperty("https.protocols", "TLSv1.1,TLSv1.2,TLSv1.3"); //$NON-NLS-1$ //$NON-NLS-2$ + } catch (Exception e) { + e.printStackTrace(); + } + /* + * Set the context AFTER you set the keystore... + */ + return keyStore; + } + + private KeyStore configure() { + Optional configurationDirectory = null; + OptionalproviderContainer = null; + Provider prototype = null; + String securityProvider = null; + KeyStore keyStore = null; + String errorMessage=null; + is9 = true; + + configurationDirectory = Optional.ofNullable(System.getProperty("javax.net.ssl.cfgFileLocation")); //$NON-NLS-1$ + if (configurationDirectory.isEmpty()) { + // Where is it for Windoz + //TBD: find default setting + setCfgDirectory(new String("/etc/opensc")); //$NON-NLS-1$ + } else { + setCfgDirectory(configurationDirectory.get().toString()); + } + + if (Files.exists(Paths.get(getCfgDirectory()))) { + ActivateSecurity.getInstance().log("PKCS11 configure DIR:" + getCfgDirectory()); //$NON-NLS-1$ + providerContainer=Optional.ofNullable( + System.getProperty("javax.net.ssl.keyStoreProvider")); //$NON-NLS-1$ + if (providerContainer.isEmpty() ) { + securityProvider = pkiProvider; + } else { + securityProvider = providerContainer.get().toString(); + } + prototype = Security.getProvider(securityProvider); + if (prototype == null) { + ActivateSecurity.getInstance().log("Configuring PKCS11 Provider not found."); //$NON-NLS-1$ + } + + try { + Provider provider = prototype.configure(getCfgDirectory()); + providerName = provider.getName(); + Security.addProvider(provider); + keyStore = KeyStore.getInstance("pkcs11", provider.getName() ); //$NON-NLS-1$ + setPkiProvider(provider.getName()); + } catch (KeyStoreException e) { + errorMessage=e.getMessage()+" Problem loading the keystore."; + } catch (InvalidParameterException e) { + errorMessage=e.getMessage()+" You have provided an invalid parameter."; + } catch (UnsupportedOperationException e) { + errorMessage=e.getMessage()+" Operation is not supported at this time."; + } catch (NullPointerException e) { + errorMessage=e.getMessage()+" A Null Pointer was found."; + } catch (NoSuchProviderException e) { + errorMessage=e.getMessage()+" The PKCS11 provider could not be found."; + } catch (ProviderException e) { + errorMessage=e.getMessage()+" No PKCS11 Configuration found."; + } + Optional errorContainer = Optional.ofNullable(errorMessage); + if ( !(errorContainer.isEmpty())) { + Security.removeProvider(providerName); + ActivateSecurity.getInstance().log(errorMessage); //$NON-NLS-1$ + } + } + return keyStore; + } + public KeyStore getKeyStore() { + return keyStore; + } + + public SSLContext getSSLContext() { + return this.sslContext; + } + + + public boolean isPkcs11Setup() { + + if ((getCfgDirectory() !=null ) && ( getPkiProvider() != null)) { + return true; + } + return false; + + } + + public SSLContext setSSLContext(KeyStore keyStore) { + + try { + sslContext = SSLContext.getInstance("TLSv1.3"); //$NON-NLS-1$ + + Optional PKIXtrust = ConfigureTrust.getInstance().setUp(); + if (PKIXtrust.isEmpty()) { + ActivateSecurity.getInstance().log("Invalid TrustManager Initialization."); //$NON-NLS-1$ + } else { + + KeyManager[] km = new KeyManager[] { KeyStoreManager.getInstance() }; + TrustManager[] tm = new TrustManager[] { ConfigureTrust.getInstance() }; + + sslContext.init(km, tm, new SecureRandom()); + SSLContext.setDefault(sslContext); + HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory()); + } + } catch (Exception e) { + e.printStackTrace(); + } + return sslContext; + } + + public String getPkiProvider() { + return pkiProvider; + } + + public void setPkiProvider(String pkiProvider) { + this.pkiProvider = pkiProvider; + } + + public boolean isJava9() { + return is9; + } + + public String getFingerprint() { + return fingerprint; + } + + public static void setFingerprint(String fingerprint) { + AuthenticationBase.INSTANCE.fingerprint = fingerprint; + } + + public KeyManager getCustomKeyManager(KeyStore keyStore) { + CustomKeyManager keyManager = null; + try { + keyManager = new CustomKeyManager(keyStore, "".toCharArray(), null); //$NON-NLS-1$ + keyManager.setSelectedFingerprint(getFingerprint()); + } catch (Exception e) { + e.printStackTrace(); + } + return keyManager; + } + public ArrayList getList() { + return EclipseKeyStoreCollection.getInstance().getList(keyStore); + } + + public boolean isJavaModulesBased() { + try { + Class.forName("java.lang.Module"); //$NON-NLS-1$ + return true; + } catch (ClassNotFoundException e) { + return false; + } + } + + public String getCfgDirectory() { + return cfgDirectory; + } + + public void setCfgDirectory(String cfgDirectory) { + this.cfgDirectory = cfgDirectory; + } + public String getPin() { + return pin; + } + public void setPin(String pin) { + this.pin = pin; + pp = new KeyStore.PasswordProtection(pin.toCharArray()); + } + public void logoff() { + try { + + } catch (Exception e) { + e.printStackTrace(); + } + + } + public boolean login() { + Provider provider = Security.getProvider(getPkiProvider()); + if ( provider != null) { + + try { + provider.clear(); + return true; + } catch (SecurityException e) { + e.printStackTrace(); + } + } + return false; + } +} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/AuthenticationService.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/AuthenticationService.java new file mode 100644 index 00000000000..77be2b5bf7a --- /dev/null +++ b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/AuthenticationService.java @@ -0,0 +1,20 @@ +/******************************************************************************* + * Copyright (c) 2023 Eclipse Platform, Security Group and others. + * + * This program and the accompanying materials + * are made available under the terms of the Eclipse Public License 2.0 + * which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + * + * Contributors: + * Eclipse Platform - initial API and implementation + *******************************************************************************/ +package org.eclipse.core.security.managers; + +import java.security.KeyStore; + +public interface AuthenticationService { + public KeyStore initialize(char[] p); +} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/ConfigureTrust.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/ConfigureTrust.java new file mode 100644 index 00000000000..885f033be3e --- /dev/null +++ b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/ConfigureTrust.java @@ -0,0 +1,123 @@ +/******************************************************************************* + * Copyright (c) 2025 Eclipse Platform, Security Group and others. + * + * This program and the accompanying materials + * are made available under the terms of the Eclipse Public License 2.0 + * which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + * + * Contributors: + * Eclipse Platform - initial API and implementation + *******************************************************************************/ +package org.eclipse.core.security.managers; + +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.IOException; +import java.io.InputStream; +import java.nio.file.FileSystems; +import java.nio.file.Files; +import java.nio.file.Paths; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; +import java.util.Optional; + +import javax.net.ssl.TrustManager; +import javax.net.ssl.TrustManagerFactory; +import javax.net.ssl.X509TrustManager; + +import org.eclipse.core.security.ActivateSecurity; + +public class ConfigureTrust implements X509TrustManager { + + private static ConfigureTrust INSTANCE; + protected X509TrustManager pkixTrustManager = null; + private ConfigureTrust() {} + public static ConfigureTrust getInstance() { + if (INSTANCE == null) { + INSTANCE = new ConfigureTrust(); + } + return INSTANCE; + } + + public Optional setUp() { + KeyStore keyStore = null; + String storeLocation = null; + String trustType = null; + String passwd = "changeit"; //$NON-NLS-1$ + try { + Optional trustStoreFile = Optional.ofNullable(System.getProperty("javax.net.ssl.trustStore")); //$NON-NLS-1$ + if (trustStoreFile.isEmpty()) { + storeLocation = System.getProperty("java.home") + //$NON-NLS-1$ + "/lib/security/cacerts" //$NON-NLS-1$ + .replace("/", FileSystems.getDefault().getSeparator()); //$NON-NLS-1$ + } else { + storeLocation = trustStoreFile.get().toString(); + } + InputStream fs = Files.newInputStream(Paths.get(storeLocation)); + + Optional trustStoreFileType = Optional + .ofNullable(System.getProperty("javax.net.ssl.trustStoreType")); //$NON-NLS-1$ + if (trustStoreFileType.isEmpty()) { + trustType = KeyStore.getDefaultType(); + } else { + trustType = trustStoreFileType.get().toString(); + } + keyStore = KeyStore.getInstance(trustType); + + Optional trustStorePassword = Optional + .ofNullable(System.getProperty("javax.net.ssl.trustStorePassword")); //$NON-NLS-1$ + if (trustStorePassword.isEmpty()) { + ActivateSecurity.getInstance().log("ConfigureTrust using default Password since none provided."); //$NON-NLS-1$ + passwd="changeit"; + } else { + passwd = trustStorePassword.get().toString(); + } + + keyStore.load(fs, passwd.toCharArray()); + + TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX"); //$NON-NLS-1$ + tmf.init(keyStore); + TrustManager tms[] = tmf.getTrustManagers(); + for (TrustManager tm : tms) { + if (tm instanceof X509TrustManager) { + pkixTrustManager = (X509TrustManager) tm; + ActivateSecurity.getInstance().log("Initialization PKIX Trust Manager Complete"); //$NON-NLS-1$ + break; + } + } + } catch (NoSuchAlgorithmException e) { + ActivateSecurity.getInstance().log("ConfigureTrust - No algorithm found."); //$NON-NLS-1$ + } catch (KeyStoreException e) { + ActivateSecurity.getInstance().log("ConfigureTrust - Initialize keystore Error. "); //$NON-NLS-1$ + } catch (FileNotFoundException e) { + ActivateSecurity.getInstance().log("ConfigureTrust - No File Found:"); //$NON-NLS-1$ + } catch (CertificateException e) { + ActivateSecurity.getInstance().log("ConfigureTrust - Certificate Error"); //$NON-NLS-1$ + } catch (IOException e) { + ActivateSecurity.getInstance().log("ConfigureTrust - I/O Error, bad password?"); //$NON-NLS-1$ + } + return Optional.ofNullable(pkixTrustManager); + } + + @Override + public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { + pkixTrustManager.checkClientTrusted(chain, authType); + } + + @Override + public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { + pkixTrustManager.checkServerTrusted(chain, authType); + } + + @Override + public X509Certificate[] getAcceptedIssuers() { + return pkixTrustManager.getAcceptedIssuers(); + + } +} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/CustomKeyManager.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/CustomKeyManager.java new file mode 100644 index 00000000000..c500d14b147 --- /dev/null +++ b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/CustomKeyManager.java @@ -0,0 +1,217 @@ +/******************************************************************************* + * Copyright (c) 2025 Eclipse Platform, Security Group and others. + * + * This program and the accompanying materials + * are made available under the terms of the Eclipse Public License 2.0 + * which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + * + * Contributors: + * Eclipse Platform - initial API and implementation + *******************************************************************************/ +package org.eclipse.core.security.managers; + +import java.net.InetAddress; +import java.net.Socket; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.Principal; +import java.security.PrivateKey; +import java.security.UnrecoverableKeyException; +import java.security.cert.Certificate; +import java.security.cert.CertificateExpiredException; +import java.security.cert.CertificateNotYetValidException; +import java.security.cert.X509Certificate; +import java.util.Enumeration; +import java.util.HashMap; + +import javax.net.ssl.X509ExtendedKeyManager; +import javax.net.ssl.X509KeyManager; + +import org.eclipse.core.security.identification.FingerprintX509; + +public class CustomKeyManager extends X509ExtendedKeyManager implements X509KeyManager { + private static final int KEY_ENCIPHERMENT = 2; + private static final int DIGITAL_SIGNATURE = 0; + private KeyStore keyStore; + private char[] password; + protected static String selectedFingerprint = "NOTSET"; //$NON-NLS-1$ + + public CustomKeyManager(KeyStore keyStore, char[] passwd, HashMap hosts) { + this.keyStore=keyStore; + this.setPassword(new String(passwd).toCharArray()); + } + + @Override + public String chooseClientAlias(String[] arg0, Principal[] arg1, Socket arg2) { + // TODO Auto-generated method stub + String message = "Presenting X509 fingerprint:"; //$NON-NLS-1$ + String amessage = " using certificate alias:"; //$NON-NLS-1$ + StringBuilder sb=new StringBuilder(); + String selectedAlias=null; + String alias = null; + String fingerprint=null; + boolean isOK=true; + + try { + + + Enumeration aliases = this.keyStore.aliases(); + sb.append(message); + while ( aliases.hasMoreElements() ) { + alias = aliases.nextElement(); + if ( this.getPrivateKey(alias) != null ) { + X509Certificate x509 = (X509Certificate) this.keyStore.getCertificate(alias); + try { + x509.checkValidity(); + if (!(isKeyEncipherment(x509.getKeyUsage()))) { + fingerprint = FingerprintX509.getInstance().getFingerPrint(x509, "MD5"); //$NON-NLS-1$ + + if ( getSelectedFingerprint() != null ) { + if (getSelectedFingerprint().equals("NOTSET")) { //$NON-NLS-1$ + setSelectedFingerprint(fingerprint); + } + } else { + setSelectedFingerprint(fingerprint); + } + if ( getSelectedFingerprint().equals(fingerprint)) { + isOK=true; + selectedAlias=alias; + sb.append(fingerprint); + sb.append(amessage); + sb.append(alias); + message = sb.toString(); + break; + } + } + } catch (CertificateExpiredException e) { + + System.err.println("KeyManager: Please remove EXPIRED certificate:" + alias //$NON-NLS-1$ + + " using your pkcs11 Manager."); //$NON-NLS-1$ + } catch (CertificateNotYetValidException e) { + System.err.println("KeyManager: Please check invalid certificate:" + alias //$NON-NLS-1$ + + " using your pkcs11 Manager."); //$NON-NLS-1$ + } + } + } + } catch (Exception e) { + e.printStackTrace(); + } + if (!(isOK)) { + message = (selectedAlias == null) ? "PKI misconfiguration. Please check pkcs11" : message + selectedAlias; //$NON-NLS-1$ + System.out.println("KeyManager: " + message); //$NON-NLS-1$ + } + return selectedAlias; + } + private static boolean isDigitalSignature(boolean[] ba) { + if ( ba != null) { + + return ba[DIGITAL_SIGNATURE]; + } else { + return false; + } + } + + private static boolean isKeyEncipherment(boolean[] ba) { + if ( ba != null) { + + return ba[KEY_ENCIPHERMENT]; + } else { + return false; + } + } + + @Override + public String chooseServerAlias(String arg0, Principal[] arg1, Socket arg2) { + return null; + } + + @Override + public X509Certificate[] getCertificateChain(String alias) { + + X509Certificate[] X509Certs=null; + X509Certificate X509Cert=null; + try { + Certificate[] certificates = this.keyStore.getCertificateChain(alias); + if ( certificates != null ) { + X509Certs = new X509Certificate[ certificates.length ]; + for(int i=0; i < certificates.length; i++) { + X509Cert= (X509Certificate ) certificates[i]; + if (!(isKeyEncipherment(X509Cert.getKeyUsage()))) { + X509Certs[i] = X509Cert; + } else { + if ((isKeyEncipherment(X509Cert.getKeyUsage())) && alias.contains("PKI")) { //$NON-NLS-1$ + X509Certs[i] = X509Cert; + } + } + } + + } else { + X509Cert = (X509Certificate) this.keyStore.getCertificate(alias); + if ( X509Cert != null ) { + X509Certs = new X509Certificate[1]; + if (isDigitalSignature(X509Cert.getKeyUsage()) ) { + X509Certs[0] = X509Cert; + } else { + if (alias.contains("PKI")) { //$NON-NLS-1$ + X509Certs[0] = X509Cert; + } + } + } + + } + + } catch (Exception e) { + e.printStackTrace(); + } + try { + X509Certs = new X509Certificate[1]; + X509Certs[0] = (X509Certificate) this.keyStore.getCertificate(alias); + } catch (KeyStoreException e) { + e.printStackTrace(); + } + return X509Certs; + } + + @Override + public String[] getClientAliases(String arg0, Principal[] arg1) { + return new String[] {chooseClientAlias(null, arg1, null) }; + } + + @Override + public PrivateKey getPrivateKey(String alias) { + PrivateKey privateKey = null; + try { + privateKey = (PrivateKey) keyStore.getKey(alias, "".toCharArray()); //$NON-NLS-1$ + } catch (UnrecoverableKeyException e) { + e.printStackTrace(); + } catch (KeyStoreException e) { + e.printStackTrace(); + } catch (NoSuchAlgorithmException e) { + e.printStackTrace(); + } + return privateKey; + } + + @Override + public String[] getServerAliases(String arg0, Principal[] arg1) { + return null; + } + public static String getSelectedFingerprint() { + return selectedFingerprint; + } + public void setSelectedFingerprint(String selectedFingerprint) { + CustomKeyManager.selectedFingerprint = selectedFingerprint; + } + + public char[] getPassword() { + return password; + } + + public void setPassword(char[] password) { + this.password = password; + } +} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/KeyStoreManager.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/KeyStoreManager.java new file mode 100644 index 00000000000..3909b9d7cd0 --- /dev/null +++ b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/KeyStoreManager.java @@ -0,0 +1,437 @@ +/******************************************************************************* + * Copyright (c) 2023 Eclipse Platform, Security Group and others. + * + * This program and the accompanying materials + * are made available under the terms of the Eclipse Public License 2.0 + * which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + * + * Contributors: + * Eclipse Platform - initial API and implementation + *******************************************************************************/ +package org.eclipse.core.security.managers; + +import java.nio.file.Files; +import java.nio.file.Path; +import java.nio.file.Paths; +import java.io.BufferedInputStream; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.IOException; +import java.io.InputStream; +import java.net.Socket; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.Principal; +import java.security.PrivateKey; +import java.security.UnrecoverableKeyException; +import java.security.cert.Certificate; +import java.security.cert.CertificateException; +import java.security.cert.CertificateExpiredException; +import java.security.cert.CertificateNotYetValidException; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.Enumeration; +import java.util.Hashtable; +import javax.net.ssl.X509KeyManager; + +import org.eclipse.core.security.ActivateSecurity; +import org.eclipse.core.security.identification.FingerprintX509; +import org.eclipse.core.security.util.KeyStoreFormat; + +public class KeyStoreManager implements X509KeyManager { + private static KeyStoreManager INSTANCE; + protected final int KEY_ENCIPHERMENT = 2; + protected final int DIGITAL_SIGNATURE = 0; + protected boolean isKeyStoreInitialized = false; + protected String selectedFingerprint = "NOSET"; //$NON-NLS-1$ + protected KeyStore keyStore = null; + private KeyStoreManager() {} + public static KeyStoreManager getInstance() { + if (INSTANCE == null) { + INSTANCE = new KeyStoreManager(); + } + return INSTANCE; + } + + public KeyStore getKeyStore(String fileLocation, String password, KeyStoreFormat format) { + InputStream in = null; + try { + + try { + Path p = Paths.get(fileLocation); + in = Files.newInputStream(p); + + keyStore = KeyStore.getInstance(format.getValue()); + keyStore.load(in, password.toCharArray()); + + setKeyStoreInitialized(true); + } catch (FileNotFoundException e) { + ActivateSecurity.getInstance().log("Configure KeyStore - No File Found:"); //$NON-NLS-1$ + } catch (KeyStoreException e) { + ActivateSecurity.getInstance().log("Configure KeyStore - Initialize keystore, bad password?"); //$NON-NLS-1$ + } catch (NoSuchAlgorithmException e) { + ActivateSecurity.getInstance().log("Configure KeyStore - No algorithm found from provider."); //$NON-NLS-1$ + } catch (CertificateException e) { + ActivateSecurity.getInstance().log("Configure KeyStore - Certificate Error."); //$NON-NLS-1$ + } catch (IOException e) { + ActivateSecurity.getInstance().log("Configure KeyStore - I/O Error, bad password?"); //$NON-NLS-1$ + } + if ( keyStore != null) { + return keyStore; + } + return null; + } finally { + try { + in.close(); + } catch (IOException e) { + e.printStackTrace(); + } + } + } + + /** + * Returns a KeyStore object loaded from provided {@link InputStream} and decrypted with given password + * @param in + * @param password + * @param format "JKS", "PKCS12", "PKCS11" + * @throws NoSuchAlgorithmException + * @throws CertificateException + * @throws IOException + */ + + public KeyStore getKeyStore(InputStream in, String password, KeyStoreFormat format) + throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException { + + keyStore = KeyStore.getInstance(format.getValue()); + char pwd[] = null; + if(password != null) + pwd = password.toCharArray(); + + keyStore.load(in, pwd); + return keyStore; + + } + + public KeyStore getKeyStore(KeyStoreFormat format) + throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, NoSuchProviderException { + + String pin = ""; //$NON-NLS-1$ + KeyStore.PasswordProtection pp = new KeyStore.PasswordProtection(pin.toCharArray()); + keyStore = KeyStore.getInstance("pkcs11", "SunPKCS11"); //$NON-NLS-1$ //$NON-NLS-2$ + try { + keyStore.load(null, pp.getPassword()); + setKeyStoreInitialized(true); + } catch (IOException e) { + /* + * User may have pressed the cancel button. + */ + keyStore = null; + } + return keyStore; + } + + public KeyStore getKeyStore() { + return keyStore; + } + public void setKeyStore(KeyStore keyStore) { + this.keyStore=keyStore; + setKeyStoreInitialized(true); + } + + public Hashtable getCertificates(KeyStore keyStore) { + + Hashtable table = new Hashtable<>(); + PrivateKey privateKey=null; + + try { + if (isKeyStoreInitialized()) { + Enumeration aliasesEnum = keyStore.aliases(); + while (aliasesEnum.hasMoreElements()) + { + String alias = aliasesEnum.nextElement(); + X509Certificate certificate = (X509Certificate) keyStore.getCertificate(alias); + try { + if ( isDigitalSignature(certificate.getKeyUsage()) ) { + privateKey = (PrivateKey) keyStore.getKey(alias, null); + if ( privateKey != null) { + table.put(certificate, privateKey); + } + } + } catch (UnrecoverableKeyException e) { + e.printStackTrace(); + } + } + } + } catch (KeyStoreException e) { + e.printStackTrace(); + } catch (NoSuchAlgorithmException e) { + e.printStackTrace(); + } + + return table; + + } + + public ArrayList getAliases(KeyStore keyStore) { + + ArrayListaliasList = new ArrayList<>(); + try { + Enumeration aliasesEnum = keyStore.aliases(); + while (aliasesEnum.hasMoreElements()) + { + String alias = aliasesEnum.nextElement(); + X509Certificate certificate = (X509Certificate) keyStore.getCertificate(alias); + try { + if ( isDigitalSignature(certificate.getKeyUsage()) ) { + aliasList.add(alias); + } + + } catch (Exception e) { + e.printStackTrace(); + } + } + } catch (KeyStoreException e) { + e.printStackTrace(); + } catch (Exception e) { + e.printStackTrace(); + } + + return aliasList; + + } + public boolean checkUserKeystorePass(String certPath, String password, String certType) + { + StringBuilder message = new StringBuilder(); + message.append("Problem reading your certificate. \n\r \n\r"); //$NON-NLS-1$ + + KeyStore keyStore; + try { + InputStream in = null; + + in = new FileInputStream(certPath); + in = new BufferedInputStream(in); + + keyStore = KeyStore.getInstance(certType); + char pwd[] = null; + if (password != null) + pwd = password.toCharArray(); + + keyStore.load(in, pwd); + + getAliases(keyStore); + return true; + + } catch (KeyStoreException e) { + message.append("The selected file does not appear "); //$NON-NLS-1$ + message.append("to be a valid PKCS file. Please "); //$NON-NLS-1$ + message.append("select a different file and/or "); //$NON-NLS-1$ + message.append("check the logs for more information."); //$NON-NLS-1$ + ActivateSecurity.getInstance().log(message.toString()); //$NON-NLS-1$ + } catch (NoSuchAlgorithmException e) { + message.append("An unexpected error '"); //$NON-NLS-1$ + message.append(e.getClass().getName()); + message.append("' occurred: "); //$NON-NLS-1$ + message.append(e.getMessage()); + message.append(" Please select a different file and/or "); //$NON-NLS-1$ + message.append("check the logs for more information."); //$NON-NLS-1$ + ActivateSecurity.getInstance().log(message.toString()); //$NON-NLS-1$ + } catch (CertificateException e) { + message.append("Either your password was incorrect or the "); //$NON-NLS-1$ + message.append("the selected file is corrupt. Please try "); //$NON-NLS-1$ + message.append("a different password or PKCS file."); //$NON-NLS-1$ + ActivateSecurity.getInstance().log(message.toString()); //$NON-NLS-1$ + } catch (IOException e) { + if (e.getCause().toString().contains("FailedLoginException")) { //$NON-NLS-1$ + message.append("\tYou entered an incorrect password. \n\r"); //$NON-NLS-1$ + message.append("\tPlease check your password and re-enter it. \n\r \n\r"); //$NON-NLS-1$ + ActivateSecurity.getInstance().log(message.toString()); //$NON-NLS-1$ + } else { + + message.append("Either your password was incorrect or the "); //$NON-NLS-1$ + message.append("selected file is corrupt. Please try "); //$NON-NLS-1$ + message.append("a different password or PKCS file."); //$NON-NLS-1$ + ActivateSecurity.getInstance().log(message.toString()); //$NON-NLS-1$ + } + } + return false; + } + + @Override + public String[] getClientAliases(String keyType, Principal[] issuers) { + return new String[] { chooseClientAlias(null, issuers, null) }; + } + + @Override + public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) { + String message = "Presenting X509 fingerprint:"; //$NON-NLS-1$ + String amessage = " using certificate alias:"; //$NON-NLS-1$ + StringBuilder sb = new StringBuilder(); + String selectedAlias = "testX509"; + String alias = null; + String fingerprint = null; + boolean isOK = true; + + try { + + Enumeration aliases = this.keyStore.aliases(); + sb.append(message); + while (aliases.hasMoreElements()) { + alias = aliases.nextElement(); + ActivateSecurity.getInstance().log(amessage.toString()+alias); //$NON-NLS-1$ + if (this.getPrivateKey(alias) != null) { + X509Certificate x509 = (X509Certificate) this.keyStore.getCertificate(alias); + try { + x509.checkValidity(); + if (!(isKeyEncipherment(x509.getKeyUsage()))) { + fingerprint = FingerprintX509.getInstance().getFingerPrint(x509, "SHA-256"); //$NON-NLS-1$ + if (getSelectedFingerprint() != null) { + if (getSelectedFingerprint().equals("NOTSET")) { //$NON-NLS-1$ + setSelectedFingerprint(fingerprint); + } + } else { + setSelectedFingerprint(fingerprint); + } + if (getSelectedFingerprint().equals(fingerprint)) { + isOK = true; + selectedAlias = alias; + sb.append(fingerprint); + sb.append(amessage); + sb.append(alias); + message = sb.toString(); + break; + } + } else { + ActivateSecurity.getInstance().log(amessage.toString()+alias); //$NON-NLS-1$ + selectedAlias = "testX509"; + } + } catch (CertificateExpiredException e) { + ActivateSecurity.getInstance().log("KeyManager: Please remove EXPIRED certificate:" + alias //$NON-NLS-1$ + + " using your pkcs11 Manager."); //$NON-NLS-1$ + } catch (CertificateNotYetValidException e) { + ActivateSecurity.getInstance().log("KeyManager: Please check invalid certificate:" + alias //$NON-NLS-1$ + + " using your pkcs11 Manager."); //$NON-NLS-1$ + } + } + } + } catch (Exception e) { + e.printStackTrace(); + } + if (!(isOK)) { + message = (selectedAlias == null) ? "PKI misconfiguration. Please check " : message + selectedAlias; //$NON-NLS-1$ + ActivateSecurity.getInstance().log("KeyManager: "+ message); //$NON-NLS-1$ + } + return selectedAlias; + } + + public boolean isKeyStoreInitialized() { + return isKeyStoreInitialized; + } + + private void setKeyStoreInitialized(boolean isKeyStoreInitialized) { + this.isKeyStoreInitialized = isKeyStoreInitialized; + } + + private boolean isDigitalSignature(boolean[] ba) { + if (ba != null) { + + return ba[DIGITAL_SIGNATURE]; + } else { + return false; + } + } + + private boolean isKeyEncipherment(boolean[] ba) { + if (ba != null) { + + return ba[KEY_ENCIPHERMENT]; + } else { + return false; + } + } + + @Override + public String[] getServerAliases(String keyType, Principal[] issuers) { + return null; + } + + @Override + public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) { + return null; + } + + @Override + public X509Certificate[] getCertificateChain(String alias) { + X509Certificate[] X509Certs = null; + X509Certificate X509Cert = null; + try { + Certificate[] certificates = this.keyStore.getCertificateChain(alias); + if (certificates != null) { + X509Certs = new X509Certificate[certificates.length]; + for (int i = 0; i < certificates.length; i++) { + X509Cert = (X509Certificate) certificates[i]; + if (!(isKeyEncipherment(X509Cert.getKeyUsage()))) { + X509Certs[i] = X509Cert; + } else { + if ((isKeyEncipherment(X509Cert.getKeyUsage())) && alias.contains("PKI")) { //$NON-NLS-1$ + X509Certs[i] = X509Cert; + } + } + } + + } else { + X509Cert = (X509Certificate) this.keyStore.getCertificate(alias); + if (X509Cert != null) { + X509Certs = new X509Certificate[1]; + if (isDigitalSignature(X509Cert.getKeyUsage())) { + X509Certs[0] = X509Cert; + } else { + if (alias.contains("PKI")) { //$NON-NLS-1$ + X509Certs[0] = X509Cert; + } + } + } + + } + + } catch (Exception e) { + e.printStackTrace(); + } + ActivateSecurity.getInstance().log("KeyStoreManager CERTIFICATE CHAIN COUNT:" + X509Certs.length); //$NON-NLS-1$ + try { + X509Certs = new X509Certificate[1]; + X509Certs[0] = (X509Certificate) this.keyStore.getCertificate(alias); + } catch (KeyStoreException e) { + e.printStackTrace(); + } + ActivateSecurity.getInstance().log("CustomKeyManager CERTIFICATE CHAIN COUNT:" + X509Certs.length); //$NON-NLS-1$ + return X509Certs; + } + + public String getSelectedFingerprint() { + return selectedFingerprint; + } + + public void setSelectedFingerprint(String selectedFingerprint) { + this.selectedFingerprint = selectedFingerprint; + } + @Override + public PrivateKey getPrivateKey(String alias) { + PrivateKey privateKey = null; + try { + String passwd = System.getProperty("javax.net.ssl.keyStorePassword"); + privateKey = (PrivateKey) keyStore.getKey(alias, passwd.toCharArray()); //$NON-NLS-1$ + } catch (UnrecoverableKeyException e) { + e.printStackTrace(); + } catch (KeyStoreException e) { + e.printStackTrace(); + } catch (NoSuchAlgorithmException e) { + e.printStackTrace(); + } + return privateKey; + } +} \ No newline at end of file diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/KeystoreSetup.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/KeystoreSetup.java new file mode 100644 index 00000000000..25a06dd8f68 --- /dev/null +++ b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/KeystoreSetup.java @@ -0,0 +1,222 @@ +/******************************************************************************* + * Copyright (c) 2025 Eclipse Platform, Security Group and others. + * + * This program and the accompanying materials + * are made available under the terms of the Eclipse Public License 2.0 + * which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + * + * Contributors: + * Eclipse Platform - initial API and implementation + *******************************************************************************/ +package org.eclipse.core.security.managers; + + +import java.util.Optional; +import java.io.File; +import java.util.Collection; +import java.util.Enumeration; +import java.util.List; +import java.util.Properties; +import java.security.Provider; +import java.security.SecureRandom; +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.KeyManager; +import javax.net.ssl.SSLContext; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; +import java.security.KeyManagementException; +import java.security.KeyStore; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.cert.Certificate; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; +import org.eclipse.core.runtime.RegistryFactory; +import org.eclipse.core.runtime.spi.RegistryStrategy; +import org.eclipse.core.security.ActivateSecurity; +import org.eclipse.core.security.incoming.IncomingSystemProperty; +import org.eclipse.core.security.incoming.SecurityFileSnapshot; +import org.eclipse.core.security.state.X509SecurityState; +import org.eclipse.core.security.util.KeyStoreFormat; +import org.eclipse.core.security.util.PKIProperties; +import org.eclipse.core.security.managers.KeyStoreManager; +import org.eclipse.core.security.managers.ConfigureTrust; +import org.eclipse.core.runtime.IExtensionRegistry; +import org.eclipse.core.resources.ResourcesPlugin; +import org.eclipse.core.runtime.Platform; +import org.eclipse.core.runtime.CoreException; + + + +import org.osgi.framework.BundleContext; +import org.osgi.util.tracker.ServiceTracker; + +public class KeystoreSetup { + static boolean isPkcs11Installed = false; + static boolean isKeyStoreLoaded = false; + PKIProperties pkiInstance = null; + Properties pkiProperties = null; + SSLContext sslContext = null; + protected static KeyStore keyStore = null; + private static final int DIGITAL_SIGNATURE = 0; + private static final int KEY_CERT_SIGN = 5; + private static final int CRL_SIGN = 6; + + private static KeystoreSetup INSTANCE; + private KeystoreSetup() {} + public static KeystoreSetup getInstance() { + if(INSTANCE == null) { + INSTANCE = new KeystoreSetup(); + } + return INSTANCE; + } + public void installKeystore() { + Optional keystoreContainer = null; + + try { + + keystoreContainer = Optional.ofNullable( + KeyStoreManager.getInstance().getKeyStore(System.getProperty("javax.net.ssl.keyStore"), //$NON-NLS-1$ + System.getProperty("javax.net.ssl.keyStorePassword"), //$NON-NLS-1$ + KeyStoreFormat.valueOf(System.getProperty("javax.net.ssl.keyStoreType")))); //$NON-NLS-1$ + + if ((keystoreContainer.isEmpty()) || (!(KeyStoreManager.getInstance().isKeyStoreInitialized()))) { + ActivateSecurity.getInstance().log("Failed to Load a Keystore."); //$NON-NLS-1$ + X509SecurityState.getInstance().setPKCS12on(false); + System.clearProperty("javax.net.ssl.keyStoreType"); //$NON-NLS-1$ + System.clearProperty("javax.net.ssl.keyStore"); //$NON-NLS-1$ + System.clearProperty("javax.net.ssl.keyStoreProvider"); //$NON-NLS-1$ + System.clearProperty("javax.net.ssl.keyStorePassword"); //$NON-NLS-1$ + //SecurityFileSnapshot.getInstance().restoreProperties(); + } else { + ActivateSecurity.getInstance().log("A Keystore and Password are detected."); //$NON-NLS-1$ + keyStore = keystoreContainer.get(); + setKeyStoreLoaded(true); + } + } catch (Exception e) { + ActivateSecurity.getInstance().log("Exception Loading a Keystore:"+e.getMessage()); //$NON-NLS-1$ + } + } + public void setPkiContext() { + TrustManager[] tm=null; + KeyManager[] km = null; + if (IncomingSystemProperty.getInstance().checkTrustStoreType()) { + ActivateSecurity.getInstance().log("Activating TrustManager Initialization."); //$NON-NLS-1$ + if ((IncomingSystemProperty.getInstance().checkTrustStore())) { + X509SecurityState.getInstance().setTrustOn(true); + Optional PKIXtrust = ConfigureTrust.getInstance().setUp(); + if (PKIXtrust.isEmpty()) { + ActivateSecurity.getInstance().log("Invalid TrustManager Initialization."); //$NON-NLS-1$ + return; + } + tm = new TrustManager[] { ConfigureTrust.getInstance() }; + ActivateSecurity.getInstance().log("TrustManager Initialization Done."); //$NON-NLS-1$ + } else { + ActivateSecurity.getInstance().log("Invalid TrustManager Initialization."); //$NON-NLS-1$ + return; + } + } + + if (isKeyStoreLoaded()) { + if (KeyStoreManager.getInstance().isKeyStoreInitialized()) { + ActivateSecurity.getInstance().log("A KeyStore detected."); //$NON-NLS-1$ + try { + km = new KeyManager[] { KeyStoreManager.getInstance() }; + } catch (Exception e) { + ActivateSecurity.getInstance().log("No such Algorithm Initialization Error."); //$NON-NLS-1$ + } + } else { + ActivateSecurity.getInstance().log("Valid KeyStore not found."); //$NON-NLS-1$ + } + } + activateSecureContext(km,tm); + } + public void activateSecureContext( KeyManager[] km, TrustManager[] tm ) { + try { + + SSLContext ctx = SSLContext.getInstance("TLS");//$NON-NLS-1$ + ctx.init(km, tm, null); + SSLContext.setDefault(ctx); + HttpsURLConnection.setDefaultSSLSocketFactory(ctx.getSocketFactory()); + setSSLContext(ctx); + pkiInstance = PKIProperties.getInstance(); + pkiInstance.load(); + ActivateSecurity.getInstance().setSSLContext(ctx); + setUserEmail(); + + + //ActivateSecurity.getInstance().completeSecureContext(); + //sslContextFactory.getDefault().setDefault(ctx); + + + + ActivateSecurity.getInstance().log("SSLContextFactory has been configured with SSLContext default."); //$NON-NLS-1$ + } catch (KeyManagementException e) { + e.printStackTrace(); + } catch (NoSuchAlgorithmException e) { + e.printStackTrace(); + } + } + public SSLContext getSSLContext() { + return INSTANCE.sslContext; + } + + public void setSSLContext(SSLContext context) { + this.sslContext = context; + } + public boolean isKeyStoreLoaded() { + return ActivateSecurity.getInstance().isKeyStoreLoaded(); + } + + private void setKeyStoreLoaded(boolean isKeyStoreLoaded) { + ActivateSecurity.getInstance().setKeyStoreLoaded(isKeyStoreLoaded); + } + private void setUserEmail() { + try { + Enumeration en = keyStore.aliases(); + while (en.hasMoreElements()) { + String alias = en.nextElement(); + // System.out.println(" " + alias); + Certificate cert = keyStore.getCertificate(alias); + if (cert.getType().equalsIgnoreCase("X.509")) { + X509Certificate X509 = (X509Certificate) cert; + + // + // we need to make sure this is a digital certificate instead of a server + // cert or something + // + if (isDigitalSignature(X509.getKeyUsage())) { + Collection> altnames = X509.getSubjectAlternativeNames(); + if (altnames != null) { + for (List item : altnames) { + Integer type = (Integer) item.get(0); + if (type == 1) + try { + String userEmail = item.toArray()[1].toString(); + System.setProperty("mail.smtp.user", userEmail); + } catch (Exception e) { + e.printStackTrace(); + } + } + } + + } + + } + } + } catch (Exception err) { + + } + } + + private static boolean isDigitalSignature(boolean[] ba) { + if (ba != null) { + return ba[DIGITAL_SIGNATURE] && !ba[KEY_CERT_SIGN] && !ba[CRL_SIGN]; + } else { + return false; + } + } +} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/PkiCallbackHandler.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/PkiCallbackHandler.java new file mode 100644 index 00000000000..ac7086ed5d1 --- /dev/null +++ b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/PkiCallbackHandler.java @@ -0,0 +1,29 @@ +/******************************************************************************* + * Copyright (c) 2025 Eclipse Platform, Security Group and others. + * + * This program and the accompanying materials + * are made available under the terms of the Eclipse Public License 2.0 + * which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + * + * Contributors: + * Eclipse Platform - initial API and implementation + ****/ +package org.eclipse.core.security.managers; + +import java.io.IOException; + +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.UnsupportedCallbackException; + +public class PkiCallbackHandler implements CallbackHandler { + + @Override + public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { + + } + +} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/PkiLoadParameter.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/PkiLoadParameter.java new file mode 100644 index 00000000000..fb80a0d330c --- /dev/null +++ b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/PkiLoadParameter.java @@ -0,0 +1,75 @@ +/******************************************************************************* + * Copyright (c) 2025 Eclipse Platform, Security Group and others. + * + * This program and the accompanying materials + * are made available under the terms of the Eclipse Public License 2.0 + * which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + * + * Contributors: + * Eclipse Platform - initial API and implementation + *******************************************************************************/ +package org.eclipse.core.security.managers; + +import java.security.KeyStore.LoadStoreParameter; +import java.security.KeyStore.ProtectionParameter; + +import javax.security.auth.callback.CallbackHandler; + +public class PkiLoadParameter implements LoadStoreParameter{ + ProtectionParameter protectionParameter; + ProtectionParameter SOProtectionParameter; + CallbackHandler eventHandler; + boolean waitForSlot; + Long slotId; + boolean writeEnabled; + @Override + public ProtectionParameter getProtectionParameter() { + return protectionParameter; + } + public ProtectionParameter getSOProtectionParameter() { + return SOProtectionParameter; + } + + public void setSOProtectionParameter(ProtectionParameter sOProtectionParameter) { + SOProtectionParameter = sOProtectionParameter; + } + + public CallbackHandler getEventHandler() { + return eventHandler; + } + + public void setEventHandler(CallbackHandler eventHandler) { + this.eventHandler = eventHandler; + } + + public boolean isWaitForSlot() { + return waitForSlot; + } + + public void setWaitForSlot(boolean waitForSlot) { + this.waitForSlot = waitForSlot; + } + + public Long getSlotId() { + return slotId; + } + + public void setSlotId(Long slotId) { + this.slotId = slotId; + } + + public boolean isWriteEnabled() { + return writeEnabled; + } + + public void setWriteEnabled(boolean writeEnabled) { + this.writeEnabled = writeEnabled; + } + + public void setProtectionParameter(ProtectionParameter protectionParameter) { + this.protectionParameter = protectionParameter; + } +} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/state/X509SecurityState.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/state/X509SecurityState.java new file mode 100644 index 00000000000..cbd3eedd09e --- /dev/null +++ b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/state/X509SecurityState.java @@ -0,0 +1,47 @@ +/******************************************************************************* + * Copyright (c) 2025 Eclipse Platform, Security Group and others. + * + * This program and the accompanying materials + * are made available under the terms of the Eclipse Public License 2.0 + * which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + * + * Contributors: + * Eclipse Platform - initial API and implementation + *******************************************************************************/ +package org.eclipse.core.security.state; + +public class X509SecurityState { + private static X509SecurityState INSTANCE; + private boolean isPKCS11on=false; + private boolean isPKCS12on=false; + private boolean isTrustOn=false; + private X509SecurityState() {} + public static X509SecurityState getInstance() { + if(INSTANCE == null) { + INSTANCE = new X509SecurityState(); + } + return INSTANCE; + } + + public boolean isPKCS11on() { + return isPKCS11on; + } + public void setPKCS11on(boolean isPKCS11on) { + this.isPKCS11on = isPKCS11on; + } + public boolean isPKCS12on() { + return isPKCS12on; + } + public void setPKCS12on(boolean isPKCS12on) { + this.isPKCS12on = isPKCS12on; + } + public boolean isTrustOn() { + return isTrustOn; + } + public void setTrustOn(boolean isTrustOn) { + this.isTrustOn = isTrustOn; + } +} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/util/EclipseKeyStoreCollection.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/util/EclipseKeyStoreCollection.java new file mode 100644 index 00000000000..2ae77cec806 --- /dev/null +++ b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/util/EclipseKeyStoreCollection.java @@ -0,0 +1,87 @@ +/******************************************************************************* + * Copyright (c) 2025 Eclipse Platform, Security Group and others. + * + * This program and the accompanying materials + * are made available under the terms of the Eclipse Public License 2.0 + * which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + * + * Contributors: + * Eclipse Platform - initial API and implementation + *******************************************************************************/ +package org.eclipse.core.security.util; + +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.UnrecoverableKeyException; +import java.security.cert.CertificateExpiredException; +import java.security.cert.CertificateNotYetValidException; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.Enumeration; + + +public class EclipseKeyStoreCollection { + private static EclipseKeyStoreCollection INSTANCE; + protected final int DIGITAL_SIGNATURE=0; + private final int KEY_ENCIPHERMENT = 2; + protected static PKIProperties pkiProperties=PKIProperties.getInstance();; + private EclipseKeyStoreCollection() {} + public static EclipseKeyStoreCollection getInstance() { + if (INSTANCE == null) { + INSTANCE = new EclipseKeyStoreCollection(); + } + return INSTANCE; + } + public ArrayList getList(KeyStore keyStore) { + ArrayList list = new ArrayList(); + try { + String alias=null; + Enumeration aliases = keyStore.aliases(); + while (aliases.hasMoreElements()) { + alias = (String) aliases.nextElement(); + X509Certificate certificate = (X509Certificate) keyStore.getCertificate(alias); + certificate.checkValidity(); + if ( isDigitalSignature(certificate.getKeyUsage()) ) { + PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, null); + if ( privateKey != null) { + list.add( alias ); + } + } + } + } catch (KeyStoreException e) { + e.printStackTrace(); + } catch (CertificateExpiredException e) { + e.printStackTrace(); + } catch (CertificateNotYetValidException e) { + e.printStackTrace(); + } catch (UnrecoverableKeyException e) { + e.printStackTrace(); + } catch (NoSuchAlgorithmException e) { + e.printStackTrace(); + } + + return list; + + } + private boolean isDigitalSignature(boolean[] ba) { + if ( ba != null) { + + return ba[DIGITAL_SIGNATURE]; + } else { + return false; + } + } + private boolean isKeyEncipherment(boolean[] ba) { + if ( ba != null) { + + return ba[KEY_ENCIPHERMENT]; + } else { + return false; + } + } +} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/util/KeyStoreFormat.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/util/KeyStoreFormat.java new file mode 100644 index 00000000000..ad9035a08b7 --- /dev/null +++ b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/util/KeyStoreFormat.java @@ -0,0 +1,33 @@ +/******************************************************************************* + * Copyright (c) 2025 Eclipse Platform, Security Group and others. + * + * This program and the accompanying materials + * are made available under the terms of the Eclipse Public License 2.0 + * which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + * + * Contributors: + * Eclipse Platform - initial API and implementation + *******************************************************************************/ +package org.eclipse.core.security.util; + +public enum KeyStoreFormat +{ + JKS("JKS"), //$NON-NLS-1$ + PKCS12("PKCS12"), //$NON-NLS-1$ + PKCS11("PKCS11"); //$NON-NLS-1$ + + private String value; + + KeyStoreFormat (String value) + { + this.value = value; + } + + public String getValue() + { + return value; + } +} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/util/PKI.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/util/PKI.java new file mode 100644 index 00000000000..b2e9535ee74 --- /dev/null +++ b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/util/PKI.java @@ -0,0 +1,92 @@ +/******************************************************************************* + * Copyright (c) 2025 Eclipse Platform, Security Group and others. + * + * This program and the accompanying materials + * are made available under the terms of the Eclipse Public License 2.0 + * which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + * + * Contributors: + * Eclipse Platform - initial API and implementation + *******************************************************************************/ +package org.eclipse.core.security.util; + +public class PKI { + private String keyStore = ""; //$NON-NLS-1$ + private String keyStoreType = ""; //$NON-NLS-1$ + private String keyStoreProvider = ""; //$NON-NLS-1$ + private transient String keyStorePassword = ""; //$NON-NLS-1$ + private boolean isSecureStorage=false; + public PKI() {} + public String getKeyStore() { + return keyStore; + } + public void setKeyStore(String keyStore) { + this.keyStore = keyStore; + } + public String getKeyStoreType() { + return keyStoreType; + } + public void setKeyStoreType(String keyStoreType) { + this.keyStoreType = keyStoreType; + } + public String getKeyStoreProvider() { + return keyStoreProvider; + } + public void setKeyStoreProvider(String keyStoreProvider) { + this.keyStoreProvider = keyStoreProvider; + } + public String getKeyStorePassword() { + return keyStorePassword; + } + public void setKeyStorePassword(String keyStorePassword) { + this.keyStorePassword = keyStorePassword; + } + + public boolean isSecureStorage() { + return isSecureStorage; + } + public void setSecureStorage(boolean isSecureStorage) { + this.isSecureStorage = isSecureStorage; + } + public void reSetSystem() { + try { + if ( this.getKeyStore() != null ) { + System.setProperty("javax.net.ssl.keyStore", this.getKeyStore()); //$NON-NLS-1$ + } else { + System.clearProperty("javax.net.ssl.keyStore"); //$NON-NLS-1$ + } + + if ( this.getKeyStoreType() != null ) { + System.setProperty("javax.net.ssl.keyStoreType", this.getKeyStoreType()); //$NON-NLS-1$ + } else { + System.clearProperty("javax.net.ssl.keyStoreType"); //$NON-NLS-1$ + } + + if( this.getKeyStoreProvider() != null) { + // System.out.println("PKI - CLEARING keystoreprovider"); //$NON-NLS-1$ + if ( this.getKeyStoreProvider().isEmpty()) { + System.clearProperty("javax.net.ssl.keyStoreProvider"); //$NON-NLS-1$ + } else { + if (this.getKeyStoreType().equalsIgnoreCase("PKCS12")) { //$NON-NLS-1$ + System.clearProperty("javax.net.ssl.keyStoreProvider"); //$NON-NLS-1$ + } else { + System.setProperty("javax.net.ssl.keyStoreProvider", this.getKeyStoreProvider()); //$NON-NLS-1$ + } + } + } else { + System.clearProperty("javax.net.ssl.keyStoreProvider"); //$NON-NLS-1$ + } + + if ( this.getKeyStorePassword() != null) { + System.setProperty("javax.net.ssl.keyStorePassword", getKeyStorePassword()); //$NON-NLS-1$ + } else { + System.clearProperty("javax.net.ssl.keyStorePassword"); //$NON-NLS-1$ + } + } catch(Exception e) { + e.printStackTrace(); + } + } +} \ No newline at end of file diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/util/PKIProperties.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/util/PKIProperties.java new file mode 100644 index 00000000000..5b7653ab7bb --- /dev/null +++ b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/util/PKIProperties.java @@ -0,0 +1,186 @@ +/******************************************************************************* + * Copyright (c) 2025 Eclipse Platform, Security Group and others. + * + * This program and the accompanying materials + * are made available under the terms of the Eclipse Public License 2.0 + * which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + * + * Contributors: + * Eclipse Platform - initial API and implementation + *******************************************************************************/ +package org.eclipse.core.security.util; + +import java.net.Authenticator; +import java.net.PasswordAuthentication; +import java.util.Optional; + +public class PKIProperties extends Authenticator { + + private String keyStore = ""; //$NON-NLS-1$ + private String keyStoreType = ""; //$NON-NLS-1$ + private String keyStoreProvider = ""; //$NON-NLS-1$ + private String username = null; + private transient String keyStorePassword = ""; //$NON-NLS-1$ + private static PKI lastPKI=null; + private static PKIProperties sslProperties=null; + public static PKIProperties getNewInstance() { + return new PKIProperties(); + } + public static PKIProperties getInstance() { + if ( sslProperties == null ) { + synchronized(PKIProperties.class) { + if ( sslProperties == null ) { + sslProperties = new PKIProperties(); + try { + sslProperties.load(); + } catch(Exception ignoreException) { + ignoreException.printStackTrace(); + } + } + } + } + return sslProperties; + } + private PKIProperties() {} + @Override + public PasswordAuthentication getPasswordAuthentication() { + PasswordAuthentication auth = null; + + try { + auth = new PasswordAuthentication(this.getUsername(), this.getKeyStorePassword().toCharArray() ); + } catch (Exception e) { + e.printStackTrace(); + } + + return auth; + } + public String getKeyStore() { + return keyStore; + } + public void setKeyStore(String keyStore) { + this.keyStore = keyStore; + } + public String getKeyStoreType() { + return keyStoreType; + } + public void setKeyStoreType(String keyStoreType) { + this.keyStoreType = keyStoreType; + } + public String getKeyStoreProvider() { + return keyStoreProvider; + } + public void setKeyStoreProvider(String keyStoreProvider) { + this.keyStoreProvider = keyStoreProvider; + } + public String getKeyStorePassword() { + return keyStorePassword; + } + public void setKeyStorePassword(String keyStorePassword) { + this.keyStorePassword = keyStorePassword; + } + public String getUsername() { + return username; + } + public void setUsername(String username) { + this.username = username; + } + public void restore() { + try { + if (( this.getKeyStore() != null ) && + ( this.getKeyStoreType() != null ) && + ( this.getKeyStoreProvider() != null) && + ( this.getKeyStorePassword() != null) ) { + + if ( !(this.getKeyStore().isEmpty()) ) { + System.setProperty("javax.net.ssl.keyStore", this.getKeyStore()); //$NON-NLS-1$ + } + + if ( !(this.getKeyStoreType().isEmpty()) ) { + System.setProperty("javax.net.ssl.keyStoreType", this.getKeyStoreType()); //$NON-NLS-1$ + } + + if ( !(this.getKeyStoreProvider().isEmpty() )) { + System.setProperty("javax.net.ssl.keyStoreProvider", this.getKeyStoreProvider()); //$NON-NLS-1$ + } + + if ( !(this.getKeyStorePassword().isEmpty() )) { + if ( lastPKI != null ) { + if ( lastPKI.getKeyStorePassword().isEmpty() ) { + System.clearProperty("javax.net.ssl.keyStorePassword"); //$NON-NLS-1$ + } + } else { + System.setProperty("javax.net.ssl.keyStorePassword", getKeyStorePassword()); //$NON-NLS-1$ + } + } + } else { + clear(); + } + + } catch (Exception e) { + e.printStackTrace(); + } + } + public void load() { + Optional keyStoreType = null; + Optional keyStore = null; + Optional keyStorePassword = null; + Optional keyStoreProvider = null; + keyStore = Optional.ofNullable(System.getProperty("javax.net.ssl.keyStore")); //$NON-NLS-1$ + if (keyStore.isEmpty()) { + sslProperties.setKeyStore(""); //$NON-NLS-1$ + } else { + sslProperties.setKeyStore(keyStore.get().toString()); + } + + keyStoreType = Optional.ofNullable(System.getProperty("javax.net.ssl.keyStoreType")); //$NON-NLS-1$ + if (keyStoreType.isEmpty()) { + sslProperties.setKeyStoreType(""); //$NON-NLS-1$ + } else { + sslProperties.setKeyStoreType(keyStoreType.get().toString()); + } + keyStoreProvider = Optional.ofNullable(System.getProperty("javax.net.ssl.keyStoreProvider")); //$NON-NLS-1$ + if (keyStoreProvider.isEmpty()) { + sslProperties.setKeyStoreProvider(""); //$NON-NLS-1$ + } else { + sslProperties.setKeyStoreProvider(keyStoreType.get().toString()); + if (sslProperties.getKeyStoreType().equalsIgnoreCase("pkcs12")) {//$NON-NLS-1$ + System.clearProperty("javax.net.ssl.keyStoreProvider"); //$NON-NLS-1$ + sslProperties.setKeyStoreProvider(""); //$NON-NLS-1$ + } + } + + + keyStorePassword = Optional.ofNullable(System.getProperty("javax.net.ssl.keyStorePassword")); //$NON-NLS-1$ + if (keyStoreType.isEmpty()) { + sslProperties.setKeyStorePassword(""); //$NON-NLS-1$ + } else { + sslProperties.setKeyStorePassword(keyStorePassword.get().toString()); + } + + sslProperties.setUsername(System.getProperty("user.name")); //$NON-NLS-1$ + } + public void setLastPkiValue( PKI pki ) { + lastPKI = pki; + } + public void clear() { + System.clearProperty("javax.net.ssl.keyStoreProvider"); //$NON-NLS-1$ + System.clearProperty("javax.net.ssl.keyStore"); //$NON-NLS-1$ + System.clearProperty("javax.net.ssl.keyStoreProvider"); //$NON-NLS-1$ + System.clearProperty("javax.net.ssl.keyStorePassword"); //$NON-NLS-1$ + } + public void dump() { + StringBuffer sb = new StringBuffer(); + sb.append("javax.net.ssl.keyStore="); //$NON-NLS-1$ + sb.append(sslProperties.getKeyStore()); + sb.append("\n"); //$NON-NLS-1$ + sb.append("javax.net.ssl.keyStoreType="); //$NON-NLS-1$ + sb.append(sslProperties.getKeyStoreType()); + sb.append("\n"); //$NON-NLS-1$ + sb.append("javax.net.ssl.keyStoreProvider="); //$NON-NLS-1$ + sb.append(sslProperties.getKeyStoreProvider()); + sb.append("\n"); //$NON-NLS-1$ + } +} From d5c5e906cfae59f78e5479b980d7d783f4070e77 Mon Sep 17 00:00:00 2001 From: JavaJoeS Date: Wed, 19 Mar 2025 09:16:54 -0400 Subject: [PATCH 2/2] remove bundle --- .../org.eclipse.core.security/.classpath | 57 --- .../org.eclipse.core.security/.project | 28 -- .../org.eclipse.core.resources.prefs | 2 - .../.settings/org.eclipse.jdt.core.prefs | 8 - .../.settings/org.eclipse.m2e.core.prefs | 4 - .../.settings/org.eclipse.pde.core.prefs | 3 - .../org.eclipse.pde.ds.annotations.prefs | 6 - .../META-INF/MANIFEST.MF | 29 -- .../OSGI-INF/Subscriber.xml | 8 - .../org.eclipse.core.security/about.html | 36 -- .../build.properties | 22 - .../icons/icons8-password-48.png | Bin 640 -> 0 bytes .../plugin.properties | 23 - .../org.eclipse.core.security/plugin.xml | 24 - .../pom-for-review.xml | 73 --- .../org.eclipse.core.security/pom.xml.ORIG | 84 ---- .../core/security/ActivateSecurity.java | 247 ---------- .../core/security/ContextFactoryConsumer.java | 40 -- .../security/encryption/NormalizeGCM.java | 59 --- .../core/security/encryption/SecureGCM.java | 65 --- .../encryption/SecurityOpRequest.java | 33 -- .../identification/FingerprintX509.java | 67 --- .../PkiPasswordGrabberWidget.java | 111 ----- .../identification/PublishPasswordUpdate.java | 75 --- .../PublishPasswordUpdateIfc.java | 25 - .../incoming/DotPkiPropertiesRequired.java | 99 ---- .../security/incoming/InBoundController.java | 66 --- .../security/incoming/IncomingSubscriber.java | 104 ----- .../incoming/IncomingSystemProperty.java | 112 ----- .../security/incoming/PublicKeySecurity.java | 42 -- .../incoming/SecurityFileSnapshot.java | 310 ------------- .../security/incoming/TemplateForPKIfile.java | 100 ---- .../security/managers/AuthenticationBase.java | 286 ------------ .../managers/AuthenticationService.java | 20 - .../security/managers/ConfigureTrust.java | 123 ----- .../security/managers/CustomKeyManager.java | 217 --------- .../security/managers/KeyStoreManager.java | 437 ------------------ .../core/security/managers/KeystoreSetup.java | 222 --------- .../security/managers/PkiCallbackHandler.java | 29 -- .../security/managers/PkiLoadParameter.java | 75 --- .../security/state/X509SecurityState.java | 47 -- .../util/EclipseKeyStoreCollection.java | 87 ---- .../core/security/util/KeyStoreFormat.java | 33 -- .../org/eclipse/core/security/util/PKI.java | 92 ---- .../core/security/util/PKIProperties.java | 186 -------- 45 files changed, 3816 deletions(-) delete mode 100644 runtime/bundles/org.eclipse.core.security/.classpath delete mode 100644 runtime/bundles/org.eclipse.core.security/.project delete mode 100644 runtime/bundles/org.eclipse.core.security/.settings/org.eclipse.core.resources.prefs delete mode 100644 runtime/bundles/org.eclipse.core.security/.settings/org.eclipse.jdt.core.prefs delete mode 100644 runtime/bundles/org.eclipse.core.security/.settings/org.eclipse.m2e.core.prefs delete mode 100644 runtime/bundles/org.eclipse.core.security/.settings/org.eclipse.pde.core.prefs delete mode 100644 runtime/bundles/org.eclipse.core.security/.settings/org.eclipse.pde.ds.annotations.prefs delete mode 100644 runtime/bundles/org.eclipse.core.security/META-INF/MANIFEST.MF delete mode 100644 runtime/bundles/org.eclipse.core.security/OSGI-INF/Subscriber.xml delete mode 100644 runtime/bundles/org.eclipse.core.security/about.html delete mode 100644 runtime/bundles/org.eclipse.core.security/build.properties delete mode 100644 runtime/bundles/org.eclipse.core.security/icons/icons8-password-48.png delete mode 100644 runtime/bundles/org.eclipse.core.security/plugin.properties delete mode 100644 runtime/bundles/org.eclipse.core.security/plugin.xml delete mode 100644 runtime/bundles/org.eclipse.core.security/pom-for-review.xml delete mode 100644 runtime/bundles/org.eclipse.core.security/pom.xml.ORIG delete mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/ActivateSecurity.java delete mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/ContextFactoryConsumer.java delete mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/encryption/NormalizeGCM.java delete mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/encryption/SecureGCM.java delete mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/encryption/SecurityOpRequest.java delete mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/identification/FingerprintX509.java delete mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/identification/PkiPasswordGrabberWidget.java delete mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/identification/PublishPasswordUpdate.java delete mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/identification/PublishPasswordUpdateIfc.java delete mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/DotPkiPropertiesRequired.java delete mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/InBoundController.java delete mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/IncomingSubscriber.java delete mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/IncomingSystemProperty.java delete mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/PublicKeySecurity.java delete mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/SecurityFileSnapshot.java delete mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/TemplateForPKIfile.java delete mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/AuthenticationBase.java delete mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/AuthenticationService.java delete mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/ConfigureTrust.java delete mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/CustomKeyManager.java delete mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/KeyStoreManager.java delete mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/KeystoreSetup.java delete mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/PkiCallbackHandler.java delete mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/PkiLoadParameter.java delete mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/state/X509SecurityState.java delete mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/util/EclipseKeyStoreCollection.java delete mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/util/KeyStoreFormat.java delete mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/util/PKI.java delete mode 100644 runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/util/PKIProperties.java diff --git a/runtime/bundles/org.eclipse.core.security/.classpath b/runtime/bundles/org.eclipse.core.security/.classpath deleted file mode 100644 index 1a0d0b1d99b..00000000000 --- a/runtime/bundles/org.eclipse.core.security/.classpath +++ /dev/null @@ -1,57 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/runtime/bundles/org.eclipse.core.security/.project b/runtime/bundles/org.eclipse.core.security/.project deleted file mode 100644 index 5dcd66d9c27..00000000000 --- a/runtime/bundles/org.eclipse.core.security/.project +++ /dev/null @@ -1,28 +0,0 @@ - - - org.eclipse.core.pki - - - - - - org.eclipse.jdt.core.javabuilder - - - - - org.eclipse.pde.ManifestBuilder - - - - - org.eclipse.pde.SchemaBuilder - - - - - - org.eclipse.pde.PluginNature - org.eclipse.jdt.core.javanature - - diff --git a/runtime/bundles/org.eclipse.core.security/.settings/org.eclipse.core.resources.prefs b/runtime/bundles/org.eclipse.core.security/.settings/org.eclipse.core.resources.prefs deleted file mode 100644 index 99f26c0203a..00000000000 --- a/runtime/bundles/org.eclipse.core.security/.settings/org.eclipse.core.resources.prefs +++ /dev/null @@ -1,2 +0,0 @@ -eclipse.preferences.version=1 -encoding/=UTF-8 diff --git a/runtime/bundles/org.eclipse.core.security/.settings/org.eclipse.jdt.core.prefs b/runtime/bundles/org.eclipse.core.security/.settings/org.eclipse.jdt.core.prefs deleted file mode 100644 index 7808d37d739..00000000000 --- a/runtime/bundles/org.eclipse.core.security/.settings/org.eclipse.jdt.core.prefs +++ /dev/null @@ -1,8 +0,0 @@ -eclipse.preferences.version=1 -org.eclipse.jdt.core.compiler.codegen.targetPlatform=18 -org.eclipse.jdt.core.compiler.compliance=18 -org.eclipse.jdt.core.compiler.problem.enablePreviewFeatures=disabled -org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning -org.eclipse.jdt.core.compiler.problem.reportPreviewFeatures=ignore -org.eclipse.jdt.core.compiler.release=disabled -org.eclipse.jdt.core.compiler.source=18 \ No newline at end of file diff --git a/runtime/bundles/org.eclipse.core.security/.settings/org.eclipse.m2e.core.prefs b/runtime/bundles/org.eclipse.core.security/.settings/org.eclipse.m2e.core.prefs deleted file mode 100644 index f897a7f1cb2..00000000000 --- a/runtime/bundles/org.eclipse.core.security/.settings/org.eclipse.m2e.core.prefs +++ /dev/null @@ -1,4 +0,0 @@ -activeProfiles= -eclipse.preferences.version=1 -resolveWorkspaceProjects=true -version=1 diff --git a/runtime/bundles/org.eclipse.core.security/.settings/org.eclipse.pde.core.prefs b/runtime/bundles/org.eclipse.core.security/.settings/org.eclipse.pde.core.prefs deleted file mode 100644 index 706f07e8a5d..00000000000 --- a/runtime/bundles/org.eclipse.core.security/.settings/org.eclipse.pde.core.prefs +++ /dev/null @@ -1,3 +0,0 @@ -eclipse.preferences.version=1 -pluginProject.extensions=true -resolve.requirebundle=false diff --git a/runtime/bundles/org.eclipse.core.security/.settings/org.eclipse.pde.ds.annotations.prefs b/runtime/bundles/org.eclipse.core.security/.settings/org.eclipse.pde.ds.annotations.prefs deleted file mode 100644 index 8a427256a59..00000000000 --- a/runtime/bundles/org.eclipse.core.security/.settings/org.eclipse.pde.ds.annotations.prefs +++ /dev/null @@ -1,6 +0,0 @@ -eclipse.preferences.version=1 -enabled=true -path=OSGI-INF -validationErrorLevel=error -validationErrorLevel.missingImplicitUnbindMethod=error -generateBundleActivationPolicyLazy=true diff --git a/runtime/bundles/org.eclipse.core.security/META-INF/MANIFEST.MF b/runtime/bundles/org.eclipse.core.security/META-INF/MANIFEST.MF deleted file mode 100644 index e849f76959f..00000000000 --- a/runtime/bundles/org.eclipse.core.security/META-INF/MANIFEST.MF +++ /dev/null @@ -1,29 +0,0 @@ -Manifest-Version: 1.0 -Bundle-ManifestVersion: 2 -Bundle-Name: Security Option -Bundle-Localization: plugin -Bundle-ClassPath: ., org.eclipse.core.security -Bundle-SymbolicName: org.eclipse.core.security; singleton:=true -Require-Bundle: org.eclipse.ecf;bundle-version="3.12.0", - org.eclipse.equinox.common;bundle-version="3.12.0", - org.eclipse.ui.workbench, - org.eclipse.ui, - org.eclipse.debug.core, - org.eclipse.osgi;bundle-version="3.4.0", - org.eclipse.core.runtime -Bundle-Version: 1.0.4.qualifier -Bundle-Activator: org.eclipse.core.security.ActivateSecurity -Export-Package: org.eclipse.core.security;version="0.0.0" -Import-Package: org.apache.felix.service.command.annotations;version="[1.0.0,2.0.0)", - org.eclipse.core.internal.net, - org.eclipse.core.net.proxy, - org.eclipse.core.resources, - org.eclipse.core.runtime;version="3.7.0", - org.eclipse.ecf.core.security;version="[3.1.0,4.0.0)", - org.eclipse.jface.dialogs, - org.osgi.annotation.bundle;version="[2.0.0,3.0.0)", - org.osgi.framework;resolution:=optional, - org.osgi.service.component.annotations;resolution:=optional -Bundle-Vendor: Delmarva Security -Automatic-Module-Name: org.eclipse.core.security -Bundle-ActivationPolicy: lazy diff --git a/runtime/bundles/org.eclipse.core.security/OSGI-INF/Subscriber.xml b/runtime/bundles/org.eclipse.core.security/OSGI-INF/Subscriber.xml deleted file mode 100644 index 90c7f66c68e..00000000000 --- a/runtime/bundles/org.eclipse.core.security/OSGI-INF/Subscriber.xml +++ /dev/null @@ -1,8 +0,0 @@ - - - - - - - - \ No newline at end of file diff --git a/runtime/bundles/org.eclipse.core.security/about.html b/runtime/bundles/org.eclipse.core.security/about.html deleted file mode 100644 index 164f781a8fd..00000000000 --- a/runtime/bundles/org.eclipse.core.security/about.html +++ /dev/null @@ -1,36 +0,0 @@ - - - - -About - - -

About This Content

- -

November 30, 2017

-

License

- -

- The Eclipse Foundation makes available all content in this plug-in - ("Content"). Unless otherwise indicated below, the Content - is provided to you under the terms and conditions of the Eclipse - Public License Version 2.0 ("EPL"). A copy of the EPL is - available at http://www.eclipse.org/legal/epl-2.0. - For purposes of the EPL, "Program" will mean the Content. -

- -

- If you did not receive this Content directly from the Eclipse - Foundation, the Content is being redistributed by another party - ("Redistributor") and different terms and conditions may - apply to your use of any object code in the Content. Check the - Redistributor's license that was provided with the Content. If no such - license exists, contact the Redistributor. Unless otherwise indicated - below, the terms and conditions of the EPL still apply to any source - code in the Content and such source code may be obtained at http://www.eclipse.org. -

- - - \ No newline at end of file diff --git a/runtime/bundles/org.eclipse.core.security/build.properties b/runtime/bundles/org.eclipse.core.security/build.properties deleted file mode 100644 index 1b4fe053116..00000000000 --- a/runtime/bundles/org.eclipse.core.security/build.properties +++ /dev/null @@ -1,22 +0,0 @@ -############################################################################### -# Copyright (c) 2025 Security Team and others. -# -# This program and the accompanying materials -# are made available under the terms of the Eclipse Public License 2.0 -# which accompanies this distribution, and is available at -# https://www.eclipse.org/legal/epl-2.0/ -# -# SPDX-License-Identifier: EPL-2.0 -# -# Contributors: -# Security Team - initial API and implementation -############################################################################### -source.. = src/ -output.. = bin/ -bin.includes = META-INF/,\ - .,\ - plugin.properties,\ - plugin.xml,\ - icons/, \ - about.html -src.includes = about.html diff --git a/runtime/bundles/org.eclipse.core.security/icons/icons8-password-48.png b/runtime/bundles/org.eclipse.core.security/icons/icons8-password-48.png deleted file mode 100644 index 3aefb07473cb978e64d8286e5ee5217e6ed0d89c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 640 zcmV-`0)PF9P)1RCt{2STRrAKooupQyFmoL}6|+MMd2pR0@9r`VT68LMtUq zty)E5W?-N>Cj*4kX&c|cfCMUe=adn%dV&cguDY~U!;!=WJNBvElRnAv`M&pk@4d4n z10)zV*Ly}NUn7jS2t$uhe%Xh-miH)Mlh1%|QFFbV&G;9aaS;tj3F{TI)(zFe!zr8c zkA&h)bn(9-_Yj63Bu6IVcUbo+q1e8!@FCrB8l4|js^VqUMu{g3cWuU3 zX>Ydf@>QE+bCii{nw^kiGektM?&6EEy)}ySgyPRT`zgLpN&HD(oq0m>>*w~-OjHgz zGB)Gi)HBgI@SacJ07FNu{C&g^njn;)-tGe5n~dteN%v3Y)YjMcy_XN=t5KX+`6l|E zkRKvtZkw?=8E+{aeUpsZNXht0Y)hJw zlDJSP^s&5@OMN|vYQWzFF$|@Je+fzpxzyMFKX|Z#`dh1?M3Oh&S*fr4aSiAKFa|bF z2ZR}+ap6`#=nM#ptOdHpKqdPsyN`N=Iu-D<7U_;cIl_;vP8o_?nkd8B_jOndHDJQT aBa2@ZWr0lDv~L3d0000 - - - - - - - - diff --git a/runtime/bundles/org.eclipse.core.security/pom-for-review.xml b/runtime/bundles/org.eclipse.core.security/pom-for-review.xml deleted file mode 100644 index 1d01b827067..00000000000 --- a/runtime/bundles/org.eclipse.core.security/pom-for-review.xml +++ /dev/null @@ -1,73 +0,0 @@ - - - - 4.0.0 - - org.eclipse - bundles - 0.0.1-SNAPSHOT - ../.polyglot.pom.tycho - - org.eclipse.core.security - 1.0.4-SNAPSHOT - eclipse-plugin - [bundle] Security Option - - Delmarva Security - - - src - src/test/java - - - org.codehaus.mojo - build-helper-maven-plugin - - - eclipse-classpath-add-source-1 - initialize - - add-source - - - - src - - - - - eclipse-classpath-add-source-2 - initialize - - add-source - - - - src - - - - - eclipse-classpath-add-test-source-3 - initialize - - add-test-source - - - - src/test/resources - - - - - - - - diff --git a/runtime/bundles/org.eclipse.core.security/pom.xml.ORIG b/runtime/bundles/org.eclipse.core.security/pom.xml.ORIG deleted file mode 100644 index a3529c81698..00000000000 --- a/runtime/bundles/org.eclipse.core.security/pom.xml.ORIG +++ /dev/null @@ -1,84 +0,0 @@ - - 4.0.0 - - org.eclipse - marketplacepki - 0.0.1-SNAPSHOT - - security - org.eclipse.core.pki - 1.0.3-SNAPSHOT - eclipse-plugin - - UTF-8 - - - - - - org.eclipse.tycho - tycho-maven-plugin - ${tycho.version} - true - - - org.eclipse.tycho - tycho-versions-plugin - - - org.eclipse.tycho - tycho-compiler-plugin - ${tycho.version} - - true - BREE - true - 17 - 17 - - - - org.eclipse.tycho - tycho-eclipse-plugin - ${tycho.version} - - - - org.eclipse.tycho - tycho-packaging-plugin - ${tycho.version} - - - validate - - build-qualifier - - - default - - - - - false - default - ${tycho.buildqualifier.format} - - ${project.artifactId}_${unqualifiedVersion}.${buildQualifier} - - - - - org.eclipse.tycho - tycho-p2-publisher-plugin - ${tycho.version} - - true - - - - - - - \ No newline at end of file diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/ActivateSecurity.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/ActivateSecurity.java deleted file mode 100644 index 0e83f1982c2..00000000000 --- a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/ActivateSecurity.java +++ /dev/null @@ -1,247 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2025 Eclipse Platform, Security Group and others. - * - * This program and the accompanying materials - * are made available under the terms of the Eclipse Public License 2.0 - * which accompanies this distribution, and is available at - * https://www.eclipse.org/legal/epl-2.0/ - * - * SPDX-License-Identifier: EPL-2.0 - * - * Contributors: - * Eclipse Platform - initial API and implementation - *******************************************************************************/ -package org.eclipse.core.security; - -import org.eclipse.core.runtime.ServiceCaller; - -import java.security.KeyManagementException; -import java.security.KeyStore; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.util.Optional; -import java.util.Properties; -import java.util.concurrent.TimeUnit; -import java.util.Collection; -import java.util.Enumeration; -import java.util.List; -import java.io.File; -import java.security.SecureRandom; -import java.security.cert.Certificate; -import java.security.cert.CertificateException; -import java.security.cert.X509Certificate; -import javax.net.ssl.HttpsURLConnection; -import javax.net.ssl.KeyManager; -import javax.net.ssl.SSLContext; -import javax.net.ssl.TrustManager; -import javax.net.ssl.X509TrustManager; -import javax.swing.text.html.parser.Element; - -import org.eclipse.core.resources.IWorkspaceRoot; -import org.eclipse.core.resources.ResourcesPlugin; -import org.eclipse.core.resources.IResource; -import org.eclipse.core.resources.IMarker; -import org.eclipse.core.runtime.RegistryFactory; -import org.eclipse.core.runtime.spi.RegistryStrategy; -import org.eclipse.core.security.incoming.InBoundController; -import org.eclipse.core.security.state.X509SecurityState; -import org.eclipse.core.security.identification.PublishPasswordUpdateIfc; -import org.eclipse.core.security.identification.PublishPasswordUpdate; -import org.eclipse.core.runtime.IExtensionRegistry; -import org.eclipse.core.runtime.CoreException; -import org.eclipse.core.runtime.ILog; -import org.eclipse.core.runtime.IProgressMonitor; -import org.eclipse.core.runtime.IAdapterFactory; -import org.eclipse.core.runtime.QualifiedName; -import org.eclipse.core.runtime.Platform; -import org.eclipse.ui.IStartup; -import org.eclipse.ui.IWorkbench; -import org.eclipse.ui.PlatformUI; -import org.osgi.framework.BundleActivator; -import org.osgi.framework.Bundle; -import org.osgi.framework.BundleContext; -import org.osgi.framework.ServiceReference; -import org.osgi.util.tracker.ServiceTracker; -import org.osgi.util.tracker.ServiceTrackerCustomizer; - -import org.osgi.service.component.annotations.Activate; -import org.osgi.service.component.annotations.Component; - -//import org.eclipse.ecf.internal.core.ECFPlugin; -//import org.eclipse.ecf.internal.ssl.ECFSSLSocketFactory; -//import org.eclipse.ecf.core.security.SSLContextFactory; - - -public class ActivateSecurity implements BundleActivator, IStartup, ServiceTrackerCustomizer { - public static final String ID = "org.eclipse.core.security"; //$NON-NLS-1$ - private static ActivateSecurity instance; - static boolean isPkcs11Installed = false; - public static boolean isKeyStoreLoaded = false; - private BundleContext context; - //protected ECFSSLSocketFactory ecfSSLSocketFactory; - - protected SSLContext sslContext; - - private ServiceTracker subscriberServiceTracker; - private static final ServiceCaller logger = new ServiceCaller(ActivateSecurity.class, ILog.class); - protected static KeyStore keyStore = null; - - Optional keystoreContainer = null; - private static final int DIGITAL_SIGNATURE = 0; - private static final int KEY_CERT_SIGN = 5; - private static final int CRL_SIGN = 6; - - - public ActivateSecurity() { - super(); - setInstance(this); - } - - @Override - public void start(BundleContext context) throws Exception { - ActivateSecurity.getInstance().context=context; - Startup(); - } - @Override - public void earlyStartup() { - // required by implementation - } - - @Override - public void stop(BundleContext context) throws Exception { - context=null; - if (subscriberServiceTracker != null) { - subscriberServiceTracker.close(); - subscriberServiceTracker = null; - } - } - - public static ActivateSecurity getInstance() { - return instance; - } - - public static void setInstance(ActivateSecurity instance) { - ActivateSecurity.instance = instance; - } - - public void log(String message) { - logger.call(logger -> logger.info(message)); - } - - public BundleContext getContext() { - return context; - } - public void Startup() { - /* - * Initialize preliminary PKCS settings - */ - - X509SecurityState.getInstance().setPKCS11on(false); - X509SecurityState.getInstance().setPKCS12on(false); - try { - ActivateSecurity.getInstance().log("ActivateSecurity Begin Controller process."); - InBoundController.getInstance().controller(); - } catch(Exception e) { - ActivateSecurity.getInstance().log("ActivateSecurity could not Run."); - } - - - ActivateSecurity.getInstance().log("ActivateSecurity Controller process complete."); - - - // Create and open Service tracker - this.subscriberServiceTracker = - new ServiceTracker( - ActivateSecurity.getInstance().context, - PublishPasswordUpdateIfc.class,this); - this.subscriberServiceTracker.open(); - } - - public void completeSecureContext() { - //containerContext(); - - ActivateSecurity.getInstance().log("ActivateSecurity setup SSLContextFactory."); - //BundleContext ecfContext = ECFPlugin.getDefault().getContext(); - - //extractServicesInfo( ecfContext.getBundle(), ecfContext); - - try { - //ecfSSLSocketFactory = (ECFSSLSocketFactory) ecfContext.getServiceReference(ECFSSLSocketFactory.class); - //ActivateSecurity.getInstance().log("ActivateSecurity service access done SSLSocketFactory."); - //TimeUnit.SECONDS.sleep(10); - //ecfSSLSocketFactory.getSSLContext("TLS").setDefault( SSLContext.getDefault() ); - - //SSLContext sctx = ecfSSLSocketFactory.getSSLContext("TLS"); - //ActivateSecurity.getInstance().log("ActivateSecurity Got the context."); - //sctx.setDefault( SSLContext.getDefault()); - - //ActivateSecurity.getInstance().log("ActivateSecurity SSLContext for TLS has been set."); - } catch (Exception e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - - } - // Fetching ServiceReferernces exposed by the bundle - public static void extractServicesInfo(Bundle bundle, BundleContext bundleContext) { - ServiceReference[] registeredServices = bundle.getRegisteredServices(); - if (registeredServices != null) { - for (ServiceReference registeredService : bundle.getRegisteredServices()) { - // Fetching any property of the Service - ActivateSecurity.getInstance().log("service.pid: " + registeredService.getProperty("service.pid")); - - // Fetch Service from ServiceReference - ActivateSecurity.getInstance().log("Service: " + bundleContext.getService(registeredService)); - } - } - } - - public SSLContext getSSLContext() { - return sslContext; - } - - public void setSSLContext(SSLContext context) { - this.sslContext = context; - } - - public boolean isKeyStoreLoaded() { - return isKeyStoreLoaded; - } - - public void setKeyStoreLoaded(boolean isKeyStoreLoaded) { - ActivateSecurity.isKeyStoreLoaded = isKeyStoreLoaded; - } - - private static boolean isDigitalSignature(boolean[] ba) { - if (ba != null) { - return ba[DIGITAL_SIGNATURE] && !ba[KEY_CERT_SIGN] && !ba[CRL_SIGN]; - } else { - return false; - } - } - /** - * NOTE: The method will be called when the Service is discovered. - */ - public PublishPasswordUpdateIfc addingService( - ServiceReference reference) { - // XXX Here is where the ITimeService is received, when discovered. - System.out.println("ITimeServicePublishPasswordUpdateIfc discovered!"); - System.out.println("Service Reference="+reference); - // Get the time service proxy - PublishPasswordUpdateIfc subscriberService = this.context.getService(reference); - System.out.println("Calling Service="+subscriberService); - // Call the service! - //Long time = timeService.getCurrentTime(); - // Print out the result - //System.out.println("Call Done. Current time given by ITimeService.getCurrentTime() is: "+time); - return subscriberService; - } - public void modifiedService(ServiceReference reference, - PublishPasswordUpdateIfc service) { - // do nothing - } - public void removedService(ServiceReference reference, - PublishPasswordUpdateIfc service) { - System.out.println("SubscriberService undiscovered!"); - } -} \ No newline at end of file diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/ContextFactoryConsumer.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/ContextFactoryConsumer.java deleted file mode 100644 index beb0d721771..00000000000 --- a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/ContextFactoryConsumer.java +++ /dev/null @@ -1,40 +0,0 @@ -package org.eclipse.core.security; - - -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; - -import javax.net.ssl.SSLContext; - -import org.eclipse.ecf.core.security.SSLContextFactory; -import org.osgi.service.component.annotations.Component; -import org.osgi.service.component.annotations.Reference; - -import org.eclipse.ecf.internal.core.ECFPlugin; -import org.eclipse.ecf.internal.ssl.ECFSSLSocketFactory; -import org.eclipse.ecf.core.security.SSLContextFactory; - -@Component(immediate=true) -public class ContextFactoryConsumer { - - @Reference - void bindSSLContextFactory(SSLContextFactory sslContextFactory) { - System.out.println("Got it "+ sslContextFactory); - // Now get PKIJoe SSLContext - try { - SSLContext sslContext = sslContextFactory.getInstance("TLS", "PKIJoe"); - // # do stuff with sslContext here! - System.out.println("sslContext="+sslContext); - } catch (NoSuchAlgorithmException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (NoSuchProviderException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - } - - void unbindSSLContextFactory(SSLContextFactory sslContextFactory) { - System.out.println("Ungot it "+ sslContextFactory); - } -} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/encryption/NormalizeGCM.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/encryption/NormalizeGCM.java deleted file mode 100644 index 0cad48a4707..00000000000 --- a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/encryption/NormalizeGCM.java +++ /dev/null @@ -1,59 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2025 IBM Corporation and others. - * - * This program and the accompanying materials - * are made available under the terms of the Eclipse Public License 2.0 - * which accompanies this distribution, and is available at - * https://www.eclipse.org/legal/epl-2.0/ - * - * SPDX-License-Identifier: EPL-2.0 - * - * Contributors: - * IBM Corporation - initial API and implementation - *******************************************************************************/ -package org.eclipse.core.security.encryption; - -import java.security.spec.KeySpec; -import java.util.Arrays; -import java.util.Base64; - -import javax.crypto.Cipher; -import javax.crypto.SecretKey; -import javax.crypto.SecretKeyFactory; -import javax.crypto.spec.GCMParameterSpec; -import javax.crypto.spec.PBEKeySpec; -import javax.crypto.spec.SecretKeySpec; - -public class NormalizeGCM { - private static final String CIPHER_ALGORITHM = "AES/GCM/NoPadding"; //$NON-NLS-1$ - private static final String FACTORY_INSTANCE = "PBKDF2WithHmacSHA512"; //$NON-NLS-1$ - private static final int GCM_IV_LENGTH = 12; - private static final int KEY_LENGTH = 256; - private static final int ITERATION_COUNT = 65536; - private static NormalizeGCM DECRYPT; - private NormalizeGCM() {} - public static NormalizeGCM getInstance() { - if (DECRYPT == null) { - DECRYPT = new NormalizeGCM(); - } - return DECRYPT; - } - public String decrypt(String strToDecrypt, String secretKey, String salt) { - try { - byte[] encryptedData = Base64.getDecoder().decode(strToDecrypt); - byte[] initVector = Arrays.copyOfRange(encryptedData, 0, GCM_IV_LENGTH); - GCMParameterSpec spec = new GCMParameterSpec(KEY_LENGTH / 2, initVector); - SecretKeyFactory factory = SecretKeyFactory.getInstance(FACTORY_INSTANCE); - KeySpec keySpec = new PBEKeySpec(secretKey.toCharArray(), salt.getBytes(), ITERATION_COUNT, KEY_LENGTH); - SecretKey tmp = factory.generateSecret(keySpec); - SecretKeySpec secretKeySpec = new SecretKeySpec(tmp.getEncoded(), "AES"); //$NON-NLS-1$ - Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM); - cipher.init(Cipher.DECRYPT_MODE, secretKeySpec, spec); - byte[] decryptedText = cipher.doFinal(encryptedData, GCM_IV_LENGTH, encryptedData.length - GCM_IV_LENGTH); - return new String(decryptedText, "UTF-8"); //$NON-NLS-1$ - } catch (Exception e) { - e.printStackTrace(); - return null; - } - } -} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/encryption/SecureGCM.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/encryption/SecureGCM.java deleted file mode 100644 index 23498777273..00000000000 --- a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/encryption/SecureGCM.java +++ /dev/null @@ -1,65 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2025 Eclipse Platform, Security Group and others. - * - * This program and the accompanying materials - * are made available under the terms of the Eclipse Public License 2.0 - * which accompanies this distribution, and is available at - * https://www.eclipse.org/legal/epl-2.0/ - * - * SPDX-License-Identifier: EPL-2.0 - * - * Contributors: - * Eclipse Platform - initial API and implementation - *******************************************************************************/ -package org.eclipse.core.security.encryption; - -import java.security.SecureRandom; -import java.security.spec.KeySpec; -import java.util.Base64; - -import javax.crypto.Cipher; -import javax.crypto.SecretKey; -import javax.crypto.SecretKeyFactory; -import javax.crypto.spec.GCMParameterSpec; -import javax.crypto.spec.PBEKeySpec; -import javax.crypto.spec.SecretKeySpec; - -public class SecureGCM { - - private static final String CIPHER_ALGORITHM = "AES/GCM/NoPadding"; //$NON-NLS-1$ - private static final String FACTORY_INSTANCE = "PBKDF2WithHmacSHA512"; //$NON-NLS-1$ - private static final int GCM_IV_LENGTH = 12; - private static final int KEY_LENGTH = 256; - private static final int ITERATION_COUNT = 65536; - private static SecureGCM ENCRYPT; - private SecureGCM() {} - public static SecureGCM getInstance() { - if (ENCRYPT == null) { - ENCRYPT = new SecureGCM(); - } - return ENCRYPT; - } - - public String encrypt(String strToEncrypt, String secretKey, String salt) { - try { - SecureRandom secureRandom = SecureRandom.getInstanceStrong(); - byte[] iv = new byte[GCM_IV_LENGTH]; - secureRandom.nextBytes(iv); - GCMParameterSpec spec = new GCMParameterSpec(KEY_LENGTH / 2, iv); - SecretKeyFactory factory = SecretKeyFactory.getInstance(FACTORY_INSTANCE); - KeySpec skey = new PBEKeySpec(secretKey.toCharArray(), salt.getBytes(), ITERATION_COUNT, KEY_LENGTH); - SecretKey tmp = factory.generateSecret(skey); - SecretKeySpec secretKeySpec = new SecretKeySpec(tmp.getEncoded(), "AES"); //$NON-NLS-1$ - Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM); - cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, spec); - byte[] cipherText = cipher.doFinal(strToEncrypt.getBytes("UTF-8")); //$NON-NLS-1$ - byte[] encryptedData = new byte[iv.length + cipherText.length]; - System.arraycopy(iv, 0, encryptedData, 0, iv.length); - System.arraycopy(cipherText, 0, encryptedData, iv.length, cipherText.length); - return Base64.getEncoder().encodeToString(encryptedData); - } catch (Exception e) { - e.printStackTrace(); - return null; - } - } -} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/encryption/SecurityOpRequest.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/encryption/SecurityOpRequest.java deleted file mode 100644 index 12683f0526d..00000000000 --- a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/encryption/SecurityOpRequest.java +++ /dev/null @@ -1,33 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2025 Eclipse Platform, Security Group and others. - * - * This program and the accompanying materials - * are made available under the terms of the Eclipse Public License 2.0 - * which accompanies this distribution, and is available at - * https://www.eclipse.org/legal/epl-2.0/ - * - * SPDX-License-Identifier: EPL-2.0 - * - * Contributors: - * Eclipse Platform - initial API and implementation - *******************************************************************************/ -package org.eclipse.core.security.encryption; - -public class SecurityOpRequest { - private static SecurityOpRequest INSTANCE; - private SecurityOpRequest() {} - public static SecurityOpRequest getInstance() { - if (INSTANCE == null) { - INSTANCE = new SecurityOpRequest(); - } - return INSTANCE; - } - public boolean isConnected=false; - - public boolean getConnected() { - return isConnected; - } - public void setConnected(boolean b) { - isConnected=b; - } -} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/identification/FingerprintX509.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/identification/FingerprintX509.java deleted file mode 100644 index 60c644535b1..00000000000 --- a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/identification/FingerprintX509.java +++ /dev/null @@ -1,67 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2025 Eclipse Platform, Security Group and others. - * - * This program and the accompanying materials - * are made available under the terms of the Eclipse Public License 2.0 - * which accompanies this distribution, and is available at - * https://www.eclipse.org/legal/epl-2.0/ - * - * SPDX-License-Identifier: EPL-2.0 - * - * Contributors: - * Eclipse Platform - initial API and implementation - *******************************************************************************/ -package org.eclipse.core.security.identification; - -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import java.security.cert.Certificate; -import java.security.cert.CertificateEncodingException; - -public class FingerprintX509 { - private static FingerprintX509 INSTANCE; - private static final char[] HEX= {'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'}; - private static final String cryptoAlg = "SHA-256"; //$NON-NLS-1$ - private FingerprintX509() {} - public static FingerprintX509 getInstance() { - if (INSTANCE == null) { - INSTANCE = new FingerprintX509(); - } - return INSTANCE; - } - - public String getFingerPrint(Certificate cert, String alg) { - String fingerPrint=null; - byte[] encodedCert=null; - - try { - alg = cryptoAlg; - encodedCert = cert.getEncoded(); - MessageDigest md = MessageDigest.getInstance(alg); - md.update(encodedCert); - byte[] digest = md.digest(); - fingerPrint = getHexValue(digest); - - } catch (CertificateEncodingException e) { - e.printStackTrace(); - } catch (NoSuchAlgorithmException e) { - e.printStackTrace(); - } - return fingerPrint; - } - protected String getHexValue( byte[] bytes ) { - StringBuffer sb = new StringBuffer(bytes.length * 2); - try { - for( int i=0; i < bytes.length; i++) { - sb.append(HEX[(bytes[i] & 0xf0) >> 4 ]); - sb.append(HEX[bytes[i] & 0xf]); - if ( i < bytes.length-1) { - sb.append(":"); //$NON-NLS-1$ - } - } - } catch (Exception e) { - e.printStackTrace(); - } - return sb.toString(); - } -} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/identification/PkiPasswordGrabberWidget.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/identification/PkiPasswordGrabberWidget.java deleted file mode 100644 index ef0793d2ba5..00000000000 --- a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/identification/PkiPasswordGrabberWidget.java +++ /dev/null @@ -1,111 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2025 Eclipse Platform, Security Group and others. - * - * This program and the accompanying materials - * are made available under the terms of the Eclipse Public License 2.0 - * which accompanies this distribution, and is available at - * https://www.eclipse.org/legal/epl-2.0/ - * - * SPDX-License-Identifier: EPL-2.0 - * - * Contributors: - * Eclipse Platform - initial API and implementation - *******************************************************************************/ -package org.eclipse.core.security.identification; - -import java.util.Optional; - -import javax.swing.Icon; -import javax.swing.ImageIcon; -import javax.swing.JFrame; -import javax.swing.JLabel; -import javax.swing.JOptionPane; -import javax.swing.JPanel; -import javax.swing.JPasswordField; -import javax.swing.SwingConstants; - -import org.eclipse.core.security.managers.KeyStoreManager; -import org.eclipse.core.security.util.KeyStoreFormat; - - -public class PkiPasswordGrabberWidget implements Runnable { - JFrame frame = null; - Icon icon = null; - private static PkiPasswordGrabberWidget INSTANCE; - JPasswordField pword = null; - private PkiPasswordGrabberWidget() {} - public static PkiPasswordGrabberWidget getInstance() { - if (INSTANCE == null) { - INSTANCE = new PkiPasswordGrabberWidget(); - } - return INSTANCE; - } - @Override - public void run() { - try { - String pw = getInput(); - System.setProperty("javax.net.ssl.keyStorePassword", pw); - } catch(Exception e) { - e.printStackTrace(); - } - } - public String getInput() { - - Optional keystoreContainer = null; - JPanel panel = new JPanel(); - JLabel label = new JLabel("Enter Password:");//$NON-NLS-1$ - JLabel blankie = new JLabel("\n", SwingConstants.CENTER);//$NON-NLS-1$ - pword = new JPasswordField(17); - String pw=null; - panel.add(label); - panel.add(blankie); - panel.add(pword); - try { - - icon = new ImageIcon(getClass().getResource("/icons/icons8-password-48.png"));//$NON-NLS-1$ - } catch (Exception iconErr) { - } - - panel.requestFocus(); - char[] password = null; - while (true) { - String[] options = new String[] {"cancel", "submit"};//$NON-NLS-1$ - - //showOptionDialog(Component parentComponent, - // Object message, String title, int optionType, - // int messageType, Icon icon, Object[] options, - // Object initialValue) - - int option = JOptionPane.showOptionDialog(null, panel, "Eclipse PKI Password/PiN Entry", - JOptionPane.INFORMATION_MESSAGE, JOptionPane.PLAIN_MESSAGE, - icon, options, options[1]);//$NON-NLS-1$ - - if (option == 0) { - JOptionPane.showMessageDialog(null,"CANCELED",null, - JOptionPane.ERROR_MESSAGE);//$NON-NLS-1$ - break; - } else if(option == 1) { - password = pword.getPassword(); - pw=new String(password); - System.setProperty("javax.net.ssl.keyStorePassword", pw); //$NON-NLS-1$ - - keystoreContainer = Optional - .ofNullable(KeyStoreManager.getInstance().getKeyStore(System.getProperty("javax.net.ssl.keyStore"), //$NON-NLS-1$ - System.getProperty("javax.net.ssl.keyStorePassword"), //$NON-NLS-1$ - KeyStoreFormat.valueOf(System.getProperty("javax.net.ssl.keyStoreType")))); //$NON-NLS-1$ - if ((keystoreContainer.isEmpty()) || (!(KeyStoreManager.getInstance().isKeyStoreInitialized()))) { - JOptionPane.showMessageDialog(null,"Incorrect Password",null, - JOptionPane.ERROR_MESSAGE);//$NON-NLS-1$ - System.clearProperty("javax.net.ssl.keyStorePassword"); //$NON-NLS-1$ - pword.setText("");//$NON-NLS-1$ - } else { - PublishPasswordUpdate.getInstance().publishMessage(pw); - break; - } - } else { - break; - } - } - return pw; - } -} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/identification/PublishPasswordUpdate.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/identification/PublishPasswordUpdate.java deleted file mode 100644 index 5afafaaee8e..00000000000 --- a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/identification/PublishPasswordUpdate.java +++ /dev/null @@ -1,75 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2025 Eclipse Platform, Security Group and others. - * - * This program and the accompanying materials - * are made available under the terms of the Eclipse Public License 2.0 - * which accompanies this distribution, and is available at - * https://www.eclipse.org/legal/epl-2.0/ - * - * SPDX-License-Identifier: EPL-2.0 - * - * Contributors: - * Eclipse Platform - initial API and implementation - *******************************************************************************/ - -package org.eclipse.core.security.identification; - -import java.util.ArrayList; -import java.util.List; -import java.util.concurrent.Flow.*; -import java.util.concurrent.Executors; -import java.util.concurrent.ExecutorService; - -import org.eclipse.core.security.ActivateSecurity; -import org.osgi.service.component.annotations.Component; -import org.osgi.service.component.annotations.Reference; -@Component(immediate = true) -public class PublishPasswordUpdate implements PublishPasswordUpdateIfc { - private static PublishPasswordUpdate INSTANCE; - private final ExecutorService executor = Executors.newFixedThreadPool(10); - private List> subscribers = new ArrayList<>(); - - private PublishPasswordUpdate() { - } - - public static PublishPasswordUpdate getInstance() { - if (INSTANCE == null) { - INSTANCE = new PublishPasswordUpdate(); - } - return INSTANCE; - } - - public void subscribe(Subscriber subscriber) { - subscribers.add(subscriber); - } - - public int getSubscriberCount() { - return subscribers.size(); - } - - public void publishMessage(String message) { - subscribers.forEach(subscriber -> { - executor.submit(() -> { - subscriber.onNext(message); - }); - }); - } - - public void close() { - subscribers.forEach(Subscriber::onComplete); - executor.shutdown(); - } - - @Reference - void bindSubscriberService(PublishPasswordUpdateIfc updateService) { - // Call the service and print out result! - //System.out.println("Current time on remote is: " + updateService.close()); - System.out.println("SUBSCRIBER COUNT:"+updateService.getSubscriberCount()); - ActivateSecurity.getInstance().log("PublishPasswordUpdate bindSubscriberService"); - } - - // Called by DS upon ITimeService undiscovery - void unbindSubscriberService(PublishPasswordUpdateIfc updateService) { - System.out.println("Undiscovered ITimeService via DS. Instance=" + updateService); - } -} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/identification/PublishPasswordUpdateIfc.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/identification/PublishPasswordUpdateIfc.java deleted file mode 100644 index e0f24788ad3..00000000000 --- a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/identification/PublishPasswordUpdateIfc.java +++ /dev/null @@ -1,25 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2025 Eclipse Platform, Security Group and others. - * - * This program and the accompanying materials - * are made available under the terms of the Eclipse Public License 2.0 - * which accompanies this distribution, and is available at - * https://www.eclipse.org/legal/epl-2.0/ - * - * SPDX-License-Identifier: EPL-2.0 - * - * Contributors: - * Eclipse Platform - initial API and implementation - *******************************************************************************/ -package org.eclipse.core.security.identification; - -import java.util.concurrent.Flow.Publisher; -import java.util.concurrent.Flow.Subscriber; - -public interface PublishPasswordUpdateIfc extends Publisher{ - - public void subscribe(Subscriber subscriber); - public int getSubscriberCount(); - public void publishMessage(String message); - public void close(); -} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/DotPkiPropertiesRequired.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/DotPkiPropertiesRequired.java deleted file mode 100644 index e67de8c2b6f..00000000000 --- a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/DotPkiPropertiesRequired.java +++ /dev/null @@ -1,99 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2025 Eclipse Platform, Security Group and others. - * - * This program and the accompanying materials - * are made available under the terms of the Eclipse Public License 2.0 - * which accompanies this distribution, and is available at - * https://www.eclipse.org/legal/epl-2.0/ - * - * SPDX-License-Identifier: EPL-2.0 - * - * Contributors: - * Eclipse Platform - initial API and implementation - *******************************************************************************/ -package org.eclipse.core.security.incoming; - -import java.nio.channels.Channels; -import java.nio.channels.FileChannel; -import java.nio.channels.FileLock; -import java.nio.file.Files; -import java.nio.file.Path; -import java.nio.file.StandardOpenOption; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.LinkedList; -import java.util.List; -import java.util.Optional; -import java.util.Properties; -import java.util.Set; - -import org.eclipse.core.security.ActivateSecurity; - -public class DotPkiPropertiesRequired { - - private static DotPkiPropertiesRequired INSTANCE; - List list = get(); - private DotPkiPropertiesRequired() {} - - public static DotPkiPropertiesRequired getInstance() { - if (INSTANCE == null) { - INSTANCE = new DotPkiPropertiesRequired(); - } - return INSTANCE; - } - - public boolean testFile(Path path) { - Properties properties=new Properties(); - try { - if (Files.exists(path)) { - final FileChannel channel = FileChannel.open(path, StandardOpenOption.READ); - final FileLock lock = channel.lock(0L, Long.MAX_VALUE, true); - properties.load(Channels.newInputStream(channel)); - Set keys=properties.keySet(); - lock.close(); - for ( Object key: keys ) { - isProperty((String)key); - } - if ( list.isEmpty()) { - return true; - } else { - Optional pkiType = Optional.ofNullable(properties.get("javax.net.ssl.keyStoreType")); - if ( !(pkiType.isEmpty())) { - if (pkiType.get().toString().contains("12")) { //PKCS12 type. no cfg needed, no provider needed - isProperty("javax.net.ssl.cfgFileLocation"); - isProperty("javax.net.ssl.keyStoreProvider"); - } - } - if (!(list.isEmpty())) { - ActivateSecurity.getInstance().log("Missing properies;"+ list.toString());// $NON-NLS-1$ - return true; - } else { - return true; - } - } - } else { - ActivateSecurity.getInstance().log("NO PKI config file detected in $HOME/.eclipse");// $NON-NLS-1$ - } - - } catch (Exception e) { - e.printStackTrace(); - } - - return false; - } - private void isProperty(String s) { - if ( list.contains(s)) { - list.remove(s); - } - - } - private List get() { - List l = new LinkedList(); - l = Arrays.asList("javax.net.ssl.trustStore","javax.net.ssl.trustStoreType", - "javax.net.ssl.trustStorePassword","javax.net.ssl.keyStoreType", - "javax.net.ssl.keyStoreProvider","javax.net.ssl.cfgFileLocation", - "javax.net.ssl.keyStore"); - List list = new ArrayList(l); - return list; - } -} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/InBoundController.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/InBoundController.java deleted file mode 100644 index 8fc219aa8f8..00000000000 --- a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/InBoundController.java +++ /dev/null @@ -1,66 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2023 Eclipse Platform, Security Group and others. - * - * This program and the accompanying materials - * are made available under the terms of the Eclipse Public License 2.0 - * which accompanies this distribution, and is available at - * https://www.eclipse.org/legal/epl-2.0/ - * - * SPDX-License-Identifier: EPL-2.0 - * - * Contributors: - * Eclipse Platform - initial API and implementation - *******************************************************************************/ -package org.eclipse.core.security.incoming; - -import java.security.KeyStore; -import java.util.Optional; - -import org.eclipse.core.security.ActivateSecurity; -import org.eclipse.core.security.managers.AuthenticationBase; -import org.eclipse.core.security.managers.KeyStoreManager; -import org.eclipse.core.security.managers.KeystoreSetup; -import org.eclipse.core.security.state.X509SecurityState; - -public class InBoundController { - private static InBoundController INSTANCE; - protected final String pin = "#Gone2Boat@Bay"; //$NON-NLS-1$ - Optional keystoreContainer = null;//$NON-NLS-1$ - protected static KeyStore keyStore = null;//$NON-NLS-1$ - private InBoundController() { - } - - public static InBoundController getInstance() { - if (INSTANCE == null) { - INSTANCE = new InBoundController(); - } - return INSTANCE; - } - - public void controller() { - Optional keystoreTypeContainer = null; - Optional decryptedPw; - /* - * First see if parameters were passed into eclipse via the command line -D - */ - keystoreTypeContainer = Optional.ofNullable(System.getProperty("javax.net.ssl.keyStoreType")); //$NON-NLS-1$ - - Optional testKeyContainer = Optional.ofNullable( - System.getProperty("core.key")); - if (!(testKeyContainer.isEmpty() )) { - String testKey = testKeyContainer.get().toString().trim(); - if (testKey.equalsIgnoreCase("eclipse.core.pki.testing")) { - return; - } - } - if (keystoreTypeContainer.isEmpty()) { - // - // Incoming parameter as -DkeystoreType was empty so CHECK in .pki file - // - - if (PublicKeySecurity.getInstance().isTurnedOn()) { - PublicKeySecurity.getInstance().getPkiPropertyFile(pin); - } - } - } -} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/IncomingSubscriber.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/IncomingSubscriber.java deleted file mode 100644 index a5b40306c12..00000000000 --- a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/IncomingSubscriber.java +++ /dev/null @@ -1,104 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2025 Eclipse Platform, Security Group and others. - * - * This program and the accompanying materials - * are made available under the terms of the Eclipse Public License 2.0 - * which accompanies this distribution, and is available at - * https://www.eclipse.org/legal/epl-2.0/ - * - * SPDX-License-Identifier: EPL-2.0 - * - * Contributors: - * Eclipse Platform - initial API and implementation - *******************************************************************************/ -package org.eclipse.core.security.incoming; - -import java.security.KeyStore; -import java.util.Optional; -import java.util.concurrent.Flow.Subscriber; -import java.util.concurrent.Flow.Subscription; - -import org.eclipse.core.security.ActivateSecurity; -import org.eclipse.core.security.managers.AuthenticationBase; -import org.eclipse.core.security.managers.KeyStoreManager; -import org.eclipse.core.security.managers.KeystoreSetup; -import org.eclipse.core.security.state.X509SecurityState; - -import org.eclipse.ecf.core.security.SSLContextFactory; - -import org.osgi.framework.BundleContext; -import org.osgi.util.tracker.ServiceTracker; - - -public class IncomingSubscriber implements Subscriber { - private static IncomingSubscriber INSTANCE; - protected final String pin = "#Gone2Boat@Bay"; //$NON-NLS-1$ - Optional keystoreContainer = null;//$NON-NLS-1$ - protected static KeyStore keyStore = null;//$NON-NLS-1$ - public static IncomingSubscriber getInstance() { - if (INSTANCE == null) { - INSTANCE = new IncomingSubscriber(); - } - return INSTANCE; - } - @Override - public void onSubscribe(Subscription subscription) { - } - @Override - public void onNext(Object item) { - publishedIncoming(); - } - public void publishedIncoming() { - Optional keystoreTypeContainer = null; - Optional decryptedPw; - ActivateSecurity.getInstance().log("IncomingSubscriber processing event."); - - if (IncomingSystemProperty.getInstance().checkType()) { - if (IncomingSystemProperty.getInstance().checkKeyStore(pin)) { - KeystoreSetup setup = KeystoreSetup.getInstance(); - if (X509SecurityState.getInstance().isTrustOn()) { - setup.installKeystore(); - setup.setPkiContext(); - } - if (X509SecurityState.getInstance().isPKCS12on()) { - setup.installKeystore(); - setup.setPkiContext(); - } - if (X509SecurityState.getInstance().isPKCS11on()) { - String pkcs11Pin = "";//$NON-NLS-1$ - ActivateSecurity.getInstance().log("Processing PKCS11 setup.");//$NON-NLS-1$ - - decryptedPw = Optional.ofNullable(System.getProperty("javax.net.ssl.keyStorePassword")); - if (!decryptedPw.isEmpty()) { - pkcs11Pin = decryptedPw.get(); - } - keystoreContainer = Optional - .ofNullable(AuthenticationBase.getInstance().initialize(pkcs11Pin.toCharArray()));// $NON-NLS-1$ - if (keystoreContainer.isEmpty()) { - ActivateSecurity.getInstance().log("Failed to Load a Keystore."); //$NON-NLS-1$ - X509SecurityState.getInstance().setPKCS11on(false); - System.clearProperty("javax.net.ssl.keyStoreType"); //$NON-NLS-1$ - System.clearProperty("javax.net.ssl.keyStore"); //$NON-NLS-1$ - System.clearProperty("javax.net.ssl.keyStoreProvider"); //$NON-NLS-1$ - System.clearProperty("javax.net.ssl.keyStorePassword"); //$NON-NLS-1$ - SecurityFileSnapshot.getInstance().restoreProperties(); - } else { - ActivateSecurity.getInstance().log("A Keystore and Password are detected."); //$NON-NLS-1$ - keyStore = keystoreContainer.get(); - KeyStoreManager.getInstance().setKeyStore(keyStore); - ActivateSecurity.getInstance().setKeyStoreLoaded(true); - setup.setPkiContext(); - } - } - } - } - } - @Override - public void onError(Throwable throwable) { - } - @Override - public void onComplete() { - - } - -} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/IncomingSystemProperty.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/IncomingSystemProperty.java deleted file mode 100644 index c1cc6625f5d..00000000000 --- a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/IncomingSystemProperty.java +++ /dev/null @@ -1,112 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2025 Eclipse Platform, Security Group and others. - * - * This program and the accompanying materials - * are made available under the terms of the Eclipse Public License 2.0 - * which accompanies this distribution, and is available at - * https://www.eclipse.org/legal/epl-2.0/ - * - * SPDX-License-Identifier: EPL-2.0 - * - * Contributors: - * Eclipse Platform - initial API and implementation - *******************************************************************************/ -package org.eclipse.core.security.incoming; - -import java.util.Optional; -import org.eclipse.core.security.ActivateSecurity; -import org.eclipse.core.security.encryption.NormalizeGCM; -import org.eclipse.core.security.state.X509SecurityState; - -public class IncomingSystemProperty { - private static IncomingSystemProperty INSTANCE; - private IncomingSystemProperty() {} - public static IncomingSystemProperty getInstance() { - if (INSTANCE == null) { - INSTANCE = new IncomingSystemProperty(); - } - return INSTANCE; - } - - public boolean checkType() { - Optional type = null; - - type = Optional.ofNullable(System.getProperty("javax.net.ssl.keyStoreType")); //$NON-NLS-1$ - if (type.isEmpty()) { - ActivateSecurity.getInstance().log("Continue without javax.net.ssl.keyStoreType.");//$NON-NLS-1$ - X509SecurityState.getInstance().setTrustOn(true); - return true; - } - if (type.get().equalsIgnoreCase("PKCS11")) { //$NON-NLS-1$ - X509SecurityState.getInstance().setPKCS11on(true); - return true; - } - if (type.get().equalsIgnoreCase("PKCS12")) { //$NON-NLS-1$ - X509SecurityState.getInstance().setPKCS12on(true); - return true; - } - return false; - } - - public boolean checkKeyStore(String pin) { - byte[] salt = new byte[16]; - Optional keyStore = null; - Optional keyStorePassword = null; - Optional PasswordEncrypted = null; - Optional PasswordDecrypted = null; - keyStore = Optional.ofNullable(System.getProperty("javax.net.ssl.keyStore")); //$NON-NLS-1$ - if (keyStore.isEmpty()) { - X509SecurityState.getInstance().setPKCS11on(false); - X509SecurityState.getInstance().setPKCS12on(false); - //ActivateSecurity.getInstance().log("No Keystore is set, javax.net.ssl.keyStore."); //$NON-NLS-1$ - //return false; - } - keyStorePassword = Optional.ofNullable(System.getProperty("javax.net.ssl.keyStorePassword")); //$NON-NLS-1$ - if (keyStorePassword.isEmpty()) { - //ActivateSecurity.getInstance().log("A Keystore Password is required, javax.net.ssl.keyStorePassword"); //$NON-NLS-1$ - //return false; - } else { - PasswordDecrypted = Optional.ofNullable(System.getProperty("javax.net.ssl.decryptedPassword")); //$NON-NLS-1$ - PasswordEncrypted = Optional.ofNullable(System.getProperty("javax.net.ssl.encryptedPassword")); //$NON-NLS-1$ - if ((PasswordEncrypted.isEmpty()) || (!(PasswordDecrypted.isEmpty()))) { - // Password is not encrypted - } else { - if (PasswordEncrypted.get().toString().equalsIgnoreCase("true")) { //$NON-NLS-1$ - salt = new String(System.getProperty("user.name") + pin).getBytes(); //$NON-NLS-1$ - String passwd = NormalizeGCM.getInstance().decrypt(keyStorePassword.get().toString(), pin, - new String(salt)); - System.setProperty("javax.net.ssl.keyStorePassword", passwd); //$NON-NLS-1$ - } - } - } - return true; - } - - public boolean checkTrustStoreType() { - Optional type = null; - - type = Optional.ofNullable(System.getProperty("javax.net.ssl.trustStoreType")); //$NON-NLS-1$ - if (type.isEmpty()) { - ActivateSecurity.getInstance().log("No incoming javax.net.ssl.trustStoreType."); //$NON-NLS-1$ - return false; - } - return true; - - } - - public boolean checkTrustStore() { - Optional trustStore = null; - Optional trustStorePassword = null; - trustStore = Optional.ofNullable(System.getProperty("javax.net.ssl.trustStore")); //$NON-NLS-1$ - if (trustStore.isEmpty()) { - ActivateSecurity.getInstance().log("No truststore is set, javax.net.ssl.trustStore."); //$NON-NLS-1$ - return false; - } - trustStorePassword = Optional.ofNullable(System.getProperty("javax.net.ssl.trustStorePassword")); //$NON-NLS-1$ - if (trustStorePassword.isEmpty()) { - ActivateSecurity.getInstance().log("A truststore Password is required, javax.net.ssl.trustStorePassword."); //$NON-NLS-1$ - return false; - } - return true; - } -} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/PublicKeySecurity.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/PublicKeySecurity.java deleted file mode 100644 index d2092456481..00000000000 --- a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/PublicKeySecurity.java +++ /dev/null @@ -1,42 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2025 Eclipse Platform, Security Group and others. - * - * This program and the accompanying materials - * are made available under the terms of the Eclipse Public License 2.0 - * which accompanies this distribution, and is available at - * https://www.eclipse.org/legal/epl-2.0/ - * - * SPDX-License-Identifier: EPL-2.0 - * - * Contributors: - * Eclipse Platform - initial API and implementation - *******************************************************************************/ -package org.eclipse.core.security.incoming; - -import java.util.Properties; - -public class PublicKeySecurity { - - private static PublicKeySecurity INSTANCE; - protected byte[] salt = new byte[16]; - - private PublicKeySecurity() {} - public static PublicKeySecurity getInstance() { - if (INSTANCE == null) { - INSTANCE = new PublicKeySecurity(); - } - return INSTANCE; - } - - public boolean isTurnedOn() { - return SecurityFileSnapshot.getInstance().image(); - } - public void setupPKIfile() { - SecurityFileSnapshot.getInstance().createPKI(); - } - - public Properties getPkiPropertyFile(String pin) { - salt = new String(System.getProperty("user.name") + pin).getBytes(); //$NON-NLS-1$ - return SecurityFileSnapshot.getInstance().load(pin, new String(salt)); - } -} \ No newline at end of file diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/SecurityFileSnapshot.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/SecurityFileSnapshot.java deleted file mode 100644 index fff2b680809..00000000000 --- a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/SecurityFileSnapshot.java +++ /dev/null @@ -1,310 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2025 Eclipse Platform, Security Group and others. - * - * This program and the accompanying materials - * are made available under the terms of the Eclipse Public License 2.0 - * which accompanies this distribution, and is available at - * https://www.eclipse.org/legal/epl-2.0/ - * - * SPDX-License-Identifier: EPL-2.0 - * - * Contributors: - * Eclipse Platform - initial API and implementation - *******************************************************************************/ -package org.eclipse.core.security.incoming; - -import java.io.IOException; -import java.io.OutputStream; -import java.io.InputStream; -import java.nio.channels.Channels; -import java.nio.channels.FileChannel; -import java.nio.channels.FileLock; -import java.nio.charset.Charset; -import java.nio.file.FileSystems; -import java.nio.file.Files; -import java.nio.file.Path; -import java.nio.file.Paths; -import java.nio.file.StandardOpenOption; -import java.nio.file.attribute.PosixFileAttributeView; -import java.nio.file.attribute.PosixFilePermission; -import java.text.SimpleDateFormat; -import java.util.ArrayList; -import java.util.Date; -import java.util.Map.Entry; -import java.util.Optional; -import java.util.Properties; -import java.util.Set; - -import org.eclipse.core.security.ActivateSecurity; -import org.eclipse.core.security.encryption.NormalizeGCM; -import org.eclipse.core.security.encryption.SecureGCM; -import org.eclipse.core.security.encryption.SecurityOpRequest; -import org.eclipse.core.security.identification.PkiPasswordGrabberWidget; -import org.eclipse.core.security.identification.PublishPasswordUpdate; - -public class SecurityFileSnapshot { - - private static SecurityFileSnapshot INSTANCE; - Path pkiFile = null; - Path userM2Home = null; - Path userHome = null; - Path userDotEclipseHome = null; - Properties originalProperties = new Properties(); - public static final String DotEclipse = ".eclipse"; - public static final String USER_HOME = System.getProperty("user.home"); //$NON-NLS-1$ - - private SecurityFileSnapshot() {} - - public static SecurityFileSnapshot getInstance() { - if (INSTANCE == null) { - INSTANCE = new SecurityFileSnapshot(); - } - return INSTANCE; - } - public boolean image() { - /* - * CHeck if .pki file is present. - */ - try { - Optional eclipseHome = Optional.ofNullable(Files.exists(Paths.get(USER_HOME))); // $NON-NLS-1$ - if (!(eclipseHome.isEmpty())) { - if (Files.exists(Paths.get(USER_HOME + FileSystems.getDefault().getSeparator() + DotEclipse - + FileSystems.getDefault().getSeparator() + ".pki"))) { - - userDotEclipseHome = Paths.get(USER_HOME + FileSystems.getDefault().getSeparator() + DotEclipse - + FileSystems.getDefault().getSeparator() + ".pki"); - if (!DotPkiPropertiesRequired.getInstance().testFile(userDotEclipseHome)) { - TemplateForPKIfile.getInstance().setup(); - return false; - } - } else { - /* - * This would be the completion of this bundle, - * since no configuration has been detected - */ - ActivateSecurity.getInstance().log("NO PKI file detected");// $NON-NLS-1$ - /* - * Files.createFile(Paths.get(USER_HOME+ - * FileSystems.getDefault().getSeparator()+DotEclipse+ - * FileSystems.getDefault().getSeparator()+ ".pki")); - */ - TemplateForPKIfile.getInstance().setup(); - return false; - } - } - - } catch (Exception e1) { - e1.printStackTrace(); - } - - if (Files.exists(userDotEclipseHome)) { - ActivateSecurity.getInstance().log("A PKI config file detected;"+ userDotEclipseHome.toString());// $NON-NLS-1$ - return true; - } - return false; - } - public boolean createPKI() { - Optional eclipseHome = Optional.ofNullable(Files.exists(Paths.get(USER_HOME))); // $NON-NLS-1$ - if (!(eclipseHome.isEmpty())) { - if (!(Files.exists(Paths.get(USER_HOME + FileSystems.getDefault().getSeparator() + DotEclipse - + FileSystems.getDefault().getSeparator() + ".pki")))) { - String pkiFileFQN=USER_HOME + FileSystems.getDefault().getSeparator() + DotEclipse - + FileSystems.getDefault().getSeparator() + ".pki"; - - userDotEclipseHome = Paths.get(pkiFileFQN); - // create the PKI file - try { - Files.createFile(userDotEclipseHome); - } catch (IOException e) { - e.printStackTrace(); - } - isSecurityFileRequired(pkiFileFQN); - return true; - } else { - //PKI file already exists - return false; - } - } - return false; - } - - public Properties load(String password, String salt) { - Properties properties = new Properties(); - String passwd = null; - try { - IncomingSubscriber subscriber = IncomingSubscriber.getInstance(); - FileChannel fileChannel = FileChannel.open(userDotEclipseHome, StandardOpenOption.READ); - FileChannel updateChannel = FileChannel.open(userDotEclipseHome, StandardOpenOption.WRITE); - FileLock lock = fileChannel.lock(0L, Long.MAX_VALUE, true); - InputStream fileInputStream = Channels.newInputStream(fileChannel); - properties.load(fileInputStream); - originalProperties.putAll(properties); - for (Entry entry : properties.entrySet()) { - entry.setValue(entry.getValue().toString().trim()); - } - - Optional passwdContainer = Optional - .ofNullable(properties.getProperty("javax.net.ssl.keyStorePassword")); //$NON-NLS-1$ - Optional encryptedPasswd = Optional - .ofNullable(properties.getProperty("javax.net.ssl.encryptedPassword")); //$NON-NLS-1$ - if (passwdContainer.isEmpty()) { - Optional keyStoreContainer = Optional.ofNullable( - properties.getProperty("javax.net.ssl.keyStore")); //$NON-NLS-1$ - if (!(keyStoreContainer.isEmpty() )) { - System.setProperty("javax.net.ssl.keyStore", keyStoreContainer.get().toString().trim()); - } - Optional keyStoreTypeContainer = Optional.ofNullable( - properties.getProperty("javax.net.ssl.keyStoreType")); //$NON-NLS-1$ - if (!(keyStoreTypeContainer.isEmpty() )) { - String keyStoreType = keyStoreTypeContainer.get().toString().trim(); - if (keyStoreType.equalsIgnoreCase("PKCS12" )) { //$NON-NLS-1$ - System.setProperty("javax.net.ssl.keyStoreType", keyStoreType);//$NON-NLS-1$ - // get the passwd from console - //PokeInConsole.PASSWD.get(); - try { - try { - Optional testKeyContainer = Optional.ofNullable( - System.getProperty("core.key")); - if (!(testKeyContainer.isEmpty() )) { - String testKey = testKeyContainer.get().toString().trim(); - if (testKey.equalsIgnoreCase("eclipse.core.pki.testing")) { - return properties; - } - } - } catch (Exception e) { - e.printStackTrace(); - } - PublishPasswordUpdate.getInstance().subscribe(subscriber); - PkiPasswordGrabberWidget runner = PkiPasswordGrabberWidget.getInstance(); - Thread t1 = new Thread(runner); - t1.start(); - - } catch(Exception xe) { - // User may have said cancel - } - - - } else { - System.setProperty("javax.net.ssl.keyStorePassword", "");//$NON-NLS-1$ - } - } - } else { - if ((encryptedPasswd.isEmpty()) && (!(passwdContainer.isEmpty()))) { - - properties.setProperty("javax.net.ssl.encryptedPassword", "true"); //$NON-NLS-1$ //$NON-NLS-2$ - passwd = passwdContainer.get(); - properties.setProperty("javax.net.ssl.keyStorePassword", //$NON-NLS-1$ - SecureGCM.getInstance().encrypt(passwd, password, salt)); - OutputStream os = Channels.newOutputStream(updateChannel); - properties.save(os, null); - // After saving encrypted passwd to properties file, switch to unencrypted - properties.setProperty("javax.net.ssl.keyStorePassword", passwd); //$NON-NLS-1$ - SecurityOpRequest.getInstance().setConnected(true); - PublishPasswordUpdate.getInstance().publishMessage(passwd); - } else { - String ePasswd = passwdContainer.get(); - passwd = NormalizeGCM.getInstance().decrypt(ePasswd, password, salt); - System.setProperty("javax.net.ssl.decryptedPassword", "true"); //$NON-NLS-1$ //$NON-NLS-2$ - properties.setProperty("javax.net.ssl.keyStorePassword", passwd); //$NON-NLS-1$ - properties.setProperty("javax.net.ssl.decryptedPassword", "true"); //$NON-NLS-1$ //$NON-NLS-2$ - - } - subscriber.publishedIncoming(); - } - - properties.setProperty("javax.net.ssl.decryptedPassword", "true"); //$NON-NLS-1$ //$NON-NLS-2$ - - System.getProperties().putAll(properties); - - lock.release(); - ActivateSecurity.getInstance().log("Loaded PKI System Properties");// $NON-NLS-1$ - } catch (IOException e) { - e.printStackTrace(); - } - return properties; - } - - public void restoreProperties() { - try { - Files.deleteIfExists(userDotEclipseHome); - Files.createFile(userDotEclipseHome); - FileChannel updateChannel = FileChannel.open(userDotEclipseHome, StandardOpenOption.WRITE); - OutputStream os = Channels.newOutputStream(updateChannel); - String date = new SimpleDateFormat("dd-MM-yyyy").format(new Date()); - originalProperties.store(os, "Restored to Original:" + date); - os.flush(); - os.close(); - } catch (Exception e) { - e.printStackTrace(); - } - - } - - private static void isSecurityFileRequired(String securityFileLocation) { - Path dir = null; - StringBuilder sb = new StringBuilder(); - - try { - sb.append(securityFileLocation); - sb.append(FileSystems.getDefault().getSeparator()); - dir = Paths.get(sb.toString()); - try { - //just in case it hasnt been created yet - Files.createDirectories(dir); - } catch(Exception createFileErr) {} - - Path path = Paths.get(sb.toString()); - - if (!(path.toFile().exists())) { - Files.deleteIfExists(path); - Files.createFile(path); - Charset charset = Charset.forName("UTF-8");//$NON-NLS-1$ - ArrayList a = fileContents(); - if (FileSystems.getDefault().supportedFileAttributeViews().contains("posix")) { //$NON-NLS-1$ - PosixFileAttributeView posixAttributes = Files.getFileAttributeView(path, - PosixFileAttributeView.class); - Set permissions = posixAttributes.readAttributes().permissions(); - permissions.remove(PosixFilePermission.GROUP_READ); - posixAttributes.setPermissions(permissions); - Files.write(path, a, charset, StandardOpenOption.TRUNCATE_EXISTING); - - permissions.remove(PosixFilePermission.OWNER_WRITE); - posixAttributes.setPermissions(permissions); - } else { - Files.write(path, a, charset, StandardOpenOption.TRUNCATE_EXISTING); - Files.setAttribute(path, "dos:hidden", Boolean.valueOf(true));//$NON-NLS-1$ - } - } - - } catch (IOException e) { - e.printStackTrace(); - } - } - - private static ArrayList fileContents() { - - ArrayList a = new ArrayList<>(); - - try { - a.add("javax.net.ssl.trustStoreType=" + System.getProperty("javax.net.ssl.trustStoreType"));//$NON-NLS-1$ //$NON-NLS-2$ - a.add("javax.net.ssl.trustStorePassword=" + System.getProperty("javax.net.ssl.trustStorePassword"));//$NON-NLS-1$ //$NON-NLS-2$ - a.add("javax.net.ssl.trustStore=" + System.getProperty("javax.net.ssl.trustStore"));//$NON-NLS-1$ //$NON-NLS-2$ - a.add("");//$NON-NLS-1$ - - if (System.getProperty("javax.net.ssl.keyStoreType") != null) {//$NON-NLS-1$ - a.add("javax.net.ssl.keyStoreType=" + System.getProperty("javax.net.ssl.keyStoreType"));//$NON-NLS-1$ //$NON-NLS-2$ - a.add("javax.net.ssl.keyStore=" + System.getProperty("javax.net.ssl.keyStore")); //$NON-NLS-1$ //$NON-NLS-2$ - if (System.getProperty("javax.net.ssl.keyStoreType").equalsIgnoreCase("PKCS12")) { //$NON-NLS-1$ //$NON-NLS-2$ - - } else { - a.add("javax.net.ssl.keyStorePassword=");//$NON-NLS-1$ - a.add("javax.net.ssl.keyStoreProvider=" + System.getProperty("javax.net.ssl.keyStoreProvider")); //$NON-NLS-1$ //$NON-NLS-2$ - } - } - - } catch (Exception e) { - e.printStackTrace(); - } - return a; - } -} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/TemplateForPKIfile.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/TemplateForPKIfile.java deleted file mode 100644 index 71356bd1e58..00000000000 --- a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/incoming/TemplateForPKIfile.java +++ /dev/null @@ -1,100 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2025 IBM Corporation and others. - * - * This program and the accompanying materials - * are made available under the terms of the Eclipse Public License 2.0 - * which accompanies this distribution, and is available at - * https://www.eclipse.org/legal/epl-2.0/ - * - * SPDX-License-Identifier: EPL-2.0 - * - * Contributors: - * IBM Corporation - initial API and implementation - *******************************************************************************/ -package org.eclipse.core.security.incoming; - -import java.io.IOException; -import java.nio.file.FileSystems; -import java.nio.file.Files; -import java.nio.file.Path; -import java.nio.file.Paths; -import java.nio.file.StandardOpenOption; - -public class TemplateForPKIfile { - - private static TemplateForPKIfile INSTANCE; - public final String hashTag = "############################################################"; //$NON-NLS-1$ - public final String shortHashTag = "################"; //$NON-NLS-1$ - public static final String DotEclipse = ".eclipse";//$NON-NLS-1$ - public final String USER_HOME = System.getProperty("user.home"); //$NON-NLS-1$ - Path userM2Home = null; - private TemplateForPKIfile() {} - public static TemplateForPKIfile getInstance() { - if (INSTANCE == null) { - INSTANCE = new TemplateForPKIfile(); - } - return INSTANCE; - } - public void setup() { - try { - Path path = Paths.get(USER_HOME+ - FileSystems.getDefault().getSeparator()+DotEclipse+ - FileSystems.getDefault().getSeparator()+ - "pki.template"); - if (!(Files.exists(path))) { - createTemplate(path); - } - } catch (Exception e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - - } - public void createTemplate(Path path) { - String editTag = "Edit this File, Save as .pki"; //$NON-NLS-1$ - try { - Files.createFile(path); - Files.write(path, (hashTag + System.lineSeparator()).getBytes(), StandardOpenOption.APPEND); - Files.write(path, (hashTag + System.lineSeparator()).getBytes(), StandardOpenOption.APPEND); - Files.write(path, shortHashTag.getBytes(), StandardOpenOption.APPEND); - Files.write(path, editTag.getBytes(), StandardOpenOption.APPEND); - Files.write(path, (shortHashTag + System.lineSeparator()).getBytes(), StandardOpenOption.APPEND); - Files.write(path, (hashTag + System.lineSeparator()).getBytes(), StandardOpenOption.APPEND); - Files.write(path, (hashTag + System.lineSeparator()).getBytes(), StandardOpenOption.APPEND); - Files.write(path, ((buildBuffer()) + System.lineSeparator()).getBytes(), StandardOpenOption.APPEND); - - } catch (IOException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - } - public String buildBuffer() { - StringBuilder b = new StringBuilder(); - b.append("javax.net.ssl.keyStore="); //$NON-NLS-1$ - b.append("[Fully quallified name of your Keystore File]"); //$NON-NLS-1$ - b.append(System.lineSeparator()); - b.append("javax.net.ssl.keyStorePassword="); //$NON-NLS-1$ - b.append("[Eclipse will encrypt this entry]"); //$NON-NLS-1$ - b.append(System.lineSeparator()); - b.append("javax.net.ssl.keyStoreType="); //$NON-NLS-1$ - b.append("[types allowed; PCKS11, PKCS12]"); //$NON-NLS-1$ - b.append(System.lineSeparator()); - b.append("javax.net.ssl.keyStoreProvider="); //$NON-NLS-1$ - b.append("[SunPKCS11, PKCS12]"); //$NON-NLS-1$ - b.append(System.lineSeparator()); - b.append("javax.net.ssl.trustStore="); //$NON-NLS-1$ - b.append("[Fully quallified name of your Truststore File]"); //$NON-NLS-1$ - b.append(System.lineSeparator()); - b.append("javax.net.ssl.trustStorePassword="); //$NON-NLS-1$ - b.append(System.lineSeparator()); - b.append("javax.net.ssl.trustStoreType="); //$NON-NLS-1$ - b.append(System.lineSeparator()); - b.append(hashTag); - b.append(System.lineSeparator()); - return b.toString(); - } - - public static void main(String[] args) { - TemplateForPKIfile.getInstance().setup(); - } -} \ No newline at end of file diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/AuthenticationBase.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/AuthenticationBase.java deleted file mode 100644 index be1b64c6c78..00000000000 --- a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/AuthenticationBase.java +++ /dev/null @@ -1,286 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2025 Eclipse Platform, Security Group and others. - * - * This program and the accompanying materials - * are made available under the terms of the Eclipse Public License 2.0 - * which accompanies this distribution, and is available at - * https://www.eclipse.org/legal/epl-2.0/ - * - * SPDX-License-Identifier: EPL-2.0 - * - * Contributors: - * Eclipse Platform - initial API and implementation - *******************************************************************************/ -package org.eclipse.core.security.managers; - -import java.lang.reflect.Method; -import java.nio.file.Files; -import java.nio.file.Paths; -import java.security.InvalidParameterException; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchProviderException; -import java.security.Provider; -import java.security.ProviderException; -import java.security.SecureRandom; -import java.security.Security; -import java.util.ArrayList; -import java.util.Optional; - -import javax.net.ssl.HttpsURLConnection; -import javax.net.ssl.KeyManager; -import javax.net.ssl.SSLContext; -import javax.net.ssl.TrustManager; -import javax.net.ssl.X509TrustManager; - -import org.eclipse.core.security.ActivateSecurity; -import org.eclipse.core.security.util.EclipseKeyStoreCollection; - - -public class AuthenticationBase implements AuthenticationService { - - private static AuthenticationBase INSTANCE; - protected SSLContext sslContext; - protected String pin; - static KeyStore.PasswordProtection pp = new KeyStore.PasswordProtection("".toCharArray()); //$NON-NLS-1$ - protected boolean is9; - protected String pkiProvider = "SunPKCS11"; // or could be FIPS provider :SunPKCS11-FIPS //$NON-NLS-1$ - protected String providerName = null; - protected String cfgDirectory = null; - protected String fingerprint; - KeyStore keyStore = null; - private AuthenticationBase() {} - public static AuthenticationBase getInstance() { - if (INSTANCE == null) { - INSTANCE = new AuthenticationBase(); - } - return INSTANCE; - } - - @Override - public KeyStore initialize(char[] p) { - pp = new KeyStore.PasswordProtection(p); - String pin = new String(p); - try { - - OptionalkeyStoreContainer = Optional.ofNullable(configure()); - if (keyStoreContainer.isEmpty() ) { - return null; - } else { - keyStore=keyStoreContainer.get(); - } - try { - /* - * Only load the store if the pin is a valuye other than the default setting of - * "pin" Otherwise the store will be preloaded by the default loading of the - * keystore, dynamically - */ - if (!(pin.equalsIgnoreCase("pin"))) { //$NON-NLS-1$ - PkiCallbackHandler pkiCB = new PkiCallbackHandler(); - PkiLoadParameter lp = new PkiLoadParameter(); - lp.setWaitForSlot(true); - lp.setProtectionParameter(pp); - - lp.setEventHandler(pkiCB); - keyStore.load(lp); - sslContext=AuthenticationBase.INSTANCE.setSSLContext(keyStore); - ActivateSecurity.getInstance().log("SSL context PROTOCOL:"+sslContext.getProtocol()); //$NON-NLS-1$ - } - - } catch (Exception e) { - /* - * An incorrect PiN could have been entered. AND thats OK, they can try again. - */ - ActivateSecurity.getInstance().log("Unable to load KeyStore, Bad Pin?"); //$NON-NLS-1$ - return null; - } - System.setProperty("javax.net.ssl.keyStoreProvider", "SunPKCS11"); //$NON-NLS-1$ //$NON-NLS-2$ - System.setProperty("https.protocols", "TLSv1.1,TLSv1.2,TLSv1.3"); //$NON-NLS-1$ //$NON-NLS-2$ - } catch (Exception e) { - e.printStackTrace(); - } - /* - * Set the context AFTER you set the keystore... - */ - return keyStore; - } - - private KeyStore configure() { - Optional configurationDirectory = null; - OptionalproviderContainer = null; - Provider prototype = null; - String securityProvider = null; - KeyStore keyStore = null; - String errorMessage=null; - is9 = true; - - configurationDirectory = Optional.ofNullable(System.getProperty("javax.net.ssl.cfgFileLocation")); //$NON-NLS-1$ - if (configurationDirectory.isEmpty()) { - // Where is it for Windoz - //TBD: find default setting - setCfgDirectory(new String("/etc/opensc")); //$NON-NLS-1$ - } else { - setCfgDirectory(configurationDirectory.get().toString()); - } - - if (Files.exists(Paths.get(getCfgDirectory()))) { - ActivateSecurity.getInstance().log("PKCS11 configure DIR:" + getCfgDirectory()); //$NON-NLS-1$ - providerContainer=Optional.ofNullable( - System.getProperty("javax.net.ssl.keyStoreProvider")); //$NON-NLS-1$ - if (providerContainer.isEmpty() ) { - securityProvider = pkiProvider; - } else { - securityProvider = providerContainer.get().toString(); - } - prototype = Security.getProvider(securityProvider); - if (prototype == null) { - ActivateSecurity.getInstance().log("Configuring PKCS11 Provider not found."); //$NON-NLS-1$ - } - - try { - Provider provider = prototype.configure(getCfgDirectory()); - providerName = provider.getName(); - Security.addProvider(provider); - keyStore = KeyStore.getInstance("pkcs11", provider.getName() ); //$NON-NLS-1$ - setPkiProvider(provider.getName()); - } catch (KeyStoreException e) { - errorMessage=e.getMessage()+" Problem loading the keystore."; - } catch (InvalidParameterException e) { - errorMessage=e.getMessage()+" You have provided an invalid parameter."; - } catch (UnsupportedOperationException e) { - errorMessage=e.getMessage()+" Operation is not supported at this time."; - } catch (NullPointerException e) { - errorMessage=e.getMessage()+" A Null Pointer was found."; - } catch (NoSuchProviderException e) { - errorMessage=e.getMessage()+" The PKCS11 provider could not be found."; - } catch (ProviderException e) { - errorMessage=e.getMessage()+" No PKCS11 Configuration found."; - } - Optional errorContainer = Optional.ofNullable(errorMessage); - if ( !(errorContainer.isEmpty())) { - Security.removeProvider(providerName); - ActivateSecurity.getInstance().log(errorMessage); //$NON-NLS-1$ - } - } - return keyStore; - } - public KeyStore getKeyStore() { - return keyStore; - } - - public SSLContext getSSLContext() { - return this.sslContext; - } - - - public boolean isPkcs11Setup() { - - if ((getCfgDirectory() !=null ) && ( getPkiProvider() != null)) { - return true; - } - return false; - - } - - public SSLContext setSSLContext(KeyStore keyStore) { - - try { - sslContext = SSLContext.getInstance("TLSv1.3"); //$NON-NLS-1$ - - Optional PKIXtrust = ConfigureTrust.getInstance().setUp(); - if (PKIXtrust.isEmpty()) { - ActivateSecurity.getInstance().log("Invalid TrustManager Initialization."); //$NON-NLS-1$ - } else { - - KeyManager[] km = new KeyManager[] { KeyStoreManager.getInstance() }; - TrustManager[] tm = new TrustManager[] { ConfigureTrust.getInstance() }; - - sslContext.init(km, tm, new SecureRandom()); - SSLContext.setDefault(sslContext); - HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory()); - } - } catch (Exception e) { - e.printStackTrace(); - } - return sslContext; - } - - public String getPkiProvider() { - return pkiProvider; - } - - public void setPkiProvider(String pkiProvider) { - this.pkiProvider = pkiProvider; - } - - public boolean isJava9() { - return is9; - } - - public String getFingerprint() { - return fingerprint; - } - - public static void setFingerprint(String fingerprint) { - AuthenticationBase.INSTANCE.fingerprint = fingerprint; - } - - public KeyManager getCustomKeyManager(KeyStore keyStore) { - CustomKeyManager keyManager = null; - try { - keyManager = new CustomKeyManager(keyStore, "".toCharArray(), null); //$NON-NLS-1$ - keyManager.setSelectedFingerprint(getFingerprint()); - } catch (Exception e) { - e.printStackTrace(); - } - return keyManager; - } - public ArrayList getList() { - return EclipseKeyStoreCollection.getInstance().getList(keyStore); - } - - public boolean isJavaModulesBased() { - try { - Class.forName("java.lang.Module"); //$NON-NLS-1$ - return true; - } catch (ClassNotFoundException e) { - return false; - } - } - - public String getCfgDirectory() { - return cfgDirectory; - } - - public void setCfgDirectory(String cfgDirectory) { - this.cfgDirectory = cfgDirectory; - } - public String getPin() { - return pin; - } - public void setPin(String pin) { - this.pin = pin; - pp = new KeyStore.PasswordProtection(pin.toCharArray()); - } - public void logoff() { - try { - - } catch (Exception e) { - e.printStackTrace(); - } - - } - public boolean login() { - Provider provider = Security.getProvider(getPkiProvider()); - if ( provider != null) { - - try { - provider.clear(); - return true; - } catch (SecurityException e) { - e.printStackTrace(); - } - } - return false; - } -} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/AuthenticationService.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/AuthenticationService.java deleted file mode 100644 index 77be2b5bf7a..00000000000 --- a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/AuthenticationService.java +++ /dev/null @@ -1,20 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2023 Eclipse Platform, Security Group and others. - * - * This program and the accompanying materials - * are made available under the terms of the Eclipse Public License 2.0 - * which accompanies this distribution, and is available at - * https://www.eclipse.org/legal/epl-2.0/ - * - * SPDX-License-Identifier: EPL-2.0 - * - * Contributors: - * Eclipse Platform - initial API and implementation - *******************************************************************************/ -package org.eclipse.core.security.managers; - -import java.security.KeyStore; - -public interface AuthenticationService { - public KeyStore initialize(char[] p); -} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/ConfigureTrust.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/ConfigureTrust.java deleted file mode 100644 index 885f033be3e..00000000000 --- a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/ConfigureTrust.java +++ /dev/null @@ -1,123 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2025 Eclipse Platform, Security Group and others. - * - * This program and the accompanying materials - * are made available under the terms of the Eclipse Public License 2.0 - * which accompanies this distribution, and is available at - * https://www.eclipse.org/legal/epl-2.0/ - * - * SPDX-License-Identifier: EPL-2.0 - * - * Contributors: - * Eclipse Platform - initial API and implementation - *******************************************************************************/ -package org.eclipse.core.security.managers; - -import java.io.FileInputStream; -import java.io.FileNotFoundException; -import java.io.IOException; -import java.io.InputStream; -import java.nio.file.FileSystems; -import java.nio.file.Files; -import java.nio.file.Paths; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.cert.CertificateException; -import java.security.cert.X509Certificate; -import java.util.Optional; - -import javax.net.ssl.TrustManager; -import javax.net.ssl.TrustManagerFactory; -import javax.net.ssl.X509TrustManager; - -import org.eclipse.core.security.ActivateSecurity; - -public class ConfigureTrust implements X509TrustManager { - - private static ConfigureTrust INSTANCE; - protected X509TrustManager pkixTrustManager = null; - private ConfigureTrust() {} - public static ConfigureTrust getInstance() { - if (INSTANCE == null) { - INSTANCE = new ConfigureTrust(); - } - return INSTANCE; - } - - public Optional setUp() { - KeyStore keyStore = null; - String storeLocation = null; - String trustType = null; - String passwd = "changeit"; //$NON-NLS-1$ - try { - Optional trustStoreFile = Optional.ofNullable(System.getProperty("javax.net.ssl.trustStore")); //$NON-NLS-1$ - if (trustStoreFile.isEmpty()) { - storeLocation = System.getProperty("java.home") + //$NON-NLS-1$ - "/lib/security/cacerts" //$NON-NLS-1$ - .replace("/", FileSystems.getDefault().getSeparator()); //$NON-NLS-1$ - } else { - storeLocation = trustStoreFile.get().toString(); - } - InputStream fs = Files.newInputStream(Paths.get(storeLocation)); - - Optional trustStoreFileType = Optional - .ofNullable(System.getProperty("javax.net.ssl.trustStoreType")); //$NON-NLS-1$ - if (trustStoreFileType.isEmpty()) { - trustType = KeyStore.getDefaultType(); - } else { - trustType = trustStoreFileType.get().toString(); - } - keyStore = KeyStore.getInstance(trustType); - - Optional trustStorePassword = Optional - .ofNullable(System.getProperty("javax.net.ssl.trustStorePassword")); //$NON-NLS-1$ - if (trustStorePassword.isEmpty()) { - ActivateSecurity.getInstance().log("ConfigureTrust using default Password since none provided."); //$NON-NLS-1$ - passwd="changeit"; - } else { - passwd = trustStorePassword.get().toString(); - } - - keyStore.load(fs, passwd.toCharArray()); - - TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX"); //$NON-NLS-1$ - tmf.init(keyStore); - TrustManager tms[] = tmf.getTrustManagers(); - for (TrustManager tm : tms) { - if (tm instanceof X509TrustManager) { - pkixTrustManager = (X509TrustManager) tm; - ActivateSecurity.getInstance().log("Initialization PKIX Trust Manager Complete"); //$NON-NLS-1$ - break; - } - } - } catch (NoSuchAlgorithmException e) { - ActivateSecurity.getInstance().log("ConfigureTrust - No algorithm found."); //$NON-NLS-1$ - } catch (KeyStoreException e) { - ActivateSecurity.getInstance().log("ConfigureTrust - Initialize keystore Error. "); //$NON-NLS-1$ - } catch (FileNotFoundException e) { - ActivateSecurity.getInstance().log("ConfigureTrust - No File Found:"); //$NON-NLS-1$ - } catch (CertificateException e) { - ActivateSecurity.getInstance().log("ConfigureTrust - Certificate Error"); //$NON-NLS-1$ - } catch (IOException e) { - ActivateSecurity.getInstance().log("ConfigureTrust - I/O Error, bad password?"); //$NON-NLS-1$ - } - return Optional.ofNullable(pkixTrustManager); - } - - @Override - public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { - pkixTrustManager.checkClientTrusted(chain, authType); - } - - @Override - public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { - pkixTrustManager.checkServerTrusted(chain, authType); - } - - @Override - public X509Certificate[] getAcceptedIssuers() { - return pkixTrustManager.getAcceptedIssuers(); - - } -} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/CustomKeyManager.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/CustomKeyManager.java deleted file mode 100644 index c500d14b147..00000000000 --- a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/CustomKeyManager.java +++ /dev/null @@ -1,217 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2025 Eclipse Platform, Security Group and others. - * - * This program and the accompanying materials - * are made available under the terms of the Eclipse Public License 2.0 - * which accompanies this distribution, and is available at - * https://www.eclipse.org/legal/epl-2.0/ - * - * SPDX-License-Identifier: EPL-2.0 - * - * Contributors: - * Eclipse Platform - initial API and implementation - *******************************************************************************/ -package org.eclipse.core.security.managers; - -import java.net.InetAddress; -import java.net.Socket; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.Principal; -import java.security.PrivateKey; -import java.security.UnrecoverableKeyException; -import java.security.cert.Certificate; -import java.security.cert.CertificateExpiredException; -import java.security.cert.CertificateNotYetValidException; -import java.security.cert.X509Certificate; -import java.util.Enumeration; -import java.util.HashMap; - -import javax.net.ssl.X509ExtendedKeyManager; -import javax.net.ssl.X509KeyManager; - -import org.eclipse.core.security.identification.FingerprintX509; - -public class CustomKeyManager extends X509ExtendedKeyManager implements X509KeyManager { - private static final int KEY_ENCIPHERMENT = 2; - private static final int DIGITAL_SIGNATURE = 0; - private KeyStore keyStore; - private char[] password; - protected static String selectedFingerprint = "NOTSET"; //$NON-NLS-1$ - - public CustomKeyManager(KeyStore keyStore, char[] passwd, HashMap hosts) { - this.keyStore=keyStore; - this.setPassword(new String(passwd).toCharArray()); - } - - @Override - public String chooseClientAlias(String[] arg0, Principal[] arg1, Socket arg2) { - // TODO Auto-generated method stub - String message = "Presenting X509 fingerprint:"; //$NON-NLS-1$ - String amessage = " using certificate alias:"; //$NON-NLS-1$ - StringBuilder sb=new StringBuilder(); - String selectedAlias=null; - String alias = null; - String fingerprint=null; - boolean isOK=true; - - try { - - - Enumeration aliases = this.keyStore.aliases(); - sb.append(message); - while ( aliases.hasMoreElements() ) { - alias = aliases.nextElement(); - if ( this.getPrivateKey(alias) != null ) { - X509Certificate x509 = (X509Certificate) this.keyStore.getCertificate(alias); - try { - x509.checkValidity(); - if (!(isKeyEncipherment(x509.getKeyUsage()))) { - fingerprint = FingerprintX509.getInstance().getFingerPrint(x509, "MD5"); //$NON-NLS-1$ - - if ( getSelectedFingerprint() != null ) { - if (getSelectedFingerprint().equals("NOTSET")) { //$NON-NLS-1$ - setSelectedFingerprint(fingerprint); - } - } else { - setSelectedFingerprint(fingerprint); - } - if ( getSelectedFingerprint().equals(fingerprint)) { - isOK=true; - selectedAlias=alias; - sb.append(fingerprint); - sb.append(amessage); - sb.append(alias); - message = sb.toString(); - break; - } - } - } catch (CertificateExpiredException e) { - - System.err.println("KeyManager: Please remove EXPIRED certificate:" + alias //$NON-NLS-1$ - + " using your pkcs11 Manager."); //$NON-NLS-1$ - } catch (CertificateNotYetValidException e) { - System.err.println("KeyManager: Please check invalid certificate:" + alias //$NON-NLS-1$ - + " using your pkcs11 Manager."); //$NON-NLS-1$ - } - } - } - } catch (Exception e) { - e.printStackTrace(); - } - if (!(isOK)) { - message = (selectedAlias == null) ? "PKI misconfiguration. Please check pkcs11" : message + selectedAlias; //$NON-NLS-1$ - System.out.println("KeyManager: " + message); //$NON-NLS-1$ - } - return selectedAlias; - } - private static boolean isDigitalSignature(boolean[] ba) { - if ( ba != null) { - - return ba[DIGITAL_SIGNATURE]; - } else { - return false; - } - } - - private static boolean isKeyEncipherment(boolean[] ba) { - if ( ba != null) { - - return ba[KEY_ENCIPHERMENT]; - } else { - return false; - } - } - - @Override - public String chooseServerAlias(String arg0, Principal[] arg1, Socket arg2) { - return null; - } - - @Override - public X509Certificate[] getCertificateChain(String alias) { - - X509Certificate[] X509Certs=null; - X509Certificate X509Cert=null; - try { - Certificate[] certificates = this.keyStore.getCertificateChain(alias); - if ( certificates != null ) { - X509Certs = new X509Certificate[ certificates.length ]; - for(int i=0; i < certificates.length; i++) { - X509Cert= (X509Certificate ) certificates[i]; - if (!(isKeyEncipherment(X509Cert.getKeyUsage()))) { - X509Certs[i] = X509Cert; - } else { - if ((isKeyEncipherment(X509Cert.getKeyUsage())) && alias.contains("PKI")) { //$NON-NLS-1$ - X509Certs[i] = X509Cert; - } - } - } - - } else { - X509Cert = (X509Certificate) this.keyStore.getCertificate(alias); - if ( X509Cert != null ) { - X509Certs = new X509Certificate[1]; - if (isDigitalSignature(X509Cert.getKeyUsage()) ) { - X509Certs[0] = X509Cert; - } else { - if (alias.contains("PKI")) { //$NON-NLS-1$ - X509Certs[0] = X509Cert; - } - } - } - - } - - } catch (Exception e) { - e.printStackTrace(); - } - try { - X509Certs = new X509Certificate[1]; - X509Certs[0] = (X509Certificate) this.keyStore.getCertificate(alias); - } catch (KeyStoreException e) { - e.printStackTrace(); - } - return X509Certs; - } - - @Override - public String[] getClientAliases(String arg0, Principal[] arg1) { - return new String[] {chooseClientAlias(null, arg1, null) }; - } - - @Override - public PrivateKey getPrivateKey(String alias) { - PrivateKey privateKey = null; - try { - privateKey = (PrivateKey) keyStore.getKey(alias, "".toCharArray()); //$NON-NLS-1$ - } catch (UnrecoverableKeyException e) { - e.printStackTrace(); - } catch (KeyStoreException e) { - e.printStackTrace(); - } catch (NoSuchAlgorithmException e) { - e.printStackTrace(); - } - return privateKey; - } - - @Override - public String[] getServerAliases(String arg0, Principal[] arg1) { - return null; - } - public static String getSelectedFingerprint() { - return selectedFingerprint; - } - public void setSelectedFingerprint(String selectedFingerprint) { - CustomKeyManager.selectedFingerprint = selectedFingerprint; - } - - public char[] getPassword() { - return password; - } - - public void setPassword(char[] password) { - this.password = password; - } -} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/KeyStoreManager.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/KeyStoreManager.java deleted file mode 100644 index 3909b9d7cd0..00000000000 --- a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/KeyStoreManager.java +++ /dev/null @@ -1,437 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2023 Eclipse Platform, Security Group and others. - * - * This program and the accompanying materials - * are made available under the terms of the Eclipse Public License 2.0 - * which accompanies this distribution, and is available at - * https://www.eclipse.org/legal/epl-2.0/ - * - * SPDX-License-Identifier: EPL-2.0 - * - * Contributors: - * Eclipse Platform - initial API and implementation - *******************************************************************************/ -package org.eclipse.core.security.managers; - -import java.nio.file.Files; -import java.nio.file.Path; -import java.nio.file.Paths; -import java.io.BufferedInputStream; -import java.io.FileInputStream; -import java.io.FileNotFoundException; -import java.io.IOException; -import java.io.InputStream; -import java.net.Socket; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.Principal; -import java.security.PrivateKey; -import java.security.UnrecoverableKeyException; -import java.security.cert.Certificate; -import java.security.cert.CertificateException; -import java.security.cert.CertificateExpiredException; -import java.security.cert.CertificateNotYetValidException; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Enumeration; -import java.util.Hashtable; -import javax.net.ssl.X509KeyManager; - -import org.eclipse.core.security.ActivateSecurity; -import org.eclipse.core.security.identification.FingerprintX509; -import org.eclipse.core.security.util.KeyStoreFormat; - -public class KeyStoreManager implements X509KeyManager { - private static KeyStoreManager INSTANCE; - protected final int KEY_ENCIPHERMENT = 2; - protected final int DIGITAL_SIGNATURE = 0; - protected boolean isKeyStoreInitialized = false; - protected String selectedFingerprint = "NOSET"; //$NON-NLS-1$ - protected KeyStore keyStore = null; - private KeyStoreManager() {} - public static KeyStoreManager getInstance() { - if (INSTANCE == null) { - INSTANCE = new KeyStoreManager(); - } - return INSTANCE; - } - - public KeyStore getKeyStore(String fileLocation, String password, KeyStoreFormat format) { - InputStream in = null; - try { - - try { - Path p = Paths.get(fileLocation); - in = Files.newInputStream(p); - - keyStore = KeyStore.getInstance(format.getValue()); - keyStore.load(in, password.toCharArray()); - - setKeyStoreInitialized(true); - } catch (FileNotFoundException e) { - ActivateSecurity.getInstance().log("Configure KeyStore - No File Found:"); //$NON-NLS-1$ - } catch (KeyStoreException e) { - ActivateSecurity.getInstance().log("Configure KeyStore - Initialize keystore, bad password?"); //$NON-NLS-1$ - } catch (NoSuchAlgorithmException e) { - ActivateSecurity.getInstance().log("Configure KeyStore - No algorithm found from provider."); //$NON-NLS-1$ - } catch (CertificateException e) { - ActivateSecurity.getInstance().log("Configure KeyStore - Certificate Error."); //$NON-NLS-1$ - } catch (IOException e) { - ActivateSecurity.getInstance().log("Configure KeyStore - I/O Error, bad password?"); //$NON-NLS-1$ - } - if ( keyStore != null) { - return keyStore; - } - return null; - } finally { - try { - in.close(); - } catch (IOException e) { - e.printStackTrace(); - } - } - } - - /** - * Returns a KeyStore object loaded from provided {@link InputStream} and decrypted with given password - * @param in - * @param password - * @param format "JKS", "PKCS12", "PKCS11" - * @throws NoSuchAlgorithmException - * @throws CertificateException - * @throws IOException - */ - - public KeyStore getKeyStore(InputStream in, String password, KeyStoreFormat format) - throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException { - - keyStore = KeyStore.getInstance(format.getValue()); - char pwd[] = null; - if(password != null) - pwd = password.toCharArray(); - - keyStore.load(in, pwd); - return keyStore; - - } - - public KeyStore getKeyStore(KeyStoreFormat format) - throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, NoSuchProviderException { - - String pin = ""; //$NON-NLS-1$ - KeyStore.PasswordProtection pp = new KeyStore.PasswordProtection(pin.toCharArray()); - keyStore = KeyStore.getInstance("pkcs11", "SunPKCS11"); //$NON-NLS-1$ //$NON-NLS-2$ - try { - keyStore.load(null, pp.getPassword()); - setKeyStoreInitialized(true); - } catch (IOException e) { - /* - * User may have pressed the cancel button. - */ - keyStore = null; - } - return keyStore; - } - - public KeyStore getKeyStore() { - return keyStore; - } - public void setKeyStore(KeyStore keyStore) { - this.keyStore=keyStore; - setKeyStoreInitialized(true); - } - - public Hashtable getCertificates(KeyStore keyStore) { - - Hashtable table = new Hashtable<>(); - PrivateKey privateKey=null; - - try { - if (isKeyStoreInitialized()) { - Enumeration aliasesEnum = keyStore.aliases(); - while (aliasesEnum.hasMoreElements()) - { - String alias = aliasesEnum.nextElement(); - X509Certificate certificate = (X509Certificate) keyStore.getCertificate(alias); - try { - if ( isDigitalSignature(certificate.getKeyUsage()) ) { - privateKey = (PrivateKey) keyStore.getKey(alias, null); - if ( privateKey != null) { - table.put(certificate, privateKey); - } - } - } catch (UnrecoverableKeyException e) { - e.printStackTrace(); - } - } - } - } catch (KeyStoreException e) { - e.printStackTrace(); - } catch (NoSuchAlgorithmException e) { - e.printStackTrace(); - } - - return table; - - } - - public ArrayList getAliases(KeyStore keyStore) { - - ArrayListaliasList = new ArrayList<>(); - try { - Enumeration aliasesEnum = keyStore.aliases(); - while (aliasesEnum.hasMoreElements()) - { - String alias = aliasesEnum.nextElement(); - X509Certificate certificate = (X509Certificate) keyStore.getCertificate(alias); - try { - if ( isDigitalSignature(certificate.getKeyUsage()) ) { - aliasList.add(alias); - } - - } catch (Exception e) { - e.printStackTrace(); - } - } - } catch (KeyStoreException e) { - e.printStackTrace(); - } catch (Exception e) { - e.printStackTrace(); - } - - return aliasList; - - } - public boolean checkUserKeystorePass(String certPath, String password, String certType) - { - StringBuilder message = new StringBuilder(); - message.append("Problem reading your certificate. \n\r \n\r"); //$NON-NLS-1$ - - KeyStore keyStore; - try { - InputStream in = null; - - in = new FileInputStream(certPath); - in = new BufferedInputStream(in); - - keyStore = KeyStore.getInstance(certType); - char pwd[] = null; - if (password != null) - pwd = password.toCharArray(); - - keyStore.load(in, pwd); - - getAliases(keyStore); - return true; - - } catch (KeyStoreException e) { - message.append("The selected file does not appear "); //$NON-NLS-1$ - message.append("to be a valid PKCS file. Please "); //$NON-NLS-1$ - message.append("select a different file and/or "); //$NON-NLS-1$ - message.append("check the logs for more information."); //$NON-NLS-1$ - ActivateSecurity.getInstance().log(message.toString()); //$NON-NLS-1$ - } catch (NoSuchAlgorithmException e) { - message.append("An unexpected error '"); //$NON-NLS-1$ - message.append(e.getClass().getName()); - message.append("' occurred: "); //$NON-NLS-1$ - message.append(e.getMessage()); - message.append(" Please select a different file and/or "); //$NON-NLS-1$ - message.append("check the logs for more information."); //$NON-NLS-1$ - ActivateSecurity.getInstance().log(message.toString()); //$NON-NLS-1$ - } catch (CertificateException e) { - message.append("Either your password was incorrect or the "); //$NON-NLS-1$ - message.append("the selected file is corrupt. Please try "); //$NON-NLS-1$ - message.append("a different password or PKCS file."); //$NON-NLS-1$ - ActivateSecurity.getInstance().log(message.toString()); //$NON-NLS-1$ - } catch (IOException e) { - if (e.getCause().toString().contains("FailedLoginException")) { //$NON-NLS-1$ - message.append("\tYou entered an incorrect password. \n\r"); //$NON-NLS-1$ - message.append("\tPlease check your password and re-enter it. \n\r \n\r"); //$NON-NLS-1$ - ActivateSecurity.getInstance().log(message.toString()); //$NON-NLS-1$ - } else { - - message.append("Either your password was incorrect or the "); //$NON-NLS-1$ - message.append("selected file is corrupt. Please try "); //$NON-NLS-1$ - message.append("a different password or PKCS file."); //$NON-NLS-1$ - ActivateSecurity.getInstance().log(message.toString()); //$NON-NLS-1$ - } - } - return false; - } - - @Override - public String[] getClientAliases(String keyType, Principal[] issuers) { - return new String[] { chooseClientAlias(null, issuers, null) }; - } - - @Override - public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) { - String message = "Presenting X509 fingerprint:"; //$NON-NLS-1$ - String amessage = " using certificate alias:"; //$NON-NLS-1$ - StringBuilder sb = new StringBuilder(); - String selectedAlias = "testX509"; - String alias = null; - String fingerprint = null; - boolean isOK = true; - - try { - - Enumeration aliases = this.keyStore.aliases(); - sb.append(message); - while (aliases.hasMoreElements()) { - alias = aliases.nextElement(); - ActivateSecurity.getInstance().log(amessage.toString()+alias); //$NON-NLS-1$ - if (this.getPrivateKey(alias) != null) { - X509Certificate x509 = (X509Certificate) this.keyStore.getCertificate(alias); - try { - x509.checkValidity(); - if (!(isKeyEncipherment(x509.getKeyUsage()))) { - fingerprint = FingerprintX509.getInstance().getFingerPrint(x509, "SHA-256"); //$NON-NLS-1$ - if (getSelectedFingerprint() != null) { - if (getSelectedFingerprint().equals("NOTSET")) { //$NON-NLS-1$ - setSelectedFingerprint(fingerprint); - } - } else { - setSelectedFingerprint(fingerprint); - } - if (getSelectedFingerprint().equals(fingerprint)) { - isOK = true; - selectedAlias = alias; - sb.append(fingerprint); - sb.append(amessage); - sb.append(alias); - message = sb.toString(); - break; - } - } else { - ActivateSecurity.getInstance().log(amessage.toString()+alias); //$NON-NLS-1$ - selectedAlias = "testX509"; - } - } catch (CertificateExpiredException e) { - ActivateSecurity.getInstance().log("KeyManager: Please remove EXPIRED certificate:" + alias //$NON-NLS-1$ - + " using your pkcs11 Manager."); //$NON-NLS-1$ - } catch (CertificateNotYetValidException e) { - ActivateSecurity.getInstance().log("KeyManager: Please check invalid certificate:" + alias //$NON-NLS-1$ - + " using your pkcs11 Manager."); //$NON-NLS-1$ - } - } - } - } catch (Exception e) { - e.printStackTrace(); - } - if (!(isOK)) { - message = (selectedAlias == null) ? "PKI misconfiguration. Please check " : message + selectedAlias; //$NON-NLS-1$ - ActivateSecurity.getInstance().log("KeyManager: "+ message); //$NON-NLS-1$ - } - return selectedAlias; - } - - public boolean isKeyStoreInitialized() { - return isKeyStoreInitialized; - } - - private void setKeyStoreInitialized(boolean isKeyStoreInitialized) { - this.isKeyStoreInitialized = isKeyStoreInitialized; - } - - private boolean isDigitalSignature(boolean[] ba) { - if (ba != null) { - - return ba[DIGITAL_SIGNATURE]; - } else { - return false; - } - } - - private boolean isKeyEncipherment(boolean[] ba) { - if (ba != null) { - - return ba[KEY_ENCIPHERMENT]; - } else { - return false; - } - } - - @Override - public String[] getServerAliases(String keyType, Principal[] issuers) { - return null; - } - - @Override - public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) { - return null; - } - - @Override - public X509Certificate[] getCertificateChain(String alias) { - X509Certificate[] X509Certs = null; - X509Certificate X509Cert = null; - try { - Certificate[] certificates = this.keyStore.getCertificateChain(alias); - if (certificates != null) { - X509Certs = new X509Certificate[certificates.length]; - for (int i = 0; i < certificates.length; i++) { - X509Cert = (X509Certificate) certificates[i]; - if (!(isKeyEncipherment(X509Cert.getKeyUsage()))) { - X509Certs[i] = X509Cert; - } else { - if ((isKeyEncipherment(X509Cert.getKeyUsage())) && alias.contains("PKI")) { //$NON-NLS-1$ - X509Certs[i] = X509Cert; - } - } - } - - } else { - X509Cert = (X509Certificate) this.keyStore.getCertificate(alias); - if (X509Cert != null) { - X509Certs = new X509Certificate[1]; - if (isDigitalSignature(X509Cert.getKeyUsage())) { - X509Certs[0] = X509Cert; - } else { - if (alias.contains("PKI")) { //$NON-NLS-1$ - X509Certs[0] = X509Cert; - } - } - } - - } - - } catch (Exception e) { - e.printStackTrace(); - } - ActivateSecurity.getInstance().log("KeyStoreManager CERTIFICATE CHAIN COUNT:" + X509Certs.length); //$NON-NLS-1$ - try { - X509Certs = new X509Certificate[1]; - X509Certs[0] = (X509Certificate) this.keyStore.getCertificate(alias); - } catch (KeyStoreException e) { - e.printStackTrace(); - } - ActivateSecurity.getInstance().log("CustomKeyManager CERTIFICATE CHAIN COUNT:" + X509Certs.length); //$NON-NLS-1$ - return X509Certs; - } - - public String getSelectedFingerprint() { - return selectedFingerprint; - } - - public void setSelectedFingerprint(String selectedFingerprint) { - this.selectedFingerprint = selectedFingerprint; - } - @Override - public PrivateKey getPrivateKey(String alias) { - PrivateKey privateKey = null; - try { - String passwd = System.getProperty("javax.net.ssl.keyStorePassword"); - privateKey = (PrivateKey) keyStore.getKey(alias, passwd.toCharArray()); //$NON-NLS-1$ - } catch (UnrecoverableKeyException e) { - e.printStackTrace(); - } catch (KeyStoreException e) { - e.printStackTrace(); - } catch (NoSuchAlgorithmException e) { - e.printStackTrace(); - } - return privateKey; - } -} \ No newline at end of file diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/KeystoreSetup.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/KeystoreSetup.java deleted file mode 100644 index 25a06dd8f68..00000000000 --- a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/KeystoreSetup.java +++ /dev/null @@ -1,222 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2025 Eclipse Platform, Security Group and others. - * - * This program and the accompanying materials - * are made available under the terms of the Eclipse Public License 2.0 - * which accompanies this distribution, and is available at - * https://www.eclipse.org/legal/epl-2.0/ - * - * SPDX-License-Identifier: EPL-2.0 - * - * Contributors: - * Eclipse Platform - initial API and implementation - *******************************************************************************/ -package org.eclipse.core.security.managers; - - -import java.util.Optional; -import java.io.File; -import java.util.Collection; -import java.util.Enumeration; -import java.util.List; -import java.util.Properties; -import java.security.Provider; -import java.security.SecureRandom; -import javax.net.ssl.HttpsURLConnection; -import javax.net.ssl.KeyManager; -import javax.net.ssl.SSLContext; -import javax.net.ssl.TrustManager; -import javax.net.ssl.X509TrustManager; -import java.security.KeyManagementException; -import java.security.KeyStore; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.cert.Certificate; -import java.security.cert.CertificateException; -import java.security.cert.X509Certificate; -import org.eclipse.core.runtime.RegistryFactory; -import org.eclipse.core.runtime.spi.RegistryStrategy; -import org.eclipse.core.security.ActivateSecurity; -import org.eclipse.core.security.incoming.IncomingSystemProperty; -import org.eclipse.core.security.incoming.SecurityFileSnapshot; -import org.eclipse.core.security.state.X509SecurityState; -import org.eclipse.core.security.util.KeyStoreFormat; -import org.eclipse.core.security.util.PKIProperties; -import org.eclipse.core.security.managers.KeyStoreManager; -import org.eclipse.core.security.managers.ConfigureTrust; -import org.eclipse.core.runtime.IExtensionRegistry; -import org.eclipse.core.resources.ResourcesPlugin; -import org.eclipse.core.runtime.Platform; -import org.eclipse.core.runtime.CoreException; - - - -import org.osgi.framework.BundleContext; -import org.osgi.util.tracker.ServiceTracker; - -public class KeystoreSetup { - static boolean isPkcs11Installed = false; - static boolean isKeyStoreLoaded = false; - PKIProperties pkiInstance = null; - Properties pkiProperties = null; - SSLContext sslContext = null; - protected static KeyStore keyStore = null; - private static final int DIGITAL_SIGNATURE = 0; - private static final int KEY_CERT_SIGN = 5; - private static final int CRL_SIGN = 6; - - private static KeystoreSetup INSTANCE; - private KeystoreSetup() {} - public static KeystoreSetup getInstance() { - if(INSTANCE == null) { - INSTANCE = new KeystoreSetup(); - } - return INSTANCE; - } - public void installKeystore() { - Optional keystoreContainer = null; - - try { - - keystoreContainer = Optional.ofNullable( - KeyStoreManager.getInstance().getKeyStore(System.getProperty("javax.net.ssl.keyStore"), //$NON-NLS-1$ - System.getProperty("javax.net.ssl.keyStorePassword"), //$NON-NLS-1$ - KeyStoreFormat.valueOf(System.getProperty("javax.net.ssl.keyStoreType")))); //$NON-NLS-1$ - - if ((keystoreContainer.isEmpty()) || (!(KeyStoreManager.getInstance().isKeyStoreInitialized()))) { - ActivateSecurity.getInstance().log("Failed to Load a Keystore."); //$NON-NLS-1$ - X509SecurityState.getInstance().setPKCS12on(false); - System.clearProperty("javax.net.ssl.keyStoreType"); //$NON-NLS-1$ - System.clearProperty("javax.net.ssl.keyStore"); //$NON-NLS-1$ - System.clearProperty("javax.net.ssl.keyStoreProvider"); //$NON-NLS-1$ - System.clearProperty("javax.net.ssl.keyStorePassword"); //$NON-NLS-1$ - //SecurityFileSnapshot.getInstance().restoreProperties(); - } else { - ActivateSecurity.getInstance().log("A Keystore and Password are detected."); //$NON-NLS-1$ - keyStore = keystoreContainer.get(); - setKeyStoreLoaded(true); - } - } catch (Exception e) { - ActivateSecurity.getInstance().log("Exception Loading a Keystore:"+e.getMessage()); //$NON-NLS-1$ - } - } - public void setPkiContext() { - TrustManager[] tm=null; - KeyManager[] km = null; - if (IncomingSystemProperty.getInstance().checkTrustStoreType()) { - ActivateSecurity.getInstance().log("Activating TrustManager Initialization."); //$NON-NLS-1$ - if ((IncomingSystemProperty.getInstance().checkTrustStore())) { - X509SecurityState.getInstance().setTrustOn(true); - Optional PKIXtrust = ConfigureTrust.getInstance().setUp(); - if (PKIXtrust.isEmpty()) { - ActivateSecurity.getInstance().log("Invalid TrustManager Initialization."); //$NON-NLS-1$ - return; - } - tm = new TrustManager[] { ConfigureTrust.getInstance() }; - ActivateSecurity.getInstance().log("TrustManager Initialization Done."); //$NON-NLS-1$ - } else { - ActivateSecurity.getInstance().log("Invalid TrustManager Initialization."); //$NON-NLS-1$ - return; - } - } - - if (isKeyStoreLoaded()) { - if (KeyStoreManager.getInstance().isKeyStoreInitialized()) { - ActivateSecurity.getInstance().log("A KeyStore detected."); //$NON-NLS-1$ - try { - km = new KeyManager[] { KeyStoreManager.getInstance() }; - } catch (Exception e) { - ActivateSecurity.getInstance().log("No such Algorithm Initialization Error."); //$NON-NLS-1$ - } - } else { - ActivateSecurity.getInstance().log("Valid KeyStore not found."); //$NON-NLS-1$ - } - } - activateSecureContext(km,tm); - } - public void activateSecureContext( KeyManager[] km, TrustManager[] tm ) { - try { - - SSLContext ctx = SSLContext.getInstance("TLS");//$NON-NLS-1$ - ctx.init(km, tm, null); - SSLContext.setDefault(ctx); - HttpsURLConnection.setDefaultSSLSocketFactory(ctx.getSocketFactory()); - setSSLContext(ctx); - pkiInstance = PKIProperties.getInstance(); - pkiInstance.load(); - ActivateSecurity.getInstance().setSSLContext(ctx); - setUserEmail(); - - - //ActivateSecurity.getInstance().completeSecureContext(); - //sslContextFactory.getDefault().setDefault(ctx); - - - - ActivateSecurity.getInstance().log("SSLContextFactory has been configured with SSLContext default."); //$NON-NLS-1$ - } catch (KeyManagementException e) { - e.printStackTrace(); - } catch (NoSuchAlgorithmException e) { - e.printStackTrace(); - } - } - public SSLContext getSSLContext() { - return INSTANCE.sslContext; - } - - public void setSSLContext(SSLContext context) { - this.sslContext = context; - } - public boolean isKeyStoreLoaded() { - return ActivateSecurity.getInstance().isKeyStoreLoaded(); - } - - private void setKeyStoreLoaded(boolean isKeyStoreLoaded) { - ActivateSecurity.getInstance().setKeyStoreLoaded(isKeyStoreLoaded); - } - private void setUserEmail() { - try { - Enumeration en = keyStore.aliases(); - while (en.hasMoreElements()) { - String alias = en.nextElement(); - // System.out.println(" " + alias); - Certificate cert = keyStore.getCertificate(alias); - if (cert.getType().equalsIgnoreCase("X.509")) { - X509Certificate X509 = (X509Certificate) cert; - - // - // we need to make sure this is a digital certificate instead of a server - // cert or something - // - if (isDigitalSignature(X509.getKeyUsage())) { - Collection> altnames = X509.getSubjectAlternativeNames(); - if (altnames != null) { - for (List item : altnames) { - Integer type = (Integer) item.get(0); - if (type == 1) - try { - String userEmail = item.toArray()[1].toString(); - System.setProperty("mail.smtp.user", userEmail); - } catch (Exception e) { - e.printStackTrace(); - } - } - } - - } - - } - } - } catch (Exception err) { - - } - } - - private static boolean isDigitalSignature(boolean[] ba) { - if (ba != null) { - return ba[DIGITAL_SIGNATURE] && !ba[KEY_CERT_SIGN] && !ba[CRL_SIGN]; - } else { - return false; - } - } -} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/PkiCallbackHandler.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/PkiCallbackHandler.java deleted file mode 100644 index ac7086ed5d1..00000000000 --- a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/PkiCallbackHandler.java +++ /dev/null @@ -1,29 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2025 Eclipse Platform, Security Group and others. - * - * This program and the accompanying materials - * are made available under the terms of the Eclipse Public License 2.0 - * which accompanies this distribution, and is available at - * https://www.eclipse.org/legal/epl-2.0/ - * - * SPDX-License-Identifier: EPL-2.0 - * - * Contributors: - * Eclipse Platform - initial API and implementation - ****/ -package org.eclipse.core.security.managers; - -import java.io.IOException; - -import javax.security.auth.callback.Callback; -import javax.security.auth.callback.CallbackHandler; -import javax.security.auth.callback.UnsupportedCallbackException; - -public class PkiCallbackHandler implements CallbackHandler { - - @Override - public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { - - } - -} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/PkiLoadParameter.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/PkiLoadParameter.java deleted file mode 100644 index fb80a0d330c..00000000000 --- a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/managers/PkiLoadParameter.java +++ /dev/null @@ -1,75 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2025 Eclipse Platform, Security Group and others. - * - * This program and the accompanying materials - * are made available under the terms of the Eclipse Public License 2.0 - * which accompanies this distribution, and is available at - * https://www.eclipse.org/legal/epl-2.0/ - * - * SPDX-License-Identifier: EPL-2.0 - * - * Contributors: - * Eclipse Platform - initial API and implementation - *******************************************************************************/ -package org.eclipse.core.security.managers; - -import java.security.KeyStore.LoadStoreParameter; -import java.security.KeyStore.ProtectionParameter; - -import javax.security.auth.callback.CallbackHandler; - -public class PkiLoadParameter implements LoadStoreParameter{ - ProtectionParameter protectionParameter; - ProtectionParameter SOProtectionParameter; - CallbackHandler eventHandler; - boolean waitForSlot; - Long slotId; - boolean writeEnabled; - @Override - public ProtectionParameter getProtectionParameter() { - return protectionParameter; - } - public ProtectionParameter getSOProtectionParameter() { - return SOProtectionParameter; - } - - public void setSOProtectionParameter(ProtectionParameter sOProtectionParameter) { - SOProtectionParameter = sOProtectionParameter; - } - - public CallbackHandler getEventHandler() { - return eventHandler; - } - - public void setEventHandler(CallbackHandler eventHandler) { - this.eventHandler = eventHandler; - } - - public boolean isWaitForSlot() { - return waitForSlot; - } - - public void setWaitForSlot(boolean waitForSlot) { - this.waitForSlot = waitForSlot; - } - - public Long getSlotId() { - return slotId; - } - - public void setSlotId(Long slotId) { - this.slotId = slotId; - } - - public boolean isWriteEnabled() { - return writeEnabled; - } - - public void setWriteEnabled(boolean writeEnabled) { - this.writeEnabled = writeEnabled; - } - - public void setProtectionParameter(ProtectionParameter protectionParameter) { - this.protectionParameter = protectionParameter; - } -} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/state/X509SecurityState.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/state/X509SecurityState.java deleted file mode 100644 index cbd3eedd09e..00000000000 --- a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/state/X509SecurityState.java +++ /dev/null @@ -1,47 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2025 Eclipse Platform, Security Group and others. - * - * This program and the accompanying materials - * are made available under the terms of the Eclipse Public License 2.0 - * which accompanies this distribution, and is available at - * https://www.eclipse.org/legal/epl-2.0/ - * - * SPDX-License-Identifier: EPL-2.0 - * - * Contributors: - * Eclipse Platform - initial API and implementation - *******************************************************************************/ -package org.eclipse.core.security.state; - -public class X509SecurityState { - private static X509SecurityState INSTANCE; - private boolean isPKCS11on=false; - private boolean isPKCS12on=false; - private boolean isTrustOn=false; - private X509SecurityState() {} - public static X509SecurityState getInstance() { - if(INSTANCE == null) { - INSTANCE = new X509SecurityState(); - } - return INSTANCE; - } - - public boolean isPKCS11on() { - return isPKCS11on; - } - public void setPKCS11on(boolean isPKCS11on) { - this.isPKCS11on = isPKCS11on; - } - public boolean isPKCS12on() { - return isPKCS12on; - } - public void setPKCS12on(boolean isPKCS12on) { - this.isPKCS12on = isPKCS12on; - } - public boolean isTrustOn() { - return isTrustOn; - } - public void setTrustOn(boolean isTrustOn) { - this.isTrustOn = isTrustOn; - } -} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/util/EclipseKeyStoreCollection.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/util/EclipseKeyStoreCollection.java deleted file mode 100644 index 2ae77cec806..00000000000 --- a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/util/EclipseKeyStoreCollection.java +++ /dev/null @@ -1,87 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2025 Eclipse Platform, Security Group and others. - * - * This program and the accompanying materials - * are made available under the terms of the Eclipse Public License 2.0 - * which accompanies this distribution, and is available at - * https://www.eclipse.org/legal/epl-2.0/ - * - * SPDX-License-Identifier: EPL-2.0 - * - * Contributors: - * Eclipse Platform - initial API and implementation - *******************************************************************************/ -package org.eclipse.core.security.util; - -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; -import java.security.UnrecoverableKeyException; -import java.security.cert.CertificateExpiredException; -import java.security.cert.CertificateNotYetValidException; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Enumeration; - - -public class EclipseKeyStoreCollection { - private static EclipseKeyStoreCollection INSTANCE; - protected final int DIGITAL_SIGNATURE=0; - private final int KEY_ENCIPHERMENT = 2; - protected static PKIProperties pkiProperties=PKIProperties.getInstance();; - private EclipseKeyStoreCollection() {} - public static EclipseKeyStoreCollection getInstance() { - if (INSTANCE == null) { - INSTANCE = new EclipseKeyStoreCollection(); - } - return INSTANCE; - } - public ArrayList getList(KeyStore keyStore) { - ArrayList list = new ArrayList(); - try { - String alias=null; - Enumeration aliases = keyStore.aliases(); - while (aliases.hasMoreElements()) { - alias = (String) aliases.nextElement(); - X509Certificate certificate = (X509Certificate) keyStore.getCertificate(alias); - certificate.checkValidity(); - if ( isDigitalSignature(certificate.getKeyUsage()) ) { - PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, null); - if ( privateKey != null) { - list.add( alias ); - } - } - } - } catch (KeyStoreException e) { - e.printStackTrace(); - } catch (CertificateExpiredException e) { - e.printStackTrace(); - } catch (CertificateNotYetValidException e) { - e.printStackTrace(); - } catch (UnrecoverableKeyException e) { - e.printStackTrace(); - } catch (NoSuchAlgorithmException e) { - e.printStackTrace(); - } - - return list; - - } - private boolean isDigitalSignature(boolean[] ba) { - if ( ba != null) { - - return ba[DIGITAL_SIGNATURE]; - } else { - return false; - } - } - private boolean isKeyEncipherment(boolean[] ba) { - if ( ba != null) { - - return ba[KEY_ENCIPHERMENT]; - } else { - return false; - } - } -} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/util/KeyStoreFormat.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/util/KeyStoreFormat.java deleted file mode 100644 index ad9035a08b7..00000000000 --- a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/util/KeyStoreFormat.java +++ /dev/null @@ -1,33 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2025 Eclipse Platform, Security Group and others. - * - * This program and the accompanying materials - * are made available under the terms of the Eclipse Public License 2.0 - * which accompanies this distribution, and is available at - * https://www.eclipse.org/legal/epl-2.0/ - * - * SPDX-License-Identifier: EPL-2.0 - * - * Contributors: - * Eclipse Platform - initial API and implementation - *******************************************************************************/ -package org.eclipse.core.security.util; - -public enum KeyStoreFormat -{ - JKS("JKS"), //$NON-NLS-1$ - PKCS12("PKCS12"), //$NON-NLS-1$ - PKCS11("PKCS11"); //$NON-NLS-1$ - - private String value; - - KeyStoreFormat (String value) - { - this.value = value; - } - - public String getValue() - { - return value; - } -} diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/util/PKI.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/util/PKI.java deleted file mode 100644 index b2e9535ee74..00000000000 --- a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/util/PKI.java +++ /dev/null @@ -1,92 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2025 Eclipse Platform, Security Group and others. - * - * This program and the accompanying materials - * are made available under the terms of the Eclipse Public License 2.0 - * which accompanies this distribution, and is available at - * https://www.eclipse.org/legal/epl-2.0/ - * - * SPDX-License-Identifier: EPL-2.0 - * - * Contributors: - * Eclipse Platform - initial API and implementation - *******************************************************************************/ -package org.eclipse.core.security.util; - -public class PKI { - private String keyStore = ""; //$NON-NLS-1$ - private String keyStoreType = ""; //$NON-NLS-1$ - private String keyStoreProvider = ""; //$NON-NLS-1$ - private transient String keyStorePassword = ""; //$NON-NLS-1$ - private boolean isSecureStorage=false; - public PKI() {} - public String getKeyStore() { - return keyStore; - } - public void setKeyStore(String keyStore) { - this.keyStore = keyStore; - } - public String getKeyStoreType() { - return keyStoreType; - } - public void setKeyStoreType(String keyStoreType) { - this.keyStoreType = keyStoreType; - } - public String getKeyStoreProvider() { - return keyStoreProvider; - } - public void setKeyStoreProvider(String keyStoreProvider) { - this.keyStoreProvider = keyStoreProvider; - } - public String getKeyStorePassword() { - return keyStorePassword; - } - public void setKeyStorePassword(String keyStorePassword) { - this.keyStorePassword = keyStorePassword; - } - - public boolean isSecureStorage() { - return isSecureStorage; - } - public void setSecureStorage(boolean isSecureStorage) { - this.isSecureStorage = isSecureStorage; - } - public void reSetSystem() { - try { - if ( this.getKeyStore() != null ) { - System.setProperty("javax.net.ssl.keyStore", this.getKeyStore()); //$NON-NLS-1$ - } else { - System.clearProperty("javax.net.ssl.keyStore"); //$NON-NLS-1$ - } - - if ( this.getKeyStoreType() != null ) { - System.setProperty("javax.net.ssl.keyStoreType", this.getKeyStoreType()); //$NON-NLS-1$ - } else { - System.clearProperty("javax.net.ssl.keyStoreType"); //$NON-NLS-1$ - } - - if( this.getKeyStoreProvider() != null) { - // System.out.println("PKI - CLEARING keystoreprovider"); //$NON-NLS-1$ - if ( this.getKeyStoreProvider().isEmpty()) { - System.clearProperty("javax.net.ssl.keyStoreProvider"); //$NON-NLS-1$ - } else { - if (this.getKeyStoreType().equalsIgnoreCase("PKCS12")) { //$NON-NLS-1$ - System.clearProperty("javax.net.ssl.keyStoreProvider"); //$NON-NLS-1$ - } else { - System.setProperty("javax.net.ssl.keyStoreProvider", this.getKeyStoreProvider()); //$NON-NLS-1$ - } - } - } else { - System.clearProperty("javax.net.ssl.keyStoreProvider"); //$NON-NLS-1$ - } - - if ( this.getKeyStorePassword() != null) { - System.setProperty("javax.net.ssl.keyStorePassword", getKeyStorePassword()); //$NON-NLS-1$ - } else { - System.clearProperty("javax.net.ssl.keyStorePassword"); //$NON-NLS-1$ - } - } catch(Exception e) { - e.printStackTrace(); - } - } -} \ No newline at end of file diff --git a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/util/PKIProperties.java b/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/util/PKIProperties.java deleted file mode 100644 index 5b7653ab7bb..00000000000 --- a/runtime/bundles/org.eclipse.core.security/src/org/eclipse/core/security/util/PKIProperties.java +++ /dev/null @@ -1,186 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2025 Eclipse Platform, Security Group and others. - * - * This program and the accompanying materials - * are made available under the terms of the Eclipse Public License 2.0 - * which accompanies this distribution, and is available at - * https://www.eclipse.org/legal/epl-2.0/ - * - * SPDX-License-Identifier: EPL-2.0 - * - * Contributors: - * Eclipse Platform - initial API and implementation - *******************************************************************************/ -package org.eclipse.core.security.util; - -import java.net.Authenticator; -import java.net.PasswordAuthentication; -import java.util.Optional; - -public class PKIProperties extends Authenticator { - - private String keyStore = ""; //$NON-NLS-1$ - private String keyStoreType = ""; //$NON-NLS-1$ - private String keyStoreProvider = ""; //$NON-NLS-1$ - private String username = null; - private transient String keyStorePassword = ""; //$NON-NLS-1$ - private static PKI lastPKI=null; - private static PKIProperties sslProperties=null; - public static PKIProperties getNewInstance() { - return new PKIProperties(); - } - public static PKIProperties getInstance() { - if ( sslProperties == null ) { - synchronized(PKIProperties.class) { - if ( sslProperties == null ) { - sslProperties = new PKIProperties(); - try { - sslProperties.load(); - } catch(Exception ignoreException) { - ignoreException.printStackTrace(); - } - } - } - } - return sslProperties; - } - private PKIProperties() {} - @Override - public PasswordAuthentication getPasswordAuthentication() { - PasswordAuthentication auth = null; - - try { - auth = new PasswordAuthentication(this.getUsername(), this.getKeyStorePassword().toCharArray() ); - } catch (Exception e) { - e.printStackTrace(); - } - - return auth; - } - public String getKeyStore() { - return keyStore; - } - public void setKeyStore(String keyStore) { - this.keyStore = keyStore; - } - public String getKeyStoreType() { - return keyStoreType; - } - public void setKeyStoreType(String keyStoreType) { - this.keyStoreType = keyStoreType; - } - public String getKeyStoreProvider() { - return keyStoreProvider; - } - public void setKeyStoreProvider(String keyStoreProvider) { - this.keyStoreProvider = keyStoreProvider; - } - public String getKeyStorePassword() { - return keyStorePassword; - } - public void setKeyStorePassword(String keyStorePassword) { - this.keyStorePassword = keyStorePassword; - } - public String getUsername() { - return username; - } - public void setUsername(String username) { - this.username = username; - } - public void restore() { - try { - if (( this.getKeyStore() != null ) && - ( this.getKeyStoreType() != null ) && - ( this.getKeyStoreProvider() != null) && - ( this.getKeyStorePassword() != null) ) { - - if ( !(this.getKeyStore().isEmpty()) ) { - System.setProperty("javax.net.ssl.keyStore", this.getKeyStore()); //$NON-NLS-1$ - } - - if ( !(this.getKeyStoreType().isEmpty()) ) { - System.setProperty("javax.net.ssl.keyStoreType", this.getKeyStoreType()); //$NON-NLS-1$ - } - - if ( !(this.getKeyStoreProvider().isEmpty() )) { - System.setProperty("javax.net.ssl.keyStoreProvider", this.getKeyStoreProvider()); //$NON-NLS-1$ - } - - if ( !(this.getKeyStorePassword().isEmpty() )) { - if ( lastPKI != null ) { - if ( lastPKI.getKeyStorePassword().isEmpty() ) { - System.clearProperty("javax.net.ssl.keyStorePassword"); //$NON-NLS-1$ - } - } else { - System.setProperty("javax.net.ssl.keyStorePassword", getKeyStorePassword()); //$NON-NLS-1$ - } - } - } else { - clear(); - } - - } catch (Exception e) { - e.printStackTrace(); - } - } - public void load() { - Optional keyStoreType = null; - Optional keyStore = null; - Optional keyStorePassword = null; - Optional keyStoreProvider = null; - keyStore = Optional.ofNullable(System.getProperty("javax.net.ssl.keyStore")); //$NON-NLS-1$ - if (keyStore.isEmpty()) { - sslProperties.setKeyStore(""); //$NON-NLS-1$ - } else { - sslProperties.setKeyStore(keyStore.get().toString()); - } - - keyStoreType = Optional.ofNullable(System.getProperty("javax.net.ssl.keyStoreType")); //$NON-NLS-1$ - if (keyStoreType.isEmpty()) { - sslProperties.setKeyStoreType(""); //$NON-NLS-1$ - } else { - sslProperties.setKeyStoreType(keyStoreType.get().toString()); - } - keyStoreProvider = Optional.ofNullable(System.getProperty("javax.net.ssl.keyStoreProvider")); //$NON-NLS-1$ - if (keyStoreProvider.isEmpty()) { - sslProperties.setKeyStoreProvider(""); //$NON-NLS-1$ - } else { - sslProperties.setKeyStoreProvider(keyStoreType.get().toString()); - if (sslProperties.getKeyStoreType().equalsIgnoreCase("pkcs12")) {//$NON-NLS-1$ - System.clearProperty("javax.net.ssl.keyStoreProvider"); //$NON-NLS-1$ - sslProperties.setKeyStoreProvider(""); //$NON-NLS-1$ - } - } - - - keyStorePassword = Optional.ofNullable(System.getProperty("javax.net.ssl.keyStorePassword")); //$NON-NLS-1$ - if (keyStoreType.isEmpty()) { - sslProperties.setKeyStorePassword(""); //$NON-NLS-1$ - } else { - sslProperties.setKeyStorePassword(keyStorePassword.get().toString()); - } - - sslProperties.setUsername(System.getProperty("user.name")); //$NON-NLS-1$ - } - public void setLastPkiValue( PKI pki ) { - lastPKI = pki; - } - public void clear() { - System.clearProperty("javax.net.ssl.keyStoreProvider"); //$NON-NLS-1$ - System.clearProperty("javax.net.ssl.keyStore"); //$NON-NLS-1$ - System.clearProperty("javax.net.ssl.keyStoreProvider"); //$NON-NLS-1$ - System.clearProperty("javax.net.ssl.keyStorePassword"); //$NON-NLS-1$ - } - public void dump() { - StringBuffer sb = new StringBuffer(); - sb.append("javax.net.ssl.keyStore="); //$NON-NLS-1$ - sb.append(sslProperties.getKeyStore()); - sb.append("\n"); //$NON-NLS-1$ - sb.append("javax.net.ssl.keyStoreType="); //$NON-NLS-1$ - sb.append(sslProperties.getKeyStoreType()); - sb.append("\n"); //$NON-NLS-1$ - sb.append("javax.net.ssl.keyStoreProvider="); //$NON-NLS-1$ - sb.append(sslProperties.getKeyStoreProvider()); - sb.append("\n"); //$NON-NLS-1$ - } -}