import org.apache.river.config.KeyStores; import org.apache.river.discovery.ClientPermissionChecker; import org.apache.river.discovery.DiscoveryProtocolVersion; import org.apache.river.discovery.MulticastMaxPacketSize; import org.apache.river.discovery.MulticastTimeToLive; import org.apache.river.discovery.UnicastSocketTimeout; import java.util.Collections; import java.security.Permission; import javax.security.auth.login.LoginContext; import net.jini.constraint.BasicMethodConstraints; import net.jini.constraint.BasicMethodConstraints.MethodDesc; import net.jini.core.constraint.ClientAuthentication; import net.jini.core.constraint.ClientMinPrincipal; import net.jini.core.constraint.Integrity; import net.jini.core.constraint.InvocationConstraint; import net.jini.core.constraint.InvocationConstraints; import net.jini.core.constraint.ServerAuthentication; import net.jini.core.constraint.ServerMinPrincipal; import net.jini.jeri.BasicJeriExporter; import net.jini.jeri.ProxyTrustILFactory; import net.jini.jeri.ssl.HttpsServerEndpoint; import net.jini.security.AccessPermission; import net.jini.security.AuthenticationPermission; import net.jini.security.BasicProxyPreparer; multicast { private ttl = 1; } principal { /* * JAAS principals */ private static keystore = KeyStores.getKeyStore( "file:${org.apache.river.qa.home}/harness/trust/truststore", null); static tester = KeyStores.getX500Principal("tester", keystore); static norm = KeyStores.getX500Principal("norm", keystore); static phoenix = KeyStores.getX500Principal("phoenix", keystore); static reggie = KeyStores.getX500Principal("reggie", keystore); static mercury = KeyStores.getX500Principal("mercury", keystore); static fiddler = KeyStores.getX500Principal("fiddler", keystore); static mahalo = KeyStores.getX500Principal("mahalo", keystore); static outrigger = KeyStores.getX500Principal("outrigger", keystore); } // principal test { /* * JAAS login contexts */ loginContext = new LoginContext("org.apache.river.Test"); // for discovery protocal simulator reggieLoginContext = new LoginContext("org.apache.river.Reggie"); /* the exporter for test listeners */ integrityExporter = new BasicJeriExporter( HttpsServerEndpoint.getInstance(0), new ProxyTrustILFactory( new BasicMethodConstraints( new InvocationConstraints(Integrity.YES, null)), AccessPermission.class )); /* * Reggie defaults */ reggiePreparer = new BasicProxyPreparer( true, new BasicMethodConstraints( new InvocationConstraints( new InvocationConstraint[] { Integrity.YES, ServerAuthentication.YES, new ServerMinPrincipal(principal.reggie) }, null )), new Permission[] { new AuthenticationPermission( Collections.singleton(principal.tester), Collections.singleton(principal.reggie), "connect") } ); reggieAdminPreparer = reggiePreparer; reggieEventRegistrationPreparer = new BasicProxyPreparer(); // obsolete reggieServiceRegistrationPreparer = reggiePreparer; reggieServiceLeasePreparer = reggiePreparer; reggieEventLeasePreparer = reggiePreparer; reggieListenerExporter = integrityExporter; /* * Fiddler defaults */ fiddlerPreparer = new BasicProxyPreparer( true, new BasicMethodConstraints( new InvocationConstraints( new InvocationConstraint[]{ Integrity.YES, ServerAuthentication.YES, new ServerMinPrincipal(principal.fiddler) }, null )), new Permission[] { new AuthenticationPermission( Collections.singleton(principal.tester), Collections.singleton(principal.fiddler), "connect") } ); fiddlerRegistrationPreparer = fiddlerPreparer; fiddlerEventRegistrationPreparer = new BasicProxyPreparer();//obsolete fiddlerLeasePreparer = fiddlerPreparer; fiddlerAdminPreparer = fiddlerPreparer; fiddlerListenerExporter = integrityExporter; /* * Norm defaults */ normPreparer = new BasicProxyPreparer( true, new BasicMethodConstraints( new InvocationConstraints( new InvocationConstraint[]{ Integrity.YES, ServerAuthentication.YES, new ServerMinPrincipal(principal.norm) }, null )), new Permission[] { new AuthenticationPermission( Collections.singleton(principal.tester), Collections.singleton(principal.norm), "connect") } ); normAdminPreparer = normPreparer; normRenewalSetPreparer = normPreparer; normEventRegistrationPreparer = new BasicProxyPreparer();//obsolete normLeasePreparer = normPreparer; normListenerExporter = integrityExporter; /* * Mahalo defaults */ mahaloPreparer = new BasicProxyPreparer( true, new BasicMethodConstraints( new InvocationConstraints( new InvocationConstraint[] { Integrity.YES, ServerAuthentication.YES, new ServerMinPrincipal(principal.mahalo) }, null )), new Permission[] { new AuthenticationPermission( Collections.singleton(principal.tester), Collections.singleton(principal.mahalo), "connect") } ); mahaloLeasePreparer = mahaloPreparer; mahaloAdminPreparer = mahaloPreparer; /* * Outrigger defaults */ outriggerPreparer = new BasicProxyPreparer( true, new BasicMethodConstraints( new InvocationConstraints( new InvocationConstraint[] { Integrity.YES, ServerAuthentication.YES, new ServerMinPrincipal(principal.outrigger) }, null )), new Permission[] { new AuthenticationPermission( Collections.singleton(principal.tester), Collections.singleton(principal.outrigger), "connect") } ); outriggerLeasePreparer = outriggerPreparer; outriggerAdminPreparer = outriggerPreparer; outriggerEventRegistrationPreparer = new BasicProxyPreparer(); //obsolete outriggerListenerExporter = integrityExporter; /* * Mercury defaults */ mercuryPreparer = new BasicProxyPreparer( true, new BasicMethodConstraints( new InvocationConstraints( new InvocationConstraint[] { Integrity.YES, ServerAuthentication.YES, new ServerMinPrincipal(principal.mercury) }, null )), new Permission[] { new AuthenticationPermission( Collections.singleton(principal.tester), Collections.singleton(principal.mercury), "connect") } ); mercuryAdminPreparer = mercuryPreparer; mercuryListenerPreparer = mercuryPreparer; mercuryLeasePreparer = mercuryPreparer; mercuryRegistrationPreparer = mercuryPreparer; mercuryListenerExporter = integrityExporter; /* * Phoenix defaults */ phoenixPreparer = new BasicProxyPreparer( true, new BasicMethodConstraints( new InvocationConstraints( new InvocationConstraint[] { Integrity.YES, ServerAuthentication.YES, new ServerMinPrincipal(principal.phoenix) }, null )), new Permission[] { new AuthenticationPermission( Collections.singleton(principal.tester), Collections.singleton(principal.phoenix), "connect") } ); /* * Shared group defaults */ groupPreparer = new BasicProxyPreparer( true, new BasicMethodConstraints( new InvocationConstraints( new InvocationConstraint[] { Integrity.YES, ServerAuthentication.YES, new ServerMinPrincipal(principal.tester) }, null )), new Permission[] { new AuthenticationPermission( Collections.singleton(principal.tester), Collections.singleton(principal.tester), "connect") } ); /* * Transaction defaults */ transactionParticipantExporter = integrityExporter; /* * Test lease defaults */ leaseExporter = integrityExporter; /* * Discovery constraints for discovery simulator (as reggie) */ discoveryConstraints = new BasicMethodConstraints( new MethodDesc[]{ new MethodDesc("multicastRequest", new InvocationConstraints( new InvocationConstraint[]{ ClientAuthentication.YES, Integrity.YES, DiscoveryProtocolVersion.TWO, new MulticastMaxPacketSize(1024), new MulticastTimeToLive(multicast.ttl), new UnicastSocketTimeout(120000) // 2*60*1000 }, null )), new MethodDesc("multicastAnnouncement", new InvocationConstraints( new InvocationConstraint[]{ ServerAuthentication.YES, Integrity.YES, new ServerMinPrincipal(principal.reggie), DiscoveryProtocolVersion.TWO, new MulticastMaxPacketSize(1024), new MulticastTimeToLive(multicast.ttl), new UnicastSocketTimeout(120000) // 2*60*1000 }, null )), new MethodDesc("unicastDiscovery", new InvocationConstraints( new InvocationConstraint[]{ ClientAuthentication.YES, ServerAuthentication.YES, Integrity.YES, new ServerMinPrincipal(principal.reggie), DiscoveryProtocolVersion.TWO, new MulticastMaxPacketSize(1024), new MulticastTimeToLive(multicast.ttl), new UnicastSocketTimeout(120000) // 2*60*1000 }, null )) } ); // use AccessPermission instead of RegistrarPermission to // avoid packaging headaches multicastRequestSubjectChecker = new ClientPermissionChecker( new AccessPermission("multicastRequest")); unicastDiscoverySubjectChecker = new ClientPermissionChecker( new AccessPermission("unicastDiscovery")); /* * Discovery constraints for constructed locators (as tester) */ locatorConstraints = new BasicMethodConstraints( new MethodDesc[]{ new MethodDesc("multicastRequest", new InvocationConstraints( new InvocationConstraint[]{ ClientAuthentication.YES, Integrity.YES, new ClientMinPrincipal(principal.tester), DiscoveryProtocolVersion.TWO, new MulticastMaxPacketSize(1024), new MulticastTimeToLive(multicast.ttl), new UnicastSocketTimeout(120000) // 2*60*1000 }, null )), new MethodDesc("multicastAnnouncement", new InvocationConstraints( new InvocationConstraint[]{ ServerAuthentication.YES, Integrity.YES, new ServerMinPrincipal(principal.reggie), DiscoveryProtocolVersion.TWO, new MulticastMaxPacketSize(1024), new MulticastTimeToLive(multicast.ttl), new UnicastSocketTimeout(120000) // 2*60*1000 }, null )), new MethodDesc("unicastDiscovery", new InvocationConstraints( new InvocationConstraint[]{ ServerAuthentication.YES, Integrity.YES, new ServerMinPrincipal(principal.reggie), DiscoveryProtocolVersion.TWO, new MulticastMaxPacketSize(1024), new MulticastTimeToLive(multicast.ttl), new UnicastSocketTimeout(120000) // 2*60*1000 }, null )), new MethodDesc("getRegistrar", new InvocationConstraints( new InvocationConstraint[]{ ServerAuthentication.YES, Integrity.YES, new ServerMinPrincipal(principal.reggie), DiscoveryProtocolVersion.TWO, new MulticastMaxPacketSize(1024), new MulticastTimeToLive(multicast.ttl), new UnicastSocketTimeout(120000) // 2*60*1000 }, null )) } ); testLeaseVerifierExporter = integrityExporter; } // test net.jini.discovery.LookupDiscovery { registrarPreparer = test.reggiePreparer; discoveryConstraints = test.locatorConstraints; } net.jini.discovery.LookupLocatorDiscovery { registrarPreparer = test.reggiePreparer; } net.jini.lookup.ServiceDiscoveryManager { registrarPreparer = test.reggiePreparer; eventLeasePreparer = test.reggiePreparer; eventListenerExporter = test.integrityExporter; } net.jini.lookup.JoinManager { registrarPreparer = test.reggiePreparer; }