public boolean login() throws LoginException {
// prompt for a user name and password
if (callbackHandler == null)
throw new LoginException(
"Error: no CallbackHandler available "
+ "to garner authentication information from the user");
Callback[] callbacks = new Callback[1];
callbacks[0] = new CMCCArtifactIDCallback();
try {
this.callbackHandler.handle(callbacks);
this.artifactID = ((CMCCArtifactIDCallback) callbacks[0]).getArtifactID();
this.artifactDomain = ((CMCCArtifactIDCallback) callbacks[0]).getArtifactDomain();
if (StringUtils.isEmpty(artifactID)) {
succeeded = false;
artifactID = null;
return false;
}
Helper.validateArtifactID(artifactID);
} catch (java.io.IOException e) {
log.error(e.getMessage(), e);
throw new LoginException(e.toString());
} catch (UnsupportedCallbackException e) {
log.error(e.getMessage(), e);
throw new LoginException(
"Error: "
+ e.getCallback().toString()
+ " not available to garner authentication information "
+ "from the user");
}
// print debugging information
if (debug) {
log.info("Resolv artifactId from cookie: " + artifactID);
}
// verify the artifactID/password
boolean correct;
try {
correct = authenticate(artifactID, artifactDomain);
} catch (Exception e) {
log.error("Failure to check artifactID.", e);
throw new LoginException(e.getMessage());
}
if (correct) {
// authentication succeeded!!!
if (debug) log.info("Success to verify artifactID: [" + artifactID + "]");
succeeded = true;
return true;
} else {
// authentication failed -- clean out state
if (debug) log.info("Invalidate artifactID: [" + artifactID + "]");
succeeded = false;
artifactID = null;
artifactDomain = null;
return false;
}
}
@Override
public boolean login() throws LoginException {
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback(Messages.PROMPT_USERNAME.getText());
callbacks[1] = new PasswordCallback(Messages.PROMPT_PASSWORD.getText(), false);
try {
mCallback.handle(callbacks);
} catch (UnsupportedCallbackException e) {
final LoginException ex = new FailedLoginException(e.getMessage());
ex.initCause(e);
throw ex;
} catch (IOException e) {
final LoginException ex = new FailedLoginException(e.getMessage());
ex.initCause(e);
throw ex;
}
mUsername = ((NameCallback) callbacks[0]).getName();
if (mUsername == null || mUsername.trim().length() == 0) {
throw new AccountNotFoundException(Messages.EMPTY_USERNAME.getText());
}
char[] password = ((PasswordCallback) callbacks[1]).getPassword();
try {
if (!ClientLoginHelper.isValidCredentials(mUsername, password)) {
Messages.USER_LOGIN_ERROR_LOG.warn(this, mUsername);
throw new FailedLoginException(Messages.USER_LOGIN_FAIL.getText(mUsername));
}
} catch (ClientInitException e) {
Messages.USER_LOGIN_ERROR_LOG.warn(this, e, mUsername);
LoginException exception = new FailedLoginException(Messages.USER_LOGIN_ERROR.getText());
exception.initCause(e);
throw exception;
}
SLF4JLoggerProxy.debug(this, "login done for user {}", mUsername); // $NON-NLS-1$
return true;
}
public boolean login() throws LoginException {
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback("Username: "******"Password: "******" not available to obtain information from user");
}
String user = ((NameCallback) callbacks[0]).getName();
char[] tmpPassword = ((PasswordCallback) callbacks[1]).getPassword();
return user.equals(new String(tmpPassword));
}
/**
* Retrieves the user name by querying the property of {@link Constants#SECURITY_LOGIN_USERNAME}
* through {@link AppCallbackHandler}.
*
* @return true if user name provided by application is set and not empty
* @throws LoginException when the login fails
*/
@Override
public boolean login() throws LoginException {
Callback[] callbacks = new Callback[1];
callbacks[0] = new NameCallback("user name: ");
try {
mCallbackHandler.handle(callbacks);
} catch (IOException e) {
throw new LoginException(e.getMessage());
} catch (UnsupportedCallbackException e) {
throw new LoginException(e.getMessage());
}
String userName = ((NameCallback) callbacks[0]).getName();
if (!userName.isEmpty()) {
mUser = new User(userName);
return true;
}
return false;
}
@Override
public boolean login() throws LoginException {
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback("Username: "******"Password: "******" not available to obtain information from user");
}
user = ((NameCallback) callbacks[0]).getName();
char[] tmpPassword = ((PasswordCallback) callbacks[1]).getPassword();
if (tmpPassword == null) {
tmpPassword = new char[0];
}
if (user == null) {
if (configuration.getDefaultUser() == null) {
throw new FailedLoginException("Both username and defaultUser are null");
} else {
user = configuration.getDefaultUser();
}
} else {
String password =
configuration.getUser(user) == null ? null : configuration.getUser(user).getPassword();
if (password == null) {
throw new FailedLoginException("User does not exist");
}
if (!password.equals(new String(tmpPassword))) {
throw new FailedLoginException("Password does not match");
}
}
loginSucceeded = true;
logger.debug("login " + user);
return loginSucceeded;
}
@Test
public void testHandler() {
DefaultCallbackHandler handler = new DefaultCallbackHandler();
SecurityContext context = new SecurityContext();
handler.setup(context);
Callback[] callbacks = new Callback[3];
callbacks[0] = new NameCallback("UserName:"******"Password:"******"Realm:");
try {
handler.handle(callbacks);
Assert.assertEquals("Username", "user1", ((NameCallback) callbacks[0]).getName());
Assert.assertEquals(
"Password", "pass", new String(((PasswordCallback) callbacks[1]).getPassword()));
Assert.assertEquals("Realm", "default", ((RealmCallback) callbacks[2]).getText());
} catch (IOException e) {
Assert.fail(e.getMessage());
} catch (UnsupportedCallbackException e) {
Assert.fail(e.getMessage());
}
}
@Override
public AuthStatus validateRequest(
MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
String credentials = request.getHeader(HttpHeader.AUTHORIZATION.asString());
try {
boolean stale = false;
// TODO extract from request
long timestamp = System.currentTimeMillis();
if (credentials != null) {
if (LOG.isDebugEnabled()) LOG.debug("Credentials: " + credentials);
QuotedStringTokenizer tokenizer =
new QuotedStringTokenizer(credentials, "=, ", true, false);
final Digest digest = new Digest(request.getMethod());
String last = null;
String name = null;
while (tokenizer.hasMoreTokens()) {
String tok = tokenizer.nextToken();
char c = (tok.length() == 1) ? tok.charAt(0) : '\0';
switch (c) {
case '=':
name = last;
last = tok;
break;
case ',':
name = null;
case ' ':
break;
default:
last = tok;
if (name != null) {
if ("username".equalsIgnoreCase(name)) digest.username = tok;
else if ("realm".equalsIgnoreCase(name)) digest.realm = tok;
else if ("nonce".equalsIgnoreCase(name)) digest.nonce = tok;
else if ("nc".equalsIgnoreCase(name)) digest.nc = tok;
else if ("cnonce".equalsIgnoreCase(name)) digest.cnonce = tok;
else if ("qop".equalsIgnoreCase(name)) digest.qop = tok;
else if ("uri".equalsIgnoreCase(name)) digest.uri = tok;
else if ("response".equalsIgnoreCase(name)) digest.response = tok;
break;
}
}
}
int n = checkNonce(digest.nonce, timestamp);
if (n > 0) {
if (login(
clientSubject, digest.username, digest, Constraint.__DIGEST_AUTH, messageInfo)) {
return AuthStatus.SUCCESS;
}
} else if (n == 0) stale = true;
}
if (!isMandatory(messageInfo)) {
return AuthStatus.SUCCESS;
}
String domain = request.getContextPath();
if (domain == null) domain = "/";
response.setHeader(
HttpHeader.WWW_AUTHENTICATE.asString(),
"Digest realm=\""
+ realmName
+ "\", domain=\""
+ domain
+ "\", nonce=\""
+ newNonce(timestamp)
+ "\", algorithm=MD5, qop=\"auth\""
+ (useStale ? (" stale=" + stale) : ""));
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return AuthStatus.SEND_CONTINUE;
} catch (IOException e) {
throw new AuthException(e.getMessage());
} catch (UnsupportedCallbackException e) {
throw new AuthException(e.getMessage());
}
}
public PrivateKey getPrivateKey(String alias) {
RandomAccessFile raf = null;
try {
if (key == null && keyfile != null) // If keyfile is null, we do not load the key
{ // The private key must be loaded
if (cert == null) { // We need the certificate for the algorithm
if (getCertificateChain("user") == null) return null; // getCertificateChain failed...
}
try {
raf = new RandomAccessFile(new File(keyfile), "r");
} catch (FileNotFoundException ex) {
if (!defaultfile) { // It is not an error if there is no file at the default location
throw ex;
}
return null;
}
byte[] keydata = new byte[(int) raf.length()];
raf.readFully(keydata);
raf.close();
raf = null;
KeyFactory kf = KeyFactory.getInstance(cert[0].getPublicKey().getAlgorithm());
try {
KeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keydata);
key = kf.generatePrivate(pkcs8KeySpec);
} catch (InvalidKeySpecException ex) // The key might be password protected
{
EncryptedPrivateKeyInfo ePKInfo = new EncryptedPrivateKeyInfo(keydata);
Cipher cipher;
try {
cipher = Cipher.getInstance(ePKInfo.getAlgName());
} catch (
NoSuchPaddingException
npex) { // Why is it not a subclass of NoSuchAlgorithmException?
throw new NoSuchAlgorithmException(npex.getMessage(), npex);
}
// We call back for the password
PasswordCallback pwdcb = new PasswordCallback(GT.tr("Enter SSL password: "******"Console is not available".equals(ucex.getMessage()))) {
error =
new PSQLException(
GT.tr(
"Could not read password for SSL key file, console is not available.",
null),
PSQLState.CONNECTION_FAILURE,
ucex);
} else {
error =
new PSQLException(
GT.tr(
"Could not read password for SSL key file by callbackhandler {0}.",
new Object[] {cbh.getClass().getName()}),
PSQLState.CONNECTION_FAILURE,
ucex);
}
return null;
}
try {
PBEKeySpec pbeKeySpec = new PBEKeySpec(pwdcb.getPassword());
// Now create the Key from the PBEKeySpec
SecretKeyFactory skFac = SecretKeyFactory.getInstance(ePKInfo.getAlgName());
Key pbeKey = skFac.generateSecret(pbeKeySpec);
// Extract the iteration count and the salt
AlgorithmParameters algParams = ePKInfo.getAlgParameters();
cipher.init(Cipher.DECRYPT_MODE, pbeKey, algParams);
// Decrypt the encryped private key into a PKCS8EncodedKeySpec
KeySpec pkcs8KeySpec = ePKInfo.getKeySpec(cipher);
key = kf.generatePrivate(pkcs8KeySpec);
} catch (GeneralSecurityException ikex) {
error =
new PSQLException(
GT.tr("Could not decrypt SSL key file {0}.", new Object[] {keyfile}),
PSQLState.CONNECTION_FAILURE,
ikex);
return null;
}
}
}
} catch (IOException ioex) {
if (raf != null) {
try {
raf.close();
} catch (IOException ex) {
}
;
}
error =
new PSQLException(
GT.tr("Could not read SSL key file {0}.", new Object[] {keyfile}),
PSQLState.CONNECTION_FAILURE,
ioex);
} catch (NoSuchAlgorithmException ex) {
error =
new PSQLException(
GT.tr(
"Could not find a java cryptographic algorithm: {0}.",
new Object[] {ex.getMessage()}),
PSQLState.CONNECTION_FAILURE,
ex);
return null;
}
return key;
}
public boolean login() throws LoginException {
File f = new File(usersFile);
Properties users;
try {
users = new Properties(f);
} catch (IOException ioe) {
throw new LoginException("Unable to load user properties file " + f);
}
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback("Username: "******" not available to obtain information from user");
}
String user = ((NameCallback) callbacks[0]).getName();
if (user == null) {
throw new FailedLoginException("Unable to retrieve user name");
}
PublicKey key = ((PublickeyCallback) callbacks[1]).getPublicKey();
if (key == null) {
throw new FailedLoginException("Unable to retrieve public key");
}
// user infos container read from the users properties file
String userInfos = null;
try {
userInfos = (String) users.get(user);
} catch (NullPointerException e) {
// error handled in the next statement
}
if (userInfos == null) {
if (!this.detailedLoginExcepion) {
throw new FailedLoginException("login failed");
} else {
throw new FailedLoginException("User " + user + " does not exist");
}
}
// the password is in the first position
String[] infos = userInfos.split(",");
String storedKey = infos[0];
// check if the stored password is flagged as encrypted
String encryptedKey = getEncryptedPassword(storedKey);
if (!storedKey.equals(encryptedKey)) {
if (debug) {
LOG.debug("The key isn't flagged as encrypted, encrypt it.");
}
if (debug) {
LOG.debug("Rebuild the user informations string.");
}
userInfos = encryptedKey + ",";
for (int i = 2; i < infos.length; i++) {
if (i == (infos.length - 1)) {
userInfos = userInfos + infos[i];
} else {
userInfos = userInfos + infos[i] + ",";
}
}
if (debug) {
LOG.debug("Push back the user informations in the users properties.");
}
users.put(user, userInfos);
try {
if (debug) {
LOG.debug("Store the users properties file.");
}
users.save();
} catch (IOException ioe) {
LOG.warn("Unable to write user properties file " + f, ioe);
}
storedKey = encryptedKey;
}
// check the provided password
if (!checkPassword(getString(key), storedKey)) {
if (!this.detailedLoginExcepion) {
throw new FailedLoginException("login failed");
} else {
throw new FailedLoginException("Public key for " + user + " does not match");
}
}
principals = new HashSet<Principal>();
principals.add(new UserPrincipal(user));
for (int i = 1; i < infos.length; i++) {
principals.add(new RolePrincipal(infos[i]));
}
users.clear();
if (debug) {
LOG.debug("Successfully logged in " + user);
}
return true;
}
