private Object[] getUserPass() throws LoginException {
NameCallback nameCB = new NameCallback("username");
PasswordCallback passwordCB = new PasswordCallback("password", false);
try {
callbackHandler.handle(new Callback[] {nameCB, passwordCB});
} catch (IOException | UnsupportedCallbackException e) {
throw new LoginException(e.toString());
}
String username = nameCB.getName();
char[] password = passwordCB.getPassword();
passwordCB.clearPassword();
return new Object[] {username, password};
}
private void getSaltedPasswordFromPasswordCallback(NameCallback nameCallback, ByteStringBuilder b)
throws SaslException {
final PasswordCallback passwordCallback = new PasswordCallback("User password", false);
try {
tryHandleCallbacks(nameCallback, passwordCallback);
} catch (UnsupportedCallbackException e) {
final Callback callback = e.getCallback();
if (callback == nameCallback) {
throw log.saslCallbackHandlerDoesNotSupportUserName(getMechanismName(), e);
} else if (callback == passwordCallback) {
return; // PasswordCallback not supported
} else {
throw log.saslCallbackHandlerFailedForUnknownReason(getMechanismName(), e);
}
}
salt = ScramUtil.generateSalt(16, getRandom());
algorithmSpec = new IteratedSaltedPasswordAlgorithmSpec(minimumIterationCount, salt);
char[] passwordChars = passwordCallback.getPassword();
passwordCallback.clearPassword();
getSaltedPasswordFromPasswordChars(passwordChars, b);
}
/**
* Loads the keystore using the given <code>KeyStore.LoadStoreParameter</code>.
*
* <p>Note that if this KeyStore has already been loaded, it is reinitialized and loaded again
* from the given parameter.
*
* @param param the <code>KeyStore.LoadStoreParameter</code> that specifies how to load the
* keystore, which may be <code>null</code>
* @exception IllegalArgumentException if the given <code>KeyStore.LoadStoreParameter</code> input
* is not recognized
* @exception IOException if there is an I/O or format problem with the keystore data. If the
* error is due to an incorrect <code>ProtectionParameter</code> (e.g. wrong password) the
* {@link Throwable#getCause cause} of the <code>IOException</code> should be an <code>
* UnrecoverableKeyException</code>
* @exception NoSuchAlgorithmException if the algorithm used to check the integrity of the
* keystore cannot be found
* @exception CertificateException if any of the certificates in the keystore could not be loaded
* @since 1.5
*/
public void engineLoad(KeyStore.LoadStoreParameter param)
throws IOException, NoSuchAlgorithmException, CertificateException {
if (param == null) {
engineLoad((InputStream) null, (char[]) null);
return;
}
if (param instanceof KeyStore.SimpleLoadStoreParameter) {
ProtectionParameter protection = param.getProtectionParameter();
char[] password;
if (protection instanceof PasswordProtection) {
password = ((PasswordProtection) protection).getPassword();
} else if (protection instanceof CallbackHandlerProtection) {
CallbackHandler handler = ((CallbackHandlerProtection) protection).getCallbackHandler();
PasswordCallback callback = new PasswordCallback("Password: "******"Could not obtain password", e);
}
password = callback.getPassword();
callback.clearPassword();
if (password == null) {
throw new NoSuchAlgorithmException("No password provided");
}
} else {
throw new NoSuchAlgorithmException(
"ProtectionParameter must" + " be PasswordProtection or CallbackHandlerProtection");
}
engineLoad(null, password);
return;
}
throw new UnsupportedOperationException();
}
@Override
public boolean login() throws LoginException {
NameCallback nameCallback = new NameCallback("Username");
PasswordCallback passwordCallback = new PasswordCallback("Password", false);
Callback callbacks[] = new Callback[] {nameCallback, passwordCallback};
try {
callbackHandler.handle(callbacks);
} catch (java.io.IOException e) {
throw new LoginException(e.toString());
} catch (UnsupportedCallbackException e) {
throw new LoginException("Error: " + e.getCallback().toString());
}
boolean success;
ParticipantId id = null;
String address = nameCallback.getName();
if (!address.contains(ParticipantId.DOMAIN_PREFIX)) {
address = address + ParticipantId.DOMAIN_PREFIX + AccountStoreHolder.getDefaultDomain();
}
try {
id = ParticipantId.of(address);
AccountData account = accountStore.getAccount(id);
char[] password = passwordCallback.getPassword();
if (account == null) {
// The user doesn't exist. Auth failed.
success = false;
} else if (!account.isHuman()) {
// The account is owned by a robot. Auth failed.
success = false;
} else if (password == null) {
// Null password provided by callback. We require a password (even an empty one).
success = false;
} else if (!account.asHuman().getPasswordDigest().verify(password)) {
// The supplied password doesn't match. Auth failed.
success = false;
} else {
success = true;
}
} catch (InvalidParticipantAddress e) {
// The supplied user address is invalid. Auth failed.
success = false;
} catch (PersistenceException e) {
LOG.severe("Failed to retreive account data for " + id, e);
throw new LoginException(
"An unexpected error occured while trying to retrieve account information!");
}
// The password is zeroed before it gets GC'ed for memory security.
passwordCallback.clearPassword();
if (success) {
principal = new ParticipantPrincipal(id);
status = Status.OK;
return true;
} else {
return false;
}
}
