Search in sources :

Example 36 with SSOTokenManager

use of com.iplanet.sso.SSOTokenManager in project OpenAM by OpenRock.

the class TokenUtils method getLocalToken.

public static SSOToken getLocalToken(String orgName, String userId, String password) throws Exception {
    SSOTokenManager tm = SSOTokenManager.getInstance();
    SSOToken token = tm.createSSOToken(new AuthPrincipal(userId), password);
    return token;
}
Also used : SSOTokenManager(com.iplanet.sso.SSOTokenManager) SSOToken(com.iplanet.sso.SSOToken) AuthPrincipal(com.sun.identity.authentication.internal.AuthPrincipal)

Example 37 with SSOTokenManager

use of com.iplanet.sso.SSOTokenManager in project OpenAM by OpenRock.

the class SSOTokenMechanismHandler method authenticate.

private SASLResponse authenticate(String data, Message message) {
    if (AuthnSvcUtils.debug.messageEnabled()) {
        AuthnSvcUtils.debug.message("SSOTokenMechanismHandler.authenticate: " + "SSOTokenID = " + data);
    }
    try {
        SSOTokenManager manager = SSOTokenManager.getInstance();
        SSOToken token = manager.createSSOToken(data);
        manager.validateToken(token);
        String userDN = token.getPrincipal().getName();
        SASLResponse saslResp = new SASLResponse(SASLResponse.OK);
        if (!AuthnSvcUtils.setResourceOfferingAndCredentials(saslResp, message, userDN)) {
            return new SASLResponse(SASLResponse.ABORT);
        }
        return saslResp;
    } catch (Exception ex) {
        AuthnSvcUtils.debug.error("SSOTokenMechanismHandler.authenticate: ", ex);
        return new SASLResponse(SASLResponse.ABORT);
    }
}
Also used : SSOTokenManager(com.iplanet.sso.SSOTokenManager) SSOToken(com.iplanet.sso.SSOToken) SASLResponse(com.sun.identity.liberty.ws.authnsvc.protocol.SASLResponse) SSOException(com.iplanet.sso.SSOException)

Example 38 with SSOTokenManager

use of com.iplanet.sso.SSOTokenManager in project OpenAM by OpenRock.

the class AMLoginModule method getUserSessions.

/**
     * Returns the set of SSOTokens for a specified user
     *
     * @param userName The username to be used to query the sessions
     * @return The set of SSOTokens for the user's current sessions, returns null on error
     * @supported.api
     */
public Set<SSOToken> getUserSessions(String userName) {
    Set<SSOToken> sessions = new HashSet<SSOToken>();
    if (userName == null || userName.equals(Constants.EMPTY)) {
        debug.error("AMLoginModule.getUserSessions :: called with null username");
        return null;
    }
    try {
        // Get the universal ID
        AMIdentity amIdUser = ad.getIdentity(IdType.USER, userName, loginState.getOrgDN());
        String univId = IdUtils.getUniversalId(amIdUser);
        if (univId != null) {
            Map<String, String> currentSessions = SessionCount.getAllSessionsByUUID(univId);
            SSOTokenManager manager = SSOTokenManager.getInstance();
            for (String tokenID : currentSessions.keySet()) {
                sessions.add(manager.createSSOToken(tokenID));
            }
            if (debug.messageEnabled()) {
                debug.message("AMLoginModule.getUserSessions :: univId= " + univId + " - found sessions =  " + sessions);
            }
        } else {
            debug.error("AMLoginModule.getUserSessions :: " + "univId is null , amIdUser is " + amIdUser);
            return null;
        }
    } catch (Exception ex) {
        debug.error("AMLoginModule.getUserSessions::  " + "Exception : ", ex);
    }
    return sessions;
}
Also used : SSOTokenManager(com.iplanet.sso.SSOTokenManager) SSOToken(com.iplanet.sso.SSOToken) AMIdentity(com.sun.identity.idm.AMIdentity) LoginException(javax.security.auth.login.LoginException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) SSOException(com.iplanet.sso.SSOException) IdRepoException(com.sun.identity.idm.IdRepoException) IOException(java.io.IOException) AMException(com.iplanet.am.sdk.AMException) AuthException(com.sun.identity.authentication.service.AuthException) HashSet(java.util.HashSet)

Example 39 with SSOTokenManager

use of com.iplanet.sso.SSOTokenManager in project OpenAM by OpenRock.

the class ISArchiveVerify method verifyArchive.

/**
     *  Verifies the complete archive including the current set and all 
     *  the previous sets for the specified log.
     *  @param logName the name of the log for which the complete Archive is 
     *  to be verified.
     *  @param path Fully quallified path name for log file
     *  @param uname userv name for logger user
     *  @param passwd Password for logger user
     *  @return value of the status of verification.
     *  @throws Exception if it fails to verify the archive.
     */
public boolean verifyArchive(String logName, String path, String uname, String passwd) throws Exception {
    String log = logName;
    LogManager lm = (LogManager) LogManagerUtil.getLogManager();
    lm.readConfiguration();
    verPassword = new AMPassword(passwd.toCharArray());
    SSOToken ssoToken = null;
    SSOTokenManager ssoMngr = null;
    try {
        ssoMngr = SSOTokenManager.getInstance();
        ssoToken = ssoMngr.createSSOToken(new AuthPrincipal(uname), passwd);
    } catch (SSOException ssoe) {
        System.out.println(bundle.getString("archiveVerification") + "SSOException: " + ssoe.getMessage());
        return false;
    } catch (UnsupportedOperationException uoe) {
        System.out.println(bundle.getString("archiveVerification") + "UnsupportedOperationException: " + uoe.getMessage());
        return false;
    }
    // This function will be used to verify all the files in the current and
    // previous sets for the logname and types.
    VerifierList vl = new VerifierList();
    if (!path.endsWith("/")) {
        path += "/";
    }
    TreeMap tm = vl.getKeysAndFiles(new File(path), logName);
    if (tm.size() == 0) {
        System.out.println(bundle.getString("archiveVerification") + bundle.getString("noFilesToVerify") + ", size == 0");
        return true;
    }
    // To get the list of all keyfiles for that particular logname.type
    Object[] keyFiles = (tm.keySet()).toArray();
    String verFile = new String();
    if (keyFiles.length == 1) {
        System.out.println(bundle.getString("archiveVerification") + bundle.getString("noFilesToVerify") + ", keyFiles.length == 1");
    }
    for (int i = 1; i < keyFiles.length; i++) {
        helper = SecureFileHandler.getSecureLogHelperInst();
        // This is the set of files for that particular keystore.
        Vector logFiles = (Vector) tm.get(keyFiles[i]);
        // Iterate through the list and start verification from 
        // the first file.
        String tmpName = ((String) keyFiles[i]).substring(((String) keyFiles[i]).indexOf(".") + 1);
        verFile = tmpName.substring(tmpName.indexOf("."));
        verFile = PREFIX + "ver" + verFile;
        // Initialize the SecureLogHelper object for the current keystores.
        helper.initializeVerifier(path + verFile, verPassword, verPassword);
        helper.reinitializeVerifier(path + verFile, verPassword);
        // Start verifying the Files associated with the current keystore
        curMAC = null;
        prevSignature = null;
        for (int j = 0; j < logFiles.size(); j++) {
            // flag to indicate that last record in the file is being 
            // verified. This record is the same for the first record 
            // of the next file.
            System.out.println(bundle.getString("fileBeingVerified") + (String) logFiles.elementAt(j));
            int lastRecInFile = 0;
            // Read the logRecords in the File.
            String[][] result = new String[1][1];
            try {
                result = LogReader.read((String) logFiles.elementAt(j), ssoToken);
            } catch (Exception e) {
                e.printStackTrace();
            }
            // empty string.
            if (result != null || result.length != 0) {
                Vector header = new Vector(result[0].length);
                // Extracting the field names as header from the first 
                // line of the returned string array.
                header.addAll(Arrays.asList(result[0]));
                int signPos = -1, macPos = -1;
                String signFldName, macFldName;
                signFldName = LogConstants.SIGNATURE_FIELDNAME;
                macFldName = LogConstants.MAC_FIELDNAME;
                for (int l = 0; l < header.size(); l++) {
                    if ((((String) header.get(l))).equalsIgnoreCase(signFldName)) {
                        signPos = l;
                        break;
                    }
                }
                // end of loop l
                for (int l = 0; l < header.size(); l++) {
                    if ((((String) header.get(l))).equalsIgnoreCase(macFldName)) {
                        macPos = l;
                        break;
                    }
                }
                // end of loop l
                if ((signPos == -1) || (macPos == -1)) {
                    return VerifierAction.doVerifierAction(log, verified);
                }
                // or a log record.
                for (int k = 1; k < result.length; k++) {
                    // add 2 for MAC and Signature fields
                    if (result[k].length < (LogConstants.MAX_FIELDS + 2)) {
                        System.err.println(bundle.getString("recordVerificationFailed") + (String) logFiles.elementAt(j) + "\n\t #fields in record #" + (k - 1) + " (" + result[k].length + ") < 14\n");
                        verified = false;
                        break;
                    }
                    if (result[k][signPos].equals("-")) {
                        verified = verifyLogRecord(result[k], macPos);
                        if (!verified) {
                            System.err.println(bundle.getString("recordVerificationFailed") + (String) logFiles.elementAt(j) + " " + bundle.getString("atRecordNumber") + k);
                            break;
                        }
                        System.out.println(bundle.getString("recordVerificationPassed") + (String) logFiles.elementAt(j) + " " + bundle.getString("atRecordNumber") + k);
                    } else {
                        // To check if this is the last signature in the 
                        // file an additional parameter has to be passed 
                        // to the verifySignature since the signature is 
                        // the same as the first signature in the next file.
                        // This is to ensure that prevSignature is not 
                        // updated with the last signature in the file.
                        // Bcos the checking of the last signature in the 
                        // file will be the same for the first signature 
                        // for the next file.
                        lastRecInFile = (result.length - 1) - k;
                        verified = verifySignature(result[k], signPos, lastRecInFile);
                        if (!verified) {
                            System.err.println(bundle.getString("signatureVerificationFailed") + (String) logFiles.elementAt(j) + bundle.getString("atRecordNumber") + k);
                            break;
                        }
                        System.out.println(bundle.getString("signatureVerificationPassed") + (String) logFiles.elementAt(j) + bundle.getString("atRecordNumber") + k);
                    }
                }
            // end of loop k i.e. end of records for this logFile.
            } else {
                System.err.println(bundle.getString("archiveVerification") + bundle.getString("emptyReturn") + (String) logFiles.elementAt(j));
            }
            if (!verified) {
                return verified;
            }
        }
        // end of loop j i.e. end of Files for the current keystore.
        helper.reinitializeVerifier(path + verFile, verPassword);
    }
    // end of loop i
    return verified;
}
Also used : SSOTokenManager(com.iplanet.sso.SSOTokenManager) SSOToken(com.iplanet.sso.SSOToken) SSOException(com.iplanet.sso.SSOException) VerifierList(com.sun.identity.log.secure.VerifierList) TreeMap(java.util.TreeMap) ConfiguratorException(com.sun.identity.setup.ConfiguratorException) SSOException(com.iplanet.sso.SSOException) AMPassword(com.sun.identity.security.keystore.AMPassword) AuthPrincipal(com.sun.identity.authentication.internal.AuthPrincipal) LogManager(com.sun.identity.log.LogManager) File(java.io.File) Vector(java.util.Vector)

Example 40 with SSOTokenManager

use of com.iplanet.sso.SSOTokenManager in project OpenAM by OpenRock.

the class IdentityResourceV2 method idFromSession.

/**
     * Gets the user id from the session provided in the server context
     *
     * @param context Current Server Context
     */
private Promise<ActionResponse, ResourceException> idFromSession(final Context context) {
    JsonValue result = new JsonValue(new LinkedHashMap<String, Object>(1));
    SSOToken ssotok;
    AMIdentity amIdentity;
    try {
        SSOTokenManager mgr = SSOTokenManager.getInstance();
        ssotok = mgr.createSSOToken(getCookieFromServerContext(context));
        amIdentity = new AMIdentity(ssotok);
        // build resource
        result.put("id", amIdentity.getName());
        result.put("realm", getRelativeRealmFromSession(context, amIdentity));
        result.put("dn", amIdentity.getUniversalId());
        result.put("successURL", ssotok.getProperty(ISAuthConstants.SUCCESS_URL, false));
        result.put("fullLoginURL", ssotok.getProperty(ISAuthConstants.FULL_LOGIN_URL, false));
        if (debug.messageEnabled()) {
            debug.message("IdentityResource.idFromSession() :: Retrieved ID for user={}", amIdentity.getName());
        }
        return newResultPromise(newActionResponse(result));
    } catch (SSOException e) {
        debug.error("IdentityResource.idFromSession() :: Cannot retrieve SSO Token", e);
        return new ForbiddenException("SSO Token cannot be retrieved.", e).asPromise();
    } catch (IdRepoException ex) {
        debug.error("IdentityResource.idFromSession() :: Cannot retrieve user from IdRepo", ex);
        return new ForbiddenException("Cannot retrieve id from session.", ex).asPromise();
    }
}
Also used : SSOTokenManager(com.iplanet.sso.SSOTokenManager) ForbiddenException(org.forgerock.json.resource.ForbiddenException) SSOToken(com.iplanet.sso.SSOToken) AMIdentity(com.sun.identity.idm.AMIdentity) JsonValue(org.forgerock.json.JsonValue) IdRepoException(com.sun.identity.idm.IdRepoException) SSOException(com.iplanet.sso.SSOException)

Aggregations

SSOTokenManager (com.iplanet.sso.SSOTokenManager)53 SSOToken (com.iplanet.sso.SSOToken)48 SSOException (com.iplanet.sso.SSOException)39 IdRepoException (com.sun.identity.idm.IdRepoException)11 AMIdentity (com.sun.identity.idm.AMIdentity)9 AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)8 IOException (java.io.IOException)7 Map (java.util.Map)6 Set (java.util.Set)6 ForbiddenException (org.forgerock.json.resource.ForbiddenException)6 SessionException (com.iplanet.dpro.session.SessionException)5 InternalSession (com.iplanet.dpro.session.service.InternalSession)5 AuthPrincipal (com.sun.identity.authentication.internal.AuthPrincipal)5 AuthException (com.sun.identity.authentication.service.AuthException)5 Iterator (java.util.Iterator)5 AuthContext (com.sun.identity.authentication.AuthContext)4 SMSException (com.sun.identity.sm.SMSException)4 Response (com.iplanet.services.comm.share.Response)3 UnsupportedEncodingException (java.io.UnsupportedEncodingException)3 HashMap (java.util.HashMap)3