use of com.iplanet.sso.SSOTokenManager in project OpenAM by OpenRock.
the class TokenUtils method getLocalToken.
public static SSOToken getLocalToken(String orgName, String userId, String password) throws Exception {
SSOTokenManager tm = SSOTokenManager.getInstance();
SSOToken token = tm.createSSOToken(new AuthPrincipal(userId), password);
return token;
}
use of com.iplanet.sso.SSOTokenManager in project OpenAM by OpenRock.
the class SSOTokenMechanismHandler method authenticate.
private SASLResponse authenticate(String data, Message message) {
if (AuthnSvcUtils.debug.messageEnabled()) {
AuthnSvcUtils.debug.message("SSOTokenMechanismHandler.authenticate: " + "SSOTokenID = " + data);
}
try {
SSOTokenManager manager = SSOTokenManager.getInstance();
SSOToken token = manager.createSSOToken(data);
manager.validateToken(token);
String userDN = token.getPrincipal().getName();
SASLResponse saslResp = new SASLResponse(SASLResponse.OK);
if (!AuthnSvcUtils.setResourceOfferingAndCredentials(saslResp, message, userDN)) {
return new SASLResponse(SASLResponse.ABORT);
}
return saslResp;
} catch (Exception ex) {
AuthnSvcUtils.debug.error("SSOTokenMechanismHandler.authenticate: ", ex);
return new SASLResponse(SASLResponse.ABORT);
}
}
use of com.iplanet.sso.SSOTokenManager in project OpenAM by OpenRock.
the class AMLoginModule method getUserSessions.
/**
* Returns the set of SSOTokens for a specified user
*
* @param userName The username to be used to query the sessions
* @return The set of SSOTokens for the user's current sessions, returns null on error
* @supported.api
*/
public Set<SSOToken> getUserSessions(String userName) {
Set<SSOToken> sessions = new HashSet<SSOToken>();
if (userName == null || userName.equals(Constants.EMPTY)) {
debug.error("AMLoginModule.getUserSessions :: called with null username");
return null;
}
try {
// Get the universal ID
AMIdentity amIdUser = ad.getIdentity(IdType.USER, userName, loginState.getOrgDN());
String univId = IdUtils.getUniversalId(amIdUser);
if (univId != null) {
Map<String, String> currentSessions = SessionCount.getAllSessionsByUUID(univId);
SSOTokenManager manager = SSOTokenManager.getInstance();
for (String tokenID : currentSessions.keySet()) {
sessions.add(manager.createSSOToken(tokenID));
}
if (debug.messageEnabled()) {
debug.message("AMLoginModule.getUserSessions :: univId= " + univId + " - found sessions = " + sessions);
}
} else {
debug.error("AMLoginModule.getUserSessions :: " + "univId is null , amIdUser is " + amIdUser);
return null;
}
} catch (Exception ex) {
debug.error("AMLoginModule.getUserSessions:: " + "Exception : ", ex);
}
return sessions;
}
use of com.iplanet.sso.SSOTokenManager in project OpenAM by OpenRock.
the class ISArchiveVerify method verifyArchive.
/**
* Verifies the complete archive including the current set and all
* the previous sets for the specified log.
* @param logName the name of the log for which the complete Archive is
* to be verified.
* @param path Fully quallified path name for log file
* @param uname userv name for logger user
* @param passwd Password for logger user
* @return value of the status of verification.
* @throws Exception if it fails to verify the archive.
*/
public boolean verifyArchive(String logName, String path, String uname, String passwd) throws Exception {
String log = logName;
LogManager lm = (LogManager) LogManagerUtil.getLogManager();
lm.readConfiguration();
verPassword = new AMPassword(passwd.toCharArray());
SSOToken ssoToken = null;
SSOTokenManager ssoMngr = null;
try {
ssoMngr = SSOTokenManager.getInstance();
ssoToken = ssoMngr.createSSOToken(new AuthPrincipal(uname), passwd);
} catch (SSOException ssoe) {
System.out.println(bundle.getString("archiveVerification") + "SSOException: " + ssoe.getMessage());
return false;
} catch (UnsupportedOperationException uoe) {
System.out.println(bundle.getString("archiveVerification") + "UnsupportedOperationException: " + uoe.getMessage());
return false;
}
// This function will be used to verify all the files in the current and
// previous sets for the logname and types.
VerifierList vl = new VerifierList();
if (!path.endsWith("/")) {
path += "/";
}
TreeMap tm = vl.getKeysAndFiles(new File(path), logName);
if (tm.size() == 0) {
System.out.println(bundle.getString("archiveVerification") + bundle.getString("noFilesToVerify") + ", size == 0");
return true;
}
// To get the list of all keyfiles for that particular logname.type
Object[] keyFiles = (tm.keySet()).toArray();
String verFile = new String();
if (keyFiles.length == 1) {
System.out.println(bundle.getString("archiveVerification") + bundle.getString("noFilesToVerify") + ", keyFiles.length == 1");
}
for (int i = 1; i < keyFiles.length; i++) {
helper = SecureFileHandler.getSecureLogHelperInst();
// This is the set of files for that particular keystore.
Vector logFiles = (Vector) tm.get(keyFiles[i]);
// Iterate through the list and start verification from
// the first file.
String tmpName = ((String) keyFiles[i]).substring(((String) keyFiles[i]).indexOf(".") + 1);
verFile = tmpName.substring(tmpName.indexOf("."));
verFile = PREFIX + "ver" + verFile;
// Initialize the SecureLogHelper object for the current keystores.
helper.initializeVerifier(path + verFile, verPassword, verPassword);
helper.reinitializeVerifier(path + verFile, verPassword);
// Start verifying the Files associated with the current keystore
curMAC = null;
prevSignature = null;
for (int j = 0; j < logFiles.size(); j++) {
// flag to indicate that last record in the file is being
// verified. This record is the same for the first record
// of the next file.
System.out.println(bundle.getString("fileBeingVerified") + (String) logFiles.elementAt(j));
int lastRecInFile = 0;
// Read the logRecords in the File.
String[][] result = new String[1][1];
try {
result = LogReader.read((String) logFiles.elementAt(j), ssoToken);
} catch (Exception e) {
e.printStackTrace();
}
// empty string.
if (result != null || result.length != 0) {
Vector header = new Vector(result[0].length);
// Extracting the field names as header from the first
// line of the returned string array.
header.addAll(Arrays.asList(result[0]));
int signPos = -1, macPos = -1;
String signFldName, macFldName;
signFldName = LogConstants.SIGNATURE_FIELDNAME;
macFldName = LogConstants.MAC_FIELDNAME;
for (int l = 0; l < header.size(); l++) {
if ((((String) header.get(l))).equalsIgnoreCase(signFldName)) {
signPos = l;
break;
}
}
// end of loop l
for (int l = 0; l < header.size(); l++) {
if ((((String) header.get(l))).equalsIgnoreCase(macFldName)) {
macPos = l;
break;
}
}
// end of loop l
if ((signPos == -1) || (macPos == -1)) {
return VerifierAction.doVerifierAction(log, verified);
}
// or a log record.
for (int k = 1; k < result.length; k++) {
// add 2 for MAC and Signature fields
if (result[k].length < (LogConstants.MAX_FIELDS + 2)) {
System.err.println(bundle.getString("recordVerificationFailed") + (String) logFiles.elementAt(j) + "\n\t #fields in record #" + (k - 1) + " (" + result[k].length + ") < 14\n");
verified = false;
break;
}
if (result[k][signPos].equals("-")) {
verified = verifyLogRecord(result[k], macPos);
if (!verified) {
System.err.println(bundle.getString("recordVerificationFailed") + (String) logFiles.elementAt(j) + " " + bundle.getString("atRecordNumber") + k);
break;
}
System.out.println(bundle.getString("recordVerificationPassed") + (String) logFiles.elementAt(j) + " " + bundle.getString("atRecordNumber") + k);
} else {
// To check if this is the last signature in the
// file an additional parameter has to be passed
// to the verifySignature since the signature is
// the same as the first signature in the next file.
// This is to ensure that prevSignature is not
// updated with the last signature in the file.
// Bcos the checking of the last signature in the
// file will be the same for the first signature
// for the next file.
lastRecInFile = (result.length - 1) - k;
verified = verifySignature(result[k], signPos, lastRecInFile);
if (!verified) {
System.err.println(bundle.getString("signatureVerificationFailed") + (String) logFiles.elementAt(j) + bundle.getString("atRecordNumber") + k);
break;
}
System.out.println(bundle.getString("signatureVerificationPassed") + (String) logFiles.elementAt(j) + bundle.getString("atRecordNumber") + k);
}
}
// end of loop k i.e. end of records for this logFile.
} else {
System.err.println(bundle.getString("archiveVerification") + bundle.getString("emptyReturn") + (String) logFiles.elementAt(j));
}
if (!verified) {
return verified;
}
}
// end of loop j i.e. end of Files for the current keystore.
helper.reinitializeVerifier(path + verFile, verPassword);
}
// end of loop i
return verified;
}
use of com.iplanet.sso.SSOTokenManager in project OpenAM by OpenRock.
the class IdentityResourceV2 method idFromSession.
/**
* Gets the user id from the session provided in the server context
*
* @param context Current Server Context
*/
private Promise<ActionResponse, ResourceException> idFromSession(final Context context) {
JsonValue result = new JsonValue(new LinkedHashMap<String, Object>(1));
SSOToken ssotok;
AMIdentity amIdentity;
try {
SSOTokenManager mgr = SSOTokenManager.getInstance();
ssotok = mgr.createSSOToken(getCookieFromServerContext(context));
amIdentity = new AMIdentity(ssotok);
// build resource
result.put("id", amIdentity.getName());
result.put("realm", getRelativeRealmFromSession(context, amIdentity));
result.put("dn", amIdentity.getUniversalId());
result.put("successURL", ssotok.getProperty(ISAuthConstants.SUCCESS_URL, false));
result.put("fullLoginURL", ssotok.getProperty(ISAuthConstants.FULL_LOGIN_URL, false));
if (debug.messageEnabled()) {
debug.message("IdentityResource.idFromSession() :: Retrieved ID for user={}", amIdentity.getName());
}
return newResultPromise(newActionResponse(result));
} catch (SSOException e) {
debug.error("IdentityResource.idFromSession() :: Cannot retrieve SSO Token", e);
return new ForbiddenException("SSO Token cannot be retrieved.", e).asPromise();
} catch (IdRepoException ex) {
debug.error("IdentityResource.idFromSession() :: Cannot retrieve user from IdRepo", ex);
return new ForbiddenException("Cannot retrieve id from session.", ex).asPromise();
}
}
Aggregations