Example 1 with DigestAlgorithmParameter
use of com.sun.enterprise.security.auth.digest.api.DigestAlgorithmParameter in project Payara by payara.
the class RealmAdapter method authenticate.
/**
* This HttpServletRequest authenticate variant is primarily used by the DigestAuthenticator
*/
@Override
public Principal authenticate(HttpServletRequest httpServletRequest) {
try {
DigestAlgorithmParameter[] params = DigestParameterGenerator.getInstance(HTTP_DIGEST).generateParameters(new HttpAlgorithmParameterImpl(httpServletRequest));
Key key = null;
if (cnonces == null) {
String appName = webDescriptor.getApplication().getAppName();
synchronized (this) {
if (haCNonceCacheMap == null) {
haCNonceCacheMap = appCNonceCacheMapProvider.get();
}
if (haCNonceCacheMap != null) {
// get the initialized HA CNonceCache
cnonces = haCNonceCacheMap.get(appName);
}
if (cnonces == null) {
if (cNonceCacheFactory == null) {
cNonceCacheFactory = cNonceCacheFactoryProvider.get();
}
// create a Non-HA CNonce Cache
cnonces = cNonceCacheFactory.createCNonceCache(webDescriptor.getApplication().getAppName(), null, null, null);
}
}
}
String nc = null;
String cnonce = null;
for (DigestAlgorithmParameter p : params) {
if (p instanceof NestedDigestAlgoParamImpl) {
NestedDigestAlgoParamImpl np = (NestedDigestAlgoParamImpl) p;
DigestAlgorithmParameter[] nps = (DigestAlgorithmParameter[]) np.getNestedParams();
for (DigestAlgorithmParameter p1 : nps) {
if ("cnonce".equals(p1.getName())) {
cnonce = new String(p1.getValue());
} else if ("nc".equals(p1.getName())) {
nc = new String(p1.getValue());
}
if (cnonce != null && nc != null) {
break;
}
}
if (cnonce != null && nc != null) {
break;
}
}
if ("cnonce".equals(p.getName())) {
cnonce = new String(p.getValue());
} else if ("nc".equals(p.getName())) {
nc = new String(p.getValue());
}
}
long count;
long currentTime = System.currentTimeMillis();
try {
count = Long.parseLong(nc, 16);
} catch (NumberFormatException nfe) {
throw new RuntimeException(nfe);
}
NonceInfo info;
synchronized (cnonces) {
info = cnonces.get(cnonce);
}
if (info == null) {
info = new NonceInfo();
} else {
if (count <= info.getCount()) {
throw new RuntimeException("Invalid Request : Possible Replay Attack detected ?");
}
}
info.setCount(count);
info.setTimestamp(currentTime);
synchronized (cnonces) {
cnonces.put(cnonce, info);
}
for (int i = 0; i < params.length; i++) {
DigestAlgorithmParameter dap = params[i];
if (A1.equals(dap.getName()) && (dap instanceof Key)) {
key = (Key) dap;
break;
}
}
if (key != null) {
DigestCredentials creds = new DigestCredentials(realmName, key.getUsername(), params);
LoginContextDriver.login(creds);
return new WebPrincipal(creds.getUserName(), (char[]) null, SecurityContext.getCurrent());
}
throw new RuntimeException("No key found in parameters");
} catch (Exception le) {
if (logger.isLoggable(WARNING)) {
logger.log(WARNING, "web.login.failed", le.toString());
}
}
return null;
}
Also used :
DigestCredentials(com.sun.enterprise.security.auth.login.DigestCredentials)
DigestAlgorithmParameter(com.sun.enterprise.security.auth.digest.api.DigestAlgorithmParameter)
SecurityConstraint(org.apache.catalina.deploy.SecurityConstraint)
LifecycleException(org.apache.catalina.LifecycleException)
IOException(java.io.IOException)
AuthException(javax.security.auth.message.AuthException)
ProtocolException(java.net.ProtocolException)
MalformedURLException(java.net.MalformedURLException)
HttpAlgorithmParameterImpl(com.sun.enterprise.security.auth.digest.impl.HttpAlgorithmParameterImpl)
NonceInfo(org.glassfish.security.common.NonceInfo)
NestedDigestAlgoParamImpl(com.sun.enterprise.security.auth.digest.impl.NestedDigestAlgoParamImpl)
WebPrincipal(com.sun.enterprise.security.web.integration.WebPrincipal)
Key(com.sun.enterprise.security.auth.digest.api.Key)
Example 2 with DigestAlgorithmParameter
use of com.sun.enterprise.security.auth.digest.api.DigestAlgorithmParameter in project Payara by payara.
the class DigestProcessor method createDigest.
/**
* @param passwd password to be used for digest calculation.
* @param params digest parameter
* @throws java.security.NoSuchAlgorithmException
* @return
*/
public String createDigest(Password passwd, DigestAlgorithmParameter[] params) throws NoSuchAlgorithmException {
try {
com.sun.enterprise.security.auth.digest.api.DigestAlgorithmParameter data = null;
com.sun.enterprise.security.auth.digest.api.DigestAlgorithmParameter clientResponse = null;
com.sun.enterprise.security.auth.digest.api.DigestAlgorithmParameter key = null;
this.passwd = passwd;
for (int i = 0; i < params.length; i++) {
com.sun.enterprise.security.auth.digest.api.DigestAlgorithmParameter dap = params[i];
if (A1.equals(dap.getName()) && (dap instanceof com.sun.enterprise.security.auth.digest.api.Key)) {
key = dap;
} else {
data = dap;
}
}
byte[] p1 = valueOf(key);
byte[] p2 = valueOf(data);
java.io.ByteArrayOutputStream bos = new java.io.ByteArrayOutputStream();
bos.write(p1);
bos.write(":".getBytes());
bos.write(p2);
java.security.MessageDigest md = java.security.MessageDigest.getInstance(key.getAlgorithm());
byte[] derivedKey = null;
byte[] dk = md.digest(bos.toByteArray());
java.lang.String tmp = getMd5Encoder().encode(dk);
// new MD5Encoder().encode(dk);
return tmp;
} catch (IOException ex) {
Object[] parm = new String[1];
parm[1] = ex.getMessage();
_logger.log(Level.SEVERE, "create.digest.error", parm);
_logger.log(Level.FINE, "", ex);
}
return null;
}
Also used :
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
MessageDigest(java.security.MessageDigest)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
IOException(java.io.IOException)
DigestAlgorithmParameter(com.sun.enterprise.security.auth.digest.api.DigestAlgorithmParameter)
com.sun.enterprise.security.auth.digest(com.sun.enterprise.security.auth.digest)
Key(com.sun.enterprise.security.auth.digest.api.Key)
Example 3 with DigestAlgorithmParameter
use of com.sun.enterprise.security.auth.digest.api.DigestAlgorithmParameter in project Payara by payara.
the class DigestProcessor method valueOf.
private byte[] valueOf(NestedDigestAlgoParam param) throws NoSuchAlgorithmException {
ByteArrayOutputStream bos = null;
AlgorithmParameterSpec[] datastore = param.getNestedParams();
bos = new ByteArrayOutputStream();
for (int i = 0; i < datastore.length; i++) {
DigestAlgorithmParameter dataP = (DigestAlgorithmParameter) datastore[i];
byte[] tmpData = valueOf(dataP);
bos.write(tmpData, 0, tmpData.length);
if (param.getDelimiter() != null && (i + 1 < datastore.length)) {
bos.write(param.getDelimiter(), 0, param.getDelimiter().length);
}
}
if (hasAlgorithm(param)) {
MessageDigest md = MessageDigest.getInstance(param.getAlgorithm());
byte[] dk = md.digest(bos.toByteArray());
String tmp = getMd5Encoder().encode(dk);
// new MD5Encoder().encode(dk);
return tmp.getBytes();
} else {
return bos.toByteArray();
}
}
Also used :
DigestAlgorithmParameter(com.sun.enterprise.security.auth.digest.api.DigestAlgorithmParameter)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
MessageDigest(java.security.MessageDigest)
AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec)
Example 4 with DigestAlgorithmParameter
use of com.sun.enterprise.security.auth.digest.api.DigestAlgorithmParameter in project Payara by payara.
the class DigestLoginModule method login.
public final boolean login() throws LoginException {
Set<Object> creds = this.subject.getPrivateCredentials();
Iterator<Object> itr = creds.iterator();
while (itr.hasNext()) {
Object obj = itr.next();
if (obj instanceof DigestCredentials) {
digestCredentials = (DigestCredentials) obj;
break;
} else if (obj instanceof com.sun.enterprise.security.auth.login.DigestCredentials) {
com.sun.enterprise.security.auth.login.DigestCredentials dc = (com.sun.enterprise.security.auth.login.DigestCredentials) obj;
digestCredentials = new DigestCredentials(dc.getRealmName(), dc.getUserName(), dc.getParameters());
}
}
if (digestCredentials == null) {
throw new LoginException();
}
DigestAlgorithmParameter[] params = digestCredentials.getParameters();
String username = digestCredentials.getUserName();
try {
_realm = Realm.getInstance(digestCredentials.getRealmName());
} catch (NoSuchRealmException ex) {
_logger.log(Level.FINE, "", ex);
_logger.log(Level.SEVERE, "no.realm", digestCredentials.getRealmName());
throw new LoginException(ex.getMessage());
}
if (_realm instanceof DigestRealm) {
if (((DigestRealm) _realm).validate(username, params)) {
// change to pass Password Validator
_succeeded = true;
}
} else {
_logger.log(Level.SEVERE, "digest.realm", digestCredentials.getRealmName());
throw new LoginException("Realm" + digestCredentials.getRealmName() + " does not support Digest validation");
}
return _succeeded;
}
Also used :
DigestRealm(com.sun.enterprise.security.ee.auth.realm.DigestRealm)
DigestAlgorithmParameter(com.sun.enterprise.security.auth.digest.api.DigestAlgorithmParameter)
NoSuchRealmException(com.sun.enterprise.security.auth.realm.NoSuchRealmException)
LoginException(javax.security.auth.login.LoginException)
Aggregations
DigestAlgorithmParameter (com.sun.enterprise.security.auth.digest.api.DigestAlgorithmParameter)4
Key (com.sun.enterprise.security.auth.digest.api.Key)2
ByteArrayOutputStream (java.io.ByteArrayOutputStream)2
IOException (java.io.IOException)2
MessageDigest (java.security.MessageDigest)2
com.sun.enterprise.security.auth.digest (com.sun.enterprise.security.auth.digest)1
HttpAlgorithmParameterImpl (com.sun.enterprise.security.auth.digest.impl.HttpAlgorithmParameterImpl)1
NestedDigestAlgoParamImpl (com.sun.enterprise.security.auth.digest.impl.NestedDigestAlgoParamImpl)1
DigestCredentials (com.sun.enterprise.security.auth.login.DigestCredentials)1
NoSuchRealmException (com.sun.enterprise.security.auth.realm.NoSuchRealmException)1
DigestRealm (com.sun.enterprise.security.ee.auth.realm.DigestRealm)1
WebPrincipal (com.sun.enterprise.security.web.integration.WebPrincipal)1
MalformedURLException (java.net.MalformedURLException)1
ProtocolException (java.net.ProtocolException)1
AlgorithmParameterSpec (java.security.spec.AlgorithmParameterSpec)1
LoginException (javax.security.auth.login.LoginException)1
AuthException (javax.security.auth.message.AuthException)1
LifecycleException (org.apache.catalina.LifecycleException)1
SecurityConstraint (org.apache.catalina.deploy.SecurityConstraint)1
NonceInfo (org.glassfish.security.common.NonceInfo)1
