Search in sources :

Example 1 with DigestCredentials

use of com.sun.enterprise.security.auth.login.DigestCredentials in project Payara by payara.

the class RealmAdapter method authenticate.

/**
 * This HttpServletRequest authenticate variant is primarily used by the DigestAuthenticator
 */
@Override
public Principal authenticate(HttpServletRequest httpServletRequest) {
    try {
        DigestAlgorithmParameter[] params = DigestParameterGenerator.getInstance(HTTP_DIGEST).generateParameters(new HttpAlgorithmParameterImpl(httpServletRequest));
        Key key = null;
        if (cnonces == null) {
            String appName = webDescriptor.getApplication().getAppName();
            synchronized (this) {
                if (haCNonceCacheMap == null) {
                    haCNonceCacheMap = appCNonceCacheMapProvider.get();
                }
                if (haCNonceCacheMap != null) {
                    // get the initialized HA CNonceCache
                    cnonces = haCNonceCacheMap.get(appName);
                }
                if (cnonces == null) {
                    if (cNonceCacheFactory == null) {
                        cNonceCacheFactory = cNonceCacheFactoryProvider.get();
                    }
                    // create a Non-HA CNonce Cache
                    cnonces = cNonceCacheFactory.createCNonceCache(webDescriptor.getApplication().getAppName(), null, null, null);
                }
            }
        }
        String nc = null;
        String cnonce = null;
        for (DigestAlgorithmParameter p : params) {
            if (p instanceof NestedDigestAlgoParamImpl) {
                NestedDigestAlgoParamImpl np = (NestedDigestAlgoParamImpl) p;
                DigestAlgorithmParameter[] nps = (DigestAlgorithmParameter[]) np.getNestedParams();
                for (DigestAlgorithmParameter p1 : nps) {
                    if ("cnonce".equals(p1.getName())) {
                        cnonce = new String(p1.getValue());
                    } else if ("nc".equals(p1.getName())) {
                        nc = new String(p1.getValue());
                    }
                    if (cnonce != null && nc != null) {
                        break;
                    }
                }
                if (cnonce != null && nc != null) {
                    break;
                }
            }
            if ("cnonce".equals(p.getName())) {
                cnonce = new String(p.getValue());
            } else if ("nc".equals(p.getName())) {
                nc = new String(p.getValue());
            }
        }
        long count;
        long currentTime = System.currentTimeMillis();
        try {
            count = Long.parseLong(nc, 16);
        } catch (NumberFormatException nfe) {
            throw new RuntimeException(nfe);
        }
        NonceInfo info;
        synchronized (cnonces) {
            info = cnonces.get(cnonce);
        }
        if (info == null) {
            info = new NonceInfo();
        } else {
            if (count <= info.getCount()) {
                throw new RuntimeException("Invalid Request : Possible Replay Attack detected ?");
            }
        }
        info.setCount(count);
        info.setTimestamp(currentTime);
        synchronized (cnonces) {
            cnonces.put(cnonce, info);
        }
        for (int i = 0; i < params.length; i++) {
            DigestAlgorithmParameter dap = params[i];
            if (A1.equals(dap.getName()) && (dap instanceof Key)) {
                key = (Key) dap;
                break;
            }
        }
        if (key != null) {
            DigestCredentials creds = new DigestCredentials(realmName, key.getUsername(), params);
            LoginContextDriver.login(creds);
            return new WebPrincipal(creds.getUserName(), (char[]) null, SecurityContext.getCurrent());
        }
        throw new RuntimeException("No key found in parameters");
    } catch (Exception le) {
        if (logger.isLoggable(WARNING)) {
            logger.log(WARNING, "web.login.failed", le.toString());
        }
    }
    return null;
}
Also used : DigestCredentials(com.sun.enterprise.security.auth.login.DigestCredentials) DigestAlgorithmParameter(com.sun.enterprise.security.auth.digest.api.DigestAlgorithmParameter) SecurityConstraint(org.apache.catalina.deploy.SecurityConstraint) LifecycleException(org.apache.catalina.LifecycleException) IOException(java.io.IOException) AuthException(javax.security.auth.message.AuthException) ProtocolException(java.net.ProtocolException) MalformedURLException(java.net.MalformedURLException) HttpAlgorithmParameterImpl(com.sun.enterprise.security.auth.digest.impl.HttpAlgorithmParameterImpl) NonceInfo(org.glassfish.security.common.NonceInfo) NestedDigestAlgoParamImpl(com.sun.enterprise.security.auth.digest.impl.NestedDigestAlgoParamImpl) WebPrincipal(com.sun.enterprise.security.web.integration.WebPrincipal) Key(com.sun.enterprise.security.auth.digest.api.Key)

Aggregations

DigestAlgorithmParameter (com.sun.enterprise.security.auth.digest.api.DigestAlgorithmParameter)1 Key (com.sun.enterprise.security.auth.digest.api.Key)1 HttpAlgorithmParameterImpl (com.sun.enterprise.security.auth.digest.impl.HttpAlgorithmParameterImpl)1 NestedDigestAlgoParamImpl (com.sun.enterprise.security.auth.digest.impl.NestedDigestAlgoParamImpl)1 DigestCredentials (com.sun.enterprise.security.auth.login.DigestCredentials)1 WebPrincipal (com.sun.enterprise.security.web.integration.WebPrincipal)1 IOException (java.io.IOException)1 MalformedURLException (java.net.MalformedURLException)1 ProtocolException (java.net.ProtocolException)1 AuthException (javax.security.auth.message.AuthException)1 LifecycleException (org.apache.catalina.LifecycleException)1 SecurityConstraint (org.apache.catalina.deploy.SecurityConstraint)1 NonceInfo (org.glassfish.security.common.NonceInfo)1