Example 1 with SASLResponse
use of com.sun.identity.liberty.ws.authnsvc.protocol.SASLResponse in project OpenAM by OpenRock.
the class CramMD5MechanismHandler method processSASLRequest.
/**
* Generates a SASL response according to the SASL request.
* @param saslReq a SASL request
* @param message a SOAP Message containing the SASL request
* @param respMessageID messageID of SOAP Message response that will
* contain returned SASL response
* @return a SASL response
*/
public SASLResponse processSASLRequest(SASLRequest saslReq, Message message, String respMessageID) {
if (debug.messageEnabled()) {
debug.message("CramMD5MechanismHandler.processSASLRequest: ");
}
String refToMessageID = saslReq.getRefToMessageID();
boolean isFirstRequest = (refToMessageID == null || refToMessageID.length() == 0);
if (debug.messageEnabled()) {
debug.message("CramMD5MechanismHandler.processSASLRequest: " + "refToMessageID = " + refToMessageID);
}
SASLResponse saslResp = null;
byte[] data = saslReq.getData();
if (data == null) {
if (isFirstRequest) {
saslResp = new SASLResponse(SASLResponse.CONTINUE);
saslResp.setServerMechanism(AuthnSvcConstants.MECHANISM_CRAMMD5);
byte[] challenge = generateChallenge();
if (debug.messageEnabled()) {
debug.message("CramMD5MechanismHandler.processSASLRequest:" + " add respMessageID: " + respMessageID);
}
challengeMap.put(respMessageID, challenge);
saslResp.setData(challenge);
} else {
saslResp = new SASLResponse(SASLResponse.ABORT);
}
} else {
String dataStr = null;
try {
dataStr = new String(data, "UTF-8");
} catch (Exception ex) {
debug.error("CramMD5MechanismHandler.processSASLRequest: ", ex);
}
if (dataStr == null) {
saslResp = new SASLResponse(SASLResponse.ABORT);
} else {
saslResp = authenticate(dataStr, message);
}
if (isFirstRequest) {
saslResp.setServerMechanism(AuthnSvcConstants.MECHANISM_PLAIN);
}
}
return saslResp;
}
Also used :
SASLResponse(com.sun.identity.liberty.ws.authnsvc.protocol.SASLResponse)
IdRepoException(com.sun.identity.idm.IdRepoException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
SSOException(com.iplanet.sso.SSOException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
Example 2 with SASLResponse
use of com.sun.identity.liberty.ws.authnsvc.protocol.SASLResponse in project OpenAM by OpenRock.
the class AuthnSvcClient method sendRequest.
/**
* Sends a <code>SASL</code> request to the Authentication Service SOAP
* endpoint and returns a <code>SASL</code> response.
*
* @param saslReq a <code>SASL</code> request
* @param connectTo the SOAP endpoint URL
* @return a <code>SASL</code> response from the Authentication Service
* @exception AuthnSvcException if authentication service is not available
* or there is an error in <code>SASL</code> request
*/
public static SASLResponse sendRequest(SASLRequest saslReq, String connectTo) throws AuthnSvcException {
Message req = new Message();
req.setSOAPBody(saslReq.toElement());
req.getCorrelationHeader().setRefToMessageID(saslReq.getRefToMessageID());
Message resp = null;
try {
resp = Client.sendRequest(req, connectTo);
} catch (Exception ex) {
AuthnSvcUtils.debug.error("AuthnSvcClient.sendRequest:", ex);
throw new AuthnSvcException(ex);
}
List list = resp.getBodies(AuthnSvcConstants.NS_AUTHN_SVC, AuthnSvcConstants.TAG_SASL_RESPONSE);
if (list.isEmpty()) {
throw new AuthnSvcException("missingSASLResponse");
} else if (list.size() > 1) {
throw new AuthnSvcException("tooManySASLResponse");
}
SASLResponse saslResp = new SASLResponse((Element) list.get(0));
saslResp.setMessageID(resp.getCorrelationHeader().getMessageID());
saslResp.setRefToMessageID(resp.getCorrelationHeader().getRefToMessageID());
return saslResp;
}
Also used :
Message(com.sun.identity.liberty.ws.soapbinding.Message)
SASLResponse(com.sun.identity.liberty.ws.authnsvc.protocol.SASLResponse)
List(java.util.List)
Example 3 with SASLResponse
use of com.sun.identity.liberty.ws.authnsvc.protocol.SASLResponse in project OpenAM by OpenRock.
the class AuthnSvcRequestHandlerImpl method processRequest.
/**
* Extracts SASL request out of a SOAP Message and processes it.
* @param request a SOAP Message containing a SASL request
* @return a SOAP Message containing a SASL response
* @exception AuthnSvcException if an error occurs while processing the
* SOAP Message
*/
public Message processRequest(Message request) throws AuthnSvcException {
List list = request.getBodies(AuthnSvcConstants.NS_AUTHN_SVC, AuthnSvcConstants.TAG_SASL_REQUEST);
if (list.isEmpty()) {
throw new AuthnSvcException("missingSASLRequet");
} else if (list.size() > 1) {
throw new AuthnSvcException("tooManySASLRequet");
}
SASLRequest saslReq = new SASLRequest((Element) list.get(0));
saslReq.setMessageID(request.getCorrelationHeader().getMessageID());
saslReq.setRefToMessageID(request.getCorrelationHeader().getRefToMessageID());
Message message = new Message();
String respMessageID = message.getCorrelationHeader().getMessageID();
SASLResponse saslResp = processSASLRequest(saslReq, request, respMessageID);
message.setSOAPBody(saslResp.toElement());
return message;
}
Also used :
SASLRequest(com.sun.identity.liberty.ws.authnsvc.protocol.SASLRequest)
Message(com.sun.identity.liberty.ws.soapbinding.Message)
SASLResponse(com.sun.identity.liberty.ws.authnsvc.protocol.SASLResponse)
List(java.util.List)
Example 4 with SASLResponse
use of com.sun.identity.liberty.ws.authnsvc.protocol.SASLResponse in project OpenAM by OpenRock.
the class AuthnSvcRequestHandlerImpl method processSASLRequest.
/**
* Processes a SASL request and returns a SASL response.
* @param saslReq a SASL request
* @param message a SOAP Message containing a SASL response
* @param respMessageID messageID of SOAP Message response that will
* contain returned SASL response
* @return a SASL response
* @exception AuthnSvcException if an error occurs while processing the
* SASL request
*/
private static SASLResponse processSASLRequest(SASLRequest saslReq, Message message, String respMessageID) throws AuthnSvcException {
String mechanism = saslReq.getMechanism().trim();
if (AuthnSvcUtils.debug.messageEnabled()) {
String msg = AuthnSvcUtils.getString("messageID") + "=" + message.getCorrelationHeader().getMessageID() + ", " + AuthnSvcUtils.getString("mechanism") + "=" + mechanism + ", " + AuthnSvcUtils.getString("authzID") + "=" + saslReq.getAuthzID() + ", " + AuthnSvcUtils.getString("advisoryAuthnID") + "=" + saslReq.getAdvisoryAuthnID();
AuthnSvcUtils.debug.message(msg);
}
String[] data = { message.getCorrelationHeader().getMessageID(), mechanism, saslReq.getAuthzID(), saslReq.getAdvisoryAuthnID() };
if (mechanism.length() == 0) {
if (AuthnSvcUtils.debug.messageEnabled()) {
AuthnSvcUtils.debug.message("AuthnSvcRequestHanderImpl.processSASLRequest: " + "mechanism is empty");
}
if (LogUtil.isLogEnabled()) {
LogUtil.access(Level.INFO, LogUtil.AS_ABORT, data);
}
return new SASLResponse(SASLResponse.ABORT);
}
MechanismHandler mechanismHandler = null;
StringTokenizer stz = new StringTokenizer(mechanism);
while (stz.hasMoreTokens()) {
String mech = stz.nextToken();
mechanismHandler = AuthnSvcService.getMechanismHandler(mech);
if (mechanismHandler != null) {
break;
}
}
if (mechanismHandler == null) {
if (AuthnSvcUtils.debug.messageEnabled()) {
AuthnSvcUtils.debug.message("AuthnSvcRequestHanderImpl.processSASLRequest: " + "Unable to find mechanismHandler");
}
if (LogUtil.isLogEnabled()) {
LogUtil.access(Level.INFO, LogUtil.AS_ABORT, data);
}
return new SASLResponse(SASLResponse.ABORT);
} else {
if (AuthnSvcUtils.debug.messageEnabled()) {
AuthnSvcUtils.debug.message("AuthnSvcRequestHanderImpl.processSASLRequest: " + "mechanismHandler = " + mechanismHandler.getClass());
}
}
SASLResponse saslResp = mechanismHandler.processSASLRequest(saslReq, message, respMessageID);
if (LogUtil.isLogEnabled()) {
String statusCode = saslResp.getStatusCode();
if (statusCode.equals(SASLResponse.OK)) {
LogUtil.access(Level.INFO, LogUtil.AS_OK, data);
} else if (statusCode.equals(SASLResponse.CONTINUE)) {
LogUtil.access(Level.INFO, LogUtil.AS_CONTINUE, data);
} else {
LogUtil.access(Level.INFO, LogUtil.AS_ABORT, data);
}
}
return saslResp;
}
Also used :
StringTokenizer(java.util.StringTokenizer)
SASLResponse(com.sun.identity.liberty.ws.authnsvc.protocol.SASLResponse)
MechanismHandler(com.sun.identity.liberty.ws.authnsvc.mechanism.MechanismHandler)
Example 5 with SASLResponse
use of com.sun.identity.liberty.ws.authnsvc.protocol.SASLResponse in project OpenAM by OpenRock.
the class CramMD5MechanismHandler method authenticate.
private SASLResponse authenticate(String data, Message message) {
int index = data.indexOf(' ');
if (index == -1) {
return new SASLResponse(SASLResponse.ABORT);
}
String userName = data.substring(0, index);
String clientDigest = data.substring(index + 1);
String password = getUserPassword(userName);
if (password == null) {
if (debug.messageEnabled()) {
debug.message("CramMD5MechanismHandler.authenticate: can't get password");
}
return new SASLResponse(SASLResponse.ABORT);
}
String refToMessageID = message.getCorrelationHeader().getRefToMessageID();
if (refToMessageID == null || refToMessageID.length() == 0) {
if (debug.messageEnabled()) {
debug.message("CramMD5MechanismHandler.authenticate: no refToMessageID");
}
return new SASLResponse(SASLResponse.ABORT);
}
byte[] challengeBytes = null;
if (debug.messageEnabled()) {
debug.message("CramMD5MechanismHandler.authenticate:" + " remove refToMessageID: " + refToMessageID);
}
challengeBytes = (byte[]) challengeMap.remove(refToMessageID);
if (challengeBytes == null) {
if (debug.messageEnabled()) {
debug.message("CramMD5MechanismHandler.authenticate: no challenge found");
}
return new SASLResponse(SASLResponse.ABORT);
}
byte[] passwordBytes = null;
try {
passwordBytes = password.getBytes("UTF-8");
} catch (UnsupportedEncodingException ueex) {
debug.error("CramMD5MechanismHandler.authenticate:", ueex);
return new SASLResponse(SASLResponse.ABORT);
}
String serverDigest = null;
try {
serverDigest = generateHMACMD5(passwordBytes, challengeBytes);
} catch (NoSuchAlgorithmException nsaex) {
debug.error("CramMD5MechanismHandler.authenticate:", nsaex);
return new SASLResponse(SASLResponse.ABORT);
}
if (!clientDigest.equals(serverDigest)) {
if (debug.messageEnabled()) {
debug.message("CramMD5MechanismHandler.authenticate: digests not equal");
}
return new SASLResponse(SASLResponse.ABORT);
}
if (debug.messageEnabled()) {
debug.message("CramMD5MechanismHandler.authenticate: digests equal");
}
String authModule = AuthnSvcService.getCramMD5MechanismAuthenticationModule();
if (debug.messageEnabled()) {
debug.message("PlainMechanismHandler.authenticate: " + "authModule = " + authModule);
}
AuthContext authContext = null;
try {
authContext = new AuthContext(SMSEntry.getRootSuffix());
authContext.login(AuthContext.IndexType.MODULE_INSTANCE, authModule);
} catch (AuthLoginException le) {
debug.error("CramMD5MechanismHandler.authenticate: ", le);
return new SASLResponse(SASLResponse.ABORT);
}
if (authContext.hasMoreRequirements()) {
Callback[] callbacks = authContext.getRequirements();
if (callbacks != null) {
fillInCallbacks(callbacks, userName, password);
authContext.submitRequirements(callbacks);
}
}
AuthContext.Status loginStatus = authContext.getStatus();
if (debug.messageEnabled()) {
debug.message("CramMD5MechanismHandler.authenticate: login status = " + loginStatus);
}
if (loginStatus != AuthContext.Status.SUCCESS) {
return new SASLResponse(SASLResponse.ABORT);
}
try {
SSOToken token = authContext.getSSOToken();
String userDN = token.getPrincipal().getName();
try {
SSOTokenManager.getInstance().destroyToken(token);
} catch (SSOException ssoex) {
if (AuthnSvcUtils.debug.warningEnabled()) {
AuthnSvcUtils.debug.warning("PlainMechanismHandler.authenticate:", ssoex);
}
}
SASLResponse saslResp = new SASLResponse(SASLResponse.OK);
if (!AuthnSvcUtils.setResourceOfferingAndCredentials(saslResp, message, userDN)) {
return new SASLResponse(SASLResponse.ABORT);
}
return saslResp;
} catch (Exception ex) {
debug.error("CramMD5MechanismHandler.authenticate: ", ex);
return new SASLResponse(SASLResponse.ABORT);
}
}
Also used :
SSOToken(com.iplanet.sso.SSOToken)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
AuthContext(com.sun.identity.authentication.AuthContext)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
SSOException(com.iplanet.sso.SSOException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
IdRepoException(com.sun.identity.idm.IdRepoException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
SSOException(com.iplanet.sso.SSOException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
NameCallback(javax.security.auth.callback.NameCallback)
Callback(javax.security.auth.callback.Callback)
SASLResponse(com.sun.identity.liberty.ws.authnsvc.protocol.SASLResponse)
Aggregations
SASLResponse (com.sun.identity.liberty.ws.authnsvc.protocol.SASLResponse)9
SSOException (com.iplanet.sso.SSOException)6
AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)4
SSOToken (com.iplanet.sso.SSOToken)3
AuthContext (com.sun.identity.authentication.AuthContext)2
IdRepoException (com.sun.identity.idm.IdRepoException)2
Message (com.sun.identity.liberty.ws.soapbinding.Message)2
UnsupportedEncodingException (java.io.UnsupportedEncodingException)2
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2
List (java.util.List)2
Callback (javax.security.auth.callback.Callback)2
NameCallback (javax.security.auth.callback.NameCallback)2
PasswordCallback (javax.security.auth.callback.PasswordCallback)2
SSOTokenManager (com.iplanet.sso.SSOTokenManager)1
MechanismHandler (com.sun.identity.liberty.ws.authnsvc.mechanism.MechanismHandler)1
SASLRequest (com.sun.identity.liberty.ws.authnsvc.protocol.SASLRequest)1
StringTokenizer (java.util.StringTokenizer)1
