Examples with SecureAttrs - com.sun.identity.sae.api.SecureAttrs

Example 1 with SecureAttrs

use of com.sun.identity.sae.api.SecureAttrs in project OpenAM by OpenRock.

the class SAE method process.

/**
     * Validates the authentication credentials.
     *
     * @return ISAuthConstants.LOGIN_SUCCEED on login success
     * @exception AuthLoginException on failure. 
     */
public int process(Callback[] callbacks, int state) throws AuthLoginException {
    debug.message("SAE AuthModule.process...");
    HttpServletRequest req = getHttpServletRequest();
    if (req == null) {
        debug.error("SAE AuthModule.process: httprequest is null.");
        throw new AuthLoginException("HttpServletRequest is null");
    }
    String encodedString = req.getParameter(SecureAttrs.SAE_PARAM_DATA);
    if (debug.messageEnabled()) {
        debug.message("SAE AuthModule.process+encodedStr=" + encodedString);
    }
    String realm = req.getParameter(SAML2Constants.SAE_REALM);
    String idpEntityId = req.getParameter(SAML2Constants.SAE_IDP_ENTITYID);
    String idpAppUrl = req.getParameter(SAML2Constants.SAE_IDPAPP_URL);
    debug.message("SAE AuthModule.SAML2Utils.getSAEAttrs");
    Map saeattrs = SAML2Utils.getSAEAttrs(realm, idpEntityId, SAML2Constants.IDP_ROLE, idpAppUrl);
    if (saeattrs == null) {
        debug.error("SAE AuthModule.process:get SAE Attrs failed:null.");
        throw new AuthLoginException("SAE config Attributes are null");
    }
    String cryptoType = (String) saeattrs.get(SecureAttrs.SAE_CRYPTO_TYPE);
    String encryptAlg = (String) saeattrs.get(SecureAttrs.SAE_CONFIG_DATA_ENCRYPTION_ALG);
    String encryptStrength = (String) saeattrs.get(SecureAttrs.SAE_CONFIG_ENCRYPTION_KEY_STRENGTH);
    String saekey = null;
    String saeprivatekey = null;
    if ("symmetric".equals(cryptoType)) {
        saekey = (String) saeattrs.get(SecureAttrs.SAE_CONFIG_SHARED_SECRET);
        saeprivatekey = saekey;
    } else if ("asymmetric".equals(cryptoType)) {
        saekey = (String) saeattrs.get(SecureAttrs.SAE_CONFIG_PUBLIC_KEY_ALIAS);
        saeprivatekey = (String) saeattrs.get(SecureAttrs.SAE_CONFIG_PRIVATE_KEY_ALIAS);
    }
    if (debug.messageEnabled()) {
        debug.message("SAE AuthModule: realm=" + realm + ", idpEntityID=" + idpEntityId + ", idpAppUrl=" + idpAppUrl + ", cryptoType=" + cryptoType + ", key=" + saekey);
    }
    Map attrs = null;
    try {
        String saInstanceName = cryptoType + "_" + encryptAlg + "_" + encryptStrength;
        SecureAttrs sa = SecureAttrs.getInstance(saInstanceName);
        if (sa == null) {
            // Initialize SecureAttrs here.
            Properties prop = new Properties();
            prop.setProperty(SecureAttrs.SAE_CONFIG_CERT_CLASS, "com.sun.identity.sae.api.FMCerts");
            if (encryptAlg != null) {
                prop.setProperty(SecureAttrs.SAE_CONFIG_DATA_ENCRYPTION_ALG, encryptAlg);
            }
            if (encryptStrength != null) {
                prop.setProperty(SecureAttrs.SAE_CONFIG_ENCRYPTION_KEY_STRENGTH, encryptStrength);
            }
            SecureAttrs.init(saInstanceName, cryptoType, prop);
            sa = SecureAttrs.getInstance(saInstanceName);
        }
        attrs = sa.verifyEncodedString(encodedString, saekey, saeprivatekey);
        if (debug.messageEnabled())
            debug.message("SAE AuthModule.: SAE attrs:" + attrs);
    } catch (Exception ex) {
        debug.error("SAE AuthModule.process: verification failed.", ex);
        throw new AuthLoginException("verify failed");
    }
    if (attrs == null) {
        debug.error("SAE AuthModule.process:verification failed:attrs null.");
        throw new AuthLoginException("Attributes are null");
    }
    userTokenId = (String) attrs.get(SecureAttrs.SAE_PARAM_USERID);
    Iterator iter = attrs.entrySet().iterator();
    while (iter.hasNext()) {
        Map.Entry entry = (Map.Entry) iter.next();
        String key = (String) entry.getKey();
        String value = (String) entry.getValue();
        if (key.equals(SecureAttrs.SAE_PARAM_USERID)) {
            continue;
        }
        if (debug.messageEnabled()) {
            debug.message("Session Property set: " + key + "= " + value);
        }
        setUserSessionProperty(key, value);
    }
    String authLevel = (String) attrs.get(SecureAttrs.SAE_PARAM_AUTHLEVEL);
    int authLevelInt = DEFAULT_AUTH_LEVEL;
    if (authLevel != null && authLevel.length() != 0) {
        try {
            authLevelInt = Integer.parseInt(authLevel);
        } catch (Exception e) {
            debug.error("Unable to parse auth level " + authLevel + ". Using default.", e);
            authLevelInt = DEFAULT_AUTH_LEVEL;
        }
    }
    if (debug.messageEnabled()) {
        debug.message("SAE AuthModule: auth level = " + authLevelInt);
    }
    setAuthLevel(authLevelInt);
    debug.message("SAE AuthModule:return SUCCESS");
    return ISAuthConstants.LOGIN_SUCCEED;
}

Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) SecureAttrs(com.sun.identity.sae.api.SecureAttrs) Iterator(java.util.Iterator) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) Properties(java.util.Properties) HashMap(java.util.HashMap) Map(java.util.Map) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)

Aggregations

AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)1 SecureAttrs (com.sun.identity.sae.api.SecureAttrs)1 HashMap (java.util.HashMap)1 Iterator (java.util.Iterator)1 Map (java.util.Map)1 Properties (java.util.Properties)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1