Search in sources :

Example 16 with DecodeAction

use of com.sun.identity.security.DecodeAction in project OpenAM by OpenRock.

the class ServerConfigMgr method changePassword.

/**
     * Checks and sets the password
     */
private void changePassword(String userType, String oldPassword, String newPassword) throws Exception {
    String fileEncPassword = getUserPassword(userType);
    String userDN = getUserDN(userType);
    if ((fileEncPassword == null) || (fileEncPassword.length() == 0) || (userDN == null) || (userDN.length() == 0)) {
        debug.error("Null password or user DN for user type: " + userType + " from file: " + configFile);
        throw new XMLException(i18n.getString("dscfg-corrupted-serverconfig"));
    }
    // Verify old password
    if (!oldPassword.equals(AccessController.doPrivileged(new DecodeAction(fileEncPassword)))) {
        throw new Exception(i18n.getString("dscfg-old-passwd-donot-match"));
    }
    if (isAMSDKConfigured) {
        // this is to check if updating of DS is required.
        try {
            new AuthContext(new AuthPrincipal(userDN), newPassword.toCharArray());
            if (debug.messageEnabled()) {
                debug.message("DN: " + userDN + " new password is already updated in the directory");
            }
        } catch (LoginException lee) {
            try {
                AuthContext ac = new AuthContext(new AuthPrincipal(userDN), oldPassword.toCharArray());
                PersistentObject user = UMSObject.getObject(ac.getSSOToken(), new Guid(userDN));
                if (debug.messageEnabled()) {
                    debug.message("For DN: " + userDN + " changing password in directory");
                }
                user.setAttribute(new Attr("userPassword", newPassword));
                user.save();
            } catch (LoginException le) {
                if (debug.warningEnabled()) {
                    debug.warning("For DN: " + userDN + " new and old passwords donot match with directory");
                }
                throw new Exception(i18n.getString("dscfg-invalid-password") + "\n" + le.getMessage());
            }
        }
    }
    setUserPassword(userType, newPassword);
}
Also used : XMLException(com.iplanet.services.util.XMLException) DecodeAction(com.sun.identity.security.DecodeAction) AuthContext(com.sun.identity.authentication.internal.AuthContext) LoginException(javax.security.auth.login.LoginException) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) PersistentObject(com.iplanet.ums.PersistentObject) AuthPrincipal(com.sun.identity.authentication.internal.AuthPrincipal) Guid(com.iplanet.ums.Guid) LoginException(javax.security.auth.login.LoginException) FileNotFoundException(java.io.FileNotFoundException) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) SSOException(com.iplanet.sso.SSOException) IdRepoException(com.sun.identity.idm.IdRepoException) XMLException(com.iplanet.services.util.XMLException) IOException(java.io.IOException) ConfiguratorException(com.sun.identity.setup.ConfiguratorException)

Example 17 with DecodeAction

use of com.sun.identity.security.DecodeAction in project OpenAM by OpenRock.

the class FilesRepo method decodeAttributes.

static Map decodeAttributes(Map attrs, Set encAttrs) {
    if (encAttrs.isEmpty()) {
        return (attrs);
    }
    // Decode the attributes
    for (Iterator items = encAttrs.iterator(); items.hasNext(); ) {
        Object key = items.next();
        Set ovalue = (Set) attrs.get(key);
        if (ovalue != null && !ovalue.isEmpty()) {
            Set nvalue = new CaseInsensitiveHashSet();
            for (Iterator i = ovalue.iterator(); i.hasNext(); ) {
                try {
                    nvalue.add((String) AccessController.doPrivileged(new DecodeAction((String) i.next())));
                } catch (Throwable e) {
                    // Printing the attribute value could be security issue
                    debug.error("FilesRepo: unable to decode", e);
                }
            }
            attrs.put(key, nvalue);
        }
    }
    return (attrs);
}
Also used : CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet) CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet) HashSet(java.util.HashSet) Set(java.util.Set) Iterator(java.util.Iterator) DecodeAction(com.sun.identity.security.DecodeAction)

Example 18 with DecodeAction

use of com.sun.identity.security.DecodeAction in project OpenAM by OpenRock.

the class Adaptive method checkLastLogin.

/**
     * Check to see if the last login is within the allowed range
     * Last login is stored in a cookie in encrypted format
     *
     * @return score achieved with this test
     */
protected int checkLastLogin() {
    DateFormat formatter = new SimpleDateFormat("yyyy.MM.dd.HH.mm.ss");
    Date now = new Date();
    Date loginTime = null;
    String lastLoginEnc = null;
    String lastLogin = null;
    String savedUserName = null;
    int retVal = 0;
    if (timeSinceLastLoginAttribute != null) {
        HttpServletRequest req = getHttpServletRequest();
        if (req != null) {
            Cookie cookie = CookieUtils.getCookieFromReq(req, timeSinceLastLoginAttribute);
            if (cookie != null) {
                if (debug.messageEnabled()) {
                    debug.message("{}.checkLastLogin: Found Cookie : {}", ADAPTIVE, timeSinceLastLoginAttribute);
                }
                lastLoginEnc = CookieUtils.getCookieValue(cookie);
                lastLogin = AccessController.doPrivileged(new DecodeAction(lastLoginEnc));
            }
            if (lastLogin != null) {
                String[] tokens = lastLogin.split("\\|");
                if (tokens.length == 3) {
                    lastLogin = tokens[1];
                    savedUserName = tokens[2];
                }
                if (!userName.equalsIgnoreCase(savedUserName)) {
                    lastLogin = null;
                }
                if (lastLogin != null) {
                    try {
                        // "2002.01.29.08.36.33");
                        loginTime = formatter.parse(lastLogin);
                        if ((now.getTime() - loginTime.getTime()) < timeSinceLastLoginValue * 1000 * 60 * 60 * 24L) {
                            retVal = timeSinceLastLoginScore;
                        }
                    } catch (ParseException pe) {
                        if (debug.messageEnabled()) {
                            debug.message("{}.checkLastLogin: lastLogin '{}' can't be parsed", ADAPTIVE, lastLogin, pe);
                        }
                    }
                }
            }
        }
        if (timeSinceLastLoginSave) {
            postAuthNMap.put("LOGINNAME", timeSinceLastLoginAttribute);
            lastLogin = formatter.format(now);
            lastLogin = Math.random() + "|" + lastLogin + "|" + userName;
            lastLoginEnc = AccessController.doPrivileged(new EncodeAction(lastLogin));
            postAuthNMap.put("LOGINVALUE", lastLoginEnc);
        }
    }
    if (!timeSinceLastLoginInvert) {
        retVal = timeSinceLastLoginScore - retVal;
    }
    return retVal;
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) Cookie(javax.servlet.http.Cookie) EncodeAction(com.sun.identity.security.EncodeAction) DateFormat(java.text.DateFormat) SimpleDateFormat(java.text.SimpleDateFormat) DecodeAction(com.sun.identity.security.DecodeAction) ParseException(java.text.ParseException) SimpleDateFormat(java.text.SimpleDateFormat) Date(java.util.Date)

Aggregations

DecodeAction (com.sun.identity.security.DecodeAction)18 Iterator (java.util.Iterator)9 HashSet (java.util.HashSet)7 Set (java.util.Set)5 IOException (java.io.IOException)4 SSOException (com.iplanet.sso.SSOException)3 IdRepoException (com.sun.identity.idm.IdRepoException)3 BufferedReader (java.io.BufferedReader)3 HashMap (java.util.HashMap)3 Node (org.w3c.dom.Node)3 SessionException (com.iplanet.dpro.session.SessionException)2 EncodeAction (com.sun.identity.security.EncodeAction)2 AttributeSchema (com.sun.identity.sm.AttributeSchema)2 ByteArrayInputStream (java.io.ByteArrayInputStream)2 FileInputStream (java.io.FileInputStream)2 InputStreamReader (java.io.InputStreamReader)2 ObjectInputStream (java.io.ObjectInputStream)2 Map (java.util.Map)2 StringTokenizer (java.util.StringTokenizer)2 XMLException (com.iplanet.services.util.XMLException)1