use of com.sun.identity.security.DecodeAction in project OpenAM by OpenRock.
the class ServerConfigMgr method changePassword.
/**
* Checks and sets the password
*/
private void changePassword(String userType, String oldPassword, String newPassword) throws Exception {
String fileEncPassword = getUserPassword(userType);
String userDN = getUserDN(userType);
if ((fileEncPassword == null) || (fileEncPassword.length() == 0) || (userDN == null) || (userDN.length() == 0)) {
debug.error("Null password or user DN for user type: " + userType + " from file: " + configFile);
throw new XMLException(i18n.getString("dscfg-corrupted-serverconfig"));
}
// Verify old password
if (!oldPassword.equals(AccessController.doPrivileged(new DecodeAction(fileEncPassword)))) {
throw new Exception(i18n.getString("dscfg-old-passwd-donot-match"));
}
if (isAMSDKConfigured) {
// this is to check if updating of DS is required.
try {
new AuthContext(new AuthPrincipal(userDN), newPassword.toCharArray());
if (debug.messageEnabled()) {
debug.message("DN: " + userDN + " new password is already updated in the directory");
}
} catch (LoginException lee) {
try {
AuthContext ac = new AuthContext(new AuthPrincipal(userDN), oldPassword.toCharArray());
PersistentObject user = UMSObject.getObject(ac.getSSOToken(), new Guid(userDN));
if (debug.messageEnabled()) {
debug.message("For DN: " + userDN + " changing password in directory");
}
user.setAttribute(new Attr("userPassword", newPassword));
user.save();
} catch (LoginException le) {
if (debug.warningEnabled()) {
debug.warning("For DN: " + userDN + " new and old passwords donot match with directory");
}
throw new Exception(i18n.getString("dscfg-invalid-password") + "\n" + le.getMessage());
}
}
}
setUserPassword(userType, newPassword);
}
use of com.sun.identity.security.DecodeAction in project OpenAM by OpenRock.
the class FilesRepo method decodeAttributes.
static Map decodeAttributes(Map attrs, Set encAttrs) {
if (encAttrs.isEmpty()) {
return (attrs);
}
// Decode the attributes
for (Iterator items = encAttrs.iterator(); items.hasNext(); ) {
Object key = items.next();
Set ovalue = (Set) attrs.get(key);
if (ovalue != null && !ovalue.isEmpty()) {
Set nvalue = new CaseInsensitiveHashSet();
for (Iterator i = ovalue.iterator(); i.hasNext(); ) {
try {
nvalue.add((String) AccessController.doPrivileged(new DecodeAction((String) i.next())));
} catch (Throwable e) {
// Printing the attribute value could be security issue
debug.error("FilesRepo: unable to decode", e);
}
}
attrs.put(key, nvalue);
}
}
return (attrs);
}
use of com.sun.identity.security.DecodeAction in project OpenAM by OpenRock.
the class Adaptive method checkLastLogin.
/**
* Check to see if the last login is within the allowed range
* Last login is stored in a cookie in encrypted format
*
* @return score achieved with this test
*/
protected int checkLastLogin() {
DateFormat formatter = new SimpleDateFormat("yyyy.MM.dd.HH.mm.ss");
Date now = new Date();
Date loginTime = null;
String lastLoginEnc = null;
String lastLogin = null;
String savedUserName = null;
int retVal = 0;
if (timeSinceLastLoginAttribute != null) {
HttpServletRequest req = getHttpServletRequest();
if (req != null) {
Cookie cookie = CookieUtils.getCookieFromReq(req, timeSinceLastLoginAttribute);
if (cookie != null) {
if (debug.messageEnabled()) {
debug.message("{}.checkLastLogin: Found Cookie : {}", ADAPTIVE, timeSinceLastLoginAttribute);
}
lastLoginEnc = CookieUtils.getCookieValue(cookie);
lastLogin = AccessController.doPrivileged(new DecodeAction(lastLoginEnc));
}
if (lastLogin != null) {
String[] tokens = lastLogin.split("\\|");
if (tokens.length == 3) {
lastLogin = tokens[1];
savedUserName = tokens[2];
}
if (!userName.equalsIgnoreCase(savedUserName)) {
lastLogin = null;
}
if (lastLogin != null) {
try {
// "2002.01.29.08.36.33");
loginTime = formatter.parse(lastLogin);
if ((now.getTime() - loginTime.getTime()) < timeSinceLastLoginValue * 1000 * 60 * 60 * 24L) {
retVal = timeSinceLastLoginScore;
}
} catch (ParseException pe) {
if (debug.messageEnabled()) {
debug.message("{}.checkLastLogin: lastLogin '{}' can't be parsed", ADAPTIVE, lastLogin, pe);
}
}
}
}
}
if (timeSinceLastLoginSave) {
postAuthNMap.put("LOGINNAME", timeSinceLastLoginAttribute);
lastLogin = formatter.format(now);
lastLogin = Math.random() + "|" + lastLogin + "|" + userName;
lastLoginEnc = AccessController.doPrivileged(new EncodeAction(lastLogin));
postAuthNMap.put("LOGINVALUE", lastLoginEnc);
}
}
if (!timeSinceLastLoginInvert) {
retVal = timeSinceLastLoginScore - retVal;
}
return retVal;
}
Aggregations