use of com.tremolosecurity.proxy.auth.AuthController in project OpenUnison by TremoloSecurity.
the class OTPAuth method doPost.
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response, AuthStep as) throws IOException, ServletException {
if (request.getParameter("code") == null) {
this.doGet(request, response, as);
return;
}
HttpSession session = ((HttpServletRequest) request).getSession();
HashMap<String, Attribute> authParams = (HashMap<String, Attribute>) session.getAttribute(ProxyConstants.AUTH_MECH_PARAMS);
UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
RequestHolder reqHolder = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getHolder();
String urlChain = holder.getUrl().getAuthChain();
AuthChainType act = holder.getConfig().getAuthChains().get(reqHolder.getAuthChainName());
AuthMechType amt = act.getAuthMech().get(as.getId());
Attribute attr = authParams.get("keyName");
if (attr == null) {
throw new ServletException("keyName not present");
}
SecretKey key = this.cfgMgr.getSecretKey(attr.getValues().get(0));
if (key == null) {
throw new ServletException("Key '" + attr.getValues().get(0) + "' does not exist");
}
int windowSize = 3;
attr = authParams.get("windowSize");
if (attr == null) {
logger.warn("No windowSize set");
} else {
windowSize = Integer.parseInt(attr.getValues().get(0));
}
attr = authParams.get("attributeName");
if (attr == null) {
throw new ServletException("attributeName not present");
}
String attributeName = attr.getValues().get(0);
AuthController ac = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL));
attr = ac.getAuthInfo().getAttribs().get(attributeName);
if (attr == null) {
if (logger.isDebugEnabled()) {
logger.info("Attribute '" + attributeName + "' not present");
}
as.setSuccess(false);
} else {
try {
String keyjson = attr.getValues().get(0);
if (logger.isDebugEnabled()) {
logger.debug("token json : '" + keyjson + "'");
}
Gson gson = new Gson();
Token token = gson.fromJson(new String(Base64.decode(keyjson)), Token.class);
byte[] iv = org.bouncycastle.util.encoders.Base64.decode(token.getIv());
IvParameterSpec spec = new IvParameterSpec(iv);
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, key, spec);
byte[] encBytes = org.bouncycastle.util.encoders.Base64.decode(token.getEncryptedRequest());
String totpJson = new String(cipher.doFinal(encBytes));
TOTPKey totp = gson.fromJson(totpJson, TOTPKey.class);
GoogleAuthenticatorConfigBuilder b = new GoogleAuthenticatorConfigBuilder();
b.setWindowSize(windowSize);
GoogleAuthenticatorConfig cfg = b.build();
GoogleAuthenticator ga = new GoogleAuthenticator(cfg);
String code = request.getParameter("code");
if (code == null) {
as.setSuccess(false);
} else {
as.setSuccess(ga.authorize(totp.getSecretKey(), Integer.parseInt(code)));
}
String redirectToURL = request.getParameter("target");
if (redirectToURL != null && !redirectToURL.isEmpty()) {
reqHolder.setURL(redirectToURL);
}
} catch (Exception e) {
as.setSuccess(false);
logger.error("Could not decrypt key", e);
}
holder.getConfig().getAuthManager().nextAuth(request, response, session, false);
}
}
use of com.tremolosecurity.proxy.auth.AuthController in project OpenUnison by TremoloSecurity.
the class AuthManagerImpl method nextAuth.
/* (non-Javadoc)
* @see com.tremolosecurity.proxy.auth.sys.AuthManager#nextAuth(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, javax.servlet.http.HttpSession, boolean, com.tremolosecurity.proxy.util.NextSys)
*/
@Override
public boolean nextAuth(HttpServletRequest req, HttpServletResponse resp, HttpSession session, boolean jsRedirect, NextSys next) throws ServletException, IOException {
if (next == null) {
next = (NextSys) req.getAttribute(NEXT_SYS);
if (next == null) {
throw new ServletException("Unknown state");
}
}
// HttpSession session = req.getSession(true);
AuthController actl = (AuthController) req.getSession().getAttribute(ProxyConstants.AUTH_CTL);
RequestHolder reqHolder = actl.getHolder();
String actName = "";
UrlHolder holder = (UrlHolder) req.getAttribute(ProxyConstants.AUTOIDM_CFG);
if (reqHolder != null) {
actName = reqHolder.getAuthChainName();
} else {
actName = holder.getUrl().getAuthChain();
}
AuthChainType act = holder.getConfig().getAuthChains().get(actName);
if (act == null) {
act = holder.getConfig().getAuthFailChain();
}
return execAuth(req, resp, session, jsRedirect, holder, act, req.getRequestURL().toString(), next);
}
use of com.tremolosecurity.proxy.auth.AuthController in project OpenUnison by TremoloSecurity.
the class AuthManagerImpl method getFailedUserDN.
private String getFailedUserDN(HttpServletRequest req) {
String dn = (String) req.getAttribute(ProxyConstants.AUTH_FAILED_USER_DN);
AuthController actl = (AuthController) req.getSession().getAttribute(ProxyConstants.AUTH_CTL);
if (dn != null) {
return dn;
} else if (actl != null) {
return actl.getAuthInfo().getUserDN();
} else {
return null;
}
}
use of com.tremolosecurity.proxy.auth.AuthController in project OpenUnison by TremoloSecurity.
the class HttpBasicAuth method doAuth.
@Override
public void doAuth(HttpServletRequest request, HttpSession session, String uidAttr, final String userName, final String password, MyVDConnection myvd, AuthChainType act, AuthMechType amt, AuthStep as, ConfigManager cfgMgr) throws LDAPException {
BasicHttpClientConnectionManager bhcm = new BasicHttpClientConnectionManager(cfgMgr.getHttpClientSocketRegistry());
try {
AuthCache authCache = new BasicAuthCache();
BasicScheme basicAuth = new BasicScheme();
HttpHost targetHost = new HttpHost(this.host, this.port);
authCache.put(targetHost, basicAuth);
HttpClientContext localcontext = HttpClientContext.create();
localcontext.setAuthCache(authCache);
Credentials user = new UsernamePasswordCredentials(userName, password);
AuthScope scope = new AuthScope(this.host, this.port);
CredentialsProvider credsProvider = new BasicCredentialsProvider();
credsProvider.setCredentials(scope, user);
CloseableHttpClient httpclient = HttpClients.custom().setConnectionManager(bhcm).setDefaultCredentialsProvider(credsProvider).build();
HttpGet get = new HttpGet(this.url);
try {
HttpResponse res = httpclient.execute(targetHost, get, localcontext);
if (res.getFirstHeader("UserJSON") != null) {
String json = res.getFirstHeader("UserJSON").getValue();
Gson gson = new Gson();
AuthInfo authInfo = gson.fromJson(json, AuthInfo.class);
StringBuffer b = new StringBuffer();
b.append("uid=").append(userName).append(",").append(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getLdapRoot());
authInfo.setUserDN(b.toString());
authInfo.setAuthChain(act.getName());
authInfo.setAuthLevel(act.getLevel());
as.setExecuted(true);
as.setSuccess(true);
AuthController actl = (AuthController) session.getAttribute(ProxyConstants.AUTH_CTL);
if (actl == null) {
actl = new AuthController();
session.setAttribute(ProxyConstants.AUTH_CTL, actl);
}
actl.setAuthInfo(authInfo);
}
} catch (Exception e) {
throw new LDAPException("Could not authenticate user", LDAPException.OPERATIONS_ERROR, e.toString(), e);
}
} finally {
bhcm.shutdown();
}
}
use of com.tremolosecurity.proxy.auth.AuthController in project OpenUnison by TremoloSecurity.
the class LDAPBasicAuth method doAuth.
public void doAuth(HttpServletRequest request, HttpSession session, String uidAttr, String userName, String password, MyVDConnection myvd, AuthChainType act, AuthMechType amt, AuthStep as, ConfigManager cfgMgr) throws LDAPException {
String userDN = null;
if (password == null || password.trim().length() == 0) {
if (amt.getRequired().equals("required")) {
as.setExecuted(true);
as.setSuccess(false);
return;
}
}
LDAPSearchResults res = myvd.search(AuthUtil.getChainRoot(cfgMgr, act), 2, equal(uidAttr, userName).toString(), new ArrayList<String>());
if (res.hasMore()) {
LDAPEntry entry = res.next();
userDN = entry.getDN();
try {
myvd.bind(entry.getDN(), password);
} catch (LDAPException le) {
request.setAttribute(ProxyConstants.AUTH_FAILED_USER_DN, userDN);
throw le;
}
Iterator<LDAPAttribute> it = entry.getAttributeSet().iterator();
AuthInfo authInfo = new AuthInfo(entry.getDN(), (String) session.getAttribute(ProxyConstants.AUTH_MECH_NAME), act.getName(), act.getLevel());
AuthController actl = (AuthController) session.getAttribute(ProxyConstants.AUTH_CTL);
if (actl == null) {
actl = new AuthController();
session.setAttribute(ProxyConstants.AUTH_CTL, actl);
}
actl.setAuthInfo(authInfo);
while (it.hasNext()) {
LDAPAttribute attrib = it.next();
Attribute attr = new Attribute(attrib.getName());
String[] vals = attrib.getStringValueArray();
for (int i = 0; i < vals.length; i++) {
attr.getValues().add(vals[i]);
}
authInfo.getAttribs().put(attr.getName(), attr);
}
as.setExecuted(true);
as.setSuccess(true);
} else {
request.setAttribute(ProxyConstants.AUTH_FAILED_USER_DN, userDN);
as.setExecuted(true);
as.setSuccess(false);
}
}
Aggregations