Examples with AuthenticationTokenFactory org.codice.ddf.security.handler.AuthenticationTokenFactory used on opensource projects

Example 1 with AuthenticationTokenFactory

use of org.codice.ddf.security.handler.AuthenticationTokenFactory in project ddf by codice.

the class Security method getSubject.

/**
 * Gets the {@link Subject} given a user name and password.
 *
 * @param username username
 * @param password password
 * @return {@link Subject} associated with the user name and password provided
 */
@Override
public Subject getSubject(String username, String password, String ip) {
    AuthenticationTokenFactory tokenFactory = createBasicTokenFactory();
    AuthenticationToken token = tokenFactory.fromUsernamePassword(username, password, ip);
    SecurityManager securityManager = getSecurityManager();
    if (securityManager != null) {
        try {
            // TODO - Change when class is a service
            if (token instanceof BaseAuthenticationToken) {
                ((BaseAuthenticationToken) token).setAllowGuest(true);
            }
            return securityManager.getSubject(token);
        } catch (SecurityServiceException | RuntimeException e) {
            LOGGER.info("Unable to request subject for {} user.", username, e);
        }
    }
    return null;
}

Example 2 with AuthenticationTokenFactory

use of org.codice.ddf.security.handler.AuthenticationTokenFactory in project ddf by codice.

the class Security method getSystemSubject.

/**
 * Gets the {@link Subject} associated with this system. Uses a cached subject since the subject
 * will not change between calls.
 *
 * @return system's {@link Subject} or {@code null} if unable to get the system's {@link Subject}
 * @throws SecurityException if a security manager exists and the {@link
 *     javax.security.auth.AuthPermission AuthPermission("getSystemSubject")} or {@link
 *     javax.security.auth.AuthPermission AuthPermission("getSubject")} permissions are not
 *     authorized
 */
@Override
@Nullable
public final synchronized Subject getSystemSubject() {
    auditSystemSubjectAccess();
    final java.lang.SecurityManager security = System.getSecurityManager();
    if (security != null) {
        security.checkPermission(Security.GET_SYSTEM_SUBJECT_PERMISSION);
    }
    if (!javaSubjectHasAdminRole()) {
        securityLogger.audit("Unable to retrieve system subject.");
        return null;
    }
    if (cachedSystemSubject != null) {
        return cachedSystemSubject;
    }
    KeyStore keyStore = AccessController.doPrivileged((PrivilegedAction<KeyStore>) this::getSystemKeyStore);
    String alias = null;
    Certificate cert = null;
    try {
        if (keyStore != null) {
            if (keyStore.size() == 1) {
                alias = keyStore.aliases().nextElement();
            } else if (keyStore.size() > 1) {
                alias = getCertificateAlias();
            }
            cert = keyStore.getCertificate(alias);
        }
    } catch (KeyStoreException e) {
        LOGGER.warn("Unable to get certificate for alias [{}]", alias, e);
        return null;
    }
    if (cert == null) {
        LOGGER.warn("Unable to get certificate for alias [{}]", alias);
        return null;
    }
    AuthenticationTokenFactory tokenFactory = createBasicTokenFactory();
    AuthenticationToken token = tokenFactory.fromCertificates(new X509Certificate[] { (X509Certificate) cert }, "127.0.0.1");
    if (token != null) {
        if (token instanceof BaseAuthenticationToken) {
            ((BaseAuthenticationToken) token).setAllowGuest(true);
        }
        SecurityManager securityManager = getSecurityManager();
        if (securityManager != null) {
            try {
                cachedSystemSubject = securityManager.getSubject(token);
            } catch (SecurityServiceException sse) {
                LOGGER.warn("Unable to request subject for system user.", sse);
            }
        }
    }
    return cachedSystemSubject;
}

Example 3 with AuthenticationTokenFactory

use of org.codice.ddf.security.handler.AuthenticationTokenFactory in project ddf by codice.

the class UsernamePasswordRealmTest method testDoGetAuthenticationInfo.

@Test
public void testDoGetAuthenticationInfo() {
    AuthenticationTokenFactory authenticationTokenFactory = new AuthenticationTokenFactory();
    AuthenticationToken authenticationToken = authenticationTokenFactory.fromUsernamePassword("admin", "pass", "0.0.0.0");
    AuthenticationInfo authenticationInfo = upRealm.doGetAuthenticationInfo(authenticationToken);
    SecurityAssertion assertion = authenticationInfo.getPrincipals().oneByType(SecurityAssertion.class);
    assertNotNull(assertion);
    assertThat(assertion.getPrincipal().getName(), is("admin"));
    AttributeStatement attributeStatement = assertion.getAttributeStatements().get(0);
    assertNotNull(attributeStatement);
    assertThat(attributeStatement.getAttributes().size(), greaterThan(0));
    Attribute attribute = attributeStatement.getAttributes().get(0);
    assertThat(attribute.getName(), is("email"));
    assertThat(attribute.getValues().size(), is(2));
    assertThat(attribute.getValues(), contains("tester@example.com", "test@example.com"));
}

Example 4 with AuthenticationTokenFactory

use of org.codice.ddf.security.handler.AuthenticationTokenFactory in project ddf by codice.

the class PKIHandlerTest method getPKIHandlerWithMockedCrl.

/**
 * Creates a PKIHandler with a mocked CrlChecker that always returns true or false
 *
 * @param returnedValue Boolean value that the mocked CrlChecker will always return
 * @return A PKIHandler with a mocked CrlChecker
 */
private PKIHandler getPKIHandlerWithMockedCrl(boolean returnedValue) throws URISyntaxException {
    System.setProperty(SecurityConstants.TRUSTSTORE_TYPE, "JKS");
    System.setProperty(SecurityConstants.TRUSTSTORE_PATH, getClass().getResource("/serverTruststore.jks").toURI().getPath());
    System.setProperty(SecurityConstants.TRUSTSTORE_PASSWORD, "changeit");
    System.setProperty(SecurityConstants.TRUSTSTORE_TYPE, "JKS");
    System.setProperty(SecurityConstants.TRUSTSTORE_PATH, getClass().getResource("/serverTruststore.jks").toURI().getPath());
    System.setProperty(SecurityConstants.TRUSTSTORE_PASSWORD, "changeit");
    PKIHandler handler = new PKIHandler();
    AuthenticationTokenFactory tokenFactory = new AuthenticationTokenFactory();
    handler.setTokenFactory(tokenFactory);
    OcspService ocspService = mock(OcspService.class);
    when(ocspService.passesOcspCheck(any())).thenReturn(returnedValue);
    handler.setOcspService(ocspService);
    CrlChecker crlChecker = mock(CrlChecker.class);
    when(crlChecker.passesCrlCheck(any())).thenReturn(returnedValue);
    handler.crlChecker = crlChecker;
    return handler;
}