Example 1 with NonceInfo
use of org.glassfish.security.common.NonceInfo in project Payara by payara.
the class RealmAdapter method authenticate.
/**
* This HttpServletRequest authenticate variant is primarily used by the DigestAuthenticator
*/
@Override
public Principal authenticate(HttpServletRequest httpServletRequest) {
try {
DigestAlgorithmParameter[] params = DigestParameterGenerator.getInstance(HTTP_DIGEST).generateParameters(new HttpAlgorithmParameterImpl(httpServletRequest));
Key key = null;
if (cnonces == null) {
String appName = webDescriptor.getApplication().getAppName();
synchronized (this) {
if (haCNonceCacheMap == null) {
haCNonceCacheMap = appCNonceCacheMapProvider.get();
}
if (haCNonceCacheMap != null) {
// get the initialized HA CNonceCache
cnonces = haCNonceCacheMap.get(appName);
}
if (cnonces == null) {
if (cNonceCacheFactory == null) {
cNonceCacheFactory = cNonceCacheFactoryProvider.get();
}
// create a Non-HA CNonce Cache
cnonces = cNonceCacheFactory.createCNonceCache(webDescriptor.getApplication().getAppName(), null, null, null);
}
}
}
String nc = null;
String cnonce = null;
for (DigestAlgorithmParameter p : params) {
if (p instanceof NestedDigestAlgoParamImpl) {
NestedDigestAlgoParamImpl np = (NestedDigestAlgoParamImpl) p;
DigestAlgorithmParameter[] nps = (DigestAlgorithmParameter[]) np.getNestedParams();
for (DigestAlgorithmParameter p1 : nps) {
if ("cnonce".equals(p1.getName())) {
cnonce = new String(p1.getValue());
} else if ("nc".equals(p1.getName())) {
nc = new String(p1.getValue());
}
if (cnonce != null && nc != null) {
break;
}
}
if (cnonce != null && nc != null) {
break;
}
}
if ("cnonce".equals(p.getName())) {
cnonce = new String(p.getValue());
} else if ("nc".equals(p.getName())) {
nc = new String(p.getValue());
}
}
long count;
long currentTime = System.currentTimeMillis();
try {
count = Long.parseLong(nc, 16);
} catch (NumberFormatException nfe) {
throw new RuntimeException(nfe);
}
NonceInfo info;
synchronized (cnonces) {
info = cnonces.get(cnonce);
}
if (info == null) {
info = new NonceInfo();
} else {
if (count <= info.getCount()) {
throw new RuntimeException("Invalid Request : Possible Replay Attack detected ?");
}
}
info.setCount(count);
info.setTimestamp(currentTime);
synchronized (cnonces) {
cnonces.put(cnonce, info);
}
for (int i = 0; i < params.length; i++) {
DigestAlgorithmParameter dap = params[i];
if (A1.equals(dap.getName()) && (dap instanceof Key)) {
key = (Key) dap;
break;
}
}
if (key != null) {
DigestCredentials creds = new DigestCredentials(realmName, key.getUsername(), params);
LoginContextDriver.login(creds);
return new WebPrincipal(creds.getUserName(), (char[]) null, SecurityContext.getCurrent());
}
throw new RuntimeException("No key found in parameters");
} catch (Exception le) {
if (logger.isLoggable(WARNING)) {
logger.log(WARNING, "web.login.failed", le.toString());
}
}
return null;
}
Also used :
DigestCredentials(com.sun.enterprise.security.auth.login.DigestCredentials)
DigestAlgorithmParameter(com.sun.enterprise.security.auth.digest.api.DigestAlgorithmParameter)
SecurityConstraint(org.apache.catalina.deploy.SecurityConstraint)
LifecycleException(org.apache.catalina.LifecycleException)
IOException(java.io.IOException)
AuthException(javax.security.auth.message.AuthException)
ProtocolException(java.net.ProtocolException)
MalformedURLException(java.net.MalformedURLException)
HttpAlgorithmParameterImpl(com.sun.enterprise.security.auth.digest.impl.HttpAlgorithmParameterImpl)
NonceInfo(org.glassfish.security.common.NonceInfo)
NestedDigestAlgoParamImpl(com.sun.enterprise.security.auth.digest.impl.NestedDigestAlgoParamImpl)
WebPrincipal(com.sun.enterprise.security.web.integration.WebPrincipal)
Key(com.sun.enterprise.security.auth.digest.api.Key)
Example 2 with NonceInfo
use of org.glassfish.security.common.NonceInfo in project Payara by payara.
the class CNonceValidator method validateCnonce.
public DigestAlgorithmParameter[] validateCnonce(DigestAlgorithmParameter[] parameters) {
if (cnonces == null) {
init();
}
String cnonce = null;
String nc = null;
// Get cnonce and nc (nonce count) from the digest parameters
for (DigestAlgorithmParameter digestParameter : parameters) {
if (digestParameter instanceof NestedDigestAlgoParamImpl) {
for (DigestAlgorithmParameter nestedDigestParameter : getNestedParams(digestParameter)) {
if (isCnonce(nestedDigestParameter)) {
cnonce = new String(nestedDigestParameter.getValue());
} else if (isNc(nestedDigestParameter)) {
nc = new String(nestedDigestParameter.getValue());
}
if (cnonce != null && nc != null) {
break;
}
}
if (cnonce != null && nc != null) {
break;
}
}
if (isCnonce(digestParameter)) {
cnonce = new String(digestParameter.getValue());
} else if (isNc(digestParameter)) {
nc = new String(digestParameter.getValue());
}
}
long currentTime = System.currentTimeMillis();
long count = getHexCount(nc);
// Throws exception if validation fails
NonceInfo info = getValidatedNonceInfo(cnonce, count);
info.setCount(count);
info.setTimestamp(currentTime);
synchronized (cnonces) {
cnonces.put(cnonce, info);
}
return parameters;
}
Also used :
NonceInfo(org.glassfish.security.common.NonceInfo)
NestedDigestAlgoParamImpl(com.sun.enterprise.security.auth.digest.impl.NestedDigestAlgoParamImpl)
DigestAlgorithmParameter(com.sun.enterprise.security.auth.digest.api.DigestAlgorithmParameter)
Example 3 with NonceInfo
use of org.glassfish.security.common.NonceInfo in project Payara by payara.
the class HACNonceCacheImpl method postConstruct.
public void postConstruct() {
localStore = new CNonceCacheImpl();
try {
BackingStoreConfiguration<String, NonceInfo> bsConfig = new BackingStoreConfiguration<String, NonceInfo>();
bsConfig.setClusterName(props.get(CLUSTER_NAME_PROP)).setInstanceName(props.get(INSTANCE_NAME_PROP)).setStoreName(storeName).setKeyClazz(String.class).setValueClazz(NonceInfo.class);
backingStore = services.getService(BackingStoreFactory.class, BS_TYPE_REPLICATED).createBackingStore(bsConfig);
} catch (BackingStoreException ex) {
logger.log(WARNING, null, ex);
}
}
Also used :
NonceInfo(org.glassfish.security.common.NonceInfo)
BackingStoreException(org.glassfish.ha.store.api.BackingStoreException)
CNonceCacheImpl(com.sun.enterprise.security.auth.digest.impl.CNonceCacheImpl)
BackingStoreConfiguration(org.glassfish.ha.store.api.BackingStoreConfiguration)
Aggregations
NonceInfo (org.glassfish.security.common.NonceInfo)3
DigestAlgorithmParameter (com.sun.enterprise.security.auth.digest.api.DigestAlgorithmParameter)2
NestedDigestAlgoParamImpl (com.sun.enterprise.security.auth.digest.impl.NestedDigestAlgoParamImpl)2
Key (com.sun.enterprise.security.auth.digest.api.Key)1
CNonceCacheImpl (com.sun.enterprise.security.auth.digest.impl.CNonceCacheImpl)1
HttpAlgorithmParameterImpl (com.sun.enterprise.security.auth.digest.impl.HttpAlgorithmParameterImpl)1
DigestCredentials (com.sun.enterprise.security.auth.login.DigestCredentials)1
WebPrincipal (com.sun.enterprise.security.web.integration.WebPrincipal)1
IOException (java.io.IOException)1
MalformedURLException (java.net.MalformedURLException)1
ProtocolException (java.net.ProtocolException)1
AuthException (javax.security.auth.message.AuthException)1
LifecycleException (org.apache.catalina.LifecycleException)1
SecurityConstraint (org.apache.catalina.deploy.SecurityConstraint)1
BackingStoreConfiguration (org.glassfish.ha.store.api.BackingStoreConfiguration)1
BackingStoreException (org.glassfish.ha.store.api.BackingStoreException)1
