Search in sources :

Example 1 with Encoder

use of org.owasp.esapi.Encoder in project OpenAM by OpenRock.

the class FederationViewBean method populateCOTTable.

private void populateCOTTable() {
    tablePopulated = true;
    FSAuthDomainsModel model = (FSAuthDomainsModel) getModel();
    Set circleOfTrustDescriptors = model.getCircleOfTrustDescriptors();
    CCActionTableModel tableModel = (CCActionTableModel) propertySheetModel.getModel(COT_TABLE);
    tableModel.clearAll();
    SerializedField szCache = (SerializedField) getChild(SZ_CACHE);
    if ((circleOfTrustDescriptors != null) && (!circleOfTrustDescriptors.isEmpty())) {
        List cache = new ArrayList(circleOfTrustDescriptors.size());
        boolean first = true;
        for (Iterator iter = circleOfTrustDescriptors.iterator(); iter.hasNext(); ) {
            if (first) {
                first = false;
            } else {
                tableModel.appendRow();
            }
            CircleOfTrustDescriptor desc = (CircleOfTrustDescriptor) iter.next();
            String name = desc.getCircleOfTrustName();
            tableModel.setValue(COT_NAME_VALUE, name);
            tableModel.setValue(COT_NAME_HREF, stringToHex(name));
            // get entity/provider name
            Set entitySet = desc.getTrustedProviders();
            if ((entitySet != null) && (!entitySet.isEmpty())) {
                Iterator it = entitySet.iterator();
                StringBuffer sb = new StringBuffer();
                Encoder encoder = ESAPI.encoder();
                while (it.hasNext()) {
                    String entity = (String) it.next();
                    sb.append(encoder.encodeForHTML(entity)).append("<br>");
                }
                tableModel.setValue(COT_ENTITY_VALUE, sb.toString());
            } else {
                tableModel.setValue(COT_ENTITY_VALUE, "");
            }
            // get realm name
            String realm = desc.getCircleOfTrustRealm();
            tableModel.setValue(COT_REALM_VALUE, realm);
            // get cot status
            String status = desc.getCircleOfTrustStatus();
            if ((status != null) && status.equals("active")) {
                tableModel.setValue(COT_STATUS_VALUE, "label.active");
            } else {
                tableModel.setValue(COT_STATUS_VALUE, "label.inactive");
            }
            cache.add(name + "," + realm);
        }
        szCache.setValue((ArrayList) cache);
    } else {
        szCache.setValue(null);
    }
}
Also used : HashSet(java.util.HashSet) Set(java.util.Set) OrderedSet(com.sun.identity.shared.datastruct.OrderedSet) CCActionTableModel(com.sun.web.ui.model.CCActionTableModel) SerializedField(com.sun.identity.console.components.view.html.SerializedField) Encoder(org.owasp.esapi.Encoder) ArrayList(java.util.ArrayList) Iterator(java.util.Iterator) FSAuthDomainsModel(com.sun.identity.console.federation.model.FSAuthDomainsModel) ArrayList(java.util.ArrayList) OptionList(com.iplanet.jato.view.html.OptionList) List(java.util.List) CircleOfTrustDescriptor(com.sun.identity.cot.CircleOfTrustDescriptor)

Example 2 with Encoder

use of org.owasp.esapi.Encoder in project OpenAM by OpenRock.

the class ConsumerRequest method postConsumerRegistrations.

/**
     * POST method for registering a Service Consumer
     * and obtaining corresponding consumer key & secret.
     *
     * @param formParams {@link String} containing the service 
     * consumer's description.
     * This description takes the form of name=value pairs separated by &.
     * The following parameters are supported:
     * <OL>
     * <LI>name - the service consumer's name.</LI>
     * <LI>icon - the service consumer's URI for its icon (MUST be unique).</LI>
     * <LI>service - the service consumer's URI for its service</LI>
     * <LI>rsapublickey - (optional) the RSA public key of the Service Consumer.</LI>
     * </OL>
     * <p>
     *
     * Example of string:
     * <pre>
     *  name=Service XYZ&icon=http://www.example.com/icon.jpg&service=http://www.example.com
     * </pre>
     *
     *
     * @return an HTTP response with content of the created resource.
     * The location URI is set to the newly created OAuth consumer key.
     * The body of the response is of the form:
     * <pre>
     * consumer_key=http://serviceprovider/0123456762121
     * consumer_secret=12345633
     * </pre>
     * Both values are URL encoded.
     */
@POST
@Consumes("application/x-www-form-urlencoded")
public Response postConsumerRegistrations(MultivaluedMap<String, String> formParams) {
    OAuthResourceManager oauthResMgr = OAuthResourceManager.getInstance();
    try {
        Consumer cons = new Consumer();
        String cert = null;
        String tmpsecret = null;
        Boolean keyed = false;
        Set<String> pnames = formParams.keySet();
        Iterator<String> iter = pnames.iterator();
        Encoder enc = ESAPI.encoder();
        Validator validator = ESAPI.validator();
        while (iter.hasNext()) {
            String key = iter.next();
            String val = formParams.getFirst(key);
            if (key.equalsIgnoreCase(C_NAME)) {
                String consumerName = enc.canonicalize(val);
                if (!validator.isValidInput(C_NAME, consumerName, "HTTPParameterValue", 512, true)) {
                    String resp = "Invalid name entered entered. Please try again.";
                    return Response.ok().entity(resp).type(MediaType.APPLICATION_FORM_URLENCODED).build();
                }
                // Check if a consumer with the same name is already registered,
                // if so, will not do the registration again.
                Map<String, String> searchMap = new HashMap<String, String>();
                searchMap.put(CONSUMER_NAME, consumerName);
                List<Consumer> consumers = oauthResMgr.searchConsumers(searchMap);
                if ((consumers != null) && (!consumers.isEmpty())) {
                    String resp = "A consumer is already registered with name " + enc.encodeForHTML(consumerName) + ".";
                    return Response.ok().entity(resp).type(MediaType.APPLICATION_FORM_URLENCODED).build();
                }
                cons.setConsName(consumerName);
            } else if (key.equalsIgnoreCase(C_CERT)) {
                // The cert is in PEM format (no URL decode needed)
                cert = val;
            } else if (key.equalsIgnoreCase(C_SECRET)) {
                tmpsecret = URLDecoder.decode(val);
            } else if (key.equalsIgnoreCase(C_KEY)) {
                keyed = true;
                String consumerKey = enc.canonicalize(val);
                if (!validator.isValidInput(C_KEY, consumerKey, "HTTPParameterValue", 512, true)) {
                    String resp = "Invalid key entered entered. Please try again.";
                    return Response.ok().entity(resp).type(MediaType.APPLICATION_FORM_URLENCODED).build();
                }
                // Check if a consumer with the same key is already registered,
                // if so, will not do the registration again.
                cons.setConsKey(consumerKey);
                Map<String, String> searchMap = new HashMap<String, String>();
                searchMap.put(CONSUMER_KEY, consumerKey);
                List<Consumer> consumers = oauthResMgr.searchConsumers(searchMap);
                if ((consumers != null) && (!consumers.isEmpty())) {
                    String resp = "A consumer is already registered with key " + enc.encodeForHTML(consumerKey) + ".";
                    return Response.ok().entity(resp).type(MediaType.APPLICATION_FORM_URLENCODED).build();
                }
            } else {
            // anything else is ignored for the time being
            }
        }
        if (cert != null) {
            cons.setConsRsakey(cert);
        }
        if (tmpsecret != null) {
            cons.setConsSecret(tmpsecret);
        } else {
            cons.setConsSecret(new UniqueRandomString().getString());
        }
        if (!keyed) {
            String baseUri = context.getBaseUri().toString();
            if (baseUri.endsWith("/"))
                baseUri = baseUri.substring(0, baseUri.length() - 1);
            URI loc = URI.create(baseUri + PathDefs.CONSUMERS_PATH + "/" + new UniqueRandomString().getString());
            String consKey = loc.toString();
            cons.setConsKey(consKey);
        }
        oauthResMgr.createConsumer(null, cons);
        String resp = "consumer_key=" + URLEncoder.encode(cons.getConsKey()) + "&consumer_secret=" + URLEncoder.encode(cons.getConsSecret());
        return Response.created(URI.create(cons.getConsKey())).entity(resp).type(MediaType.APPLICATION_FORM_URLENCODED).build();
    } catch (OAuthServiceException e) {
        Logger.getLogger(ConsumerRequest.class.getName()).log(Level.SEVERE, null, e);
        throw new WebApplicationException(e);
    } catch (IntrusionException e) {
        Logger.getLogger(ConsumerRequest.class.getName()).log(Level.SEVERE, null, e);
        throw new WebApplicationException(e);
    } catch (EncodingException e) {
        Logger.getLogger(ConsumerRequest.class.getName()).log(Level.SEVERE, null, e);
        throw new WebApplicationException(e);
    }
}
Also used : UniqueRandomString(com.sun.identity.oauth.service.util.UniqueRandomString) WebApplicationException(javax.ws.rs.WebApplicationException) HashMap(java.util.HashMap) EncodingException(org.owasp.esapi.errors.EncodingException) UniqueRandomString(com.sun.identity.oauth.service.util.UniqueRandomString) URI(java.net.URI) Consumer(com.sun.identity.oauth.service.models.Consumer) Encoder(org.owasp.esapi.Encoder) URLEncoder(java.net.URLEncoder) List(java.util.List) IntrusionException(org.owasp.esapi.errors.IntrusionException) HashMap(java.util.HashMap) Map(java.util.Map) MultivaluedMap(javax.ws.rs.core.MultivaluedMap) Validator(org.owasp.esapi.Validator) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes)

Example 3 with Encoder

use of org.owasp.esapi.Encoder in project simba-os by cegeka.

the class ActiveDirectoryLoginModule method verifyLoginData.

@Override
protected boolean verifyLoginData() throws FailedLoginException {
    String[] returnedAtts = { authenticationAttribute };
    Encoder encoder = DefaultEncoder.getInstance();
    String requestSearchFilter = searchFilter.replaceAll("%USERNAME%", encoder.encodeForLDAP(getUsername()));
    SearchControls searchCtls = new SearchControls();
    searchCtls.setReturningAttributes(returnedAtts);
    searchCtls.setSearchScope(searchScope);
    Hashtable<String, String> env = getEnv();
    debug("Verifying credentials for user: " + getUsername());
    boolean ldapUser = false;
    String userCN = null;
    try {
        LdapContext ldapContext = getLdapContext(env);
        if (ldapContext != null) {
            NamingEnumeration<SearchResult> answer = ldapContext.search(searchBase, requestSearchFilter, searchCtls);
            while (!ldapUser && answer.hasMoreElements()) {
                SearchResult sr = answer.next();
                userCN = sr.getName();
                Attributes attrs = sr.getAttributes();
                if (attrs != null) {
                    NamingEnumeration<? extends Attribute> ne = attrs.getAll();
                    ldapUser = ne.hasMore();
                    ne.close();
                }
            }
            debug("Authentication succeeded");
            if (Boolean.TRUE.equals(GlobalContext.locate(ConfigurationServiceImpl.class).getValue(SimbaConfigurationParameter.ENABLE_AD_GROUPS)) && userCN != null) {
                updateUserGroups(ldapContext, userCN);
            }
        }
        return ldapUser;
    } catch (NamingException ex) {
        debug("Authentication failed");
        throw new FailedLoginException(ex.getMessage());
    }
}
Also used : Attributes(javax.naming.directory.Attributes) SearchResult(javax.naming.directory.SearchResult) ConfigurationServiceImpl(org.simbasecurity.core.service.config.ConfigurationServiceImpl) FailedLoginException(javax.security.auth.login.FailedLoginException) Encoder(org.owasp.esapi.Encoder) DefaultEncoder(org.owasp.esapi.reference.DefaultEncoder) SearchControls(javax.naming.directory.SearchControls) NamingException(javax.naming.NamingException) InitialLdapContext(javax.naming.ldap.InitialLdapContext) LdapContext(javax.naming.ldap.LdapContext)

Aggregations

Encoder (org.owasp.esapi.Encoder)3 List (java.util.List)2 OptionList (com.iplanet.jato.view.html.OptionList)1 SerializedField (com.sun.identity.console.components.view.html.SerializedField)1 FSAuthDomainsModel (com.sun.identity.console.federation.model.FSAuthDomainsModel)1 CircleOfTrustDescriptor (com.sun.identity.cot.CircleOfTrustDescriptor)1 Consumer (com.sun.identity.oauth.service.models.Consumer)1 UniqueRandomString (com.sun.identity.oauth.service.util.UniqueRandomString)1 OrderedSet (com.sun.identity.shared.datastruct.OrderedSet)1 CCActionTableModel (com.sun.web.ui.model.CCActionTableModel)1 URI (java.net.URI)1 URLEncoder (java.net.URLEncoder)1 ArrayList (java.util.ArrayList)1 HashMap (java.util.HashMap)1 HashSet (java.util.HashSet)1 Iterator (java.util.Iterator)1 Map (java.util.Map)1 Set (java.util.Set)1 NamingException (javax.naming.NamingException)1 Attributes (javax.naming.directory.Attributes)1