Search in sources :

Example 1 with AuthenticatorException

use of org.platformlayer.auth.AuthenticatorException in project platformlayer by platformlayer.

the class LoginService method authenticate.

public AuthenticateResponse authenticate(HttpServletRequest httpRequest, AuthenticateRequest request) {
    AuthenticateResponse response = new AuthenticateResponse();
    String username = null;
    UserEntity user = null;
    if (request.auth.passwordCredentials != null) {
        username = request.auth.passwordCredentials.username;
        String password = request.auth.passwordCredentials.password;
        try {
            user = userAuthenticator.authenticate(username, password);
        } catch (AuthenticatorException e) {
            // An exception indicates something went wrong (i.e. not just
            // bad credentials)
            log.warn("Error while getting user info", e);
            throw new IllegalStateException("Error while getting user info", e);
        }
    } else if (request.auth.certificateCredentials != null) {
        username = request.auth.certificateCredentials.username;
        X509Certificate[] certificateChain = HttpUtils.getCertificateChain(httpRequest);
        if (certificateChain == null) {
            return null;
        }
        byte[] challengeResponse = request.auth.certificateCredentials.challengeResponse;
        CertificateAuthenticationRequest details = new CertificateAuthenticationRequest();
        details.certificateChain = certificateChain;
        details.username = username;
        // details.projectKey = projectKey;
        details.challengeResponse = challengeResponse;
        CertificateAuthenticationResponse result = null;
        try {
            result = userAuthenticator.authenticate(details);
        } catch (AuthenticatorException e) {
            log.warn("Error while authenticating by certificate", e);
            throw new IllegalStateException("Error while authenticating by certificate", e);
        }
        if (result == null) {
            return null;
        }
        if (challengeResponse != null) {
            if (result.user == null) {
                return null;
            }
            user = (UserEntity) result.user;
        } else {
            log.debug("Returning authentication challenge for user: " + username);
            response.challenge = result.challenge;
            return response;
        }
    } else {
        return null;
    }
    if (user == null) {
        log.debug("Authentication request failed.  Username=" + username);
        return null;
    }
    log.debug("Successful authentication for user: " + user.key);
    response.access = tokenHelpers.buildAccess(user);
    return response;
}
Also used : AuthenticateResponse(org.platformlayer.auth.model.AuthenticateResponse) CertificateAuthenticationResponse(org.platformlayer.auth.CertificateAuthenticationResponse) CertificateAuthenticationRequest(org.platformlayer.auth.CertificateAuthenticationRequest) AuthenticatorException(org.platformlayer.auth.AuthenticatorException) UserEntity(org.platformlayer.auth.UserEntity)

Example 2 with AuthenticatorException

use of org.platformlayer.auth.AuthenticatorException in project platformlayer by platformlayer.

the class KeychainResource method authorizeCertificateChain.

@POST
public ValidateTokenResponse authorizeCertificateChain(@QueryParam("project") String project, CertificateChainInfo chain) {
    try {
        requireSystemAccess();
    } catch (AuthenticatorException e) {
        log.warn("Error while checking system token", e);
        throwInternalError();
    }
    UserEntity userEntity = null;
    try {
        boolean unlock = false;
        userEntity = userAuthenticator.findUserFromKeychain(chain, unlock);
    } catch (AuthenticatorException e) {
        log.warn("Error while fetching user", e);
        throwInternalError();
    }
    if (userEntity == null) {
        throw404NotFound();
    }
    ValidateTokenResponse response = new ValidateTokenResponse();
    response.access = new ValidateAccess();
    response.access.user = Mapping.mapToUserValidation(userEntity);
    // response.access.token = new Token();
    // response.access.token.expires = checkTokenInfo.expiration;
    // response.access.token.id = checkToken;
    String checkProject = project;
    if (checkProject != null) {
        ProjectEntity projectEntity = null;
        try {
            projectEntity = userAuthenticator.findProject(checkProject);
        } catch (AuthenticatorException e) {
            log.warn("Error while fetching project", e);
            throwInternalError();
        }
        if (projectEntity == null) {
            throw404NotFound();
        }
        // Note that we do not unlock the user / project; we don't have any secret material
        // TODO: We could return stuff encrypted with the user's public key
        // projectEntity.unlockWithUser(userEntity);
        // 
        // if (!projectEntity.isSecretValid()) {
        // throw404NotFound();
        // }
        UserProjectEntity userProject = null;
        try {
            userProject = userAuthenticator.findUserProject(userEntity, projectEntity);
        } catch (AuthenticatorException e) {
            log.warn("Error while fetching project", e);
            throwInternalError();
        }
        if (userProject == null) {
            // Not a member of project
            throw404NotFound();
        }
        response.access.project = Mapping.mapToProject(projectEntity);
        response.access.project.roles = Mapping.mapToRoles(userProject.getRoles());
    }
    return response;
}
Also used : ValidateTokenResponse(org.platformlayer.auth.model.ValidateTokenResponse) ValidateAccess(org.platformlayer.auth.model.ValidateAccess) UserProjectEntity(org.platformlayer.auth.UserProjectEntity) ProjectEntity(org.platformlayer.auth.ProjectEntity) AuthenticatorException(org.platformlayer.auth.AuthenticatorException) UserProjectEntity(org.platformlayer.auth.UserProjectEntity) UserEntity(org.platformlayer.auth.UserEntity) POST(javax.ws.rs.POST)

Example 3 with AuthenticatorException

use of org.platformlayer.auth.AuthenticatorException in project platformlayer by platformlayer.

the class ServicesResource method checkServiceAccess.

@POST
@Path("check")
public CheckServiceAccessResponse checkServiceAccess(CheckServiceAccessRequest request) {
    try {
        requireSystemAccess();
    } catch (AuthenticatorException e) {
        log.warn("Error while checking system token", e);
        throwInternalError();
    }
    ServiceAccountEntity serviceAccount = null;
    try {
        serviceAccount = systemAuthenticator.authenticate(request.chain);
    } catch (AuthenticatorException e) {
        log.warn("Error while authenticating chain", e);
        throwInternalError();
    }
    CheckServiceAccessResponse response = new CheckServiceAccessResponse();
    if (serviceAccount != null) {
        response.serviceAccount = serviceAccount.subject;
    }
    return response;
}
Also used : AuthenticatorException(org.platformlayer.auth.AuthenticatorException) CheckServiceAccessResponse(org.platformlayer.auth.model.CheckServiceAccessResponse) ServiceAccountEntity(org.platformlayer.auth.ServiceAccountEntity) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST)

Example 4 with AuthenticatorException

use of org.platformlayer.auth.AuthenticatorException in project platformlayer by platformlayer.

the class ClientCertificateSystemAuthenticator method authenticate.

@Override
public ServiceAccountEntity authenticate(CertificateChainInfo certChainInfo) throws AuthenticatorException {
    if (certChainInfo.certificates.size() == 0) {
        log.debug("Chain empty; can't authenticate");
        return null;
    }
    // If it's a single cert; we check the cert.
    // Otherwise, we assume a CA signed the tail cert, so we check the penultimate cert
    CertificateInfo inspect;
    if (certChainInfo.certificates.size() == 1) {
        inspect = certChainInfo.certificates.get(0);
    } else {
        inspect = certChainInfo.certificates.get(1);
    }
    String subject = inspect.subjectDN;
    if (Strings.isNullOrEmpty(inspect.publicKey)) {
        throw new IllegalArgumentException();
    }
    byte[] publicKey = Hex.fromHex(inspect.publicKey);
    ServiceAccountEntity auth;
    try {
        auth = repository.findServiceAccount(subject, publicKey);
    } catch (RepositoryException e) {
        throw new AuthenticatorException("Error while authenticating user", e);
    }
    if (auth == null) {
        log.debug("Certificate validation failed (though the caller was authenticated)");
        log.debug("Certificate validation failed - public key not recognized: " + Hex.toHex(publicKey));
        log.debug("Certificate validation failed - chain: " + certChainInfo);
    }
    return auth;
}
Also used : CertificateInfo(org.platformlayer.auth.model.CertificateInfo) AuthenticatorException(org.platformlayer.auth.AuthenticatorException) ServiceAccountEntity(org.platformlayer.auth.ServiceAccountEntity) RepositoryException(org.platformlayer.RepositoryException)

Example 5 with AuthenticatorException

use of org.platformlayer.auth.AuthenticatorException in project platformlayer by platformlayer.

the class KeystoneRepositoryAuthenticator method findUserFromKeychain.

@Override
public UserEntity findUserFromKeychain(CertificateChainInfo chain, boolean unlock) throws AuthenticatorException {
    if (chain.certificates == null || chain.certificates.isEmpty()) {
        return null;
    }
    for (int i = 0; i < chain.certificates.size(); i++) {
        String publicKeyHash = chain.certificates.get(i).publicKeyHash;
        if (Strings.isNullOrEmpty(publicKeyHash)) {
            continue;
        }
        log.debug("Checking publicKeyHash: " + publicKeyHash);
        byte[] hash = Hex.fromHex(publicKeyHash);
        UserEntity user;
        try {
            user = repository.findUserByPublicKey(hash);
        } catch (RepositoryException e) {
            throw new AuthenticatorException("Error while authenticating user", e);
        }
        if (user != null) {
            return user;
        }
    }
    return null;
}
Also used : AuthenticatorException(org.platformlayer.auth.AuthenticatorException) RepositoryException(org.platformlayer.RepositoryException) UserEntity(org.platformlayer.auth.UserEntity)

Aggregations

AuthenticatorException (org.platformlayer.auth.AuthenticatorException)8 UserEntity (org.platformlayer.auth.UserEntity)5 POST (javax.ws.rs.POST)3 Path (javax.ws.rs.Path)3 RepositoryException (org.platformlayer.RepositoryException)3 ProjectEntity (org.platformlayer.auth.ProjectEntity)3 ServiceAccountEntity (org.platformlayer.auth.ServiceAccountEntity)2 UserProjectEntity (org.platformlayer.auth.UserProjectEntity)2 ValidateAccess (org.platformlayer.auth.model.ValidateAccess)2 ValidateTokenResponse (org.platformlayer.auth.model.ValidateTokenResponse)2 CryptoKey (com.fathomdb.crypto.CryptoKey)1 X509Certificate (java.security.cert.X509Certificate)1 GET (javax.ws.rs.GET)1 CertificateAuthenticationRequest (org.platformlayer.auth.CertificateAuthenticationRequest)1 CertificateAuthenticationResponse (org.platformlayer.auth.CertificateAuthenticationResponse)1 AuthenticateResponse (org.platformlayer.auth.model.AuthenticateResponse)1 CertificateInfo (org.platformlayer.auth.model.CertificateInfo)1 CheckServiceAccessResponse (org.platformlayer.auth.model.CheckServiceAccessResponse)1 SignCertificateResponse (org.platformlayer.auth.model.SignCertificateResponse)1 Token (org.platformlayer.auth.model.Token)1