Example 1 with AuthenticatorException
use of org.platformlayer.auth.AuthenticatorException in project platformlayer by platformlayer.
the class LoginService method authenticate.
public AuthenticateResponse authenticate(HttpServletRequest httpRequest, AuthenticateRequest request) {
AuthenticateResponse response = new AuthenticateResponse();
String username = null;
UserEntity user = null;
if (request.auth.passwordCredentials != null) {
username = request.auth.passwordCredentials.username;
String password = request.auth.passwordCredentials.password;
try {
user = userAuthenticator.authenticate(username, password);
} catch (AuthenticatorException e) {
// An exception indicates something went wrong (i.e. not just
// bad credentials)
log.warn("Error while getting user info", e);
throw new IllegalStateException("Error while getting user info", e);
}
} else if (request.auth.certificateCredentials != null) {
username = request.auth.certificateCredentials.username;
X509Certificate[] certificateChain = HttpUtils.getCertificateChain(httpRequest);
if (certificateChain == null) {
return null;
}
byte[] challengeResponse = request.auth.certificateCredentials.challengeResponse;
CertificateAuthenticationRequest details = new CertificateAuthenticationRequest();
details.certificateChain = certificateChain;
details.username = username;
// details.projectKey = projectKey;
details.challengeResponse = challengeResponse;
CertificateAuthenticationResponse result = null;
try {
result = userAuthenticator.authenticate(details);
} catch (AuthenticatorException e) {
log.warn("Error while authenticating by certificate", e);
throw new IllegalStateException("Error while authenticating by certificate", e);
}
if (result == null) {
return null;
}
if (challengeResponse != null) {
if (result.user == null) {
return null;
}
user = (UserEntity) result.user;
} else {
log.debug("Returning authentication challenge for user: " + username);
response.challenge = result.challenge;
return response;
}
} else {
return null;
}
if (user == null) {
log.debug("Authentication request failed. Username=" + username);
return null;
}
log.debug("Successful authentication for user: " + user.key);
response.access = tokenHelpers.buildAccess(user);
return response;
}
Also used :
AuthenticateResponse(org.platformlayer.auth.model.AuthenticateResponse)
CertificateAuthenticationResponse(org.platformlayer.auth.CertificateAuthenticationResponse)
CertificateAuthenticationRequest(org.platformlayer.auth.CertificateAuthenticationRequest)
AuthenticatorException(org.platformlayer.auth.AuthenticatorException)
UserEntity(org.platformlayer.auth.UserEntity)
Example 2 with AuthenticatorException
use of org.platformlayer.auth.AuthenticatorException in project platformlayer by platformlayer.
the class KeychainResource method authorizeCertificateChain.
@POST
public ValidateTokenResponse authorizeCertificateChain(@QueryParam("project") String project, CertificateChainInfo chain) {
try {
requireSystemAccess();
} catch (AuthenticatorException e) {
log.warn("Error while checking system token", e);
throwInternalError();
}
UserEntity userEntity = null;
try {
boolean unlock = false;
userEntity = userAuthenticator.findUserFromKeychain(chain, unlock);
} catch (AuthenticatorException e) {
log.warn("Error while fetching user", e);
throwInternalError();
}
if (userEntity == null) {
throw404NotFound();
}
ValidateTokenResponse response = new ValidateTokenResponse();
response.access = new ValidateAccess();
response.access.user = Mapping.mapToUserValidation(userEntity);
// response.access.token = new Token();
// response.access.token.expires = checkTokenInfo.expiration;
// response.access.token.id = checkToken;
String checkProject = project;
if (checkProject != null) {
ProjectEntity projectEntity = null;
try {
projectEntity = userAuthenticator.findProject(checkProject);
} catch (AuthenticatorException e) {
log.warn("Error while fetching project", e);
throwInternalError();
}
if (projectEntity == null) {
throw404NotFound();
}
// Note that we do not unlock the user / project; we don't have any secret material
// TODO: We could return stuff encrypted with the user's public key
// projectEntity.unlockWithUser(userEntity);
//
// if (!projectEntity.isSecretValid()) {
// throw404NotFound();
// }
UserProjectEntity userProject = null;
try {
userProject = userAuthenticator.findUserProject(userEntity, projectEntity);
} catch (AuthenticatorException e) {
log.warn("Error while fetching project", e);
throwInternalError();
}
if (userProject == null) {
// Not a member of project
throw404NotFound();
}
response.access.project = Mapping.mapToProject(projectEntity);
response.access.project.roles = Mapping.mapToRoles(userProject.getRoles());
}
return response;
}
Also used :
ValidateTokenResponse(org.platformlayer.auth.model.ValidateTokenResponse)
ValidateAccess(org.platformlayer.auth.model.ValidateAccess)
UserProjectEntity(org.platformlayer.auth.UserProjectEntity)
ProjectEntity(org.platformlayer.auth.ProjectEntity)
AuthenticatorException(org.platformlayer.auth.AuthenticatorException)
UserProjectEntity(org.platformlayer.auth.UserProjectEntity)
UserEntity(org.platformlayer.auth.UserEntity)
POST(javax.ws.rs.POST)
Example 3 with AuthenticatorException
use of org.platformlayer.auth.AuthenticatorException in project platformlayer by platformlayer.
the class ServicesResource method checkServiceAccess.
@POST
@Path("check")
public CheckServiceAccessResponse checkServiceAccess(CheckServiceAccessRequest request) {
try {
requireSystemAccess();
} catch (AuthenticatorException e) {
log.warn("Error while checking system token", e);
throwInternalError();
}
ServiceAccountEntity serviceAccount = null;
try {
serviceAccount = systemAuthenticator.authenticate(request.chain);
} catch (AuthenticatorException e) {
log.warn("Error while authenticating chain", e);
throwInternalError();
}
CheckServiceAccessResponse response = new CheckServiceAccessResponse();
if (serviceAccount != null) {
response.serviceAccount = serviceAccount.subject;
}
return response;
}
Also used :
AuthenticatorException(org.platformlayer.auth.AuthenticatorException)
CheckServiceAccessResponse(org.platformlayer.auth.model.CheckServiceAccessResponse)
ServiceAccountEntity(org.platformlayer.auth.ServiceAccountEntity)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Example 4 with AuthenticatorException
use of org.platformlayer.auth.AuthenticatorException in project platformlayer by platformlayer.
the class ClientCertificateSystemAuthenticator method authenticate.
@Override
public ServiceAccountEntity authenticate(CertificateChainInfo certChainInfo) throws AuthenticatorException {
if (certChainInfo.certificates.size() == 0) {
log.debug("Chain empty; can't authenticate");
return null;
}
// If it's a single cert; we check the cert.
// Otherwise, we assume a CA signed the tail cert, so we check the penultimate cert
CertificateInfo inspect;
if (certChainInfo.certificates.size() == 1) {
inspect = certChainInfo.certificates.get(0);
} else {
inspect = certChainInfo.certificates.get(1);
}
String subject = inspect.subjectDN;
if (Strings.isNullOrEmpty(inspect.publicKey)) {
throw new IllegalArgumentException();
}
byte[] publicKey = Hex.fromHex(inspect.publicKey);
ServiceAccountEntity auth;
try {
auth = repository.findServiceAccount(subject, publicKey);
} catch (RepositoryException e) {
throw new AuthenticatorException("Error while authenticating user", e);
}
if (auth == null) {
log.debug("Certificate validation failed (though the caller was authenticated)");
log.debug("Certificate validation failed - public key not recognized: " + Hex.toHex(publicKey));
log.debug("Certificate validation failed - chain: " + certChainInfo);
}
return auth;
}
Also used :
CertificateInfo(org.platformlayer.auth.model.CertificateInfo)
AuthenticatorException(org.platformlayer.auth.AuthenticatorException)
ServiceAccountEntity(org.platformlayer.auth.ServiceAccountEntity)
RepositoryException(org.platformlayer.RepositoryException)
Example 5 with AuthenticatorException
use of org.platformlayer.auth.AuthenticatorException in project platformlayer by platformlayer.
the class KeystoneRepositoryAuthenticator method findUserFromKeychain.
@Override
public UserEntity findUserFromKeychain(CertificateChainInfo chain, boolean unlock) throws AuthenticatorException {
if (chain.certificates == null || chain.certificates.isEmpty()) {
return null;
}
for (int i = 0; i < chain.certificates.size(); i++) {
String publicKeyHash = chain.certificates.get(i).publicKeyHash;
if (Strings.isNullOrEmpty(publicKeyHash)) {
continue;
}
log.debug("Checking publicKeyHash: " + publicKeyHash);
byte[] hash = Hex.fromHex(publicKeyHash);
UserEntity user;
try {
user = repository.findUserByPublicKey(hash);
} catch (RepositoryException e) {
throw new AuthenticatorException("Error while authenticating user", e);
}
if (user != null) {
return user;
}
}
return null;
}
Also used :
AuthenticatorException(org.platformlayer.auth.AuthenticatorException)
RepositoryException(org.platformlayer.RepositoryException)
UserEntity(org.platformlayer.auth.UserEntity)
Aggregations
AuthenticatorException (org.platformlayer.auth.AuthenticatorException)8
UserEntity (org.platformlayer.auth.UserEntity)5
POST (javax.ws.rs.POST)3
Path (javax.ws.rs.Path)3
RepositoryException (org.platformlayer.RepositoryException)3
ProjectEntity (org.platformlayer.auth.ProjectEntity)3
ServiceAccountEntity (org.platformlayer.auth.ServiceAccountEntity)2
UserProjectEntity (org.platformlayer.auth.UserProjectEntity)2
ValidateAccess (org.platformlayer.auth.model.ValidateAccess)2
ValidateTokenResponse (org.platformlayer.auth.model.ValidateTokenResponse)2
CryptoKey (com.fathomdb.crypto.CryptoKey)1
X509Certificate (java.security.cert.X509Certificate)1
GET (javax.ws.rs.GET)1
CertificateAuthenticationRequest (org.platformlayer.auth.CertificateAuthenticationRequest)1
CertificateAuthenticationResponse (org.platformlayer.auth.CertificateAuthenticationResponse)1
AuthenticateResponse (org.platformlayer.auth.model.AuthenticateResponse)1
CertificateInfo (org.platformlayer.auth.model.CertificateInfo)1
CheckServiceAccessResponse (org.platformlayer.auth.model.CheckServiceAccessResponse)1
SignCertificateResponse (org.platformlayer.auth.model.SignCertificateResponse)1
Token (org.platformlayer.auth.model.Token)1
