Examples with PasswordData password.pwm.util.PasswordData used on opensource projects

Example 26 with PasswordData

use of password.pwm.util.PasswordData in project pwm by pwm-project.

the class SessionAuthenticator method postAuthenticationSequence.

private void postAuthenticationSequence(final UserIdentity userIdentity, final AuthenticationResult authenticationResult) throws PwmUnrecoverableException, ChaiUnavailableException {
    final IntruderManager intruderManager = pwmApplication.getIntruderManager();
    final LocalSessionStateBean ssBean = pwmSession.getSessionStateBean();
    final LoginInfoBean loginInfoBean = pwmSession.getLoginInfoBean();
    // auth succeed
    loginInfoBean.setAuthenticated(true);
    loginInfoBean.setUserIdentity(userIdentity);
    // update the session connection
    pwmSession.getSessionManager().setChaiProvider(authenticationResult.getUserProvider());
    // update the actor user info bean
    {
        final UserInfo userInfoBean;
        if (authenticationResult.getAuthenticationType() == AuthenticationType.AUTH_BIND_INHIBIT) {
            userInfoBean = UserInfoFactory.newUserInfo(pwmApplication, pwmSession.getLabel(), ssBean.getLocale(), userIdentity, pwmApplication.getProxyChaiProvider(userIdentity.getLdapProfileID()));
        } else {
            userInfoBean = UserInfoFactory.newUserInfoUsingProxy(pwmApplication, pwmSession.getLabel(), userIdentity, ssBean.getLocale(), authenticationResult.getUserPassword());
        }
        pwmSession.setUserInfo(userInfoBean);
    }
    // mark the auth time
    pwmSession.getLoginInfoBean().setAuthTime(Instant.now());
    // update the resulting authType
    pwmSession.getLoginInfoBean().setType(authenticationResult.getAuthenticationType());
    pwmSession.getLoginInfoBean().setAuthSource(authenticationSource);
    // save the password in the login bean
    final PasswordData userPassword = authenticationResult.getUserPassword();
    pwmSession.getLoginInfoBean().setUserCurrentPassword(userPassword);
    // notify the intruder manager with a successful login
    intruderManager.clear(RecordType.USERNAME, pwmSession.getUserInfo().getUsername());
    intruderManager.convenience().clearUserIdentity(userIdentity);
    intruderManager.convenience().clearAddressAndSession(pwmSession);
    if (pwmApplication.getStatisticsManager() != null) {
        final StatisticsManager statisticsManager = pwmApplication.getStatisticsManager();
        if (pwmSession.getUserInfo().getPasswordStatus().isWarnPeriod()) {
            statisticsManager.incrementValue(Statistic.AUTHENTICATION_EXPIRED_WARNING);
        } else if (pwmSession.getUserInfo().getPasswordStatus().isPreExpired()) {
            statisticsManager.incrementValue(Statistic.AUTHENTICATION_PRE_EXPIRED);
        } else if (pwmSession.getUserInfo().getPasswordStatus().isExpired()) {
            statisticsManager.incrementValue(Statistic.AUTHENTICATION_EXPIRED);
        }
    }
    // clear permission cache - needs rechecking after login
    LOGGER.debug(pwmSession, "clearing permission cache");
    pwmSession.getUserSessionDataCacheBean().clearPermissions();
}

Example 27 with PasswordData

use of password.pwm.util.PasswordData in project pwm by pwm-project.

the class SessionAuthenticator method simulateBadPassword.

public void simulateBadPassword(final UserIdentity userIdentity) throws PwmUnrecoverableException {
    if (!pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.SECURITY_SIMULATE_LDAP_BAD_PASSWORD)) {
        return;
    } else {
        LOGGER.trace(sessionLabel, "performing bad-password login attempt against ldap directory as a result of " + "forgotten password recovery invalid attempt against " + userIdentity);
    }
    if (userIdentity == null || userIdentity.getUserDN() == null || userIdentity.getUserDN().length() < 1) {
        LOGGER.error(sessionLabel, "attempt to simulateBadPassword with null userDN");
        return;
    }
    LOGGER.trace(sessionLabel, "beginning simulateBadPassword process");
    final PasswordData bogusPassword = new PasswordData(PwmConstants.DEFAULT_BAD_PASSWORD_ATTEMPT);
    // try authenticating the user using a normal ldap BIND operation.
    LOGGER.trace(sessionLabel, "attempting authentication using ldap BIND");
    ChaiProvider provider = null;
    try {
        // read a provider using the user's DN and password.
        provider = LdapOperationsHelper.createChaiProvider(pwmApplication, sessionLabel, userIdentity.getLdapProfile(pwmApplication.getConfig()), pwmApplication.getConfig(), userIdentity.getUserDN(), bogusPassword);
        // issue a read operation to trigger a bind.
        provider.readStringAttribute(userIdentity.getUserDN(), ChaiConstant.ATTR_LDAP_OBJECTCLASS);
        LOGGER.debug(sessionLabel, "bad-password login attempt succeeded for " + userIdentity);
    } catch (ChaiException e) {
        if (e.getErrorCode() == ChaiError.PASSWORD_BADPASSWORD) {
            LOGGER.trace(sessionLabel, "bad-password login simulation succeeded for; " + userIdentity + " result: " + e.getMessage());
        } else {
            LOGGER.debug(sessionLabel, "unexpected error during simulated bad-password login attempt for " + userIdentity + "; result: " + e.getMessage());
        }
    } finally {
        if (provider != null) {
            try {
                provider.close();
            } catch (Throwable e) {
                LOGGER.error(sessionLabel, "unexpected error closing invalid ldap connection after simulated bad-password failed login attempt: " + e.getMessage());
            }
        }
    }
}

Example 28 with PasswordData

use of password.pwm.util.PasswordData in project pwm by pwm-project.

the class EmailServerUtil method makeEmailServersMap.

static List<EmailServer> makeEmailServersMap(final Configuration configuration) {
    final List<EmailServer> returnObj = new ArrayList<>();
    final Collection<EmailServerProfile> profiles = configuration.getEmailServerProfiles().values();
    for (final EmailServerProfile profile : profiles) {
        final String id = profile.getIdentifier();
        final String address = profile.readSettingAsString(PwmSetting.EMAIL_SERVER_ADDRESS);
        final int port = (int) profile.readSettingAsLong(PwmSetting.EMAIL_SERVER_PORT);
        final String username = profile.readSettingAsString(PwmSetting.EMAIL_USERNAME);
        final PasswordData password = profile.readSettingAsPassword(PwmSetting.EMAIL_PASSWORD);
        if (!StringUtil.isEmpty(address) && port > 0) {
            final Properties properties = makeJavaMailProps(configuration, address, port);
            final javax.mail.Session session = javax.mail.Session.getInstance(properties, null);
            final EmailServer emailServer = EmailServer.builder().id(id).host(address).port(port).username(username).password(password).javaMailProps(properties).session(session).build();
            returnObj.add(emailServer);
        } else {
            LOGGER.warn("discarding incompletely configured email address for smtp server profile " + id);
        }
    }
    return returnObj;
}

Example 29 with PasswordData

use of password.pwm.util.PasswordData in project pwm by pwm-project.

the class ImportHttpsKeyStoreCommand method doCommand.

@Override
void doCommand() throws Exception {
    final File inputFile = (File) cliEnvironment.getOptions().get(CliParameters.REQUIRED_EXISTING_INPUT_FILE.getName());
    if (inputFile == null || !inputFile.exists()) {
        out(CliParameters.REQUIRED_EXISTING_INPUT_FILE.getName() + " does not exist");
        return;
    }
    final String formatString = (String) cliEnvironment.getOptions().get(FORMAT_OPTIONNAME);
    final HttpsServerCertificateManager.KeyStoreFormat format;
    try {
        format = HttpsServerCertificateManager.KeyStoreFormat.valueOf(formatString);
    } catch (IllegalArgumentException e) {
        out("unknown format '" + formatString + "', must be one of " + StringUtil.join(HttpsServerCertificateManager.KeyStoreFormat.values(), ","));
        return;
    }
    final String keyStorePassword = getOptionalPassword();
    final String inputAliasName = (String) cliEnvironment.getOptions().get(ALIAS_OPTIONNAME);
    final ConfigurationReader configurationReader = new ConfigurationReader(cliEnvironment.getConfigurationFile());
    final StoredConfigurationImpl storedConfiguration = configurationReader.getStoredConfiguration();
    try (FileInputStream fileInputStream = new FileInputStream(inputFile)) {
        HttpsServerCertificateManager.importKey(storedConfiguration, format, fileInputStream, new PasswordData(keyStorePassword), inputAliasName);
    } catch (Exception e) {
        out("unable to load configured https certificate: " + e.getMessage());
        return;
    }
    configurationReader.saveConfiguration(storedConfiguration, cliEnvironment.getPwmApplication(), SessionLabel.CLI_SESSION_LABEL);
    out("success");
}

Example 30 with PasswordData

use of password.pwm.util.PasswordData in project pwm by pwm-project.

the class ExportHttpsKeyStoreCommand method doCommand.

@Override
void doCommand() throws Exception {
    final File outputFile = (File) cliEnvironment.getOptions().get(CliParameters.REQUIRED_NEW_OUTPUT_FILE.getName());
    if (outputFile.exists()) {
        out("outputFile for ExportHttpsKeyStore cannot already exist");
        return;
    }
    final String password = getOptionalPassword();
    final String alias = (String) cliEnvironment.getOptions().get(ALIAS_OPTIONNAME);
    final KeyStore keyStore = HttpsServerCertificateManager.keyStoreForApplication(cliEnvironment.getPwmApplication(), new PasswordData(password), alias);
    try (FileOutputStream fos = new FileOutputStream(outputFile)) {
        keyStore.store(fos, password.toCharArray());
        fos.close();
    }
    out("successfully exported java keystore to " + outputFile.getAbsolutePath());
}