geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Changes accomplish the following:

Browse Source 
- Allow for binary identity attributes.
 - Simplify configuration of the svc.
This commit is contained in:
Juan Carlos Luciani 2006-05-31 15:24:01 +00:00
parent 47d8264272
commit b1966cac5f
9 changed files with 99 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
auth_token/server/AuthTokenSvc/Makefile.am
View File

@ -96,7 +96,10 @@ $(BUILDDIR)/%.class: %.java
$(BUILDDIR)/$(WEBAPP): $(BUILDDIR) $(CLASSES) $(BUILDDIR)/$(WEBAPP): $(BUILDDIR) $(CLASSES)
@echo [======== Creating Webapp $@ ========] @echo [======== Creating Webapp $@ ========]
cp src/com/novell/casa/authtoksvc/web.xml $(BUILDDIR)/webapp/WEB-INF/web.xml cp web.xml $(BUILDDIR)/webapp/WEB-INF/web.xml
cp svc.settings $(BUILDDIR)/webapp/WEB-INF/conf/svc.settings
cp authtoken.settings $(BUILDDIR)/webapp/WEB-INF/conf/authtoken.settings
cp identoken.settings $(BUILDDIR)/webapp/WEB-INF/conf/identoken.settings
cp src/com/novell/casa/authtoksvc/Krb5_mechanism.settings $(BUILDDIR)/webapp/WEB-INF/conf/installed_auth_mechanisms/Krb5Authenticate/mechanism.settings cp src/com/novell/casa/authtoksvc/Krb5_mechanism.settings $(BUILDDIR)/webapp/WEB-INF/conf/installed_auth_mechanisms/Krb5Authenticate/mechanism.settings
cp src/com/novell/casa/authtoksvc/Pwd_mechanism.settings $(BUILDDIR)/webapp/WEB-INF/conf/installed_auth_mechanisms/PwdAuthenticate/mechanism.settings cp src/com/novell/casa/authtoksvc/Pwd_mechanism.settings $(BUILDDIR)/webapp/WEB-INF/conf/installed_auth_mechanisms/PwdAuthenticate/mechanism.settings
cp $(IDENT_ABSTRACTION_DIR)/*.jar $(BUILDDIR)/webapp/WEB-INF/lib/ cp $(IDENT_ABSTRACTION_DIR)/*.jar $(BUILDDIR)/webapp/WEB-INF/lib/

4
auth_token/server/AuthTokenSvc/authtoken.settings Normal file
View File

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
<settings>
<TokenLifetime>3600</TokenLifetime>
</settings>

6
auth_token/server/AuthTokenSvc/identoken.settings Normal file
View File

@ -0,0 +1,6 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
<settings>
<EncryptAttributes>false</EncryptAttributes>
<Attributes>sn</Attributes>
</settings>

2
auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/AuthTokenConfig.java
View File

@ -46,7 +46,7 @@ public class AuthTokenConfig
public final static String IdentityTokenType = "IdentityTokenType"; public final static String IdentityTokenType = "IdentityTokenType";
// Default configuration values // Default configuration values
private String m_defaultTokenLifetimeValue = "360"; // Seconds private String m_defaultTokenLifetimeValue = "3600"; // Seconds
private String m_defaultLifetimeShorterValue = "5"; // Seconds private String m_defaultLifetimeShorterValue = "5"; // Seconds
private String m_defaultIdentityTokenTypeValue = "CasaIdentityToken"; private String m_defaultIdentityTokenTypeValue = "CasaIdentityToken";

2
auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/Authenticate.java
View File

@ -45,8 +45,6 @@ import java.net.URLClassLoader;
*/ */
public class Authenticate implements RpcMethod public class Authenticate implements RpcMethod
{ {
private static final String sessionTokenLifetime = "360"; // tbd - Obtain from configuration
private static final String m_mechanismSettingsFileName = "mechanism.settings"; private static final String m_mechanismSettingsFileName = "mechanism.settings";
private Map m_authMechanismMap; private Map m_authMechanismMap;

130
auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/CasaIdentityToken.java
View File

@ -121,7 +121,8 @@ public class CasaIdentityToken implements IdentityToken
private final static int AWAITING_ATTRIBUTE_START = 18; private final static int AWAITING_ATTRIBUTE_START = 18;
private final static int AWAITING_ATTRIBUTE_END = 19; private final static int AWAITING_ATTRIBUTE_END = 19;
private final static int AWAITING_ATTRIBUTE_DATA = 20; private final static int AWAITING_ATTRIBUTE_DATA = 20;
private final static int DONE_PARSING = 21; private final static int AWAITING_BINARY_ATTRIBUTE_DATA = 21;
private final static int DONE_PARSING = 22;
private CasaIdentityToken m_casaIdentToken; private CasaIdentityToken m_casaIdentToken;
private int m_state; private int m_state;
@ -266,8 +267,19 @@ public class CasaIdentityToken implements IdentityToken
// Save the element name as the current attribute // Save the element name as the current attribute
m_currAttribute = qName; m_currAttribute = qName;
// Advance to the next state // Advance to the next state based on the attribute type
m_state = AWAITING_ATTRIBUTE_DATA; String attrType = atts.getValue("type");
if (attrType != null && attrType.equals("binary"))
{
// We are dealing with a binary attribute. We are going to
// assume that binary attributes are always base64 encoded.
m_state = AWAITING_BINARY_ATTRIBUTE_DATA;
}
else
{
// Assume we are dealing with an attribute of type string
m_state = AWAITING_ATTRIBUTE_DATA;
}
break; break;
default: default:
@ -459,7 +471,6 @@ public class CasaIdentityToken implements IdentityToken
{ {
// tbd - Decrypt the attribute key and value with the private key of the service // tbd - Decrypt the attribute key and value with the private key of the service
// using the configured mechanism. // using the configured mechanism.
m_casaIdentToken.m_attributes.put(m_currAttribute, new String(ch, start, length));
} }
else else
{ {
@ -470,6 +481,30 @@ public class CasaIdentityToken implements IdentityToken
m_state = AWAITING_ATTRIBUTE_END; m_state = AWAITING_ATTRIBUTE_END;
break; break;
case AWAITING_BINARY_ATTRIBUTE_DATA:
// Consume the data
//
// Decrypt the attribute data if necessary
if (m_encryptedAttrs)
{
// tbd - Decrypt the attribute key and value with the private key of the service
// using the configured mechanism.
}
else
{
// The data is base64 encoded
System.err.println("CasaIdentityToken SAXHandler.characters()- encodedChars = " + length);
char[] encodedChars = new char[length];
System.arraycopy(ch, start, encodedChars, 0, length);
System.err.println("CasaIdentityToken SAXHandler.characters()- encodedChars copied to new array");
m_casaIdentToken.m_attributes.put(m_currAttribute, Base64Coder.decode(encodedChars));
System.err.println("CasaIdentityToken SAXHandler.characters()- encodedChars decoded");
}
// Advance to the next state
m_state = AWAITING_ATTRIBUTE_END;
break;
default: default:
// Do nothing // Do nothing
break; break;
@ -480,7 +515,7 @@ public class CasaIdentityToken implements IdentityToken
/* /*
* Constructor. * Constructor.
*/ */
public CasaIdentityToken(IdenTokenConfig idenTokenConfig) public CasaIdentityToken (IdenTokenConfig idenTokenConfig)
{ {
// Initialize our members // Initialize our members
m_token = null; m_token = null;
@ -491,7 +526,7 @@ public class CasaIdentityToken implements IdentityToken
/* /*
* Constructor. * Constructor.
*/ */
public CasaIdentityToken() public CasaIdentityToken ()
{ {
// Initialize our members // Initialize our members
m_token = null; m_token = null;
@ -502,11 +537,11 @@ public class CasaIdentityToken implements IdentityToken
/* /*
* Initialize with parameters. * Initialize with parameters.
*/ */
public void initialize(String identityId, public void initialize (String identityId,
String sourceName, String sourceName,
String targetService, String targetService,
String targetHost, String targetHost,
SvcConfig svcConfig) throws Exception SvcConfig svcConfig) throws Exception
{ {
// Save input parameters // Save input parameters
m_identityId = identityId; m_identityId = identityId;
@ -517,12 +552,11 @@ public class CasaIdentityToken implements IdentityToken
try try
{ {
// tbd - Read parameters from configuration and leverage Higgins.
//
// Open a directory context and use it to read the identity attributes. // Open a directory context and use it to read the identity attributes.
Hashtable env = new Hashtable(); Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "org.bandit.ia.IAInitialCtxFactory"); env.put(Context.INITIAL_CONTEXT_FACTORY, "org.bandit.ia.IAInitialCtxFactory");
env.put(IAContext.IA_REALM_CONFIG_LOCATION, svcConfig.getSetting(SvcConfig.IdentityAbstractionConfigFile)); env.put(IAContext.IA_REALM_CONFIG_LOCATION, svcConfig.getSetting(SvcConfig.IdentityAbstractionConfigFile));
env.put("java.naming.ldap.attributes.binary", "guid");
env.put(IAContext.IA_REALM_SELECTOR, sourceName); env.put(IAContext.IA_REALM_SELECTOR, sourceName);
DirContext ctx = new InitialDirContext(env); DirContext ctx = new InitialDirContext(env);
@ -552,45 +586,31 @@ public class CasaIdentityToken implements IdentityToken
NamingEnumeration enumeration = attr.getAll(); NamingEnumeration enumeration = attr.getAll();
while (enumeration.hasMore()) while (enumeration.hasMore())
{ {
String attrValue = null; Object attrValue = enumeration.next();
Object o = enumeration.next(); m_attributes.put(attr.getID(), attrValue);
if (o == null) System.err.println("CasaIdentityToken.initialize()- Including attribute " + attr.getID());
{
System.err.println("CasaIdentityToken.initialize()- null");
}
if (o instanceof java.lang.String)
{
System.err.println("CasaIdentityToken.initialize()- Type string");
attrValue = (String) o;
}
else if (o instanceof java.lang.Byte)
{
System.err.println("CasaIdentityToken.initialize()- Type byte[]");
attrValue = ((byte[]) o).toString();
}
// Proceed if we were able to get the attribute value in String form // Encrypt the attribute if necessary
if (attrValue != null) if (encryptAttributes == true)
{ {
m_attributes.put(attr.getID(), attrValue); // tbd - Encrypt the attributes using the services public key, let the mechanism
System.err.println("CasaIdentityToken.initialize()- Including attribute " + attr.getID() + " of value " + attrValue); // be configurable. The service's certificate should be Base64 encoded as a setting
// of the identoken.settings file.
// Encrypt the attribute if necessary
if (encryptAttributes == true)
{
// tbd - Encrypt the attributes using the services public key, let the mechanism
// be configurable. The services certificate should be Base64 encoded as a setting
// of the identoken.settings file.
sb.append("<" + attr.getID() + ">" + attrValue + "</" + attr.getID() + ">" + "\r\n");
}
else
{
sb.append("<" + attr.getID() + ">" + attrValue + "</" + attr.getID() + ">" + "\r\n");
}
} }
else else
{ {
System.err.println("CasaIdentityToken.initialize()- Unrecognized object type for attribute " + attr.getID()); // Proceed based on the attribute value type
if (attrValue instanceof byte[])
{
// The attribute value is of type byte[], we need to encode it.
sb.append("<" + attr.getID() + " type=\"binary\" encoding=\"base64\">" + new String(Base64Coder.encode((byte[]) attrValue)) + "</" + attr.getID() + ">" + "\r\n");
System.err.println("Attribute " + attr.getID() + "included as " + new String(Base64Coder.encode((byte[]) attrValue)));
}
else
{
// Assume the attribute value is of type String
sb.append("<" + attr.getID() + ">" + (String) attrValue + "</" + attr.getID() + ">" + "\r\n");
}
} }
} }
} }
@ -647,7 +667,7 @@ public class CasaIdentityToken implements IdentityToken
* IMPORTANT: The token string can not contain the substring "]]>" * IMPORTANT: The token string can not contain the substring "]]>"
* within it. * within it.
*/ */
public String getEncodedToken() throws Exception public String getEncodedToken () throws Exception
{ {
if (m_token != null) if (m_token != null)
{ {
@ -663,7 +683,7 @@ public class CasaIdentityToken implements IdentityToken
/* /*
* Returns a string containing our type of identity token provider. * Returns a string containing our type of identity token provider.
*/ */
public String getProviderType() throws Exception public String getProviderType () throws Exception
{ {
// tbd - Change to a GUID // tbd - Change to a GUID
return "CasaIdentityToken"; return "CasaIdentityToken";
@ -672,7 +692,7 @@ public class CasaIdentityToken implements IdentityToken
/* /*
* Returns a string containing the identity id. * Returns a string containing the identity id.
*/ */
public String getIdentityId() throws Exception public String getIdentityId () throws Exception
{ {
if (m_identityId != null) if (m_identityId != null)
return m_identityId; return m_identityId;
@ -687,7 +707,7 @@ public class CasaIdentityToken implements IdentityToken
* Returns a string containing the name associated with the * Returns a string containing the name associated with the
* identity source. * identity source.
*/ */
public String getSourceName() throws Exception public String getSourceName () throws Exception
{ {
if (m_sourceName != null) if (m_sourceName != null)
return m_sourceName; return m_sourceName;
@ -702,7 +722,7 @@ public class CasaIdentityToken implements IdentityToken
* Returns a string containing the url associated with the * Returns a string containing the url associated with the
* identity source. * identity source.
*/ */
public String getSourceUrl() throws Exception public String getSourceUrl () throws Exception
{ {
if (m_sourceUrl != null) if (m_sourceUrl != null)
return m_sourceUrl; return m_sourceUrl;
@ -716,7 +736,7 @@ public class CasaIdentityToken implements IdentityToken
/* /*
* Returns a string containing the name of the targeted service. * Returns a string containing the name of the targeted service.
*/ */
public String getTargetService() throws Exception public String getTargetService () throws Exception
{ {
if (m_service != null) if (m_service != null)
return m_service; return m_service;
@ -731,7 +751,7 @@ public class CasaIdentityToken implements IdentityToken
* Returns a string containig the name of the host where the * Returns a string containig the name of the host where the
* targeted service resides. * targeted service resides.
*/ */
public String getTargetHost() throws Exception public String getTargetHost () throws Exception
{ {
if (m_host != null) if (m_host != null)
return m_host; return m_host;
@ -745,7 +765,7 @@ public class CasaIdentityToken implements IdentityToken
/* /*
* Returns the attributes of the identity. * Returns the attributes of the identity.
*/ */
public javax.naming.directory.Attributes getAttributes() throws Exception public javax.naming.directory.Attributes getAttributes () throws Exception
{ {
if (m_attributes != null) if (m_attributes != null)
return m_attributes; return m_attributes;

4
auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/SvcConfig.java
View File

@ -54,8 +54,8 @@ public class SvcConfig
public final static String AppRootPath = "AppRootPath"; public final static String AppRootPath = "AppRootPath";
// Default configuration values // Default configuration values
private String m_defaultSessionTokenLifetimeValue = "360"; // Seconds private String m_defaultSessionTokenLifetimeValue = "43200"; // Seconds
private String m_defaultLifetimeShorterValue = "5"; // Seconds private String m_defaultLifetimeShorterValue = "5"; // Seconds
private static final String m_svcSettingsFileName = "svc.settings"; private static final String m_svcSettingsFileName = "svc.settings";
private Map m_svcSettingsMap; private Map m_svcSettingsMap;

6
auth_token/server/AuthTokenSvc/svc.settings Normal file
View File

@ -0,0 +1,6 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
<settings>
<IAConfigFile>Replace with path to the Identity Abstraction Realms Configuration File.</IAConfigFile>
<startSearchContext>Replace with the Context from where to start searches, do not specify to start at the root.</startSearchContext>
<SessionTokenLifetime>43200</SessionTokenLifetime>
</settings>

1
auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/web.xml → auth_token/server/AuthTokenSvc/web.xml
View File

@ -4,6 +4,7 @@
CasaAuthTokenSvc</display-name> CasaAuthTokenSvc</display-name>
<servlet> <servlet>
<description> <description>
The CasaAuthTokenSvc provides authentication tokens.
</description> </description>
<display-name> <display-name>
Rpc</display-name> Rpc</display-name>