Applied changes to issues found during code review of the Svc component.
This commit is contained in:
parent
0019475d4d
commit
2f30ab05db
@ -34,17 +34,26 @@
|
||||
# #
|
||||
#############################################################
|
||||
|
||||
SILENT=0
|
||||
if [ "$1" != "" ]; then
|
||||
if [ "$1" == "-s" ]; then
|
||||
SILENT=1
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -d /usr/lib64 ]; then
|
||||
LIB=lib64
|
||||
LIB=lib64
|
||||
else
|
||||
LIB=lib
|
||||
LIB=lib
|
||||
fi
|
||||
|
||||
JAVA_HOME=/usr/$LIB/jvm/jre-1.5.0
|
||||
|
||||
# Do not do anything if the client keystore has already been created
|
||||
if [ -f /etc/CASA/authtoken/keys/client/jks-store ]; then
|
||||
echo "The client keystore is already setup"
|
||||
if [ $SILENT == 0 ]; then
|
||||
echo "The client keystore is already setup"
|
||||
fi
|
||||
else
|
||||
if [ -f /etc/CASA/authtoken/keys/casaatsdSigningCert ]; then
|
||||
echo "Setting up the clients's keystore"
|
||||
|
@ -47,7 +47,7 @@ import com.novell.casa.authtoksvc.CasaIdentityToken;
|
||||
* infrastructure.
|
||||
*
|
||||
*/
|
||||
public class CasaLoginModule implements LoginModule
|
||||
public final class CasaLoginModule implements LoginModule
|
||||
{
|
||||
private final static String casaUsername = "CasaIdentityUser";
|
||||
|
||||
|
@ -35,12 +35,12 @@ import com.novell.casa.authtoksvc.IdentityToken;
|
||||
* identities authenticated by Casa.
|
||||
*
|
||||
*/
|
||||
public class CasaPrincipal implements Principal
|
||||
public final class CasaPrincipal implements Principal
|
||||
{
|
||||
private String m_name;
|
||||
private String m_realm;
|
||||
private String m_identStoreUrl;
|
||||
private javax.naming.directory.Attributes m_attributes;
|
||||
private final String m_name;
|
||||
private final String m_realm;
|
||||
private final String m_identStoreUrl;
|
||||
private final javax.naming.directory.Attributes m_attributes;
|
||||
|
||||
/*
|
||||
* Constructor
|
||||
@ -58,7 +58,7 @@ public class CasaPrincipal implements Principal
|
||||
* (non-Javadoc)
|
||||
* @see java.security.Principal#getName()
|
||||
*/
|
||||
public String getName()
|
||||
public final String getName()
|
||||
{
|
||||
return m_name;
|
||||
}
|
||||
@ -66,7 +66,7 @@ public class CasaPrincipal implements Principal
|
||||
/*
|
||||
* Returns the name associated with the source of the identity data.
|
||||
*/
|
||||
public String getRealm()
|
||||
public final String getRealm()
|
||||
{
|
||||
return m_realm;
|
||||
}
|
||||
@ -74,7 +74,7 @@ public class CasaPrincipal implements Principal
|
||||
/*
|
||||
* Returns the url associated with the source of the identity data.
|
||||
*/
|
||||
public String getIdentStoreUrl()
|
||||
public final String getIdentStoreUrl()
|
||||
{
|
||||
return m_identStoreUrl;
|
||||
}
|
||||
@ -82,7 +82,7 @@ public class CasaPrincipal implements Principal
|
||||
/*
|
||||
* Returns the identity attributes.
|
||||
*/
|
||||
public javax.naming.directory.Attributes getAttributes()
|
||||
public final javax.naming.directory.Attributes getAttributes()
|
||||
{
|
||||
return m_attributes;
|
||||
}
|
||||
|
@ -44,7 +44,7 @@ import com.novell.casa.jaas.CasaPrincipal;
|
||||
* This is a sample application which demonstrates the use of
|
||||
* JAAS and Casa to authenticate a connection.
|
||||
*/
|
||||
public class SampleApp
|
||||
public final class SampleApp
|
||||
{
|
||||
/**
|
||||
* @param args
|
||||
|
@ -33,9 +33,9 @@ import javax.security.auth.callback.PasswordCallback;
|
||||
import javax.security.auth.callback.UnsupportedCallbackException;
|
||||
|
||||
|
||||
public class SampleAppCallbackHandler implements CallbackHandler
|
||||
public final class SampleAppCallbackHandler implements CallbackHandler
|
||||
{
|
||||
private String m_authToken;
|
||||
private final String m_authToken;
|
||||
|
||||
/*
|
||||
* Constructor
|
||||
@ -46,7 +46,7 @@ public class SampleAppCallbackHandler implements CallbackHandler
|
||||
m_authToken = authToken;
|
||||
}
|
||||
|
||||
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
|
||||
public final void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
|
||||
{
|
||||
for (int i = 0; i < callbacks.length; i++)
|
||||
{
|
||||
|
@ -75,6 +75,7 @@ JAVAFILES = src/com/novell/casa/authtoksvc/ProtoDefs.java \
|
||||
src/com/novell/casa/authtoksvc/PwdAuthenticate.java \
|
||||
src/com/novell/casa/authtoksvc/IVerifySetting.java \
|
||||
src/com/novell/casa/authtoksvc/SettingsFileUtil.java \
|
||||
src/com/novell/casa/authtoksvc/SettingsFileSAXHandler.java \
|
||||
src/com/novell/casa/authtoksvc/AuthPolicyEditor.java \
|
||||
src/com/novell/casa/authtoksvc/AuthTokenSettingsEditor.java \
|
||||
src/com/novell/casa/authtoksvc/IdenTokenSettingsEditor.java \
|
||||
|
@ -10,6 +10,7 @@ This file contains a list of the items still outstanding for AuthTokenSvc.
|
||||
|
||||
OUTSTANDING ITEMS
|
||||
|
||||
- CasaIdentityToken needs to obtain the identity source url from the identity abstraction layer.
|
||||
- Switch Client/Server communication to use SOAP.(This is under evaluation).
|
||||
- Add code to verify that client/server communications occur over HTTPS.
|
||||
- Add logging.
|
||||
|
@ -28,7 +28,7 @@
|
||||
# X-UnitedLinux-Should-Start: $named $syslog $time
|
||||
# Required-Stop: $local_fs $remote_fs $network
|
||||
# X-UnitedLinux-Should-Stop: $named $syslog $time
|
||||
# Default-Start: 1 2 3 5
|
||||
# Default-Start: 2 3 5
|
||||
# Default-Stop:
|
||||
# Short-Description: Casa Authtoken Service Daemon
|
||||
# Description: Start Casa Authtoken Service Daemon
|
||||
|
@ -51,155 +51,6 @@ public final class AuthMechConfig
|
||||
|
||||
private final Map<String,String> m_mechSettingsMap;
|
||||
|
||||
/**
|
||||
* Class for handling parsing events.
|
||||
*/
|
||||
private static final class SAXHandler extends org.xml.sax.helpers.DefaultHandler
|
||||
{
|
||||
private final static int AWAITING_ROOT_ELEMENT_START = 0;
|
||||
private final static int AWAITING_SETTING_ELEMENT_START = 1;
|
||||
private final static int AWAITING_SETTING_ELEMENT_DATA = 2;
|
||||
private final static int AWAITING_SETTING_ELEMENT_END = 3;
|
||||
private final static int DONE_PARSING = 4;
|
||||
|
||||
private final static String m_rootElementName = "settings";
|
||||
|
||||
private final Map<String,String> m_keyMap;
|
||||
private int m_state;
|
||||
private String m_currentKey;
|
||||
|
||||
/**
|
||||
* Constructor.
|
||||
*
|
||||
* @param keyMap Key/Value map.
|
||||
*/
|
||||
public SAXHandler(Map<String,String> keyMap)
|
||||
{
|
||||
super();
|
||||
|
||||
// Initialize our members
|
||||
m_keyMap = keyMap;
|
||||
m_state = AWAITING_ROOT_ELEMENT_START;
|
||||
}
|
||||
|
||||
/**
|
||||
* endDocument() implementation.
|
||||
*
|
||||
* @throws SAXException
|
||||
*/
|
||||
public void endDocument () throws SAXException
|
||||
{
|
||||
// Verify that we are not in an invalid state
|
||||
if (m_state != DONE_PARSING)
|
||||
{
|
||||
System.err.println("AuthMechConfig SAXHandler.endDocument()- Invalid state" + m_state);
|
||||
throw new SAXException("Invalid state at endDocument");
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* startElement() implementation.
|
||||
*
|
||||
* @param uri Uri.
|
||||
* @param name Local name.
|
||||
* @param qName Qualified name.
|
||||
* @param atts Attributes.
|
||||
* @throws SAXException
|
||||
*/
|
||||
public void startElement (String uri, String name, String qName, org.xml.sax.Attributes atts) throws SAXException
|
||||
{
|
||||
// Proceed based on our state
|
||||
switch (m_state)
|
||||
{
|
||||
case AWAITING_ROOT_ELEMENT_START:
|
||||
// Verify that we are processing the expected tag
|
||||
if (m_rootElementName.equals(qName))
|
||||
{
|
||||
// Advance to the next state
|
||||
m_state = AWAITING_SETTING_ELEMENT_START;
|
||||
}
|
||||
else
|
||||
{
|
||||
System.err.println("AuthMechConfig SAXHandler.startElement()- Un-expected element");
|
||||
throw new SAXException("Un-expected element");
|
||||
}
|
||||
break;
|
||||
|
||||
case AWAITING_SETTING_ELEMENT_START:
|
||||
// Keep track of the key name
|
||||
m_currentKey = qName;
|
||||
|
||||
// Advance to the next state
|
||||
m_state = AWAITING_SETTING_ELEMENT_DATA;
|
||||
break;
|
||||
|
||||
default:
|
||||
System.err.println("AuthMechConfig SAXHandler.startElement()- Invalid state " + m_state);
|
||||
throw new SAXException("Invalid state at startElement");
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* endElement() implementation.
|
||||
*
|
||||
* @param uri Uri.
|
||||
* @param name Local name.
|
||||
* @param qName Qualified name.
|
||||
* @throws SAXException
|
||||
*/
|
||||
public void endElement (String uri, String name, String qName) throws SAXException
|
||||
{
|
||||
// Proceed based on our state
|
||||
switch (m_state)
|
||||
{
|
||||
case AWAITING_SETTING_ELEMENT_DATA:
|
||||
case AWAITING_SETTING_ELEMENT_END:
|
||||
// Advance to the next state
|
||||
m_state = AWAITING_SETTING_ELEMENT_START;
|
||||
break;
|
||||
|
||||
case AWAITING_SETTING_ELEMENT_START:
|
||||
// Verify that we are processing the expected tag
|
||||
if (m_rootElementName.equals(qName))
|
||||
{
|
||||
// Advance to the next state
|
||||
m_state = DONE_PARSING;
|
||||
}
|
||||
else
|
||||
{
|
||||
System.err.println("AuthMechConfig SAXHandler.endElement()- Un-expected element");
|
||||
throw new SAXException("Un-expected element");
|
||||
}
|
||||
break;
|
||||
|
||||
default:
|
||||
System.err.println("AuthMechConfig SAXHandler.endElement()- Invalid state " + m_state);
|
||||
throw new SAXException("Invalid state at endElement");
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* character() implementation.
|
||||
*
|
||||
* @param ch Characters with element data.
|
||||
* @param start Start position in the character array.
|
||||
* @param length Number of characters to use in the array.
|
||||
* @throws SAXException
|
||||
*/
|
||||
public void characters (char ch[], int start, int length) throws SAXException
|
||||
{
|
||||
// Consume the data if in the right state
|
||||
if (m_state == AWAITING_SETTING_ELEMENT_DATA)
|
||||
{
|
||||
// Consume the data and add the key to map
|
||||
m_keyMap.put(m_currentKey, new String(ch, start, length));
|
||||
|
||||
// Advance to the next state
|
||||
m_state = AWAITING_SETTING_ELEMENT_END;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Constructor which sets default configuration values.
|
||||
*/
|
||||
@ -224,22 +75,21 @@ public final class AuthMechConfig
|
||||
// Create a map to keep track of the token settings
|
||||
m_mechSettingsMap = new HashMap<String, String>();
|
||||
|
||||
FileInputStream inStream = null;
|
||||
try
|
||||
{
|
||||
// Get an input stream to read from the token settings file
|
||||
File f = new File(mechSettingsFileName);
|
||||
FileInputStream inStream = new FileInputStream(f);
|
||||
inStream = new FileInputStream(f);
|
||||
|
||||
// Parse the file
|
||||
XMLReader xr = XMLReaderFactory.createXMLReader();
|
||||
SAXHandler handler = new SAXHandler(m_mechSettingsMap);
|
||||
SettingsFileSAXHandler handler = new SettingsFileSAXHandler(m_mechSettingsMap);
|
||||
xr.setContentHandler(handler);
|
||||
xr.setErrorHandler(handler);
|
||||
|
||||
InputSource source = new InputSource(inStream);
|
||||
xr.parse(source);
|
||||
|
||||
inStream.close();
|
||||
}
|
||||
catch (SAXException e)
|
||||
{
|
||||
@ -261,6 +111,20 @@ public final class AuthMechConfig
|
||||
System.err.println("AuthMechConfig()- IOException accessing " + mechSettingsFileName + " Exception=" + e.toString());
|
||||
throw new Exception("AuthMechConfig()- Read error");
|
||||
}
|
||||
finally
|
||||
{
|
||||
if (inStream != null)
|
||||
{
|
||||
try
|
||||
{
|
||||
inStream.close();
|
||||
}
|
||||
catch (IOException e)
|
||||
{
|
||||
// Do nothing
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -104,6 +104,7 @@ public final class AuthPolicyEditor
|
||||
private static boolean updateFile(String filePath, Document doc)
|
||||
{
|
||||
boolean result = false;
|
||||
FileOutputStream out = null;
|
||||
|
||||
// Update the file with the specified document
|
||||
// after removing the text nodes.
|
||||
@ -125,11 +126,10 @@ public final class AuthPolicyEditor
|
||||
|
||||
// Update file
|
||||
File f = new File(filePath);
|
||||
FileOutputStream out = new FileOutputStream(f);
|
||||
out = new FileOutputStream(f);
|
||||
OutputFormat format = new OutputFormat(doc);
|
||||
XMLSerializer serializer = new XMLSerializer(out, format);
|
||||
serializer.serialize(doc.getDocumentElement());
|
||||
out.close();
|
||||
|
||||
result = true;
|
||||
}
|
||||
@ -141,6 +141,21 @@ public final class AuthPolicyEditor
|
||||
{
|
||||
System.out.println("SecurityException writting to file " + filePath);
|
||||
}
|
||||
finally
|
||||
{
|
||||
if (out != null)
|
||||
{
|
||||
try
|
||||
{
|
||||
out.flush();
|
||||
out.close();
|
||||
}
|
||||
catch (IOException e)
|
||||
{
|
||||
// Do nothing
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
@ -154,19 +169,18 @@ public final class AuthPolicyEditor
|
||||
private static Document getPolicyFileDoc(String filePath)
|
||||
{
|
||||
Document doc = null;
|
||||
FileInputStream inStream = null;
|
||||
|
||||
try
|
||||
{
|
||||
// Get an input stream to read from policy file
|
||||
File f = new File(filePath);
|
||||
FileInputStream inStream = new FileInputStream(f);
|
||||
inStream = new FileInputStream(f);
|
||||
InputSource source = new InputSource(inStream);
|
||||
|
||||
DOMParser parser = new DOMParser();
|
||||
parser.parse(source);
|
||||
doc = parser.getDocument();
|
||||
|
||||
inStream.close();
|
||||
}
|
||||
catch (FileNotFoundException e)
|
||||
{
|
||||
@ -184,6 +198,20 @@ public final class AuthPolicyEditor
|
||||
{
|
||||
System.err.println("Policy file " + filePath + " format error");
|
||||
}
|
||||
finally
|
||||
{
|
||||
if (inStream != null)
|
||||
{
|
||||
try
|
||||
{
|
||||
inStream.close();
|
||||
}
|
||||
catch (IOException e)
|
||||
{
|
||||
// Do nothing
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return doc;
|
||||
}
|
||||
@ -196,21 +224,35 @@ public final class AuthPolicyEditor
|
||||
private static Document getPolicyDoc()
|
||||
{
|
||||
Document doc = null;
|
||||
StringReader reader = null;
|
||||
|
||||
try
|
||||
{
|
||||
StringReader reader = new StringReader(initialPolicy);
|
||||
reader = new StringReader(initialPolicy);
|
||||
InputSource source = new InputSource(reader);
|
||||
|
||||
DOMParser parser = new DOMParser();
|
||||
parser.parse(source);
|
||||
doc = parser.getDocument();
|
||||
reader.close();
|
||||
}
|
||||
catch (Exception e)
|
||||
{
|
||||
System.err.println("Program error, exception: " + e.toString());
|
||||
}
|
||||
finally
|
||||
{
|
||||
if (reader != null)
|
||||
{
|
||||
try
|
||||
{
|
||||
reader.close();
|
||||
}
|
||||
catch (Exception e)
|
||||
{
|
||||
// Do nothing
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return doc;
|
||||
}
|
||||
@ -286,17 +328,18 @@ public final class AuthPolicyEditor
|
||||
Document doc = getPolicyDoc();
|
||||
if (doc != null)
|
||||
{
|
||||
FileOutputStream out = null;
|
||||
|
||||
try
|
||||
{
|
||||
File f = new File(filePath);
|
||||
boolean createStatus = f.createNewFile();
|
||||
if (createStatus == true)
|
||||
{
|
||||
FileOutputStream out = new FileOutputStream(f);
|
||||
out = new FileOutputStream(f);
|
||||
OutputFormat format = new OutputFormat(doc);
|
||||
XMLSerializer serializer = new XMLSerializer(out, format);
|
||||
serializer.serialize(doc.getDocumentElement());
|
||||
out.close();
|
||||
|
||||
opPerformed = true;
|
||||
}
|
||||
@ -313,6 +356,21 @@ public final class AuthPolicyEditor
|
||||
{
|
||||
System.out.println("SecurityException creating " + filePath);
|
||||
}
|
||||
finally
|
||||
{
|
||||
if (out != null)
|
||||
{
|
||||
try
|
||||
{
|
||||
out.flush();
|
||||
out.close();
|
||||
}
|
||||
catch (IOException e)
|
||||
{
|
||||
// Do nothing
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return opPerformed;
|
||||
|
@ -25,6 +25,7 @@
|
||||
package com.novell.casa.authtoksvc;
|
||||
|
||||
import java.io.InputStream;
|
||||
import java.util.Arrays;
|
||||
|
||||
import org.xml.sax.InputSource;
|
||||
import org.xml.sax.SAXException;
|
||||
@ -51,7 +52,7 @@ public final class AuthReqMsg
|
||||
{
|
||||
|
||||
protected String m_realm = null;
|
||||
protected String m_authMechToken = null;
|
||||
protected char[] m_authMechToken = null;
|
||||
protected String m_authMechanism = null;
|
||||
|
||||
/**
|
||||
@ -73,7 +74,7 @@ public final class AuthReqMsg
|
||||
private final static int DONE_PARSING = 11;
|
||||
|
||||
private final AuthReqMsg m_authReqMsg;
|
||||
private int m_state;
|
||||
private int m_state;
|
||||
|
||||
/**
|
||||
* Constructor.
|
||||
@ -250,7 +251,7 @@ public final class AuthReqMsg
|
||||
break;
|
||||
|
||||
default:
|
||||
System.err.println("AuthReqMsg SAXHandler.startElement()- State error");
|
||||
System.err.println("AuthReqMsg SAXHandler.endElement()- State error");
|
||||
throw new SAXException("State error");
|
||||
}
|
||||
}
|
||||
@ -296,7 +297,15 @@ public final class AuthReqMsg
|
||||
|
||||
case AWAITING_AUTH_MECH_TOKEN_DATA:
|
||||
// Consume the data
|
||||
m_authReqMsg.m_authMechToken = new String(ch, start, length);
|
||||
//
|
||||
// Allocate array to consume the data
|
||||
m_authReqMsg.m_authMechToken = new char[length];
|
||||
|
||||
// Copy the data to the newly allocated array
|
||||
System.arraycopy(ch, start, m_authReqMsg.m_authMechToken, 0, length);
|
||||
|
||||
// Clear the token data in the source array for security purposes
|
||||
Arrays.fill(ch, start, start + length, ' ');
|
||||
|
||||
// Advance to the next state
|
||||
m_state = AWAITING_AUTH_MECH_TOKEN_ELEMENT_END;
|
||||
@ -304,7 +313,24 @@ public final class AuthReqMsg
|
||||
|
||||
case AWAITING_AUTH_MECH_TOKEN_ELEMENT_END:
|
||||
// Consume the data
|
||||
m_authReqMsg.m_authMechToken = m_authReqMsg.m_authMechToken.concat(new String(ch, start, length));
|
||||
//
|
||||
// Allocate array to contain the already consumed data and the
|
||||
// data to be consumed.
|
||||
char[] newSink = new char[m_authReqMsg.m_authMechToken.length + length];
|
||||
|
||||
// Copy the already consumed data and the data to be consumed to the
|
||||
// newly allocated array.
|
||||
System.arraycopy(m_authReqMsg.m_authMechToken, 0, newSink, 0, m_authReqMsg.m_authMechToken.length);
|
||||
System.arraycopy(ch, start, newSink, m_authReqMsg.m_authMechToken.length, length);
|
||||
|
||||
// Clear the token data in the previous data sink for security purposes
|
||||
Arrays.fill(m_authReqMsg.m_authMechToken, ' ');
|
||||
|
||||
// Keep track of the new token data sink array
|
||||
m_authReqMsg.m_authMechToken = newSink;
|
||||
|
||||
// Clear the token data in the source array for security purposes
|
||||
Arrays.fill(ch, start, start + length, ' ');
|
||||
break;
|
||||
|
||||
default:
|
||||
@ -340,6 +366,35 @@ public final class AuthReqMsg
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Method to cleanup resources associated with the object. This
|
||||
* method needs to be executed for objects that are no longer of
|
||||
* use for security reasons.
|
||||
*/
|
||||
public void cleanup()
|
||||
{
|
||||
// Clear the token data if present
|
||||
if (m_authMechToken != null)
|
||||
Arrays.fill(m_authMechToken, ' ');
|
||||
}
|
||||
|
||||
/**
|
||||
* Finalize method.
|
||||
*
|
||||
* @throws Throwable
|
||||
*/
|
||||
protected void finalize() throws Throwable
|
||||
{
|
||||
try
|
||||
{
|
||||
cleanup();
|
||||
}
|
||||
finally
|
||||
{
|
||||
super.finalize();
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Method to get the authentication realm.
|
||||
*
|
||||
@ -355,7 +410,7 @@ public final class AuthReqMsg
|
||||
*
|
||||
* @return Authentication mechanism token.
|
||||
*/
|
||||
public String getAuthMechToken()
|
||||
public char[] getAuthMechToken()
|
||||
{
|
||||
return m_authMechToken;
|
||||
}
|
||||
|
@ -97,6 +97,7 @@ public final class AuthToken
|
||||
AuthTokenConfig authTokenConfig = enabledSvcsConfig.getAuthTokenConfig(targetHost, targetService);
|
||||
if (authTokenConfig != null)
|
||||
{
|
||||
OutputStream outStream = null;
|
||||
try
|
||||
{
|
||||
// For now lets use the services of the only IdentityToken provider
|
||||
@ -128,16 +129,29 @@ public final class AuthToken
|
||||
//XMLUtils.PrettyElementToWriter(authTokenMessage.getSOAPEnvelope().getAsDOM(), new PrintWriter(System.out));
|
||||
|
||||
// Now save the message as a string
|
||||
OutputStream outStream = new ByteArrayOutputStream();
|
||||
outStream = new ByteArrayOutputStream();
|
||||
authTokenMessage.writeTo(outStream);
|
||||
m_token = outStream.toString();
|
||||
outStream.close();
|
||||
}
|
||||
catch (Exception e)
|
||||
{
|
||||
// tbd
|
||||
System.err.println("AuthToken()- Exception: " + e.toString());
|
||||
}
|
||||
finally
|
||||
{
|
||||
if (outStream != null)
|
||||
{
|
||||
try
|
||||
{
|
||||
outStream.close();
|
||||
}
|
||||
catch (IOException e)
|
||||
{
|
||||
// Do nothing
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -163,17 +177,32 @@ public final class AuthToken
|
||||
m_token = token;
|
||||
|
||||
// Now instantiate a SOAP message with the string
|
||||
InputStream inStream = new ByteArrayInputStream(m_token.getBytes());
|
||||
org.apache.axis.Message message;
|
||||
InputStream inStream = null;
|
||||
org.apache.axis.Message message = null;
|
||||
try
|
||||
{
|
||||
inStream = new ByteArrayInputStream(m_token.getBytes());
|
||||
message = new Message(inStream);
|
||||
|
||||
} catch (Exception e)
|
||||
}
|
||||
catch (Exception e)
|
||||
{
|
||||
System.err.println("AuthToken()- Exception caught creating message, msg: " + e.getMessage());
|
||||
throw new Exception("Invalid Authentication Token");
|
||||
}
|
||||
finally
|
||||
{
|
||||
if (inStream != null)
|
||||
{
|
||||
try
|
||||
{
|
||||
inStream.close();
|
||||
}
|
||||
catch (IOException e)
|
||||
{
|
||||
// Do nothing
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Get access to the SOAP Envelope
|
||||
SOAPEnvelope envelope = message.getSOAPEnvelope();
|
||||
@ -230,13 +259,14 @@ public final class AuthToken
|
||||
boolean includeCert)
|
||||
{
|
||||
Message secureMessage;
|
||||
InputStream inStream = null;
|
||||
|
||||
try
|
||||
{
|
||||
// Build SOAP Message with an identity token in the body
|
||||
//
|
||||
// First create a message and obtain its body
|
||||
InputStream inStream = new ByteArrayInputStream(authTokenSoapMsg.getBytes());
|
||||
inStream = new ByteArrayInputStream(authTokenSoapMsg.getBytes());
|
||||
Message message = new Message(inStream);
|
||||
message.setMessageContext(axisMsgContext);
|
||||
SOAPBody body = (SOAPBody) message.getSOAPBody();
|
||||
@ -268,6 +298,17 @@ public final class AuthToken
|
||||
System.out.println("AuthToken.getMessage() - Exception caught building message, error: " + e.getMessage());
|
||||
secureMessage = null;
|
||||
}
|
||||
if (inStream != null)
|
||||
{
|
||||
try
|
||||
{
|
||||
inStream.close();
|
||||
}
|
||||
catch (IOException e)
|
||||
{
|
||||
// Do nothing
|
||||
}
|
||||
}
|
||||
|
||||
return secureMessage;
|
||||
}
|
||||
|
@ -46,161 +46,17 @@ public final class AuthTokenConfig
|
||||
public final static String IdentityTokenType = "IdentityTokenType";
|
||||
|
||||
// Default configuration values
|
||||
private final String m_defaultTokenLifetimeValue = "3600"; // Seconds
|
||||
private final String m_defaultLifetimeShorterValue = "5"; // Seconds
|
||||
private final String m_defaultIdentityTokenTypeValue = "CasaIdentityToken";
|
||||
private final static String m_defaultTokenLifetimeValue = "3600"; // Seconds
|
||||
private final static String m_defaultLifetimeShorterValue = "5"; // Seconds
|
||||
private final static String m_defaultIdentityTokenTypeValue = "CasaIdentityToken";
|
||||
|
||||
// Minimum configuration values
|
||||
private final static int m_minimumTokenLifetimeValue = 30; // Seconds
|
||||
private final static int m_minimumLifetimeShorterValue = 5; // Seconds
|
||||
private final static int m_minimumLifetimeShorterDifferential = 15;
|
||||
|
||||
private final Map<String,String> m_tokenSettingsMap;
|
||||
|
||||
/**
|
||||
* Class for handling parsing events.
|
||||
*/
|
||||
private static final class SAXHandler extends org.xml.sax.helpers.DefaultHandler
|
||||
{
|
||||
private final static int AWAITING_ROOT_ELEMENT_START = 0;
|
||||
private final static int AWAITING_SETTING_ELEMENT_START = 1;
|
||||
private final static int AWAITING_SETTING_ELEMENT_DATA = 2;
|
||||
private final static int AWAITING_SETTING_ELEMENT_END = 3;
|
||||
private final static int DONE_PARSING = 4;
|
||||
|
||||
private final static String m_rootElementName = "settings";
|
||||
|
||||
private final Map<String,String> m_keyMap;
|
||||
private int m_state;
|
||||
private String m_currentKey;
|
||||
|
||||
/**
|
||||
* Constructor.
|
||||
*
|
||||
* @param keyMap Key/Value pair map.
|
||||
*/
|
||||
public SAXHandler(Map<String,String> keyMap)
|
||||
{
|
||||
super();
|
||||
|
||||
// Initialize our members
|
||||
m_keyMap = keyMap;
|
||||
m_state = AWAITING_ROOT_ELEMENT_START;
|
||||
}
|
||||
|
||||
/**
|
||||
* endDocument() implementation.
|
||||
*
|
||||
* @throws SAXException
|
||||
*/
|
||||
public void endDocument () throws SAXException
|
||||
{
|
||||
// Verify that we are not in an invalid state
|
||||
if (m_state != DONE_PARSING)
|
||||
{
|
||||
System.err.println("AuthTokenConfig SAXHandler.endDocument()- Invalid state" + m_state);
|
||||
throw new SAXException("Invalid state at endDocument");
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* startElement() implementation.
|
||||
*
|
||||
* @param uri Uri.
|
||||
* @param name Local name.
|
||||
* @param qName Qualified name.
|
||||
* @param atts Attributes.
|
||||
* @throws SAXException
|
||||
*/
|
||||
public void startElement (String uri, String name, String qName, org.xml.sax.Attributes atts) throws SAXException
|
||||
{
|
||||
// Proceed based on our state
|
||||
switch (m_state)
|
||||
{
|
||||
case AWAITING_ROOT_ELEMENT_START:
|
||||
// Verify that we are processing the expected tag
|
||||
if (m_rootElementName.equals(qName))
|
||||
{
|
||||
// Advance to the next state
|
||||
m_state = AWAITING_SETTING_ELEMENT_START;
|
||||
}
|
||||
else
|
||||
{
|
||||
System.err.println("AuthTokenConfig SAXHandler.startElement()- Un-expected element");
|
||||
throw new SAXException("Un-expected element");
|
||||
}
|
||||
break;
|
||||
|
||||
case AWAITING_SETTING_ELEMENT_START:
|
||||
// Keep track of the key name
|
||||
m_currentKey = qName;
|
||||
|
||||
// Advance to the next state
|
||||
m_state = AWAITING_SETTING_ELEMENT_DATA;
|
||||
break;
|
||||
|
||||
default:
|
||||
System.err.println("AuthTokenConfig SAXHandler.startElement()- Invalid state " + m_state);
|
||||
throw new SAXException("Invalid state at startElement");
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* endElement() immplementation.
|
||||
*
|
||||
* @param uri Uri.
|
||||
* @param name Local name.
|
||||
* @param qName Qualified name.
|
||||
* @throws SAXException
|
||||
*/
|
||||
public void endElement (String uri, String name, String qName) throws SAXException
|
||||
{
|
||||
// Proceed based on our state
|
||||
switch (m_state)
|
||||
{
|
||||
case AWAITING_SETTING_ELEMENT_DATA:
|
||||
case AWAITING_SETTING_ELEMENT_END:
|
||||
// Advance to the next state
|
||||
m_state = AWAITING_SETTING_ELEMENT_START;
|
||||
break;
|
||||
|
||||
case AWAITING_SETTING_ELEMENT_START:
|
||||
// Verify that we are processing the expected tag
|
||||
if (m_rootElementName.equals(qName))
|
||||
{
|
||||
// Advance to the next state
|
||||
m_state = DONE_PARSING;
|
||||
}
|
||||
else
|
||||
{
|
||||
System.err.println("AuthTokenConfig SAXHandler.endElement()- Un-expected element");
|
||||
throw new SAXException("Un-expected element");
|
||||
}
|
||||
break;
|
||||
|
||||
default:
|
||||
System.err.println("AuthTokenConfig SAXHandler.endElement()- Invalid state " + m_state);
|
||||
throw new SAXException("Invalid state at endElement");
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* character() implementation.
|
||||
*
|
||||
* @param ch Characters with element data.
|
||||
* @param start Start position in the character array.
|
||||
* @param length Number of characters to use in the array.
|
||||
* @throws SAXException
|
||||
*/
|
||||
public void characters (char ch[], int start, int length) throws SAXException
|
||||
{
|
||||
// Consume the data if in the right state
|
||||
if (m_state == AWAITING_SETTING_ELEMENT_DATA)
|
||||
{
|
||||
// Consume the data and add the key to map
|
||||
m_keyMap.put(m_currentKey, new String(ch, start, length));
|
||||
|
||||
// Advance to the next state
|
||||
m_state = AWAITING_SETTING_ELEMENT_END;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Constructor which sets default configuration values.
|
||||
*/
|
||||
@ -230,22 +86,80 @@ public final class AuthTokenConfig
|
||||
// Create a map to keep track of the token settings
|
||||
m_tokenSettingsMap = new HashMap<String, String>();
|
||||
|
||||
FileInputStream inStream = null;
|
||||
try
|
||||
{
|
||||
// Get an input stream to read from the token settings file
|
||||
File f = new File(authTokenSettingsFileName);
|
||||
FileInputStream inStream = new FileInputStream(f);
|
||||
inStream = new FileInputStream(f);
|
||||
|
||||
// Parse the file
|
||||
XMLReader xr = XMLReaderFactory.createXMLReader();
|
||||
SAXHandler handler = new SAXHandler(m_tokenSettingsMap);
|
||||
SettingsFileSAXHandler handler = new SettingsFileSAXHandler(m_tokenSettingsMap);
|
||||
xr.setContentHandler(handler);
|
||||
xr.setErrorHandler(handler);
|
||||
|
||||
InputSource source = new InputSource(inStream);
|
||||
xr.parse(source);
|
||||
|
||||
inStream.close();
|
||||
// Do some sanity checking
|
||||
int tokenLifetime;
|
||||
try
|
||||
{
|
||||
tokenLifetime = Integer.valueOf(getSetting(TokenLifetime)).intValue();
|
||||
if (tokenLifetime < m_minimumTokenLifetimeValue)
|
||||
{
|
||||
System.err.println("AuthTokenConfig()- Configured token lifetime too small, defaulting to "
|
||||
+ Integer.toString(m_minimumTokenLifetimeValue) + " seconds");
|
||||
tokenLifetime = m_minimumTokenLifetimeValue;
|
||||
|
||||
// Update the map with the new value for the setting
|
||||
m_tokenSettingsMap.put(TokenLifetime, Integer.toString(tokenLifetime));
|
||||
}
|
||||
}
|
||||
catch (NumberFormatException e)
|
||||
{
|
||||
System.err.println("AuthTokenConfig()- Invalid configured token lifetime value, defaulting to "
|
||||
+ Integer.toString(m_minimumTokenLifetimeValue) + " seconds");
|
||||
tokenLifetime = m_minimumTokenLifetimeValue;
|
||||
|
||||
// Update the map with the new value for the setting
|
||||
m_tokenSettingsMap.put(TokenLifetime, Integer.toString(tokenLifetime));
|
||||
}
|
||||
|
||||
int lifetimeShorter;
|
||||
try
|
||||
{
|
||||
lifetimeShorter = Integer.valueOf(getSetting(LifetimeShorter)).intValue();
|
||||
if (lifetimeShorter < m_minimumLifetimeShorterValue)
|
||||
{
|
||||
System.err.println("AuthTokenConfig()- Configured lifetime shorter too small, defaulting to "
|
||||
+ Integer.toString(m_minimumLifetimeShorterValue) + " seconds");
|
||||
lifetimeShorter = m_minimumLifetimeShorterValue;
|
||||
|
||||
// Update the map with the new value for the setting
|
||||
m_tokenSettingsMap.put(LifetimeShorter, Integer.toString(lifetimeShorter));
|
||||
}
|
||||
}
|
||||
catch (NumberFormatException e)
|
||||
{
|
||||
System.err.println("AuthTokenConfig()- Invalid configured lifetime shorter value, defaulting to "
|
||||
+ Integer.toString(m_minimumLifetimeShorterValue) + " seconds");
|
||||
lifetimeShorter = m_minimumLifetimeShorterValue;
|
||||
|
||||
// Update the map with the new value for the setting
|
||||
m_tokenSettingsMap.put(LifetimeShorter, Integer.toString(lifetimeShorter));
|
||||
}
|
||||
|
||||
if (lifetimeShorter > tokenLifetime
|
||||
|| (tokenLifetime - lifetimeShorter) < m_minimumLifetimeShorterDifferential)
|
||||
{
|
||||
System.err.println("AuthTokenConfig()- Invalid lifetime shorter value, defaulting to "
|
||||
+ Integer.toString(m_minimumLifetimeShorterValue) + " seconds");
|
||||
|
||||
// Update the map with the new value for the setting
|
||||
m_tokenSettingsMap.put(LifetimeShorter, Integer.toString(m_minimumLifetimeShorterValue));
|
||||
}
|
||||
}
|
||||
catch (SAXException e)
|
||||
{
|
||||
@ -267,6 +181,20 @@ public final class AuthTokenConfig
|
||||
System.err.println("AuthTokenConfig()- IOException accessing " + authTokenSettingsFileName + " Exception=" + e.toString());
|
||||
throw new Exception("AuthTokenConfig()- Read error");
|
||||
}
|
||||
finally
|
||||
{
|
||||
if (inStream != null)
|
||||
{
|
||||
try
|
||||
{
|
||||
inStream.close();
|
||||
}
|
||||
catch (IOException e)
|
||||
{
|
||||
// Do nothing
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@ -314,9 +242,6 @@ public final class AuthTokenConfig
|
||||
{
|
||||
System.err.println("AuthTokenConfig.getSetting()- Found setting " + settingName);
|
||||
System.err.println("AuthTokenConfig.getSetting()- Setting value = " + value);
|
||||
|
||||
// Do some sanity checking
|
||||
// tbd - Make sure that the token lifetime values are greater than the LifetimeShorter
|
||||
}
|
||||
|
||||
return value;
|
||||
|
@ -86,6 +86,11 @@ public final class Authenticate implements RpcMethod
|
||||
{
|
||||
for (int i = 0; i < mechanismsConfigFolderObjs.length; i++)
|
||||
{
|
||||
FileOutputStream fos = null;
|
||||
ObjectOutputStream oos = null;
|
||||
FileInputStream fis = null;
|
||||
ObjectInputStream ois = null;
|
||||
|
||||
// Check if we are dealing with a file or a folder
|
||||
File mechanismFolder = new File(mechanismsConfigFolder, mechanismsConfigFolderObjs[i]);
|
||||
try
|
||||
@ -125,17 +130,13 @@ public final class Authenticate implements RpcMethod
|
||||
|
||||
// Load the mech class using our custom loader
|
||||
Class<?> mechClass = customClassLoader.loadClass(mechClassName);
|
||||
FileOutputStream fos = new FileOutputStream(svcConfig.getSetting(SvcConfig.AppRootPath) + "tmp");
|
||||
ObjectOutputStream oos = new ObjectOutputStream(fos);
|
||||
fos = new FileOutputStream(svcConfig.getSetting(SvcConfig.AppRootPath) + "tmp");
|
||||
oos = new ObjectOutputStream(fos);
|
||||
oos.writeObject(mechClass);
|
||||
oos.close();
|
||||
fos.close();
|
||||
FileInputStream fis = new FileInputStream(svcConfig.getSetting(SvcConfig.AppRootPath) + "tmp");
|
||||
ObjectInputStream ois = new ObjectInputStream(fis);
|
||||
fis = new FileInputStream(svcConfig.getSetting(SvcConfig.AppRootPath) + "tmp");
|
||||
ois = new ObjectInputStream(fis);
|
||||
mechClass = (Class<?>) ois.readObject();
|
||||
ois.close();
|
||||
fis.close();
|
||||
|
||||
|
||||
// Now reload the class using the class loader for our AuthMechanism class
|
||||
AuthMechanism mechanism = (AuthMechanism) mechClass.newInstance();
|
||||
mechanism.init(svcConfig, mechConfig);
|
||||
@ -179,16 +180,12 @@ public final class Authenticate implements RpcMethod
|
||||
|
||||
// Load the mech class using our custom loader
|
||||
Class<?> mechClass = customClassLoader.loadClass(mechClassName);
|
||||
FileOutputStream fos = new FileOutputStream(svcConfig.getSetting(SvcConfig.AppRootPath) + "tmp");
|
||||
ObjectOutputStream oos = new ObjectOutputStream(fos);
|
||||
fos = new FileOutputStream(svcConfig.getSetting(SvcConfig.AppRootPath) + "tmp");
|
||||
oos = new ObjectOutputStream(fos);
|
||||
oos.writeObject(mechClass);
|
||||
oos.close();
|
||||
fos.close();
|
||||
FileInputStream fis = new FileInputStream(svcConfig.getSetting(SvcConfig.AppRootPath) + "tmp");
|
||||
ObjectInputStream ois = new ObjectInputStream(fis);
|
||||
fis = new FileInputStream(svcConfig.getSetting(SvcConfig.AppRootPath) + "tmp");
|
||||
ois = new ObjectInputStream(fis);
|
||||
mechClass = (Class<?>) ois.readObject();
|
||||
ois.close();
|
||||
fis.close();
|
||||
|
||||
// Now reload the class using the class loader for our AuthMechanism class
|
||||
AuthMechanism mechanism = (AuthMechanism) mechClass.newInstance();
|
||||
@ -245,6 +242,55 @@ public final class Authenticate implements RpcMethod
|
||||
{
|
||||
System.err.println("Authenticate.init()- SecurityException accessing " + mechanismFolder + " Exception=" + e.toString());
|
||||
}
|
||||
finally
|
||||
{
|
||||
if (fos != null)
|
||||
{
|
||||
try
|
||||
{
|
||||
fos.flush();
|
||||
fos.close();
|
||||
}
|
||||
catch (IOException e)
|
||||
{
|
||||
// Do nothing
|
||||
}
|
||||
}
|
||||
if (oos != null)
|
||||
{
|
||||
try
|
||||
{
|
||||
oos.flush();
|
||||
oos.close();
|
||||
}
|
||||
catch (IOException e)
|
||||
{
|
||||
// Do nothing
|
||||
}
|
||||
}
|
||||
if (fis != null)
|
||||
{
|
||||
try
|
||||
{
|
||||
fis.close();
|
||||
}
|
||||
catch (IOException e)
|
||||
{
|
||||
// Do nothing
|
||||
}
|
||||
}
|
||||
if (ois != null)
|
||||
{
|
||||
try
|
||||
{
|
||||
ois.close();
|
||||
}
|
||||
catch (IOException e)
|
||||
{
|
||||
// Do nothing
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
@ -262,16 +308,18 @@ public final class Authenticate implements RpcMethod
|
||||
* Process Rpc.
|
||||
*
|
||||
* @param inStream Input data stream (Request data).
|
||||
* @param out Output data print writter (Reply data).
|
||||
* @param out Output data print writer (Reply data).
|
||||
*/
|
||||
public final void invoke(InputStream inStream, PrintWriter out)
|
||||
{
|
||||
AuthReqMsg authReqMsg = null;
|
||||
|
||||
try
|
||||
{
|
||||
System.err.println("Authenticate.invoke()");
|
||||
|
||||
// Parse the AuthReqMsg sent from the client
|
||||
AuthReqMsg authReqMsg = new AuthReqMsg(inStream);
|
||||
authReqMsg = new AuthReqMsg(inStream);
|
||||
|
||||
// Get the necessary authentication mechanism
|
||||
AuthMechanism authMechanism = m_authMechanismMap.get(authReqMsg.getMechanismId());
|
||||
@ -336,6 +384,13 @@ public final class Authenticate implements RpcMethod
|
||||
System.err.println("Authenticate.invoke()- Exception trying to construct response msg: " + e2.toString());
|
||||
}
|
||||
}
|
||||
finally
|
||||
{
|
||||
// Make sure to invoke the cleanup method on the AuthReqMsg to
|
||||
// deal with security sensitive data.
|
||||
if (authReqMsg != null)
|
||||
authReqMsg.cleanup();
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -25,6 +25,7 @@
|
||||
package com.novell.casa.authtoksvc;
|
||||
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.io.IOException;
|
||||
import java.util.Hashtable;
|
||||
|
||||
import javax.naming.Context;
|
||||
@ -33,6 +34,7 @@ import javax.naming.NamingException;
|
||||
import javax.naming.directory.Attributes;
|
||||
import javax.naming.directory.DirContext;
|
||||
import javax.naming.directory.InitialDirContext;
|
||||
import javax.naming.directory.Attribute;
|
||||
|
||||
import org.xml.sax.InputSource;
|
||||
import org.xml.sax.SAXException;
|
||||
@ -120,12 +122,13 @@ public final class CasaIdentityToken implements IdentityToken
|
||||
private final static int AWAITING_ATTRIBUTE_END = 19;
|
||||
private final static int AWAITING_ATTRIBUTE_DATA = 20;
|
||||
private final static int AWAITING_BINARY_ATTRIBUTE_DATA = 21;
|
||||
private final static int DONE_PARSING = 22;
|
||||
private final static int AWAITING_BINARY_ATTRIBUTE_END = 22;
|
||||
private final static int DONE_PARSING = 23;
|
||||
|
||||
private final CasaIdentityToken m_casaIdentToken;
|
||||
private int m_state;
|
||||
private String m_currAttribute;
|
||||
private boolean m_encryptedAttrs;
|
||||
private int m_state;
|
||||
private String m_currAttribute;
|
||||
private boolean m_encryptedAttrs;
|
||||
|
||||
/**
|
||||
* Constructor.
|
||||
@ -398,6 +401,40 @@ public final class CasaIdentityToken implements IdentityToken
|
||||
m_state = AWAITING_ATTRIBUTE_START;
|
||||
break;
|
||||
|
||||
case AWAITING_BINARY_ATTRIBUTE_END:
|
||||
// Decode the attribute data since it is base64 encoded
|
||||
Attribute attrib = m_casaIdentToken.m_attributes.remove(m_currAttribute);
|
||||
if (attrib != null)
|
||||
{
|
||||
try
|
||||
{
|
||||
char[] attribData = (char[]) attrib.get();
|
||||
if (attribData != null)
|
||||
{
|
||||
m_casaIdentToken.m_attributes.put(m_currAttribute, Base64Coder.decode(attribData));
|
||||
}
|
||||
else
|
||||
{
|
||||
System.err.println("CasaIdentityToken SAXHandler.endElement()- Attribute data not found");
|
||||
throw new SAXException("Attribute data not found");
|
||||
}
|
||||
}
|
||||
catch (NamingException e)
|
||||
{
|
||||
System.err.println("CasaIdentityToken SAXHandler.endElement()- Attribute data not found");
|
||||
throw new SAXException("Attribute data not found");
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
System.err.println("CasaIdentityToken SAXHandler.endElement()- Attribute not found");
|
||||
throw new SAXException("Attribute not found");
|
||||
}
|
||||
|
||||
// Advance to the next state
|
||||
m_state = AWAITING_ATTRIBUTE_START;
|
||||
break;
|
||||
|
||||
case AWAITING_ATTRIBUTE_START:
|
||||
// Verify that we are processing the expected tag
|
||||
if (attributesElementName.equals(qName))
|
||||
@ -413,7 +450,7 @@ public final class CasaIdentityToken implements IdentityToken
|
||||
break;
|
||||
|
||||
default:
|
||||
System.err.println("CasaIdentityToken SAXHandler.startElement()- State error");
|
||||
System.err.println("CasaIdentityToken SAXHandler.endElement()- State error");
|
||||
throw new SAXException("State error");
|
||||
}
|
||||
}
|
||||
@ -498,6 +535,49 @@ public final class CasaIdentityToken implements IdentityToken
|
||||
m_state = AWAITING_ATTRIBUTE_END;
|
||||
break;
|
||||
|
||||
case AWAITING_ATTRIBUTE_END:
|
||||
// Consume the data
|
||||
//
|
||||
// Decrypt the attribute data if necessary
|
||||
if (m_encryptedAttrs)
|
||||
{
|
||||
// tbd - Decrypt the attribute key and value with the private key of the service
|
||||
// using the configured mechanism.
|
||||
}
|
||||
else
|
||||
{
|
||||
// Append the data to what we have already consumed
|
||||
Attribute attrib = m_casaIdentToken.m_attributes.remove(m_currAttribute);
|
||||
if (attrib != null)
|
||||
{
|
||||
try
|
||||
{
|
||||
String attribData = (String) attrib.get();
|
||||
if (attribData != null)
|
||||
{
|
||||
m_casaIdentToken.m_attributes.put(m_currAttribute,
|
||||
attribData.concat(new String(ch, start, length)));
|
||||
}
|
||||
else
|
||||
{
|
||||
System.err.println("CasaIdentityToken SAXHandler.characters()- Attribute data not found");
|
||||
throw new SAXException("Attribute data not found");
|
||||
}
|
||||
}
|
||||
catch (NamingException e)
|
||||
{
|
||||
System.err.println("CasaIdentityToken SAXHandler.characters()- Attribute data not found");
|
||||
throw new SAXException("Attribute data not found");
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
System.err.println("CasaIdentityToken SAXHandler.characters()- Attribute not found");
|
||||
throw new SAXException("Attribute not found");
|
||||
}
|
||||
}
|
||||
break;
|
||||
|
||||
case AWAITING_BINARY_ATTRIBUTE_DATA:
|
||||
// Consume the data
|
||||
//
|
||||
@ -509,14 +589,63 @@ public final class CasaIdentityToken implements IdentityToken
|
||||
}
|
||||
else
|
||||
{
|
||||
// The data is base64 encoded
|
||||
// We are dealing with base64 encoded data
|
||||
char[] encodedChars = new char[length];
|
||||
System.arraycopy(ch, start, encodedChars, 0, length);
|
||||
m_casaIdentToken.m_attributes.put(m_currAttribute, Base64Coder.decode(encodedChars));
|
||||
m_casaIdentToken.m_attributes.put(m_currAttribute, encodedChars);
|
||||
}
|
||||
|
||||
// Advance to the next state
|
||||
m_state = AWAITING_ATTRIBUTE_END;
|
||||
m_state = AWAITING_BINARY_ATTRIBUTE_END;
|
||||
break;
|
||||
|
||||
case AWAITING_BINARY_ATTRIBUTE_END:
|
||||
// Consume the data
|
||||
//
|
||||
// Decrypt the attribute data if necessary
|
||||
if (m_encryptedAttrs)
|
||||
{
|
||||
// tbd - Decrypt the attribute key and value with the private key of the service
|
||||
// using the configured mechanism.
|
||||
}
|
||||
else
|
||||
{
|
||||
// Append the data to what we have already consumed
|
||||
Attribute attrib = m_casaIdentToken.m_attributes.remove(m_currAttribute);
|
||||
if (attrib != null)
|
||||
{
|
||||
try
|
||||
{
|
||||
// We are dealing with base64 encoded data
|
||||
char[] consumedData = (char[]) attrib.get();
|
||||
if (consumedData != null)
|
||||
{
|
||||
char[] encodedChars = new char[consumedData.length + length];
|
||||
System.arraycopy(consumedData, 0, encodedChars, 0, consumedData.length);
|
||||
System.arraycopy(ch, start, encodedChars, consumedData.length, length);
|
||||
m_casaIdentToken.m_attributes.put(m_currAttribute, encodedChars);
|
||||
}
|
||||
else
|
||||
{
|
||||
System.err.println("CasaIdentityToken SAXHandler.characters()- Attribute data not found");
|
||||
throw new SAXException("Attribute data not found");
|
||||
}
|
||||
}
|
||||
catch (NamingException e)
|
||||
{
|
||||
System.err.println("CasaIdentityToken SAXHandler.characters()- Attribute data not found");
|
||||
throw new SAXException("Attribute data not found");
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
System.err.println("CasaIdentityToken SAXHandler.characters()- Attribute not found");
|
||||
throw new SAXException("Attribute not found");
|
||||
}
|
||||
}
|
||||
|
||||
// Advance to the next state
|
||||
m_state = AWAITING_BINARY_ATTRIBUTE_END;
|
||||
break;
|
||||
|
||||
default:
|
||||
@ -643,13 +772,13 @@ public final class CasaIdentityToken implements IdentityToken
|
||||
}
|
||||
catch (NamingException e)
|
||||
{
|
||||
// tbd - Log the event???
|
||||
System.err.println("CasaIdentityToken.initialize()- Exception: " + e.getExplanation());
|
||||
throw new Exception("Error obtaining identity data for token");
|
||||
}
|
||||
catch (Exception e)
|
||||
{
|
||||
// tbd
|
||||
System.err.println("CasaIdentityToken.initialize()- Exception: " + e.toString());
|
||||
System.err.println("CasaIdentityToken.initialize()- Exception: " + e.toString());
|
||||
throw new Exception("Error obtaining identity data for token");
|
||||
}
|
||||
}
|
||||
|
||||
@ -665,6 +794,7 @@ public final class CasaIdentityToken implements IdentityToken
|
||||
m_token = Base64Coder.decode(encodedToken);
|
||||
|
||||
// Now parse the token into its elements
|
||||
ByteArrayInputStream inStream = null;
|
||||
try
|
||||
{
|
||||
// Parse the AuthReqMsg
|
||||
@ -673,8 +803,7 @@ public final class CasaIdentityToken implements IdentityToken
|
||||
xr.setContentHandler(handler);
|
||||
xr.setErrorHandler(handler);
|
||||
|
||||
|
||||
ByteArrayInputStream inStream = new ByteArrayInputStream(m_token.getBytes());
|
||||
inStream = new ByteArrayInputStream(m_token.getBytes());
|
||||
InputSource source = new InputSource(inStream);
|
||||
xr.parse(source);
|
||||
}
|
||||
@ -684,6 +813,20 @@ public final class CasaIdentityToken implements IdentityToken
|
||||
System.err.println("CasaIdentityToken()- Parse exception: " + e.toString());
|
||||
throw new Exception("Token error");
|
||||
}
|
||||
finally
|
||||
{
|
||||
if (inStream != null)
|
||||
{
|
||||
try
|
||||
{
|
||||
inStream.close();
|
||||
}
|
||||
catch (IOException e)
|
||||
{
|
||||
// Do nothing
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@ -716,7 +859,6 @@ public final class CasaIdentityToken implements IdentityToken
|
||||
*/
|
||||
public final String getProviderType () throws Exception
|
||||
{
|
||||
// tbd - Change to a GUID
|
||||
return "CasaIdentityToken";
|
||||
}
|
||||
|
||||
|
@ -106,13 +106,13 @@ public final class EnabledSvcsConfig
|
||||
try
|
||||
{
|
||||
// Try to obtain the default authentication policy
|
||||
FileInputStream inStream = null;
|
||||
try
|
||||
{
|
||||
File f = new File(configFolder, m_authPolicyFileName);
|
||||
m_defaultAuthPolicyData = new byte[(int) f.length()];
|
||||
FileInputStream inStream = new FileInputStream(f);
|
||||
inStream = new FileInputStream(f);
|
||||
int bytesRead = inStream.read(m_defaultAuthPolicyData);
|
||||
inStream.close();
|
||||
if (bytesRead != m_defaultAuthPolicyData.length)
|
||||
{
|
||||
System.err.println("EnabledSvcsConfig()- Error reading default policy file");
|
||||
@ -130,6 +130,20 @@ public final class EnabledSvcsConfig
|
||||
{
|
||||
System.err.println("EnabledSvcsConfig()- IOException reading " + configFolder + File.separator + m_authPolicyFileName + " Exception=" + e.toString());
|
||||
}
|
||||
finally
|
||||
{
|
||||
if (inStream != null)
|
||||
{
|
||||
try
|
||||
{
|
||||
inStream.close();
|
||||
}
|
||||
catch (IOException e)
|
||||
{
|
||||
// Do nothing
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Try to obtain the default authentication token settings
|
||||
try
|
||||
@ -199,14 +213,14 @@ public final class EnabledSvcsConfig
|
||||
byte[] authPolicyData = null;
|
||||
AuthTokenConfig authTokenConfig = null;
|
||||
IdenTokenConfig idenTokenConfig = null;
|
||||
inStream = null;
|
||||
|
||||
try
|
||||
{
|
||||
File policyFile = new File(serviceFolder, m_authPolicyFileName);
|
||||
authPolicyData = new byte[(int) policyFile.length()];
|
||||
FileInputStream inStream = new FileInputStream(policyFile);
|
||||
inStream = new FileInputStream(policyFile);
|
||||
int bytesRead = inStream.read(authPolicyData);
|
||||
inStream.close();
|
||||
if (bytesRead != authPolicyData.length)
|
||||
{
|
||||
System.err.println("EnabledSvcsConfig()- Error reading policy file for " + servicesConfigFolderObjs[i] + " " + hostFolderObjs[ii]);
|
||||
@ -224,6 +238,20 @@ public final class EnabledSvcsConfig
|
||||
{
|
||||
System.err.println("EnabledSvcsConfig()- IOException reading " + serviceFolder + File.separator + m_authPolicyFileName + " Exception=" + e.toString());
|
||||
}
|
||||
finally
|
||||
{
|
||||
if (inStream != null)
|
||||
{
|
||||
try
|
||||
{
|
||||
inStream.close();
|
||||
}
|
||||
catch (IOException e)
|
||||
{
|
||||
// Do nothing
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
try
|
||||
{
|
||||
|
@ -217,7 +217,7 @@ public final class GetAuthPolicyReqMsg
|
||||
break;
|
||||
|
||||
default:
|
||||
System.err.println("GetAuthPolicyReqMsg SAXHandler.startElement()- State error");
|
||||
System.err.println("GetAuthPolicyReqMsg SAXHandler.endElement()- State error");
|
||||
throw new SAXException("State error");
|
||||
}
|
||||
}
|
||||
|
@ -72,7 +72,7 @@ public final class GetAuthTokReqMsg
|
||||
private final static int DONE_PARSING = 11;
|
||||
|
||||
private final GetAuthTokReqMsg m_GetAuthTokReqMsg;
|
||||
private int m_state;
|
||||
private int m_state;
|
||||
|
||||
/**
|
||||
* Constructor.
|
||||
@ -250,7 +250,7 @@ public final class GetAuthTokReqMsg
|
||||
break;
|
||||
|
||||
default:
|
||||
System.err.println("GetAuthTokReqMsg SAXHandler.startElement()- State error");
|
||||
System.err.println("GetAuthTokReqMsg SAXHandler.endElement()- State error");
|
||||
throw new SAXException("State error");
|
||||
}
|
||||
}
|
||||
|
@ -81,11 +81,11 @@ public final class GetAuthToken implements RpcMethod
|
||||
if (m_enabledSvcsConfig.svcEnabled(getAuthTokReqMsg.getHostName(),
|
||||
getAuthTokReqMsg.getServiceName()))
|
||||
{
|
||||
// Now create a session token (This validates the session token provided).
|
||||
SessionToken sessionToken = new SessionToken(getAuthTokReqMsg.getSessionToken());
|
||||
|
||||
try
|
||||
{
|
||||
// Now create a session token (This validates the session token provided).
|
||||
SessionToken sessionToken = new SessionToken(getAuthTokReqMsg.getSessionToken());
|
||||
|
||||
// Create the Authentication Token
|
||||
AuthToken authToken = new AuthToken(sessionToken.getIdentId(),
|
||||
sessionToken.getRealm(),
|
||||
|
@ -51,156 +51,6 @@ public final class IdenTokenConfig
|
||||
private final Map<String,String> m_tokenSettingsMap;
|
||||
private String[] m_identityAttributes;
|
||||
|
||||
/**
|
||||
* Class for handling parsing events.
|
||||
*/
|
||||
private static final class SAXHandler extends org.xml.sax.helpers.DefaultHandler
|
||||
{
|
||||
private final static int AWAITING_ROOT_ELEMENT_START = 0;
|
||||
private final static int AWAITING_SETTING_ELEMENT_START = 1;
|
||||
private final static int AWAITING_SETTING_ELEMENT_DATA = 2;
|
||||
private final static int AWAITING_SETTING_ELEMENT_END = 3;
|
||||
private final static int DONE_PARSING = 4;
|
||||
|
||||
private final static String m_rootElementName = "settings";
|
||||
|
||||
private final Map<String,String> m_keyMap;
|
||||
private int m_state;
|
||||
private String m_currentKey;
|
||||
|
||||
/**
|
||||
* Constructor.
|
||||
*
|
||||
* @param keyMap Key/Value map.
|
||||
*/
|
||||
public SAXHandler(Map<String,String> keyMap)
|
||||
{
|
||||
super();
|
||||
|
||||
// Initialize our members
|
||||
m_keyMap = keyMap;
|
||||
m_state = AWAITING_ROOT_ELEMENT_START;
|
||||
}
|
||||
|
||||
/**
|
||||
* endDocument() implementation.
|
||||
*
|
||||
* @throws SAXException
|
||||
*/
|
||||
public final void endDocument () throws SAXException
|
||||
{
|
||||
// Verify that we are not in an invalid state
|
||||
if (m_state != DONE_PARSING)
|
||||
{
|
||||
System.err.println("IdenTokenConfig SAXHandler.endDocument()- Invalid state" + m_state);
|
||||
throw new SAXException("Invalid state at endDocument");
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* startElement() implementation.
|
||||
*
|
||||
* @param uri Uri.
|
||||
* @param name Local name.
|
||||
* @param qName Qualified name.
|
||||
* @param atts Attributes.
|
||||
* @throws SAXException
|
||||
*/
|
||||
public final void startElement (String uri, String name, String qName, org.xml.sax.Attributes atts) throws SAXException
|
||||
{
|
||||
// Proceed based on our state
|
||||
switch (m_state)
|
||||
{
|
||||
case AWAITING_ROOT_ELEMENT_START:
|
||||
// Verify that we are processing the expected tag
|
||||
if (m_rootElementName.equals(qName))
|
||||
{
|
||||
// Advance to the next state
|
||||
m_state = AWAITING_SETTING_ELEMENT_START;
|
||||
}
|
||||
else
|
||||
{
|
||||
System.err.println("IdenTokenConfig SAXHandler.startElement()- Un-expected element");
|
||||
throw new SAXException("Un-expected element");
|
||||
}
|
||||
break;
|
||||
|
||||
case AWAITING_SETTING_ELEMENT_START:
|
||||
// Keep track of the key name
|
||||
m_currentKey = qName;
|
||||
|
||||
// Advance to the next state
|
||||
m_state = AWAITING_SETTING_ELEMENT_DATA;
|
||||
break;
|
||||
|
||||
default:
|
||||
System.err.println("IdenTokenConfig SAXHandler.startElement()- Invalid state " + m_state);
|
||||
throw new SAXException("Invalid state at startElement");
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* endElement() implementation.
|
||||
*
|
||||
* @param uri Uri.
|
||||
* @param name Local name.
|
||||
* @param qName Qualified name.
|
||||
* @throws SAXException
|
||||
*/
|
||||
public final void endElement (String uri, String name, String qName) throws SAXException
|
||||
{
|
||||
// Proceed based on our state
|
||||
switch (m_state)
|
||||
{
|
||||
case AWAITING_SETTING_ELEMENT_DATA:
|
||||
case AWAITING_SETTING_ELEMENT_END:
|
||||
// Advance to the next state
|
||||
m_state = AWAITING_SETTING_ELEMENT_START;
|
||||
break;
|
||||
|
||||
case AWAITING_SETTING_ELEMENT_START:
|
||||
// Verify that we are processing the expected tag
|
||||
if (m_rootElementName.equals(qName))
|
||||
{
|
||||
// Advance to the next state
|
||||
m_state = DONE_PARSING;
|
||||
}
|
||||
else
|
||||
{
|
||||
System.err.println("IdenTokenConfig SAXHandler.endElement()- Un-expected element");
|
||||
throw new SAXException("Un-expected element");
|
||||
}
|
||||
break;
|
||||
|
||||
default:
|
||||
System.err.println("IdenTokenConfig SAXHandler.endElement()- Invalid state " + m_state);
|
||||
throw new SAXException("Invalid state at endElement");
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* character() implementation.
|
||||
*
|
||||
* @param ch Characters with element data.
|
||||
* @param start Start position in the character array.
|
||||
* @param length Number of characters to use in the array.
|
||||
* @throws SAXException
|
||||
*/
|
||||
public final void characters (char ch[], int start, int length) throws SAXException
|
||||
{
|
||||
// Consume the data if in the right state
|
||||
if (m_state == AWAITING_SETTING_ELEMENT_DATA)
|
||||
{
|
||||
// Consume the data and add the key to map
|
||||
// tbd - Add code to aggregate attributes specified as multiple elements
|
||||
m_keyMap.put(m_currentKey, new String(ch, start, length));
|
||||
|
||||
// Advance to the next state
|
||||
m_state = AWAITING_SETTING_ELEMENT_END;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Constructor which sets default configuration values.
|
||||
*/
|
||||
@ -228,23 +78,22 @@ public final class IdenTokenConfig
|
||||
// Create a map to keep track of the token settings
|
||||
m_tokenSettingsMap = new HashMap<String, String>();
|
||||
|
||||
FileInputStream inStream = null;
|
||||
try
|
||||
{
|
||||
// Get an input stream to read from the token settings file
|
||||
File f = new File(idenTokenSettingsFileName);
|
||||
FileInputStream inStream = new FileInputStream(f);
|
||||
inStream = new FileInputStream(f);
|
||||
|
||||
// Parse the file
|
||||
XMLReader xr = XMLReaderFactory.createXMLReader();
|
||||
SAXHandler handler = new SAXHandler(m_tokenSettingsMap);
|
||||
SettingsFileSAXHandler handler = new SettingsFileSAXHandler(m_tokenSettingsMap);
|
||||
xr.setContentHandler(handler);
|
||||
xr.setErrorHandler(handler);
|
||||
|
||||
InputSource source = new InputSource(inStream);
|
||||
xr.parse(source);
|
||||
|
||||
inStream.close();
|
||||
|
||||
// Process the specified attributes
|
||||
if (m_tokenSettingsMap.containsKey(Attributes) == false)
|
||||
{
|
||||
@ -274,6 +123,20 @@ public final class IdenTokenConfig
|
||||
System.err.println("IdenTokenConfig()- IOException accessing " + idenTokenSettingsFileName + " Exception=" + e.toString());
|
||||
throw new Exception("IdenTokenConfig()- Read error");
|
||||
}
|
||||
finally
|
||||
{
|
||||
if (inStream != null)
|
||||
{
|
||||
try
|
||||
{
|
||||
inStream.close();
|
||||
}
|
||||
catch (IOException e)
|
||||
{
|
||||
// Do nothing
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -84,12 +84,10 @@ public final class Krb5Authenticate implements AuthMechanism, Serializable
|
||||
* @param parent Associated Krb5Authenticate object.
|
||||
* @throws Exception
|
||||
*/
|
||||
public Krb5Token(String encodedToken, Krb5Authenticate parent) throws Exception
|
||||
public Krb5Token(char[] encodedToken, Krb5Authenticate parent) throws Exception
|
||||
{
|
||||
// Decode the token
|
||||
char[] tokenChars = new char[encodedToken.length()];
|
||||
encodedToken.getChars(0, tokenChars.length, tokenChars, 0);
|
||||
byte[] tokenBytes = Base64Coder.decode(tokenChars);
|
||||
byte[] tokenBytes = Base64Coder.decode(encodedToken);
|
||||
|
||||
try
|
||||
{
|
||||
@ -227,9 +225,9 @@ public final class Krb5Authenticate implements AuthMechanism, Serializable
|
||||
|
||||
// Perform the search
|
||||
NamingEnumeration<SearchResult> answer = ctx.search(searchContext,
|
||||
"(krbPrincipalName={0})",
|
||||
new String[] {krb5Token.getPrincipalName()},
|
||||
controls);
|
||||
"(krbPrincipalName={0})",
|
||||
new String[] {krb5Token.getPrincipalName()},
|
||||
controls);
|
||||
|
||||
// Proceed based on the result of the search
|
||||
if (answer.hasMore())
|
||||
|
@ -55,6 +55,7 @@ JAVAFILES = ProtoDefs.java \
|
||||
IdenTokenSettingsEditor.java \
|
||||
IVerifySetting.java \
|
||||
SettingsFileUtil.java \
|
||||
SettingsFileSAXHandler.java \
|
||||
SvcSettingsEditor.java
|
||||
|
||||
EXTRA_DIST = $(JAVAFILES) \
|
||||
|
@ -73,18 +73,40 @@ public final class PwdAuthenticate implements AuthMechanism, Serializable
|
||||
* @param encodedToken Base64 encoded password token.
|
||||
* @throws IOException
|
||||
*/
|
||||
public PwToken(String encodedToken) throws IOException
|
||||
public PwToken(char[] encodedToken) throws IOException
|
||||
{
|
||||
// Decode the token
|
||||
String token = Base64Coder.decode(encodedToken);
|
||||
BufferedReader tokenReader = null;
|
||||
|
||||
BufferedReader tokenReader = new BufferedReader(new StringReader(token));
|
||||
try
|
||||
{
|
||||
// Decode the token
|
||||
byte[] tokenBytes = Base64Coder.decode(encodedToken);
|
||||
|
||||
// The second line contains the "username"
|
||||
m_username = tokenReader.readLine();
|
||||
// Unfortunately the password has to be passed to JNDI as a String. Given this,
|
||||
// we are going to go ahead and convert the token to a String to facilitate
|
||||
// the parsing operation..
|
||||
tokenReader = new BufferedReader(new StringReader(tokenBytes.toString()));
|
||||
|
||||
// The third line contains the "password"
|
||||
m_password = tokenReader.readLine();
|
||||
// The first line contains the "username"
|
||||
m_username = tokenReader.readLine();
|
||||
|
||||
// The second line contains the "password"
|
||||
m_password = tokenReader.readLine();
|
||||
}
|
||||
finally
|
||||
{
|
||||
if (tokenReader != null)
|
||||
{
|
||||
try
|
||||
{
|
||||
tokenReader.close();
|
||||
}
|
||||
catch (Exception e)
|
||||
{
|
||||
// Do nothing
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -64,7 +64,7 @@ public final class Rpc extends javax.servlet.http.HttpServlet implements javax.s
|
||||
private final class ReconfigureThread implements Runnable
|
||||
{
|
||||
private final Rpc m_rpc;
|
||||
private boolean m_run = true;
|
||||
private volatile boolean m_run = true;
|
||||
|
||||
/**
|
||||
* Constructor.
|
||||
@ -269,14 +269,17 @@ public final class Rpc extends javax.servlet.http.HttpServlet implements javax.s
|
||||
*/
|
||||
protected void doPost (HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
|
||||
{
|
||||
// Get ready to send back a reply
|
||||
response.setContentType("text/html");
|
||||
PrintWriter out = response.getWriter();
|
||||
PrintWriter out = null;
|
||||
InputStream inStream = null;
|
||||
|
||||
try
|
||||
{
|
||||
// Get ready to send back a reply
|
||||
response.setContentType("text/html");
|
||||
out = response.getWriter();
|
||||
|
||||
// Obtain the input stream and execute the requested method
|
||||
InputStream inStream = request.getInputStream();
|
||||
inStream = request.getInputStream();
|
||||
|
||||
String requestedMethod = request.getParameter("method");
|
||||
if (requestedMethod != null)
|
||||
@ -308,8 +311,32 @@ public final class Rpc extends javax.servlet.http.HttpServlet implements javax.s
|
||||
System.err.println("Rpc.doPost()- Exception caught: " + e.toString());
|
||||
response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
|
||||
}
|
||||
finally
|
||||
{
|
||||
if (out != null)
|
||||
{
|
||||
try
|
||||
{
|
||||
out.flush();
|
||||
out.close();
|
||||
}
|
||||
catch (Exception e)
|
||||
{
|
||||
// Do nothing
|
||||
}
|
||||
}
|
||||
|
||||
// Done sending out the reply
|
||||
out.close();
|
||||
if (inStream != null)
|
||||
{
|
||||
try
|
||||
{
|
||||
inStream.close();
|
||||
}
|
||||
catch (IOException e)
|
||||
{
|
||||
// Do nothing
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
@ -98,10 +98,28 @@ public final class SessionToken
|
||||
svcConfig);
|
||||
|
||||
// Now save the message as a string
|
||||
OutputStream outStream = new ByteArrayOutputStream();
|
||||
sessionTokenMessage.writeTo(outStream);
|
||||
m_token = outStream.toString();
|
||||
outStream.close();
|
||||
OutputStream outStream = null;
|
||||
try
|
||||
{
|
||||
outStream = new ByteArrayOutputStream();
|
||||
sessionTokenMessage.writeTo(outStream);
|
||||
m_token = outStream.toString();
|
||||
}
|
||||
finally
|
||||
{
|
||||
if (outStream != null)
|
||||
{
|
||||
try
|
||||
{
|
||||
outStream.flush();
|
||||
outStream.close();
|
||||
}
|
||||
catch (Exception e)
|
||||
{
|
||||
// Do nothing
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@ -113,48 +131,67 @@ public final class SessionToken
|
||||
*/
|
||||
public SessionToken(String token) throws Exception
|
||||
{
|
||||
// Decode the token string
|
||||
m_token = Base64Coder.decode(token);
|
||||
InputStream inStream = null;
|
||||
|
||||
// Now instantiate a SOAP message with the string
|
||||
InputStream inStream = new ByteArrayInputStream(m_token.getBytes());
|
||||
Message message = new Message(inStream);
|
||||
|
||||
// Get access to the SOAP Envelope
|
||||
SOAPEnvelope envelope = message.getSOAPEnvelope();
|
||||
|
||||
// Verify the message
|
||||
if (WSSecurity.verifyMessage(envelope))
|
||||
try
|
||||
{
|
||||
// Message verification succeded, now obtain the realm and identity id
|
||||
// from the message body.
|
||||
SOAPBody body = (SOAPBody) envelope.getBody();
|
||||
QName sessionTokenElementName = new QName("session_token");
|
||||
MessageElement sessionTokenElement = body.getChildElement(sessionTokenElementName);
|
||||
QName realmElementName = new QName("realm");
|
||||
MessageElement realmElement = sessionTokenElement.getChildElement(realmElementName);
|
||||
if (realmElement != null)
|
||||
{
|
||||
m_realm = realmElement.getChildNodes().item(0).getNodeValue();
|
||||
}
|
||||
QName identIdElementName = new QName("ident_id");
|
||||
MessageElement identIdElement = sessionTokenElement.getChildElement(identIdElementName);
|
||||
if (identIdElement != null)
|
||||
{
|
||||
m_id = identIdElement.getChildNodes().item(0).getNodeValue();
|
||||
}
|
||||
// Decode the token string
|
||||
m_token = Base64Coder.decode(token);
|
||||
|
||||
if (m_realm == null || m_id == null)
|
||||
// Now instantiate a SOAP message with the string
|
||||
inStream = new ByteArrayInputStream(m_token.getBytes());
|
||||
Message message = new Message(inStream);
|
||||
|
||||
// Get access to the SOAP Envelope
|
||||
SOAPEnvelope envelope = message.getSOAPEnvelope();
|
||||
|
||||
// Verify the message
|
||||
if (WSSecurity.verifyMessage(envelope))
|
||||
{
|
||||
System.out.println("SessionToken()- Required data missing from session token");
|
||||
throw new Exception("Error: Required data missing from session Token");
|
||||
// Message verification succeded, now obtain the realm and identity id
|
||||
// from the message body.
|
||||
SOAPBody body = (SOAPBody) envelope.getBody();
|
||||
QName sessionTokenElementName = new QName("session_token");
|
||||
MessageElement sessionTokenElement = body.getChildElement(sessionTokenElementName);
|
||||
QName realmElementName = new QName("realm");
|
||||
MessageElement realmElement = sessionTokenElement.getChildElement(realmElementName);
|
||||
if (realmElement != null)
|
||||
{
|
||||
m_realm = realmElement.getChildNodes().item(0).getNodeValue();
|
||||
}
|
||||
QName identIdElementName = new QName("ident_id");
|
||||
MessageElement identIdElement = sessionTokenElement.getChildElement(identIdElementName);
|
||||
if (identIdElement != null)
|
||||
{
|
||||
m_id = identIdElement.getChildNodes().item(0).getNodeValue();
|
||||
}
|
||||
|
||||
if (m_realm == null || m_id == null)
|
||||
{
|
||||
System.out.println("SessionToken()- Required data missing from session token");
|
||||
throw new Exception("Error: Required data missing from session Token");
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
// Message verification failed
|
||||
System.err.println("SessionToken()- Invalid Session Token");
|
||||
throw new Exception("Invalid Session Token");
|
||||
}
|
||||
}
|
||||
else
|
||||
finally
|
||||
{
|
||||
// Message verification failed
|
||||
System.err.println("SessionToken()- Invalid Session Token");
|
||||
throw new Exception("Invalid Session Token");
|
||||
if (inStream != null)
|
||||
{
|
||||
try
|
||||
{
|
||||
inStream.close();
|
||||
}
|
||||
catch (IOException e)
|
||||
{
|
||||
// Do nothing
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -173,13 +210,14 @@ public final class SessionToken
|
||||
SvcConfig svcConfig)
|
||||
{
|
||||
Message secureMessage;
|
||||
InputStream inStream = null;
|
||||
|
||||
try
|
||||
{
|
||||
// Build SOAP Message with an identity token in the body
|
||||
//
|
||||
// First create a message and obtain its body
|
||||
InputStream inStream = new ByteArrayInputStream(sessionTokenSoapMsg.getBytes());
|
||||
inStream = new ByteArrayInputStream(sessionTokenSoapMsg.getBytes());
|
||||
Message message = new Message(inStream);
|
||||
message.setMessageContext(axisMsgContext);
|
||||
SOAPBody body = (SOAPBody) message.getSOAPBody();
|
||||
@ -211,6 +249,20 @@ public final class SessionToken
|
||||
System.out.println("SessionToken.getMessage() - Exception caught building message, error: " + e.getMessage());
|
||||
secureMessage = null;
|
||||
}
|
||||
finally
|
||||
{
|
||||
if (inStream != null)
|
||||
{
|
||||
try
|
||||
{
|
||||
inStream.close();
|
||||
}
|
||||
catch (IOException e)
|
||||
{
|
||||
// Do nothing
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return secureMessage;
|
||||
}
|
||||
|
@ -0,0 +1,196 @@
|
||||
/***********************************************************************
|
||||
*
|
||||
* Copyright (C) 2006 Novell, Inc. All Rights Reserved.
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
* License as published by the Free Software Foundation; version 2.1
|
||||
* of the License.
|
||||
*
|
||||
* This library is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* Library Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Lesser General Public
|
||||
* License along with this library; if not, Novell, Inc.
|
||||
*
|
||||
* To contact Novell about this file by physical or electronic mail,
|
||||
* you may find current contact information at www.novell.com.
|
||||
*
|
||||
* Author: Juan Carlos Luciani <jluciani@novell.com>
|
||||
*
|
||||
***********************************************************************/
|
||||
|
||||
package com.novell.casa.authtoksvc;
|
||||
|
||||
import java.util.*;
|
||||
|
||||
import org.xml.sax.SAXException;
|
||||
|
||||
/**
|
||||
* Settings file SAXHandler Class.
|
||||
* <p>
|
||||
* This class provides a SAXHandler for parsing .settings files.
|
||||
*
|
||||
*/
|
||||
public final class SettingsFileSAXHandler extends org.xml.sax.helpers.DefaultHandler
|
||||
{
|
||||
private final static int AWAITING_ROOT_ELEMENT_START = 0;
|
||||
private final static int AWAITING_SETTING_ELEMENT_START = 1;
|
||||
private final static int AWAITING_SETTING_ELEMENT_DATA = 2;
|
||||
private final static int AWAITING_SETTING_ELEMENT_END = 3;
|
||||
private final static int DONE_PARSING = 4;
|
||||
|
||||
private final static String m_rootElementName = "settings";
|
||||
|
||||
private final Map<String,String> m_keyMap;
|
||||
private int m_state;
|
||||
private String m_currentKey;
|
||||
|
||||
/**
|
||||
* Constructor.
|
||||
*
|
||||
* @param keyMap Key/Value map.
|
||||
*/
|
||||
public SettingsFileSAXHandler(Map<String,String> keyMap)
|
||||
{
|
||||
super();
|
||||
|
||||
// Initialize our members
|
||||
m_keyMap = keyMap;
|
||||
m_state = AWAITING_ROOT_ELEMENT_START;
|
||||
}
|
||||
|
||||
/**
|
||||
* endDocument() implementation.
|
||||
*
|
||||
* @throws SAXException
|
||||
*/
|
||||
public final void endDocument () throws SAXException
|
||||
{
|
||||
// Verify that we are not in an invalid state
|
||||
if (m_state != DONE_PARSING)
|
||||
{
|
||||
System.err.println("SettingsFileSAXHandler.endDocument()- Invalid state" + m_state);
|
||||
throw new SAXException("Invalid state at endDocument");
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* startElement() implementation.
|
||||
*
|
||||
* @param uri Uri.
|
||||
* @param name Local name.
|
||||
* @param qName Qualified name.
|
||||
* @param atts Attributes.
|
||||
* @throws SAXException
|
||||
*/
|
||||
public final void startElement (String uri, String name, String qName, org.xml.sax.Attributes atts) throws SAXException
|
||||
{
|
||||
// Proceed based on our state
|
||||
switch (m_state)
|
||||
{
|
||||
case AWAITING_ROOT_ELEMENT_START:
|
||||
// Verify that we are processing the expected tag
|
||||
if (m_rootElementName.equals(qName))
|
||||
{
|
||||
// Advance to the next state
|
||||
m_state = AWAITING_SETTING_ELEMENT_START;
|
||||
}
|
||||
else
|
||||
{
|
||||
System.err.println("SettingsFileSAXHandler.startElement()- Un-expected element");
|
||||
throw new SAXException("Un-expected element");
|
||||
}
|
||||
break;
|
||||
|
||||
case AWAITING_SETTING_ELEMENT_START:
|
||||
// Keep track of the key name
|
||||
m_currentKey = qName;
|
||||
|
||||
// Advance to the next state
|
||||
m_state = AWAITING_SETTING_ELEMENT_DATA;
|
||||
break;
|
||||
|
||||
default:
|
||||
System.err.println("SettingsFileSAXHandler.startElement()- Invalid state " + m_state);
|
||||
throw new SAXException("Invalid state at startElement");
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* endElement() implementation.
|
||||
*
|
||||
* @param uri Uri.
|
||||
* @param name Local name.
|
||||
* @param qName Qualified name.
|
||||
* @throws SAXException
|
||||
*/
|
||||
public final void endElement (String uri, String name, String qName) throws SAXException
|
||||
{
|
||||
// Proceed based on our state
|
||||
switch (m_state)
|
||||
{
|
||||
case AWAITING_SETTING_ELEMENT_DATA:
|
||||
case AWAITING_SETTING_ELEMENT_END:
|
||||
// Advance to the next state
|
||||
m_state = AWAITING_SETTING_ELEMENT_START;
|
||||
break;
|
||||
|
||||
case AWAITING_SETTING_ELEMENT_START:
|
||||
// Verify that we are processing the expected tag
|
||||
if (m_rootElementName.equals(qName))
|
||||
{
|
||||
// Advance to the next state
|
||||
m_state = DONE_PARSING;
|
||||
}
|
||||
else
|
||||
{
|
||||
System.err.println("SettingsFileSAXHandler.endElement()- Un-expected element");
|
||||
throw new SAXException("Un-expected element");
|
||||
}
|
||||
break;
|
||||
|
||||
default:
|
||||
System.err.println("SettingsFileSAXHandler.endElement()- Invalid state " + m_state);
|
||||
throw new SAXException("Invalid state at endElement");
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* character() implementation.
|
||||
*
|
||||
* @param ch Characters with element data.
|
||||
* @param start Start position in the character array.
|
||||
* @param length Number of characters to use in the array.
|
||||
* @throws SAXException
|
||||
*/
|
||||
public final void characters (char ch[], int start, int length) throws SAXException
|
||||
{
|
||||
// Consume the data if in the right state
|
||||
if (m_state == AWAITING_SETTING_ELEMENT_DATA)
|
||||
{
|
||||
// Consume the data and add the key to map
|
||||
m_keyMap.put(m_currentKey, new String(ch, start, length));
|
||||
|
||||
// Advance to the next state
|
||||
m_state = AWAITING_SETTING_ELEMENT_END;
|
||||
}
|
||||
else if (m_state == AWAITING_SETTING_ELEMENT_END)
|
||||
{
|
||||
// Concat this data to the setting data that we have already consumed
|
||||
String settingData = m_keyMap.remove(m_currentKey);
|
||||
if (settingData != null)
|
||||
{
|
||||
// Consume the data and add the key to map
|
||||
m_keyMap.put(m_currentKey, settingData.concat(new String(ch, start, length)));
|
||||
}
|
||||
else
|
||||
{
|
||||
System.err.println("SettingsFileSAXHandler.characters()- Settings data not found");
|
||||
throw new SAXException("Settings data not found");
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
@ -53,19 +53,18 @@ public final class SettingsFileUtil
|
||||
private static Document getSettingsFileDoc(String filePath)
|
||||
{
|
||||
Document doc;
|
||||
FileInputStream inStream = null;
|
||||
|
||||
try
|
||||
{
|
||||
// Get an input stream to read from settings file
|
||||
File f = new File(filePath);
|
||||
FileInputStream inStream = new FileInputStream(f);
|
||||
inStream = new FileInputStream(f);
|
||||
InputSource source = new InputSource(inStream);
|
||||
|
||||
DOMParser parser = new DOMParser();
|
||||
parser.parse(source);
|
||||
doc = parser.getDocument();
|
||||
|
||||
inStream.close();
|
||||
}
|
||||
catch (FileNotFoundException e)
|
||||
{
|
||||
@ -87,6 +86,20 @@ public final class SettingsFileUtil
|
||||
System.err.println("Settings file " + filePath + " format error");
|
||||
doc = null;
|
||||
}
|
||||
finally
|
||||
{
|
||||
if (inStream != null)
|
||||
{
|
||||
try
|
||||
{
|
||||
inStream.close();
|
||||
}
|
||||
catch (IOException e)
|
||||
{
|
||||
// Do nothing
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return doc;
|
||||
}
|
||||
@ -100,21 +113,35 @@ public final class SettingsFileUtil
|
||||
private static Document getSettingsDoc(String settings)
|
||||
{
|
||||
Document doc = null;
|
||||
StringReader reader = null;
|
||||
|
||||
try
|
||||
{
|
||||
StringReader reader = new StringReader(settings);
|
||||
reader = new StringReader(settings);
|
||||
InputSource source = new InputSource(reader);
|
||||
|
||||
DOMParser parser = new DOMParser();
|
||||
parser.parse(source);
|
||||
doc = parser.getDocument();
|
||||
reader.close();
|
||||
}
|
||||
catch (Exception e)
|
||||
{
|
||||
System.err.println("Program error, exception: " + e.toString());
|
||||
}
|
||||
finally
|
||||
{
|
||||
if (reader != null)
|
||||
{
|
||||
try
|
||||
{
|
||||
reader.close();
|
||||
}
|
||||
catch (Exception e)
|
||||
{
|
||||
// Do nothing
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return doc;
|
||||
}
|
||||
@ -160,7 +187,7 @@ public final class SettingsFileUtil
|
||||
* @return True if the operation is successfully performed.
|
||||
*/
|
||||
public static boolean performCreateOperation(String filePath,
|
||||
String settings)
|
||||
String settings)
|
||||
{
|
||||
boolean opPerformed = false;
|
||||
|
||||
@ -168,17 +195,18 @@ public final class SettingsFileUtil
|
||||
Document doc = getSettingsDoc(settings);
|
||||
if (doc != null)
|
||||
{
|
||||
FileOutputStream out = null;
|
||||
|
||||
try
|
||||
{
|
||||
File f = new File(filePath);
|
||||
boolean createStatus = f.createNewFile();
|
||||
if (createStatus == true)
|
||||
{
|
||||
FileOutputStream out = new FileOutputStream(f);
|
||||
out = new FileOutputStream(f);
|
||||
OutputFormat format = new OutputFormat(doc);
|
||||
XMLSerializer serializer = new XMLSerializer(out, format);
|
||||
serializer.serialize(doc.getDocumentElement());
|
||||
out.close();
|
||||
|
||||
opPerformed = true;
|
||||
}
|
||||
@ -195,6 +223,21 @@ public final class SettingsFileUtil
|
||||
{
|
||||
System.out.println("SecurityException creating " + filePath);
|
||||
}
|
||||
finally
|
||||
{
|
||||
if (out != null)
|
||||
{
|
||||
try
|
||||
{
|
||||
out.flush();
|
||||
out.close();
|
||||
}
|
||||
catch (IOException e)
|
||||
{
|
||||
// Do nothing
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return opPerformed;
|
||||
@ -307,6 +350,7 @@ public final class SettingsFileUtil
|
||||
}
|
||||
|
||||
// Update the file after removing the text nodes
|
||||
FileOutputStream out = null;
|
||||
try
|
||||
{
|
||||
// Remove text nodes
|
||||
@ -323,11 +367,10 @@ public final class SettingsFileUtil
|
||||
|
||||
// Update file
|
||||
File f = new File(filePath);
|
||||
FileOutputStream out = new FileOutputStream(f);
|
||||
out = new FileOutputStream(f);
|
||||
OutputFormat format = new OutputFormat(doc);
|
||||
XMLSerializer serializer = new XMLSerializer(out, format);
|
||||
serializer.serialize(doc.getDocumentElement());
|
||||
out.close();
|
||||
|
||||
opPerformed = true;
|
||||
}
|
||||
@ -339,6 +382,21 @@ public final class SettingsFileUtil
|
||||
{
|
||||
System.out.println("SecurityException writting to file " + filePath);
|
||||
}
|
||||
finally
|
||||
{
|
||||
if (out != null)
|
||||
{
|
||||
try
|
||||
{
|
||||
out.flush();
|
||||
out.close();
|
||||
}
|
||||
catch (IOException e)
|
||||
{
|
||||
// Do nothing
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -384,6 +442,7 @@ public final class SettingsFileUtil
|
||||
settingFound = true;
|
||||
|
||||
// Update the file after removing the text nodes
|
||||
FileOutputStream out = null;
|
||||
try
|
||||
{
|
||||
// Remove text nodes
|
||||
@ -400,11 +459,10 @@ public final class SettingsFileUtil
|
||||
|
||||
// Update file
|
||||
File f = new File(filePath);
|
||||
FileOutputStream out = new FileOutputStream(f);
|
||||
out = new FileOutputStream(f);
|
||||
OutputFormat format = new OutputFormat(doc);
|
||||
XMLSerializer serializer = new XMLSerializer(out, format);
|
||||
serializer.serialize(doc.getDocumentElement());
|
||||
out.close();
|
||||
|
||||
opPerformed = true;
|
||||
}
|
||||
@ -416,6 +474,21 @@ public final class SettingsFileUtil
|
||||
{
|
||||
System.out.println("SecurityException writting to file " + filePath);
|
||||
}
|
||||
finally
|
||||
{
|
||||
if (out != null)
|
||||
{
|
||||
try
|
||||
{
|
||||
out.flush();
|
||||
out.close();
|
||||
}
|
||||
catch (IOException e)
|
||||
{
|
||||
// Do nothing
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -63,158 +63,15 @@ public final class SvcConfig
|
||||
public final static String DefaultSigningKeyAliasNameValue = "signingKey";
|
||||
public final static String DefaultSigningKeyPasswordValue = "secret";
|
||||
|
||||
// Minimum configuration values
|
||||
private final static int MinimumTokenLifetimeValue = 360; // Seconds
|
||||
private final static int MinimumLifetimeShorterValue = 5; // Seconds
|
||||
private final static int MinimumLifetimeShorterDifferential = 15;
|
||||
private final static int MinimumReconfigureIntervalValue = 30; // Seconds
|
||||
|
||||
private static final String m_svcSettingsFileName = "svc.settings";
|
||||
private final Map<String,String> m_svcSettingsMap;
|
||||
|
||||
/**
|
||||
* Class for handling Authentication Request parsing events.
|
||||
*/
|
||||
private static final class SAXHandler extends org.xml.sax.helpers.DefaultHandler
|
||||
{
|
||||
private final static int AWAITING_ROOT_ELEMENT_START = 0;
|
||||
private final static int AWAITING_SETTING_ELEMENT_START = 1;
|
||||
private final static int AWAITING_SETTING_ELEMENT_DATA = 2;
|
||||
private final static int AWAITING_SETTING_ELEMENT_END = 3;
|
||||
private final static int DONE_PARSING = 4;
|
||||
|
||||
private final static String m_rootElementName = "settings";
|
||||
|
||||
private final Map<String,String> m_keyMap;
|
||||
private int m_state;
|
||||
private String m_currentKey;
|
||||
|
||||
/**
|
||||
* Constructor.
|
||||
*
|
||||
* @param keyMap Key/Value map.
|
||||
*/
|
||||
public SAXHandler(Map<String,String> keyMap)
|
||||
{
|
||||
super();
|
||||
|
||||
// Initialize our members
|
||||
m_keyMap = keyMap;
|
||||
m_state = AWAITING_ROOT_ELEMENT_START;
|
||||
}
|
||||
|
||||
/**
|
||||
* endDocument() implementation.
|
||||
*
|
||||
* @throws SAXException
|
||||
*/
|
||||
public final void endDocument () throws SAXException
|
||||
{
|
||||
// Verify that we are not in an invalid state
|
||||
if (m_state != DONE_PARSING)
|
||||
{
|
||||
System.err.println("SvcConfig SAXHandler.endDocument()- Invalid state" + m_state);
|
||||
throw new SAXException("Invalid state at endDocument");
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* startElement() implementation.
|
||||
*
|
||||
* @param uri Uri.
|
||||
* @param name Local name.
|
||||
* @param qName Qualified name.
|
||||
* @param atts Attributes.
|
||||
* @throws SAXException
|
||||
*/
|
||||
public final void startElement (String uri, String name, String qName, org.xml.sax.Attributes atts) throws SAXException
|
||||
{
|
||||
// Proceed based on our state
|
||||
switch (m_state)
|
||||
{
|
||||
case AWAITING_ROOT_ELEMENT_START:
|
||||
// Verify that we are processing the expected tag
|
||||
if (m_rootElementName.equals(qName))
|
||||
{
|
||||
// Advance to the next state
|
||||
m_state = AWAITING_SETTING_ELEMENT_START;
|
||||
}
|
||||
else
|
||||
{
|
||||
System.err.println("SvcConfig SAXHandler.startElement()- Un-expected element");
|
||||
throw new SAXException("Un-expected element");
|
||||
}
|
||||
break;
|
||||
|
||||
case AWAITING_SETTING_ELEMENT_START:
|
||||
// Keep track of the key name
|
||||
m_currentKey = qName;
|
||||
|
||||
// Advance to the next state
|
||||
m_state = AWAITING_SETTING_ELEMENT_DATA;
|
||||
break;
|
||||
|
||||
default:
|
||||
System.err.println("SvcConfig SAXHandler.startElement()- Invalid state " + m_state);
|
||||
throw new SAXException("Invalid state at startElement");
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* endElement() implementation.
|
||||
*
|
||||
* @param uri Uri.
|
||||
* @param name Local name.
|
||||
* @param qName Qualified name.
|
||||
* @throws SAXException
|
||||
*/
|
||||
public final void endElement (String uri, String name, String qName) throws SAXException
|
||||
{
|
||||
// Proceed based on our state
|
||||
switch (m_state)
|
||||
{
|
||||
case AWAITING_SETTING_ELEMENT_DATA:
|
||||
case AWAITING_SETTING_ELEMENT_END:
|
||||
// Advance to the next state
|
||||
m_state = AWAITING_SETTING_ELEMENT_START;
|
||||
break;
|
||||
|
||||
case AWAITING_SETTING_ELEMENT_START:
|
||||
// Verify that we are processing the expected tag
|
||||
if (m_rootElementName.equals(qName))
|
||||
{
|
||||
// Advance to the next state
|
||||
m_state = DONE_PARSING;
|
||||
}
|
||||
else
|
||||
{
|
||||
System.err.println("SvcConfig SAXHandler.endElement()- Un-expected element");
|
||||
throw new SAXException("Un-expected element");
|
||||
}
|
||||
break;
|
||||
|
||||
default:
|
||||
System.err.println("SvcConfig SAXHandler.endElement()- Invalid state " + m_state);
|
||||
throw new SAXException("Invalid state at endElement");
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* character() implementation.
|
||||
*
|
||||
* @param ch Characters with element data.
|
||||
* @param start Start position in the character array.
|
||||
* @param length Number of characters to use in the array.
|
||||
* @throws SAXException
|
||||
*/
|
||||
public final void characters (char ch[], int start, int length) throws SAXException
|
||||
{
|
||||
// Consume the data if in the right state
|
||||
if (m_state == AWAITING_SETTING_ELEMENT_DATA)
|
||||
{
|
||||
// Consume the data and add the key to map
|
||||
m_keyMap.put(m_currentKey, new String(ch, start, length));
|
||||
|
||||
// Advance to the next state
|
||||
m_state = AWAITING_SETTING_ELEMENT_END;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Constructor.
|
||||
*
|
||||
@ -231,25 +88,106 @@ public final class SvcConfig
|
||||
// Create a map to keep track of the service settings
|
||||
m_svcSettingsMap = new HashMap<String, String>();
|
||||
|
||||
FileInputStream inStream = null;
|
||||
try
|
||||
{
|
||||
// Get an input stream to services settings file
|
||||
File settingsFile = new File(svcConfigPath, m_svcSettingsFileName);
|
||||
FileInputStream inStream = new FileInputStream(settingsFile);
|
||||
inStream = new FileInputStream(settingsFile);
|
||||
|
||||
// Parse the file
|
||||
XMLReader xr = XMLReaderFactory.createXMLReader();
|
||||
SAXHandler handler = new SAXHandler(m_svcSettingsMap);
|
||||
SettingsFileSAXHandler handler = new SettingsFileSAXHandler(m_svcSettingsMap);
|
||||
xr.setContentHandler(handler);
|
||||
xr.setErrorHandler(handler);
|
||||
|
||||
InputSource source = new InputSource(inStream);
|
||||
xr.parse(source);
|
||||
inStream.close();
|
||||
|
||||
// Add the application and config folder path settings to our map
|
||||
m_svcSettingsMap.put(AppRootPath, appRootPath);
|
||||
m_svcSettingsMap.put(ConfigFolderPath, svcConfigPath);
|
||||
|
||||
// Do some sanity checking
|
||||
int tokenLifetime;
|
||||
try
|
||||
{
|
||||
tokenLifetime = Integer.valueOf(getSetting(SessionTokenLifetime)).intValue();
|
||||
if (tokenLifetime < MinimumTokenLifetimeValue)
|
||||
{
|
||||
System.err.println("SvcConfig()- Configured token lifetime too small, defaulting to "
|
||||
+ Integer.toString(MinimumTokenLifetimeValue) + " seconds");
|
||||
tokenLifetime = MinimumTokenLifetimeValue;
|
||||
|
||||
// Update the map with the new value for the setting
|
||||
m_svcSettingsMap.put(SessionTokenLifetime, Integer.toString(tokenLifetime));
|
||||
}
|
||||
}
|
||||
catch (NumberFormatException e)
|
||||
{
|
||||
System.err.println("SvcConfig()- Invalid configured token lifetime value, defaulting to "
|
||||
+ Integer.toString(MinimumTokenLifetimeValue) + " seconds");
|
||||
tokenLifetime = MinimumTokenLifetimeValue;
|
||||
|
||||
// Update the map with the new value for the setting
|
||||
m_svcSettingsMap.put(SessionTokenLifetime, Integer.toString(tokenLifetime));
|
||||
}
|
||||
|
||||
int lifetimeShorter;
|
||||
try
|
||||
{
|
||||
lifetimeShorter = Integer.valueOf(getSetting(LifetimeShorter)).intValue();
|
||||
if (lifetimeShorter < MinimumLifetimeShorterValue)
|
||||
{
|
||||
System.err.println("SvcConfig()- Configured lifetime shorter too small, defaulting to "
|
||||
+ Integer.toString(MinimumLifetimeShorterValue) + " seconds");
|
||||
lifetimeShorter = MinimumLifetimeShorterValue;
|
||||
|
||||
// Update the map with the new value for the setting
|
||||
m_svcSettingsMap.put(LifetimeShorter, Integer.toString(lifetimeShorter));
|
||||
}
|
||||
}
|
||||
catch (NumberFormatException e)
|
||||
{
|
||||
System.err.println("SvcConfig()- Invalid configured lifetime shorter value, defaulting to "
|
||||
+ Integer.toString(MinimumLifetimeShorterValue) + " seconds");
|
||||
lifetimeShorter = MinimumLifetimeShorterValue;
|
||||
|
||||
// Update the map with the new value for the setting
|
||||
m_svcSettingsMap.put(LifetimeShorter, Integer.toString(lifetimeShorter));
|
||||
}
|
||||
|
||||
if (lifetimeShorter > tokenLifetime
|
||||
|| (tokenLifetime - lifetimeShorter) < MinimumLifetimeShorterDifferential)
|
||||
{
|
||||
System.err.println("SvcConfig()- Invalid lifetime shorter value, defaulting to "
|
||||
+ Integer.toString(MinimumLifetimeShorterValue) + " seconds");
|
||||
|
||||
// Update the map with the new value for the setting
|
||||
m_svcSettingsMap.put(LifetimeShorter, Integer.toString(MinimumLifetimeShorterValue));
|
||||
}
|
||||
|
||||
int reconfigureInterval;
|
||||
try
|
||||
{
|
||||
reconfigureInterval = Integer.valueOf(getSetting(ReconfigureInterval)).intValue();
|
||||
if (reconfigureInterval < MinimumReconfigureIntervalValue)
|
||||
{
|
||||
System.err.println("SvcConfig()- Configured reconfigure interval too small, defaulting to "
|
||||
+ Integer.toString(MinimumReconfigureIntervalValue) + " seconds");
|
||||
|
||||
// Update the map with the new value for the setting
|
||||
m_svcSettingsMap.put(ReconfigureInterval, Integer.toString(MinimumReconfigureIntervalValue));
|
||||
}
|
||||
}
|
||||
catch (NumberFormatException e)
|
||||
{
|
||||
System.err.println("SvcConfig()- Invalid configured reconfigured interval value, defaulting to "
|
||||
+ Integer.toString(MinimumReconfigureIntervalValue) + " seconds");
|
||||
|
||||
// Update the map with the new value for the setting
|
||||
m_svcSettingsMap.put(ReconfigureInterval, Integer.toString(MinimumReconfigureIntervalValue));
|
||||
}
|
||||
}
|
||||
catch (SAXException e)
|
||||
{
|
||||
@ -259,14 +197,31 @@ public final class SvcConfig
|
||||
catch (SecurityException e)
|
||||
{
|
||||
System.err.println("SvcConfig()- SecurityException caught while accessing " + svcConfigPath + File.separator + m_svcSettingsFileName + " Exception=" + e.toString());
|
||||
throw new Exception("SvcConfig()- Not able to access file");
|
||||
}
|
||||
catch (FileNotFoundException e)
|
||||
{
|
||||
System.err.println("SvcConfig()- File " + svcConfigPath + File.separator + m_svcSettingsFileName + " not found");
|
||||
throw new Exception("SvcConfig()- File not found");
|
||||
}
|
||||
catch (IOException e)
|
||||
{
|
||||
System.err.println("SvcConfig()- IOException caught while trying to read " + svcConfigPath + File.separator + m_svcSettingsFileName + " Exception=" + e.toString());
|
||||
throw new Exception("SvcConfig()- Read error");
|
||||
}
|
||||
finally
|
||||
{
|
||||
if (inStream != null)
|
||||
{
|
||||
try
|
||||
{
|
||||
inStream.close();
|
||||
}
|
||||
catch (IOException e)
|
||||
{
|
||||
// Do nothing
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -337,9 +292,6 @@ public final class SvcConfig
|
||||
{
|
||||
System.err.println("SvcConfig.getSetting()- Found setting " + settingName);
|
||||
System.err.println("SvcConfig.getSetting()- Setting value = " + value);
|
||||
|
||||
// Do some sanity checking
|
||||
// tbd - Make sure that the token lifetime values are greater than the LifetimeShorter
|
||||
}
|
||||
|
||||
return value;
|
||||
|
@ -25,6 +25,7 @@
|
||||
package com.novell.casa.authtoksvc;
|
||||
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.io.IOException;
|
||||
|
||||
import org.apache.axis.Message;
|
||||
import org.apache.axis.message.SOAPEnvelope;
|
||||
@ -66,11 +67,33 @@ public final class WSSecurity
|
||||
*/
|
||||
private static Message toSOAPMessage(Document doc) throws Exception
|
||||
{
|
||||
Canonicalizer c14n = Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS);
|
||||
byte[] canonicalMessage = c14n.canonicalizeSubtree(doc);
|
||||
ByteArrayInputStream in = new ByteArrayInputStream(canonicalMessage);
|
||||
MessageFactory factory = MessageFactory.newInstance();
|
||||
return (org.apache.axis.Message) factory.createMessage(null, in);
|
||||
ByteArrayInputStream inStream = null;
|
||||
Message msg = null;
|
||||
|
||||
try
|
||||
{
|
||||
Canonicalizer c14n = Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS);
|
||||
byte[] canonicalMessage = c14n.canonicalizeSubtree(doc);
|
||||
inStream = new ByteArrayInputStream(canonicalMessage);
|
||||
MessageFactory factory = MessageFactory.newInstance();
|
||||
msg = (org.apache.axis.Message) factory.createMessage(null, inStream);
|
||||
}
|
||||
finally
|
||||
{
|
||||
if (inStream != null)
|
||||
{
|
||||
try
|
||||
{
|
||||
inStream.close();
|
||||
}
|
||||
catch (IOException e)
|
||||
{
|
||||
// Do nothing
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return msg;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -1,3 +1,9 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Jan 8 15:26:15 MST 2007 - jluciani@novell.com
|
||||
|
||||
- Applied changes to solve most issues found during my code
|
||||
review of the components.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Dec 13 10:18:25 MST 2006 - jluciani@novell.com
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user