geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Applied changes to issues found during code review of the Svc component.

Browse Source
This commit is contained in:
Juan Carlos Luciani 2007-01-08 10:36:42 +00:00
parent 0019475d4d
commit 2f30ab05db
30 changed files with 1174 additions and 782 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
CASA-auth-token/server-java/Jaas/linux/client_keystore_setup.sh
View File

@ -34,6 +34,13 @@
# # # #
############################################################# #############################################################
SILENT=0
if [ "$1" != "" ]; then
if [ "$1" == "-s" ]; then
SILENT=1
fi
fi
if [ -d /usr/lib64 ]; then if [ -d /usr/lib64 ]; then
LIB=lib64 LIB=lib64
else else
@ -44,7 +51,9 @@ JAVA_HOME=/usr/$LIB/jvm/jre-1.5.0
# Do not do anything if the client keystore has already been created # Do not do anything if the client keystore has already been created
if [ -f /etc/CASA/authtoken/keys/client/jks-store ]; then if [ -f /etc/CASA/authtoken/keys/client/jks-store ]; then
if [ $SILENT == 0 ]; then
echo "The client keystore is already setup" echo "The client keystore is already setup"
fi
else else
if [ -f /etc/CASA/authtoken/keys/casaatsdSigningCert ]; then if [ -f /etc/CASA/authtoken/keys/casaatsdSigningCert ]; then
echo "Setting up the clients's keystore" echo "Setting up the clients's keystore"

2
CASA-auth-token/server-java/Jaas/src/com/novell/casa/jaas/CasaLoginModule.java
View File

@ -47,7 +47,7 @@ import com.novell.casa.authtoksvc.CasaIdentityToken;
* infrastructure. * infrastructure.
* *
*/ */
public class CasaLoginModule implements LoginModule public final class CasaLoginModule implements LoginModule
{ {
private final static String casaUsername = "CasaIdentityUser"; private final static String casaUsername = "CasaIdentityUser";

18
CASA-auth-token/server-java/Jaas/src/com/novell/casa/jaas/CasaPrincipal.java
View File

@ -35,12 +35,12 @@ import com.novell.casa.authtoksvc.IdentityToken;
* identities authenticated by Casa. * identities authenticated by Casa.
* *
*/ */
public class CasaPrincipal implements Principal public final class CasaPrincipal implements Principal
{ {
private String m_name; private final String m_name;
private String m_realm; private final String m_realm;
private String m_identStoreUrl; private final String m_identStoreUrl;
private javax.naming.directory.Attributes m_attributes; private final javax.naming.directory.Attributes m_attributes;
/* /*
* Constructor * Constructor
@ -58,7 +58,7 @@ public class CasaPrincipal implements Principal
* (non-Javadoc) * (non-Javadoc)
* @see java.security.Principal#getName() * @see java.security.Principal#getName()
*/ */
public String getName() public final String getName()
{ {
return m_name; return m_name;
} }
@ -66,7 +66,7 @@ public class CasaPrincipal implements Principal
/* /*
* Returns the name associated with the source of the identity data. * Returns the name associated with the source of the identity data.
*/ */
public String getRealm() public final String getRealm()
{ {
return m_realm; return m_realm;
} }
@ -74,7 +74,7 @@ public class CasaPrincipal implements Principal
/* /*
* Returns the url associated with the source of the identity data. * Returns the url associated with the source of the identity data.
*/ */
public String getIdentStoreUrl() public final String getIdentStoreUrl()
{ {
return m_identStoreUrl; return m_identStoreUrl;
} }
@ -82,7 +82,7 @@ public class CasaPrincipal implements Principal
/* /*
* Returns the identity attributes. * Returns the identity attributes.
*/ */
public javax.naming.directory.Attributes getAttributes() public final javax.naming.directory.Attributes getAttributes()
{ {
return m_attributes; return m_attributes;
} }

2
CASA-auth-token/server-java/Jaas/src/com/novell/casa/jaas/sample/SampleApp.java
View File

@ -44,7 +44,7 @@ import com.novell.casa.jaas.CasaPrincipal;
* This is a sample application which demonstrates the use of * This is a sample application which demonstrates the use of
* JAAS and Casa to authenticate a connection. * JAAS and Casa to authenticate a connection.
*/ */
public class SampleApp public final class SampleApp
{ {
/** /**
* @param args * @param args

6
CASA-auth-token/server-java/Jaas/src/com/novell/casa/jaas/sample/SampleAppCallbackHandler.java
View File

@ -33,9 +33,9 @@ import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException; import javax.security.auth.callback.UnsupportedCallbackException;
public class SampleAppCallbackHandler implements CallbackHandler public final class SampleAppCallbackHandler implements CallbackHandler
{ {
private String m_authToken; private final String m_authToken;
/* /*
* Constructor * Constructor
@ -46,7 +46,7 @@ public class SampleAppCallbackHandler implements CallbackHandler
m_authToken = authToken; m_authToken = authToken;
} }
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException public final void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
{ {
for (int i = 0; i < callbacks.length; i++) for (int i = 0; i < callbacks.length; i++)
{ {

1
CASA-auth-token/server-java/Svc/Makefile.am
View File

@ -75,6 +75,7 @@ JAVAFILES = src/com/novell/casa/authtoksvc/ProtoDefs.java \
src/com/novell/casa/authtoksvc/PwdAuthenticate.java \ src/com/novell/casa/authtoksvc/PwdAuthenticate.java \
src/com/novell/casa/authtoksvc/IVerifySetting.java \ src/com/novell/casa/authtoksvc/IVerifySetting.java \
src/com/novell/casa/authtoksvc/SettingsFileUtil.java \ src/com/novell/casa/authtoksvc/SettingsFileUtil.java \
src/com/novell/casa/authtoksvc/SettingsFileSAXHandler.java \
src/com/novell/casa/authtoksvc/AuthPolicyEditor.java \ src/com/novell/casa/authtoksvc/AuthPolicyEditor.java \
src/com/novell/casa/authtoksvc/AuthTokenSettingsEditor.java \ src/com/novell/casa/authtoksvc/AuthTokenSettingsEditor.java \
src/com/novell/casa/authtoksvc/IdenTokenSettingsEditor.java \ src/com/novell/casa/authtoksvc/IdenTokenSettingsEditor.java \

1
CASA-auth-token/server-java/Svc/TODO
View File

@ -10,6 +10,7 @@ This file contains a list of the items still outstanding for AuthTokenSvc.
OUTSTANDING ITEMS OUTSTANDING ITEMS
- CasaIdentityToken needs to obtain the identity source url from the identity abstraction layer.
- Switch Client/Server communication to use SOAP.(This is under evaluation). - Switch Client/Server communication to use SOAP.(This is under evaluation).
- Add code to verify that client/server communications occur over HTTPS. - Add code to verify that client/server communications occur over HTTPS.
- Add logging. - Add logging.

2
CASA-auth-token/server-java/Svc/linux/CasaAuthtokenSvcD
View File

@ -28,7 +28,7 @@
# X-UnitedLinux-Should-Start: $named $syslog $time # X-UnitedLinux-Should-Start: $named $syslog $time
# Required-Stop: $local_fs $remote_fs $network # Required-Stop: $local_fs $remote_fs $network
# X-UnitedLinux-Should-Stop: $named $syslog $time # X-UnitedLinux-Should-Stop: $named $syslog $time
# Default-Start: 1 2 3 5 # Default-Start: 2 3 5
# Default-Stop: # Default-Stop:
# Short-Description: Casa Authtoken Service Daemon # Short-Description: Casa Authtoken Service Daemon
# Description: Start Casa Authtoken Service Daemon # Description: Start Casa Authtoken Service Daemon

170
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/AuthMechConfig.java
View File

@ -51,155 +51,6 @@ public final class AuthMechConfig
private final Map<String,String> m_mechSettingsMap; private final Map<String,String> m_mechSettingsMap;
/**
* Class for handling parsing events.
*/
private static final class SAXHandler extends org.xml.sax.helpers.DefaultHandler
{
private final static int AWAITING_ROOT_ELEMENT_START = 0;
private final static int AWAITING_SETTING_ELEMENT_START = 1;
private final static int AWAITING_SETTING_ELEMENT_DATA = 2;
private final static int AWAITING_SETTING_ELEMENT_END = 3;
private final static int DONE_PARSING = 4;
private final static String m_rootElementName = "settings";
private final Map<String,String> m_keyMap;
private int m_state;
private String m_currentKey;
/**
* Constructor.
*
* @param keyMap Key/Value map.
*/
public SAXHandler(Map<String,String> keyMap)
{
super();
// Initialize our members
m_keyMap = keyMap;
m_state = AWAITING_ROOT_ELEMENT_START;
}
/**
* endDocument() implementation.
*
* @throws SAXException
*/
public void endDocument () throws SAXException
{
// Verify that we are not in an invalid state
if (m_state != DONE_PARSING)
{
System.err.println("AuthMechConfig SAXHandler.endDocument()- Invalid state" + m_state);
throw new SAXException("Invalid state at endDocument");
}
}
/**
* startElement() implementation.
*
* @param uri Uri.
* @param name Local name.
* @param qName Qualified name.
* @param atts Attributes.
* @throws SAXException
*/
public void startElement (String uri, String name, String qName, org.xml.sax.Attributes atts) throws SAXException
{
// Proceed based on our state
switch (m_state)
{
case AWAITING_ROOT_ELEMENT_START:
// Verify that we are processing the expected tag
if (m_rootElementName.equals(qName))
{
// Advance to the next state
m_state = AWAITING_SETTING_ELEMENT_START;
}
else
{
System.err.println("AuthMechConfig SAXHandler.startElement()- Un-expected element");
throw new SAXException("Un-expected element");
}
break;
case AWAITING_SETTING_ELEMENT_START:
// Keep track of the key name
m_currentKey = qName;
// Advance to the next state
m_state = AWAITING_SETTING_ELEMENT_DATA;
break;
default:
System.err.println("AuthMechConfig SAXHandler.startElement()- Invalid state " + m_state);
throw new SAXException("Invalid state at startElement");
}
}
/**
* endElement() implementation.
*
* @param uri Uri.
* @param name Local name.
* @param qName Qualified name.
* @throws SAXException
*/
public void endElement (String uri, String name, String qName) throws SAXException
{
// Proceed based on our state
switch (m_state)
{
case AWAITING_SETTING_ELEMENT_DATA:
case AWAITING_SETTING_ELEMENT_END:
// Advance to the next state
m_state = AWAITING_SETTING_ELEMENT_START;
break;
case AWAITING_SETTING_ELEMENT_START:
// Verify that we are processing the expected tag
if (m_rootElementName.equals(qName))
{
// Advance to the next state
m_state = DONE_PARSING;
}
else
{
System.err.println("AuthMechConfig SAXHandler.endElement()- Un-expected element");
throw new SAXException("Un-expected element");
}
break;
default:
System.err.println("AuthMechConfig SAXHandler.endElement()- Invalid state " + m_state);
throw new SAXException("Invalid state at endElement");
}
}
/**
* character() implementation.
*
* @param ch Characters with element data.
* @param start Start position in the character array.
* @param length Number of characters to use in the array.
* @throws SAXException
*/
public void characters (char ch[], int start, int length) throws SAXException
{
// Consume the data if in the right state
if (m_state == AWAITING_SETTING_ELEMENT_DATA)
{
// Consume the data and add the key to map
m_keyMap.put(m_currentKey, new String(ch, start, length));
// Advance to the next state
m_state = AWAITING_SETTING_ELEMENT_END;
}
}
}
/** /**
* Constructor which sets default configuration values. * Constructor which sets default configuration values.
*/ */
@ -224,22 +75,21 @@ public final class AuthMechConfig
// Create a map to keep track of the token settings // Create a map to keep track of the token settings
m_mechSettingsMap = new HashMap<String, String>(); m_mechSettingsMap = new HashMap<String, String>();
FileInputStream inStream = null;
try try
{ {
// Get an input stream to read from the token settings file // Get an input stream to read from the token settings file
File f = new File(mechSettingsFileName); File f = new File(mechSettingsFileName);
FileInputStream inStream = new FileInputStream(f); inStream = new FileInputStream(f);
// Parse the file // Parse the file
XMLReader xr = XMLReaderFactory.createXMLReader(); XMLReader xr = XMLReaderFactory.createXMLReader();
SAXHandler handler = new SAXHandler(m_mechSettingsMap); SettingsFileSAXHandler handler = new SettingsFileSAXHandler(m_mechSettingsMap);
xr.setContentHandler(handler); xr.setContentHandler(handler);
xr.setErrorHandler(handler); xr.setErrorHandler(handler);
InputSource source = new InputSource(inStream); InputSource source = new InputSource(inStream);
xr.parse(source); xr.parse(source);
inStream.close();
} }
catch (SAXException e) catch (SAXException e)
{ {
@ -261,6 +111,20 @@ public final class AuthMechConfig
System.err.println("AuthMechConfig()- IOException accessing " + mechSettingsFileName + " Exception=" + e.toString()); System.err.println("AuthMechConfig()- IOException accessing " + mechSettingsFileName + " Exception=" + e.toString());
throw new Exception("AuthMechConfig()- Read error"); throw new Exception("AuthMechConfig()- Read error");
} }
finally
{
if (inStream != null)
{
try
{
inStream.close();
}
catch (IOException e)
{
// Do nothing
}
}
}
} }
/** /**

76
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/AuthPolicyEditor.java
View File

@ -104,6 +104,7 @@ public final class AuthPolicyEditor
private static boolean updateFile(String filePath, Document doc) private static boolean updateFile(String filePath, Document doc)
{ {
boolean result = false; boolean result = false;
FileOutputStream out = null;
// Update the file with the specified document // Update the file with the specified document
// after removing the text nodes. // after removing the text nodes.
@ -125,11 +126,10 @@ public final class AuthPolicyEditor
// Update file // Update file
File f = new File(filePath); File f = new File(filePath);
FileOutputStream out = new FileOutputStream(f); out = new FileOutputStream(f);
OutputFormat format = new OutputFormat(doc); OutputFormat format = new OutputFormat(doc);
XMLSerializer serializer = new XMLSerializer(out, format); XMLSerializer serializer = new XMLSerializer(out, format);
serializer.serialize(doc.getDocumentElement()); serializer.serialize(doc.getDocumentElement());
out.close();
result = true; result = true;
} }
@ -141,6 +141,21 @@ public final class AuthPolicyEditor
{ {
System.out.println("SecurityException writting to file " + filePath); System.out.println("SecurityException writting to file " + filePath);
} }
finally
{
if (out != null)
{
try
{
out.flush();
out.close();
}
catch (IOException e)
{
// Do nothing
}
}
}
return result; return result;
} }
@ -154,19 +169,18 @@ public final class AuthPolicyEditor
private static Document getPolicyFileDoc(String filePath) private static Document getPolicyFileDoc(String filePath)
{ {
Document doc = null; Document doc = null;
FileInputStream inStream = null;
try try
{ {
// Get an input stream to read from policy file // Get an input stream to read from policy file
File f = new File(filePath); File f = new File(filePath);
FileInputStream inStream = new FileInputStream(f); inStream = new FileInputStream(f);
InputSource source = new InputSource(inStream); InputSource source = new InputSource(inStream);
DOMParser parser = new DOMParser(); DOMParser parser = new DOMParser();
parser.parse(source); parser.parse(source);
doc = parser.getDocument(); doc = parser.getDocument();
inStream.close();
} }
catch (FileNotFoundException e) catch (FileNotFoundException e)
{ {
@ -184,6 +198,20 @@ public final class AuthPolicyEditor
{ {
System.err.println("Policy file " + filePath + " format error"); System.err.println("Policy file " + filePath + " format error");
} }
finally
{
if (inStream != null)
{
try
{
inStream.close();
}
catch (IOException e)
{
// Do nothing
}
}
}
return doc; return doc;
} }
@ -196,21 +224,35 @@ public final class AuthPolicyEditor
private static Document getPolicyDoc() private static Document getPolicyDoc()
{ {
Document doc = null; Document doc = null;
StringReader reader = null;
try try
{ {
StringReader reader = new StringReader(initialPolicy); reader = new StringReader(initialPolicy);
InputSource source = new InputSource(reader); InputSource source = new InputSource(reader);
DOMParser parser = new DOMParser(); DOMParser parser = new DOMParser();
parser.parse(source); parser.parse(source);
doc = parser.getDocument(); doc = parser.getDocument();
reader.close();
} }
catch (Exception e) catch (Exception e)
{ {
System.err.println("Program error, exception: " + e.toString()); System.err.println("Program error, exception: " + e.toString());
} }
finally
{
if (reader != null)
{
try
{
reader.close();
}
catch (Exception e)
{
// Do nothing
}
}
}
return doc; return doc;
} }
@ -286,17 +328,18 @@ public final class AuthPolicyEditor
Document doc = getPolicyDoc(); Document doc = getPolicyDoc();
if (doc != null) if (doc != null)
{ {
FileOutputStream out = null;
try try
{ {
File f = new File(filePath); File f = new File(filePath);
boolean createStatus = f.createNewFile(); boolean createStatus = f.createNewFile();
if (createStatus == true) if (createStatus == true)
{ {
FileOutputStream out = new FileOutputStream(f); out = new FileOutputStream(f);
OutputFormat format = new OutputFormat(doc); OutputFormat format = new OutputFormat(doc);
XMLSerializer serializer = new XMLSerializer(out, format); XMLSerializer serializer = new XMLSerializer(out, format);
serializer.serialize(doc.getDocumentElement()); serializer.serialize(doc.getDocumentElement());
out.close();
opPerformed = true; opPerformed = true;
} }
@ -313,6 +356,21 @@ public final class AuthPolicyEditor
{ {
System.out.println("SecurityException creating " + filePath); System.out.println("SecurityException creating " + filePath);
} }
finally
{
if (out != null)
{
try
{
out.flush();
out.close();
}
catch (IOException e)
{
// Do nothing
}
}
}
} }
return opPerformed; return opPerformed;

65
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/AuthReqMsg.java
View File

@ -25,6 +25,7 @@
package com.novell.casa.authtoksvc; package com.novell.casa.authtoksvc;
import java.io.InputStream; import java.io.InputStream;
import java.util.Arrays;
import org.xml.sax.InputSource; import org.xml.sax.InputSource;
import org.xml.sax.SAXException; import org.xml.sax.SAXException;
@ -51,7 +52,7 @@ public final class AuthReqMsg
{ {
protected String m_realm = null; protected String m_realm = null;
protected String m_authMechToken = null; protected char[] m_authMechToken = null;
protected String m_authMechanism = null; protected String m_authMechanism = null;
/** /**
@ -250,7 +251,7 @@ public final class AuthReqMsg
break; break;
default: default:
System.err.println("AuthReqMsg SAXHandler.startElement()- State error"); System.err.println("AuthReqMsg SAXHandler.endElement()- State error");
throw new SAXException("State error"); throw new SAXException("State error");
} }
} }
@ -296,7 +297,15 @@ public final class AuthReqMsg
case AWAITING_AUTH_MECH_TOKEN_DATA: case AWAITING_AUTH_MECH_TOKEN_DATA:
// Consume the data // Consume the data
m_authReqMsg.m_authMechToken = new String(ch, start, length); //
// Allocate array to consume the data
m_authReqMsg.m_authMechToken = new char[length];
// Copy the data to the newly allocated array
System.arraycopy(ch, start, m_authReqMsg.m_authMechToken, 0, length);
// Clear the token data in the source array for security purposes
Arrays.fill(ch, start, start + length, ' ');
// Advance to the next state // Advance to the next state
m_state = AWAITING_AUTH_MECH_TOKEN_ELEMENT_END; m_state = AWAITING_AUTH_MECH_TOKEN_ELEMENT_END;
@ -304,7 +313,24 @@ public final class AuthReqMsg
case AWAITING_AUTH_MECH_TOKEN_ELEMENT_END: case AWAITING_AUTH_MECH_TOKEN_ELEMENT_END:
// Consume the data // Consume the data
m_authReqMsg.m_authMechToken = m_authReqMsg.m_authMechToken.concat(new String(ch, start, length)); //
// Allocate array to contain the already consumed data and the
// data to be consumed.
char[] newSink = new char[m_authReqMsg.m_authMechToken.length + length];
// Copy the already consumed data and the data to be consumed to the
// newly allocated array.
System.arraycopy(m_authReqMsg.m_authMechToken, 0, newSink, 0, m_authReqMsg.m_authMechToken.length);
System.arraycopy(ch, start, newSink, m_authReqMsg.m_authMechToken.length, length);
// Clear the token data in the previous data sink for security purposes
Arrays.fill(m_authReqMsg.m_authMechToken, ' ');
// Keep track of the new token data sink array
m_authReqMsg.m_authMechToken = newSink;
// Clear the token data in the source array for security purposes
Arrays.fill(ch, start, start + length, ' ');
break; break;
default: default:
@ -340,6 +366,35 @@ public final class AuthReqMsg
} }
} }
/**
* Method to cleanup resources associated with the object. This
* method needs to be executed for objects that are no longer of
* use for security reasons.
*/
public void cleanup()
{
// Clear the token data if present
if (m_authMechToken != null)
Arrays.fill(m_authMechToken, ' ');
}
/**
* Finalize method.
*
* @throws Throwable
*/
protected void finalize() throws Throwable
{
try
{
cleanup();
}
finally
{
super.finalize();
}
}
/** /**
* Method to get the authentication realm. * Method to get the authentication realm.
* *
@ -355,7 +410,7 @@ public final class AuthReqMsg
* *
* @return Authentication mechanism token. * @return Authentication mechanism token.
*/ */
public String getAuthMechToken() public char[] getAuthMechToken()
{ {
return m_authMechToken; return m_authMechToken;
} }

55
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/AuthToken.java
View File

@ -97,6 +97,7 @@ public final class AuthToken
AuthTokenConfig authTokenConfig = enabledSvcsConfig.getAuthTokenConfig(targetHost, targetService); AuthTokenConfig authTokenConfig = enabledSvcsConfig.getAuthTokenConfig(targetHost, targetService);
if (authTokenConfig != null) if (authTokenConfig != null)
{ {
OutputStream outStream = null;
try try
{ {
// For now lets use the services of the only IdentityToken provider // For now lets use the services of the only IdentityToken provider
@ -128,16 +129,29 @@ public final class AuthToken
//XMLUtils.PrettyElementToWriter(authTokenMessage.getSOAPEnvelope().getAsDOM(), new PrintWriter(System.out)); //XMLUtils.PrettyElementToWriter(authTokenMessage.getSOAPEnvelope().getAsDOM(), new PrintWriter(System.out));
// Now save the message as a string // Now save the message as a string
OutputStream outStream = new ByteArrayOutputStream(); outStream = new ByteArrayOutputStream();
authTokenMessage.writeTo(outStream); authTokenMessage.writeTo(outStream);
m_token = outStream.toString(); m_token = outStream.toString();
outStream.close();
} }
catch (Exception e) catch (Exception e)
{ {
// tbd // tbd
System.err.println("AuthToken()- Exception: " + e.toString()); System.err.println("AuthToken()- Exception: " + e.toString());
} }
finally
{
if (outStream != null)
{
try
{
outStream.close();
}
catch (IOException e)
{
// Do nothing
}
}
}
} }
else else
{ {
@ -163,17 +177,32 @@ public final class AuthToken
m_token = token; m_token = token;
// Now instantiate a SOAP message with the string // Now instantiate a SOAP message with the string
InputStream inStream = new ByteArrayInputStream(m_token.getBytes()); InputStream inStream = null;
org.apache.axis.Message message; org.apache.axis.Message message = null;
try try
{ {
inStream = new ByteArrayInputStream(m_token.getBytes());
message = new Message(inStream); message = new Message(inStream);
}
} catch (Exception e) catch (Exception e)
{ {
System.err.println("AuthToken()- Exception caught creating message, msg: " + e.getMessage()); System.err.println("AuthToken()- Exception caught creating message, msg: " + e.getMessage());
throw new Exception("Invalid Authentication Token"); throw new Exception("Invalid Authentication Token");
} }
finally
{
if (inStream != null)
{
try
{
inStream.close();
}
catch (IOException e)
{
// Do nothing
}
}
}
// Get access to the SOAP Envelope // Get access to the SOAP Envelope
SOAPEnvelope envelope = message.getSOAPEnvelope(); SOAPEnvelope envelope = message.getSOAPEnvelope();
@ -230,13 +259,14 @@ public final class AuthToken
boolean includeCert) boolean includeCert)
{ {
Message secureMessage; Message secureMessage;
InputStream inStream = null;
try try
{ {
// Build SOAP Message with an identity token in the body // Build SOAP Message with an identity token in the body
// //
// First create a message and obtain its body // First create a message and obtain its body
InputStream inStream = new ByteArrayInputStream(authTokenSoapMsg.getBytes()); inStream = new ByteArrayInputStream(authTokenSoapMsg.getBytes());
Message message = new Message(inStream); Message message = new Message(inStream);
message.setMessageContext(axisMsgContext); message.setMessageContext(axisMsgContext);
SOAPBody body = (SOAPBody) message.getSOAPBody(); SOAPBody body = (SOAPBody) message.getSOAPBody();
@ -268,6 +298,17 @@ public final class AuthToken
System.out.println("AuthToken.getMessage() - Exception caught building message, error: " + e.getMessage()); System.out.println("AuthToken.getMessage() - Exception caught building message, error: " + e.getMessage());
secureMessage = null; secureMessage = null;
} }
if (inStream != null)
{
try
{
inStream.close();
}
catch (IOException e)
{
// Do nothing
}
}
return secureMessage; return secureMessage;
} }

241
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/AuthTokenConfig.java
View File

@ -46,161 +46,17 @@ public final class AuthTokenConfig
public final static String IdentityTokenType = "IdentityTokenType"; public final static String IdentityTokenType = "IdentityTokenType";
// Default configuration values // Default configuration values
private final String m_defaultTokenLifetimeValue = "3600"; // Seconds private final static String m_defaultTokenLifetimeValue = "3600"; // Seconds
private final String m_defaultLifetimeShorterValue = "5"; // Seconds private final static String m_defaultLifetimeShorterValue = "5"; // Seconds
private final String m_defaultIdentityTokenTypeValue = "CasaIdentityToken"; private final static String m_defaultIdentityTokenTypeValue = "CasaIdentityToken";
// Minimum configuration values
private final static int m_minimumTokenLifetimeValue = 30; // Seconds
private final static int m_minimumLifetimeShorterValue = 5; // Seconds
private final static int m_minimumLifetimeShorterDifferential = 15;
private final Map<String,String> m_tokenSettingsMap; private final Map<String,String> m_tokenSettingsMap;
/**
* Class for handling parsing events.
*/
private static final class SAXHandler extends org.xml.sax.helpers.DefaultHandler
{
private final static int AWAITING_ROOT_ELEMENT_START = 0;
private final static int AWAITING_SETTING_ELEMENT_START = 1;
private final static int AWAITING_SETTING_ELEMENT_DATA = 2;
private final static int AWAITING_SETTING_ELEMENT_END = 3;
private final static int DONE_PARSING = 4;
private final static String m_rootElementName = "settings";
private final Map<String,String> m_keyMap;
private int m_state;
private String m_currentKey;
/**
* Constructor.
*
* @param keyMap Key/Value pair map.
*/
public SAXHandler(Map<String,String> keyMap)
{
super();
// Initialize our members
m_keyMap = keyMap;
m_state = AWAITING_ROOT_ELEMENT_START;
}
/**
* endDocument() implementation.
*
* @throws SAXException
*/
public void endDocument () throws SAXException
{
// Verify that we are not in an invalid state
if (m_state != DONE_PARSING)
{
System.err.println("AuthTokenConfig SAXHandler.endDocument()- Invalid state" + m_state);
throw new SAXException("Invalid state at endDocument");
}
}
/**
* startElement() implementation.
*
* @param uri Uri.
* @param name Local name.
* @param qName Qualified name.
* @param atts Attributes.
* @throws SAXException
*/
public void startElement (String uri, String name, String qName, org.xml.sax.Attributes atts) throws SAXException
{
// Proceed based on our state
switch (m_state)
{
case AWAITING_ROOT_ELEMENT_START:
// Verify that we are processing the expected tag
if (m_rootElementName.equals(qName))
{
// Advance to the next state
m_state = AWAITING_SETTING_ELEMENT_START;
}
else
{
System.err.println("AuthTokenConfig SAXHandler.startElement()- Un-expected element");
throw new SAXException("Un-expected element");
}
break;
case AWAITING_SETTING_ELEMENT_START:
// Keep track of the key name
m_currentKey = qName;
// Advance to the next state
m_state = AWAITING_SETTING_ELEMENT_DATA;
break;
default:
System.err.println("AuthTokenConfig SAXHandler.startElement()- Invalid state " + m_state);
throw new SAXException("Invalid state at startElement");
}
}
/**
* endElement() immplementation.
*
* @param uri Uri.
* @param name Local name.
* @param qName Qualified name.
* @throws SAXException
*/
public void endElement (String uri, String name, String qName) throws SAXException
{
// Proceed based on our state
switch (m_state)
{
case AWAITING_SETTING_ELEMENT_DATA:
case AWAITING_SETTING_ELEMENT_END:
// Advance to the next state
m_state = AWAITING_SETTING_ELEMENT_START;
break;
case AWAITING_SETTING_ELEMENT_START:
// Verify that we are processing the expected tag
if (m_rootElementName.equals(qName))
{
// Advance to the next state
m_state = DONE_PARSING;
}
else
{
System.err.println("AuthTokenConfig SAXHandler.endElement()- Un-expected element");
throw new SAXException("Un-expected element");
}
break;
default:
System.err.println("AuthTokenConfig SAXHandler.endElement()- Invalid state " + m_state);
throw new SAXException("Invalid state at endElement");
}
}
/**
* character() implementation.
*
* @param ch Characters with element data.
* @param start Start position in the character array.
* @param length Number of characters to use in the array.
* @throws SAXException
*/
public void characters (char ch[], int start, int length) throws SAXException
{
// Consume the data if in the right state
if (m_state == AWAITING_SETTING_ELEMENT_DATA)
{
// Consume the data and add the key to map
m_keyMap.put(m_currentKey, new String(ch, start, length));
// Advance to the next state
m_state = AWAITING_SETTING_ELEMENT_END;
}
}
}
/** /**
* Constructor which sets default configuration values. * Constructor which sets default configuration values.
*/ */
@ -230,22 +86,80 @@ public final class AuthTokenConfig
// Create a map to keep track of the token settings // Create a map to keep track of the token settings
m_tokenSettingsMap = new HashMap<String, String>(); m_tokenSettingsMap = new HashMap<String, String>();
FileInputStream inStream = null;
try try
{ {
// Get an input stream to read from the token settings file // Get an input stream to read from the token settings file
File f = new File(authTokenSettingsFileName); File f = new File(authTokenSettingsFileName);
FileInputStream inStream = new FileInputStream(f); inStream = new FileInputStream(f);
// Parse the file // Parse the file
XMLReader xr = XMLReaderFactory.createXMLReader(); XMLReader xr = XMLReaderFactory.createXMLReader();
SAXHandler handler = new SAXHandler(m_tokenSettingsMap); SettingsFileSAXHandler handler = new SettingsFileSAXHandler(m_tokenSettingsMap);
xr.setContentHandler(handler); xr.setContentHandler(handler);
xr.setErrorHandler(handler); xr.setErrorHandler(handler);
InputSource source = new InputSource(inStream); InputSource source = new InputSource(inStream);
xr.parse(source); xr.parse(source);
inStream.close(); // Do some sanity checking
int tokenLifetime;
try
{
tokenLifetime = Integer.valueOf(getSetting(TokenLifetime)).intValue();
if (tokenLifetime < m_minimumTokenLifetimeValue)
{
System.err.println("AuthTokenConfig()- Configured token lifetime too small, defaulting to "
+ Integer.toString(m_minimumTokenLifetimeValue) + " seconds");
tokenLifetime = m_minimumTokenLifetimeValue;
// Update the map with the new value for the setting
m_tokenSettingsMap.put(TokenLifetime, Integer.toString(tokenLifetime));
}
}
catch (NumberFormatException e)
{
System.err.println("AuthTokenConfig()- Invalid configured token lifetime value, defaulting to "
+ Integer.toString(m_minimumTokenLifetimeValue) + " seconds");
tokenLifetime = m_minimumTokenLifetimeValue;
// Update the map with the new value for the setting
m_tokenSettingsMap.put(TokenLifetime, Integer.toString(tokenLifetime));
}
int lifetimeShorter;
try
{
lifetimeShorter = Integer.valueOf(getSetting(LifetimeShorter)).intValue();
if (lifetimeShorter < m_minimumLifetimeShorterValue)
{
System.err.println("AuthTokenConfig()- Configured lifetime shorter too small, defaulting to "
+ Integer.toString(m_minimumLifetimeShorterValue) + " seconds");
lifetimeShorter = m_minimumLifetimeShorterValue;
// Update the map with the new value for the setting
m_tokenSettingsMap.put(LifetimeShorter, Integer.toString(lifetimeShorter));
}
}
catch (NumberFormatException e)
{
System.err.println("AuthTokenConfig()- Invalid configured lifetime shorter value, defaulting to "
+ Integer.toString(m_minimumLifetimeShorterValue) + " seconds");
lifetimeShorter = m_minimumLifetimeShorterValue;
// Update the map with the new value for the setting
m_tokenSettingsMap.put(LifetimeShorter, Integer.toString(lifetimeShorter));
}
if (lifetimeShorter > tokenLifetime
|| (tokenLifetime - lifetimeShorter) < m_minimumLifetimeShorterDifferential)
{
System.err.println("AuthTokenConfig()- Invalid lifetime shorter value, defaulting to "
+ Integer.toString(m_minimumLifetimeShorterValue) + " seconds");
// Update the map with the new value for the setting
m_tokenSettingsMap.put(LifetimeShorter, Integer.toString(m_minimumLifetimeShorterValue));
}
} }
catch (SAXException e) catch (SAXException e)
{ {
@ -267,6 +181,20 @@ public final class AuthTokenConfig
System.err.println("AuthTokenConfig()- IOException accessing " + authTokenSettingsFileName + " Exception=" + e.toString()); System.err.println("AuthTokenConfig()- IOException accessing " + authTokenSettingsFileName + " Exception=" + e.toString());
throw new Exception("AuthTokenConfig()- Read error"); throw new Exception("AuthTokenConfig()- Read error");
} }
finally
{
if (inStream != null)
{
try
{
inStream.close();
}
catch (IOException e)
{
// Do nothing
}
}
}
} }
/** /**
@ -314,9 +242,6 @@ public final class AuthTokenConfig
{ {
System.err.println("AuthTokenConfig.getSetting()- Found setting " + settingName); System.err.println("AuthTokenConfig.getSetting()- Found setting " + settingName);
System.err.println("AuthTokenConfig.getSetting()- Setting value = " + value); System.err.println("AuthTokenConfig.getSetting()- Setting value = " + value);
// Do some sanity checking
// tbd - Make sure that the token lifetime values are greater than the LifetimeShorter
} }
return value; return value;

91
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Authenticate.java
View File

@ -86,6 +86,11 @@ public final class Authenticate implements RpcMethod
{ {
for (int i = 0; i < mechanismsConfigFolderObjs.length; i++) for (int i = 0; i < mechanismsConfigFolderObjs.length; i++)
{ {
FileOutputStream fos = null;
ObjectOutputStream oos = null;
FileInputStream fis = null;
ObjectInputStream ois = null;
// Check if we are dealing with a file or a folder // Check if we are dealing with a file or a folder
File mechanismFolder = new File(mechanismsConfigFolder, mechanismsConfigFolderObjs[i]); File mechanismFolder = new File(mechanismsConfigFolder, mechanismsConfigFolderObjs[i]);
try try
@ -125,16 +130,12 @@ public final class Authenticate implements RpcMethod
// Load the mech class using our custom loader // Load the mech class using our custom loader
Class<?> mechClass = customClassLoader.loadClass(mechClassName); Class<?> mechClass = customClassLoader.loadClass(mechClassName);
FileOutputStream fos = new FileOutputStream(svcConfig.getSetting(SvcConfig.AppRootPath) + "tmp"); fos = new FileOutputStream(svcConfig.getSetting(SvcConfig.AppRootPath) + "tmp");
ObjectOutputStream oos = new ObjectOutputStream(fos); oos = new ObjectOutputStream(fos);
oos.writeObject(mechClass); oos.writeObject(mechClass);
oos.close(); fis = new FileInputStream(svcConfig.getSetting(SvcConfig.AppRootPath) + "tmp");
fos.close(); ois = new ObjectInputStream(fis);
FileInputStream fis = new FileInputStream(svcConfig.getSetting(SvcConfig.AppRootPath) + "tmp");
ObjectInputStream ois = new ObjectInputStream(fis);
mechClass = (Class<?>) ois.readObject(); mechClass = (Class<?>) ois.readObject();
ois.close();
fis.close();
// Now reload the class using the class loader for our AuthMechanism class // Now reload the class using the class loader for our AuthMechanism class
AuthMechanism mechanism = (AuthMechanism) mechClass.newInstance(); AuthMechanism mechanism = (AuthMechanism) mechClass.newInstance();
@ -179,16 +180,12 @@ public final class Authenticate implements RpcMethod
// Load the mech class using our custom loader // Load the mech class using our custom loader
Class<?> mechClass = customClassLoader.loadClass(mechClassName); Class<?> mechClass = customClassLoader.loadClass(mechClassName);
FileOutputStream fos = new FileOutputStream(svcConfig.getSetting(SvcConfig.AppRootPath) + "tmp"); fos = new FileOutputStream(svcConfig.getSetting(SvcConfig.AppRootPath) + "tmp");
ObjectOutputStream oos = new ObjectOutputStream(fos); oos = new ObjectOutputStream(fos);
oos.writeObject(mechClass); oos.writeObject(mechClass);
oos.close(); fis = new FileInputStream(svcConfig.getSetting(SvcConfig.AppRootPath) + "tmp");
fos.close(); ois = new ObjectInputStream(fis);
FileInputStream fis = new FileInputStream(svcConfig.getSetting(SvcConfig.AppRootPath) + "tmp");
ObjectInputStream ois = new ObjectInputStream(fis);
mechClass = (Class<?>) ois.readObject(); mechClass = (Class<?>) ois.readObject();
ois.close();
fis.close();
// Now reload the class using the class loader for our AuthMechanism class // Now reload the class using the class loader for our AuthMechanism class
AuthMechanism mechanism = (AuthMechanism) mechClass.newInstance(); AuthMechanism mechanism = (AuthMechanism) mechClass.newInstance();
@ -245,6 +242,55 @@ public final class Authenticate implements RpcMethod
{ {
System.err.println("Authenticate.init()- SecurityException accessing " + mechanismFolder + " Exception=" + e.toString()); System.err.println("Authenticate.init()- SecurityException accessing " + mechanismFolder + " Exception=" + e.toString());
} }
finally
{
if (fos != null)
{
try
{
fos.flush();
fos.close();
}
catch (IOException e)
{
// Do nothing
}
}
if (oos != null)
{
try
{
oos.flush();
oos.close();
}
catch (IOException e)
{
// Do nothing
}
}
if (fis != null)
{
try
{
fis.close();
}
catch (IOException e)
{
// Do nothing
}
}
if (ois != null)
{
try
{
ois.close();
}
catch (IOException e)
{
// Do nothing
}
}
}
} }
} }
else else
@ -262,16 +308,18 @@ public final class Authenticate implements RpcMethod
* Process Rpc. * Process Rpc.
* *
* @param inStream Input data stream (Request data). * @param inStream Input data stream (Request data).
* @param out Output data print writter (Reply data). * @param out Output data print writer (Reply data).
*/ */
public final void invoke(InputStream inStream, PrintWriter out) public final void invoke(InputStream inStream, PrintWriter out)
{ {
AuthReqMsg authReqMsg = null;
try try
{ {
System.err.println("Authenticate.invoke()"); System.err.println("Authenticate.invoke()");
// Parse the AuthReqMsg sent from the client // Parse the AuthReqMsg sent from the client
AuthReqMsg authReqMsg = new AuthReqMsg(inStream); authReqMsg = new AuthReqMsg(inStream);
// Get the necessary authentication mechanism // Get the necessary authentication mechanism
AuthMechanism authMechanism = m_authMechanismMap.get(authReqMsg.getMechanismId()); AuthMechanism authMechanism = m_authMechanismMap.get(authReqMsg.getMechanismId());
@ -336,6 +384,13 @@ public final class Authenticate implements RpcMethod
System.err.println("Authenticate.invoke()- Exception trying to construct response msg: " + e2.toString()); System.err.println("Authenticate.invoke()- Exception trying to construct response msg: " + e2.toString());
} }
} }
finally
{
// Make sure to invoke the cleanup method on the AuthReqMsg to
// deal with security sensitive data.
if (authReqMsg != null)
authReqMsg.cleanup();
}
} }
/** /**

162
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/CasaIdentityToken.java
View File

@ -25,6 +25,7 @@
package com.novell.casa.authtoksvc; package com.novell.casa.authtoksvc;
import java.io.ByteArrayInputStream; import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.util.Hashtable; import java.util.Hashtable;
import javax.naming.Context; import javax.naming.Context;
@ -33,6 +34,7 @@ import javax.naming.NamingException;
import javax.naming.directory.Attributes; import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext; import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext; import javax.naming.directory.InitialDirContext;
import javax.naming.directory.Attribute;
import org.xml.sax.InputSource; import org.xml.sax.InputSource;
import org.xml.sax.SAXException; import org.xml.sax.SAXException;
@ -120,7 +122,8 @@ public final class CasaIdentityToken implements IdentityToken
private final static int AWAITING_ATTRIBUTE_END = 19; private final static int AWAITING_ATTRIBUTE_END = 19;
private final static int AWAITING_ATTRIBUTE_DATA = 20; private final static int AWAITING_ATTRIBUTE_DATA = 20;
private final static int AWAITING_BINARY_ATTRIBUTE_DATA = 21; private final static int AWAITING_BINARY_ATTRIBUTE_DATA = 21;
private final static int DONE_PARSING = 22; private final static int AWAITING_BINARY_ATTRIBUTE_END = 22;
private final static int DONE_PARSING = 23;
private final CasaIdentityToken m_casaIdentToken; private final CasaIdentityToken m_casaIdentToken;
private int m_state; private int m_state;
@ -398,6 +401,40 @@ public final class CasaIdentityToken implements IdentityToken
m_state = AWAITING_ATTRIBUTE_START; m_state = AWAITING_ATTRIBUTE_START;
break; break;
case AWAITING_BINARY_ATTRIBUTE_END:
// Decode the attribute data since it is base64 encoded
Attribute attrib = m_casaIdentToken.m_attributes.remove(m_currAttribute);
if (attrib != null)
{
try
{
char[] attribData = (char[]) attrib.get();
if (attribData != null)
{
m_casaIdentToken.m_attributes.put(m_currAttribute, Base64Coder.decode(attribData));
}
else
{
System.err.println("CasaIdentityToken SAXHandler.endElement()- Attribute data not found");
throw new SAXException("Attribute data not found");
}
}
catch (NamingException e)
{
System.err.println("CasaIdentityToken SAXHandler.endElement()- Attribute data not found");
throw new SAXException("Attribute data not found");
}
}
else
{
System.err.println("CasaIdentityToken SAXHandler.endElement()- Attribute not found");
throw new SAXException("Attribute not found");
}
// Advance to the next state
m_state = AWAITING_ATTRIBUTE_START;
break;
case AWAITING_ATTRIBUTE_START: case AWAITING_ATTRIBUTE_START:
// Verify that we are processing the expected tag // Verify that we are processing the expected tag
if (attributesElementName.equals(qName)) if (attributesElementName.equals(qName))
@ -413,7 +450,7 @@ public final class CasaIdentityToken implements IdentityToken
break; break;
default: default:
System.err.println("CasaIdentityToken SAXHandler.startElement()- State error"); System.err.println("CasaIdentityToken SAXHandler.endElement()- State error");
throw new SAXException("State error"); throw new SAXException("State error");
} }
} }
@ -498,6 +535,49 @@ public final class CasaIdentityToken implements IdentityToken
m_state = AWAITING_ATTRIBUTE_END; m_state = AWAITING_ATTRIBUTE_END;
break; break;
case AWAITING_ATTRIBUTE_END:
// Consume the data
//
// Decrypt the attribute data if necessary
if (m_encryptedAttrs)
{
// tbd - Decrypt the attribute key and value with the private key of the service
// using the configured mechanism.
}
else
{
// Append the data to what we have already consumed
Attribute attrib = m_casaIdentToken.m_attributes.remove(m_currAttribute);
if (attrib != null)
{
try
{
String attribData = (String) attrib.get();
if (attribData != null)
{
m_casaIdentToken.m_attributes.put(m_currAttribute,
attribData.concat(new String(ch, start, length)));
}
else
{
System.err.println("CasaIdentityToken SAXHandler.characters()- Attribute data not found");
throw new SAXException("Attribute data not found");
}
}
catch (NamingException e)
{
System.err.println("CasaIdentityToken SAXHandler.characters()- Attribute data not found");
throw new SAXException("Attribute data not found");
}
}
else
{
System.err.println("CasaIdentityToken SAXHandler.characters()- Attribute not found");
throw new SAXException("Attribute not found");
}
}
break;
case AWAITING_BINARY_ATTRIBUTE_DATA: case AWAITING_BINARY_ATTRIBUTE_DATA:
// Consume the data // Consume the data
// //
@ -509,14 +589,63 @@ public final class CasaIdentityToken implements IdentityToken
} }
else else
{ {
// The data is base64 encoded // We are dealing with base64 encoded data
char[] encodedChars = new char[length]; char[] encodedChars = new char[length];
System.arraycopy(ch, start, encodedChars, 0, length); System.arraycopy(ch, start, encodedChars, 0, length);
m_casaIdentToken.m_attributes.put(m_currAttribute, Base64Coder.decode(encodedChars)); m_casaIdentToken.m_attributes.put(m_currAttribute, encodedChars);
} }
// Advance to the next state // Advance to the next state
m_state = AWAITING_ATTRIBUTE_END; m_state = AWAITING_BINARY_ATTRIBUTE_END;
break;
case AWAITING_BINARY_ATTRIBUTE_END:
// Consume the data
//
// Decrypt the attribute data if necessary
if (m_encryptedAttrs)
{
// tbd - Decrypt the attribute key and value with the private key of the service
// using the configured mechanism.
}
else
{
// Append the data to what we have already consumed
Attribute attrib = m_casaIdentToken.m_attributes.remove(m_currAttribute);
if (attrib != null)
{
try
{
// We are dealing with base64 encoded data
char[] consumedData = (char[]) attrib.get();
if (consumedData != null)
{
char[] encodedChars = new char[consumedData.length + length];
System.arraycopy(consumedData, 0, encodedChars, 0, consumedData.length);
System.arraycopy(ch, start, encodedChars, consumedData.length, length);
m_casaIdentToken.m_attributes.put(m_currAttribute, encodedChars);
}
else
{
System.err.println("CasaIdentityToken SAXHandler.characters()- Attribute data not found");
throw new SAXException("Attribute data not found");
}
}
catch (NamingException e)
{
System.err.println("CasaIdentityToken SAXHandler.characters()- Attribute data not found");
throw new SAXException("Attribute data not found");
}
}
else
{
System.err.println("CasaIdentityToken SAXHandler.characters()- Attribute not found");
throw new SAXException("Attribute not found");
}
}
// Advance to the next state
m_state = AWAITING_BINARY_ATTRIBUTE_END;
break; break;
default: default:
@ -643,13 +772,13 @@ public final class CasaIdentityToken implements IdentityToken
} }
catch (NamingException e) catch (NamingException e)
{ {
// tbd - Log the event???
System.err.println("CasaIdentityToken.initialize()- Exception: " + e.getExplanation()); System.err.println("CasaIdentityToken.initialize()- Exception: " + e.getExplanation());
throw new Exception("Error obtaining identity data for token");
} }
catch (Exception e) catch (Exception e)
{ {
// tbd
System.err.println("CasaIdentityToken.initialize()- Exception: " + e.toString()); System.err.println("CasaIdentityToken.initialize()- Exception: " + e.toString());
throw new Exception("Error obtaining identity data for token");
} }
} }
@ -665,6 +794,7 @@ public final class CasaIdentityToken implements IdentityToken
m_token = Base64Coder.decode(encodedToken); m_token = Base64Coder.decode(encodedToken);
// Now parse the token into its elements // Now parse the token into its elements
ByteArrayInputStream inStream = null;
try try
{ {
// Parse the AuthReqMsg // Parse the AuthReqMsg
@ -673,8 +803,7 @@ public final class CasaIdentityToken implements IdentityToken
xr.setContentHandler(handler); xr.setContentHandler(handler);
xr.setErrorHandler(handler); xr.setErrorHandler(handler);
inStream = new ByteArrayInputStream(m_token.getBytes());
ByteArrayInputStream inStream = new ByteArrayInputStream(m_token.getBytes());
InputSource source = new InputSource(inStream); InputSource source = new InputSource(inStream);
xr.parse(source); xr.parse(source);
} }
@ -684,6 +813,20 @@ public final class CasaIdentityToken implements IdentityToken
System.err.println("CasaIdentityToken()- Parse exception: " + e.toString()); System.err.println("CasaIdentityToken()- Parse exception: " + e.toString());
throw new Exception("Token error"); throw new Exception("Token error");
} }
finally
{
if (inStream != null)
{
try
{
inStream.close();
}
catch (IOException e)
{
// Do nothing
}
}
}
} }
/** /**
@ -716,7 +859,6 @@ public final class CasaIdentityToken implements IdentityToken
*/ */
public final String getProviderType () throws Exception public final String getProviderType () throws Exception
{ {
// tbd - Change to a GUID
return "CasaIdentityToken"; return "CasaIdentityToken";
} }

36
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/EnabledSvcsConfig.java
View File

@ -106,13 +106,13 @@ public final class EnabledSvcsConfig
try try
{ {
// Try to obtain the default authentication policy // Try to obtain the default authentication policy
FileInputStream inStream = null;
try try
{ {
File f = new File(configFolder, m_authPolicyFileName); File f = new File(configFolder, m_authPolicyFileName);
m_defaultAuthPolicyData = new byte[(int) f.length()]; m_defaultAuthPolicyData = new byte[(int) f.length()];
FileInputStream inStream = new FileInputStream(f); inStream = new FileInputStream(f);
int bytesRead = inStream.read(m_defaultAuthPolicyData); int bytesRead = inStream.read(m_defaultAuthPolicyData);
inStream.close();
if (bytesRead != m_defaultAuthPolicyData.length) if (bytesRead != m_defaultAuthPolicyData.length)
{ {
System.err.println("EnabledSvcsConfig()- Error reading default policy file"); System.err.println("EnabledSvcsConfig()- Error reading default policy file");
@ -130,6 +130,20 @@ public final class EnabledSvcsConfig
{ {
System.err.println("EnabledSvcsConfig()- IOException reading " + configFolder + File.separator + m_authPolicyFileName + " Exception=" + e.toString()); System.err.println("EnabledSvcsConfig()- IOException reading " + configFolder + File.separator + m_authPolicyFileName + " Exception=" + e.toString());
} }
finally
{
if (inStream != null)
{
try
{
inStream.close();
}
catch (IOException e)
{
// Do nothing
}
}
}
// Try to obtain the default authentication token settings // Try to obtain the default authentication token settings
try try
@ -199,14 +213,14 @@ public final class EnabledSvcsConfig
byte[] authPolicyData = null; byte[] authPolicyData = null;
AuthTokenConfig authTokenConfig = null; AuthTokenConfig authTokenConfig = null;
IdenTokenConfig idenTokenConfig = null; IdenTokenConfig idenTokenConfig = null;
inStream = null;
try try
{ {
File policyFile = new File(serviceFolder, m_authPolicyFileName); File policyFile = new File(serviceFolder, m_authPolicyFileName);
authPolicyData = new byte[(int) policyFile.length()]; authPolicyData = new byte[(int) policyFile.length()];
FileInputStream inStream = new FileInputStream(policyFile); inStream = new FileInputStream(policyFile);
int bytesRead = inStream.read(authPolicyData); int bytesRead = inStream.read(authPolicyData);
inStream.close();
if (bytesRead != authPolicyData.length) if (bytesRead != authPolicyData.length)
{ {
System.err.println("EnabledSvcsConfig()- Error reading policy file for " + servicesConfigFolderObjs[i] + " " + hostFolderObjs[ii]); System.err.println("EnabledSvcsConfig()- Error reading policy file for " + servicesConfigFolderObjs[i] + " " + hostFolderObjs[ii]);
@ -224,6 +238,20 @@ public final class EnabledSvcsConfig
{ {
System.err.println("EnabledSvcsConfig()- IOException reading " + serviceFolder + File.separator + m_authPolicyFileName + " Exception=" + e.toString()); System.err.println("EnabledSvcsConfig()- IOException reading " + serviceFolder + File.separator + m_authPolicyFileName + " Exception=" + e.toString());
} }
finally
{
if (inStream != null)
{
try
{
inStream.close();
}
catch (IOException e)
{
// Do nothing
}
}
}
try try
{ {

2
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/GetAuthPolicyReqMsg.java
View File

@ -217,7 +217,7 @@ public final class GetAuthPolicyReqMsg
break; break;
default: default:
System.err.println("GetAuthPolicyReqMsg SAXHandler.startElement()- State error"); System.err.println("GetAuthPolicyReqMsg SAXHandler.endElement()- State error");
throw new SAXException("State error"); throw new SAXException("State error");
} }
} }

2
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/GetAuthTokReqMsg.java
View File

@ -250,7 +250,7 @@ public final class GetAuthTokReqMsg
break; break;
default: default:
System.err.println("GetAuthTokReqMsg SAXHandler.startElement()- State error"); System.err.println("GetAuthTokReqMsg SAXHandler.endElement()- State error");
throw new SAXException("State error"); throw new SAXException("State error");
} }
} }

4
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/GetAuthToken.java
View File

@ -80,12 +80,12 @@ public final class GetAuthToken implements RpcMethod
// Verify that the service is enabled // Verify that the service is enabled
if (m_enabledSvcsConfig.svcEnabled(getAuthTokReqMsg.getHostName(), if (m_enabledSvcsConfig.svcEnabled(getAuthTokReqMsg.getHostName(),
getAuthTokReqMsg.getServiceName())) getAuthTokReqMsg.getServiceName()))
{
try
{ {
// Now create a session token (This validates the session token provided). // Now create a session token (This validates the session token provided).
SessionToken sessionToken = new SessionToken(getAuthTokReqMsg.getSessionToken()); SessionToken sessionToken = new SessionToken(getAuthTokReqMsg.getSessionToken());
try
{
// Create the Authentication Token // Create the Authentication Token
AuthToken authToken = new AuthToken(sessionToken.getIdentId(), AuthToken authToken = new AuthToken(sessionToken.getIdentId(),
sessionToken.getRealm(), sessionToken.getRealm(),

171
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/IdenTokenConfig.java
View File

@ -51,156 +51,6 @@ public final class IdenTokenConfig
private final Map<String,String> m_tokenSettingsMap; private final Map<String,String> m_tokenSettingsMap;
private String[] m_identityAttributes; private String[] m_identityAttributes;
/**
* Class for handling parsing events.
*/
private static final class SAXHandler extends org.xml.sax.helpers.DefaultHandler
{
private final static int AWAITING_ROOT_ELEMENT_START = 0;
private final static int AWAITING_SETTING_ELEMENT_START = 1;
private final static int AWAITING_SETTING_ELEMENT_DATA = 2;
private final static int AWAITING_SETTING_ELEMENT_END = 3;
private final static int DONE_PARSING = 4;
private final static String m_rootElementName = "settings";
private final Map<String,String> m_keyMap;
private int m_state;
private String m_currentKey;
/**
* Constructor.
*
* @param keyMap Key/Value map.
*/
public SAXHandler(Map<String,String> keyMap)
{
super();
// Initialize our members
m_keyMap = keyMap;
m_state = AWAITING_ROOT_ELEMENT_START;
}
/**
* endDocument() implementation.
*
* @throws SAXException
*/
public final void endDocument () throws SAXException
{
// Verify that we are not in an invalid state
if (m_state != DONE_PARSING)
{
System.err.println("IdenTokenConfig SAXHandler.endDocument()- Invalid state" + m_state);
throw new SAXException("Invalid state at endDocument");
}
}
/**
* startElement() implementation.
*
* @param uri Uri.
* @param name Local name.
* @param qName Qualified name.
* @param atts Attributes.
* @throws SAXException
*/
public final void startElement (String uri, String name, String qName, org.xml.sax.Attributes atts) throws SAXException
{
// Proceed based on our state
switch (m_state)
{
case AWAITING_ROOT_ELEMENT_START:
// Verify that we are processing the expected tag
if (m_rootElementName.equals(qName))
{
// Advance to the next state
m_state = AWAITING_SETTING_ELEMENT_START;
}
else
{
System.err.println("IdenTokenConfig SAXHandler.startElement()- Un-expected element");
throw new SAXException("Un-expected element");
}
break;
case AWAITING_SETTING_ELEMENT_START:
// Keep track of the key name
m_currentKey = qName;
// Advance to the next state
m_state = AWAITING_SETTING_ELEMENT_DATA;
break;
default:
System.err.println("IdenTokenConfig SAXHandler.startElement()- Invalid state " + m_state);
throw new SAXException("Invalid state at startElement");
}
}
/**
* endElement() implementation.
*
* @param uri Uri.
* @param name Local name.
* @param qName Qualified name.
* @throws SAXException
*/
public final void endElement (String uri, String name, String qName) throws SAXException
{
// Proceed based on our state
switch (m_state)
{
case AWAITING_SETTING_ELEMENT_DATA:
case AWAITING_SETTING_ELEMENT_END:
// Advance to the next state
m_state = AWAITING_SETTING_ELEMENT_START;
break;
case AWAITING_SETTING_ELEMENT_START:
// Verify that we are processing the expected tag
if (m_rootElementName.equals(qName))
{
// Advance to the next state
m_state = DONE_PARSING;
}
else
{
System.err.println("IdenTokenConfig SAXHandler.endElement()- Un-expected element");
throw new SAXException("Un-expected element");
}
break;
default:
System.err.println("IdenTokenConfig SAXHandler.endElement()- Invalid state " + m_state);
throw new SAXException("Invalid state at endElement");
}
}
/**
* character() implementation.
*
* @param ch Characters with element data.
* @param start Start position in the character array.
* @param length Number of characters to use in the array.
* @throws SAXException
*/
public final void characters (char ch[], int start, int length) throws SAXException
{
// Consume the data if in the right state
if (m_state == AWAITING_SETTING_ELEMENT_DATA)
{
// Consume the data and add the key to map
// tbd - Add code to aggregate attributes specified as multiple elements
m_keyMap.put(m_currentKey, new String(ch, start, length));
// Advance to the next state
m_state = AWAITING_SETTING_ELEMENT_END;
}
}
}
/** /**
* Constructor which sets default configuration values. * Constructor which sets default configuration values.
*/ */
@ -228,23 +78,22 @@ public final class IdenTokenConfig
// Create a map to keep track of the token settings // Create a map to keep track of the token settings
m_tokenSettingsMap = new HashMap<String, String>(); m_tokenSettingsMap = new HashMap<String, String>();
FileInputStream inStream = null;
try try
{ {
// Get an input stream to read from the token settings file // Get an input stream to read from the token settings file
File f = new File(idenTokenSettingsFileName); File f = new File(idenTokenSettingsFileName);
FileInputStream inStream = new FileInputStream(f); inStream = new FileInputStream(f);
// Parse the file // Parse the file
XMLReader xr = XMLReaderFactory.createXMLReader(); XMLReader xr = XMLReaderFactory.createXMLReader();
SAXHandler handler = new SAXHandler(m_tokenSettingsMap); SettingsFileSAXHandler handler = new SettingsFileSAXHandler(m_tokenSettingsMap);
xr.setContentHandler(handler); xr.setContentHandler(handler);
xr.setErrorHandler(handler); xr.setErrorHandler(handler);
InputSource source = new InputSource(inStream); InputSource source = new InputSource(inStream);
xr.parse(source); xr.parse(source);
inStream.close();
// Process the specified attributes // Process the specified attributes
if (m_tokenSettingsMap.containsKey(Attributes) == false) if (m_tokenSettingsMap.containsKey(Attributes) == false)
{ {
@ -274,6 +123,20 @@ public final class IdenTokenConfig
System.err.println("IdenTokenConfig()- IOException accessing " + idenTokenSettingsFileName + " Exception=" + e.toString()); System.err.println("IdenTokenConfig()- IOException accessing " + idenTokenSettingsFileName + " Exception=" + e.toString());
throw new Exception("IdenTokenConfig()- Read error"); throw new Exception("IdenTokenConfig()- Read error");
} }
finally
{
if (inStream != null)
{
try
{
inStream.close();
}
catch (IOException e)
{
// Do nothing
}
}
}
} }
/** /**

6
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Krb5Authenticate.java
View File

@ -84,12 +84,10 @@ public final class Krb5Authenticate implements AuthMechanism, Serializable
* @param parent Associated Krb5Authenticate object. * @param parent Associated Krb5Authenticate object.
* @throws Exception * @throws Exception
*/ */
public Krb5Token(String encodedToken, Krb5Authenticate parent) throws Exception public Krb5Token(char[] encodedToken, Krb5Authenticate parent) throws Exception
{ {
// Decode the token // Decode the token
char[] tokenChars = new char[encodedToken.length()]; byte[] tokenBytes = Base64Coder.decode(encodedToken);
encodedToken.getChars(0, tokenChars.length, tokenChars, 0);
byte[] tokenBytes = Base64Coder.decode(tokenChars);
try try
{ {

1
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Makefile.am
View File

@ -55,6 +55,7 @@ JAVAFILES = ProtoDefs.java \
IdenTokenSettingsEditor.java \ IdenTokenSettingsEditor.java \
IVerifySetting.java \ IVerifySetting.java \
SettingsFileUtil.java \ SettingsFileUtil.java \
SettingsFileSAXHandler.java \
SvcSettingsEditor.java SvcSettingsEditor.java
EXTRA_DIST = $(JAVAFILES) \ EXTRA_DIST = $(JAVAFILES) \

32
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/PwdAuthenticate.java
View File

@ -73,19 +73,41 @@ public final class PwdAuthenticate implements AuthMechanism, Serializable
* @param encodedToken Base64 encoded password token. * @param encodedToken Base64 encoded password token.
* @throws IOException * @throws IOException
*/ */
public PwToken(String encodedToken) throws IOException public PwToken(char[] encodedToken) throws IOException
{
BufferedReader tokenReader = null;
try
{ {
// Decode the token // Decode the token
String token = Base64Coder.decode(encodedToken); byte[] tokenBytes = Base64Coder.decode(encodedToken);
BufferedReader tokenReader = new BufferedReader(new StringReader(token)); // Unfortunately the password has to be passed to JNDI as a String. Given this,
// we are going to go ahead and convert the token to a String to facilitate
// the parsing operation..
tokenReader = new BufferedReader(new StringReader(tokenBytes.toString()));
// The second line contains the "username" // The first line contains the "username"
m_username = tokenReader.readLine(); m_username = tokenReader.readLine();
// The third line contains the "password" // The second line contains the "password"
m_password = tokenReader.readLine(); m_password = tokenReader.readLine();
} }
finally
{
if (tokenReader != null)
{
try
{
tokenReader.close();
}
catch (Exception e)
{
// Do nothing
}
}
}
}
/** /**
* Returns the username. * Returns the username.

41
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Rpc.java
View File

@ -64,7 +64,7 @@ public final class Rpc extends javax.servlet.http.HttpServlet implements javax.s
private final class ReconfigureThread implements Runnable private final class ReconfigureThread implements Runnable
{ {
private final Rpc m_rpc; private final Rpc m_rpc;
private boolean m_run = true; private volatile boolean m_run = true;
/** /**
* Constructor. * Constructor.
@ -269,14 +269,17 @@ public final class Rpc extends javax.servlet.http.HttpServlet implements javax.s
*/ */
protected void doPost (HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException protected void doPost (HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
{ {
// Get ready to send back a reply PrintWriter out = null;
response.setContentType("text/html"); InputStream inStream = null;
PrintWriter out = response.getWriter();
try try
{ {
// Get ready to send back a reply
response.setContentType("text/html");
out = response.getWriter();
// Obtain the input stream and execute the requested method // Obtain the input stream and execute the requested method
InputStream inStream = request.getInputStream(); inStream = request.getInputStream();
String requestedMethod = request.getParameter("method"); String requestedMethod = request.getParameter("method");
if (requestedMethod != null) if (requestedMethod != null)
@ -308,8 +311,32 @@ public final class Rpc extends javax.servlet.http.HttpServlet implements javax.s
System.err.println("Rpc.doPost()- Exception caught: " + e.toString()); System.err.println("Rpc.doPost()- Exception caught: " + e.toString());
response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
} }
finally
// Done sending out the reply {
if (out != null)
{
try
{
out.flush();
out.close(); out.close();
} }
catch (Exception e)
{
// Do nothing
}
}
if (inStream != null)
{
try
{
inStream.close();
}
catch (IOException e)
{
// Do nothing
}
}
}
}
} }

58
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/SessionToken.java
View File

@ -98,11 +98,29 @@ public final class SessionToken
svcConfig); svcConfig);
// Now save the message as a string // Now save the message as a string
OutputStream outStream = new ByteArrayOutputStream(); OutputStream outStream = null;
try
{
outStream = new ByteArrayOutputStream();
sessionTokenMessage.writeTo(outStream); sessionTokenMessage.writeTo(outStream);
m_token = outStream.toString(); m_token = outStream.toString();
}
finally
{
if (outStream != null)
{
try
{
outStream.flush();
outStream.close(); outStream.close();
} }
catch (Exception e)
{
// Do nothing
}
}
}
}
/** /**
* Constructor given a session token string. The constructor * Constructor given a session token string. The constructor
@ -112,12 +130,16 @@ public final class SessionToken
* @throws Exception * @throws Exception
*/ */
public SessionToken(String token) throws Exception public SessionToken(String token) throws Exception
{
InputStream inStream = null;
try
{ {
// Decode the token string // Decode the token string
m_token = Base64Coder.decode(token); m_token = Base64Coder.decode(token);
// Now instantiate a SOAP message with the string // Now instantiate a SOAP message with the string
InputStream inStream = new ByteArrayInputStream(m_token.getBytes()); inStream = new ByteArrayInputStream(m_token.getBytes());
Message message = new Message(inStream); Message message = new Message(inStream);
// Get access to the SOAP Envelope // Get access to the SOAP Envelope
@ -157,6 +179,21 @@ public final class SessionToken
throw new Exception("Invalid Session Token"); throw new Exception("Invalid Session Token");
} }
} }
finally
{
if (inStream != null)
{
try
{
inStream.close();
}
catch (IOException e)
{
// Do nothing
}
}
}
}
/** /**
* Get SessionToken SOAP Message. * Get SessionToken SOAP Message.
@ -173,13 +210,14 @@ public final class SessionToken
SvcConfig svcConfig) SvcConfig svcConfig)
{ {
Message secureMessage; Message secureMessage;
InputStream inStream = null;
try try
{ {
// Build SOAP Message with an identity token in the body // Build SOAP Message with an identity token in the body
// //
// First create a message and obtain its body // First create a message and obtain its body
InputStream inStream = new ByteArrayInputStream(sessionTokenSoapMsg.getBytes()); inStream = new ByteArrayInputStream(sessionTokenSoapMsg.getBytes());
Message message = new Message(inStream); Message message = new Message(inStream);
message.setMessageContext(axisMsgContext); message.setMessageContext(axisMsgContext);
SOAPBody body = (SOAPBody) message.getSOAPBody(); SOAPBody body = (SOAPBody) message.getSOAPBody();
@ -211,6 +249,20 @@ public final class SessionToken
System.out.println("SessionToken.getMessage() - Exception caught building message, error: " + e.getMessage()); System.out.println("SessionToken.getMessage() - Exception caught building message, error: " + e.getMessage());
secureMessage = null; secureMessage = null;
} }
finally
{
if (inStream != null)
{
try
{
inStream.close();
}
catch (IOException e)
{
// Do nothing
}
}
}
return secureMessage; return secureMessage;
} }

196
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/SettingsFileSAXHandler.java Normal file
View File

@ -0,0 +1,196 @@
/***********************************************************************
*
* Copyright (C) 2006 Novell, Inc. All Rights Reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; version 2.1
* of the License.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, Novell, Inc.
*
* To contact Novell about this file by physical or electronic mail,
* you may find current contact information at www.novell.com.
*
* Author: Juan Carlos Luciani <jluciani@novell.com>
*
***********************************************************************/
package com.novell.casa.authtoksvc;
import java.util.*;
import org.xml.sax.SAXException;
/**
* Settings file SAXHandler Class.
* <p>
* This class provides a SAXHandler for parsing .settings files.
*
*/
public final class SettingsFileSAXHandler extends org.xml.sax.helpers.DefaultHandler
{
private final static int AWAITING_ROOT_ELEMENT_START = 0;
private final static int AWAITING_SETTING_ELEMENT_START = 1;
private final static int AWAITING_SETTING_ELEMENT_DATA = 2;
private final static int AWAITING_SETTING_ELEMENT_END = 3;
private final static int DONE_PARSING = 4;
private final static String m_rootElementName = "settings";
private final Map<String,String> m_keyMap;
private int m_state;
private String m_currentKey;
/**
* Constructor.
*
* @param keyMap Key/Value map.
*/
public SettingsFileSAXHandler(Map<String,String> keyMap)
{
super();
// Initialize our members
m_keyMap = keyMap;
m_state = AWAITING_ROOT_ELEMENT_START;
}
/**
* endDocument() implementation.
*
* @throws SAXException
*/
public final void endDocument () throws SAXException
{
// Verify that we are not in an invalid state
if (m_state != DONE_PARSING)
{
System.err.println("SettingsFileSAXHandler.endDocument()- Invalid state" + m_state);
throw new SAXException("Invalid state at endDocument");
}
}
/**
* startElement() implementation.
*
* @param uri Uri.
* @param name Local name.
* @param qName Qualified name.
* @param atts Attributes.
* @throws SAXException
*/
public final void startElement (String uri, String name, String qName, org.xml.sax.Attributes atts) throws SAXException
{
// Proceed based on our state
switch (m_state)
{
case AWAITING_ROOT_ELEMENT_START:
// Verify that we are processing the expected tag
if (m_rootElementName.equals(qName))
{
// Advance to the next state
m_state = AWAITING_SETTING_ELEMENT_START;
}
else
{
System.err.println("SettingsFileSAXHandler.startElement()- Un-expected element");
throw new SAXException("Un-expected element");
}
break;
case AWAITING_SETTING_ELEMENT_START:
// Keep track of the key name
m_currentKey = qName;
// Advance to the next state
m_state = AWAITING_SETTING_ELEMENT_DATA;
break;
default:
System.err.println("SettingsFileSAXHandler.startElement()- Invalid state " + m_state);
throw new SAXException("Invalid state at startElement");
}
}
/**
* endElement() implementation.
*
* @param uri Uri.
* @param name Local name.
* @param qName Qualified name.
* @throws SAXException
*/
public final void endElement (String uri, String name, String qName) throws SAXException
{
// Proceed based on our state
switch (m_state)
{
case AWAITING_SETTING_ELEMENT_DATA:
case AWAITING_SETTING_ELEMENT_END:
// Advance to the next state
m_state = AWAITING_SETTING_ELEMENT_START;
break;
case AWAITING_SETTING_ELEMENT_START:
// Verify that we are processing the expected tag
if (m_rootElementName.equals(qName))
{
// Advance to the next state
m_state = DONE_PARSING;
}
else
{
System.err.println("SettingsFileSAXHandler.endElement()- Un-expected element");
throw new SAXException("Un-expected element");
}
break;
default:
System.err.println("SettingsFileSAXHandler.endElement()- Invalid state " + m_state);
throw new SAXException("Invalid state at endElement");
}
}
/**
* character() implementation.
*
* @param ch Characters with element data.
* @param start Start position in the character array.
* @param length Number of characters to use in the array.
* @throws SAXException
*/
public final void characters (char ch[], int start, int length) throws SAXException
{
// Consume the data if in the right state
if (m_state == AWAITING_SETTING_ELEMENT_DATA)
{
// Consume the data and add the key to map
m_keyMap.put(m_currentKey, new String(ch, start, length));
// Advance to the next state
m_state = AWAITING_SETTING_ELEMENT_END;
}
else if (m_state == AWAITING_SETTING_ELEMENT_END)
{
// Concat this data to the setting data that we have already consumed
String settingData = m_keyMap.remove(m_currentKey);
if (settingData != null)
{
// Consume the data and add the key to map
m_keyMap.put(m_currentKey, settingData.concat(new String(ch, start, length)));
}
else
{
System.err.println("SettingsFileSAXHandler.characters()- Settings data not found");
throw new SAXException("Settings data not found");
}
}
}
}

95
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/SettingsFileUtil.java
View File

@ -53,19 +53,18 @@ public final class SettingsFileUtil
private static Document getSettingsFileDoc(String filePath) private static Document getSettingsFileDoc(String filePath)
{ {
Document doc; Document doc;
FileInputStream inStream = null;
try try
{ {
// Get an input stream to read from settings file // Get an input stream to read from settings file
File f = new File(filePath); File f = new File(filePath);
FileInputStream inStream = new FileInputStream(f); inStream = new FileInputStream(f);
InputSource source = new InputSource(inStream); InputSource source = new InputSource(inStream);
DOMParser parser = new DOMParser(); DOMParser parser = new DOMParser();
parser.parse(source); parser.parse(source);
doc = parser.getDocument(); doc = parser.getDocument();
inStream.close();
} }
catch (FileNotFoundException e) catch (FileNotFoundException e)
{ {
@ -87,6 +86,20 @@ public final class SettingsFileUtil
System.err.println("Settings file " + filePath + " format error"); System.err.println("Settings file " + filePath + " format error");
doc = null; doc = null;
} }
finally
{
if (inStream != null)
{
try
{
inStream.close();
}
catch (IOException e)
{
// Do nothing
}
}
}
return doc; return doc;
} }
@ -100,21 +113,35 @@ public final class SettingsFileUtil
private static Document getSettingsDoc(String settings) private static Document getSettingsDoc(String settings)
{ {
Document doc = null; Document doc = null;
StringReader reader = null;
try try
{ {
StringReader reader = new StringReader(settings); reader = new StringReader(settings);
InputSource source = new InputSource(reader); InputSource source = new InputSource(reader);
DOMParser parser = new DOMParser(); DOMParser parser = new DOMParser();
parser.parse(source); parser.parse(source);
doc = parser.getDocument(); doc = parser.getDocument();
reader.close();
} }
catch (Exception e) catch (Exception e)
{ {
System.err.println("Program error, exception: " + e.toString()); System.err.println("Program error, exception: " + e.toString());
} }
finally
{
if (reader != null)
{
try
{
reader.close();
}
catch (Exception e)
{
// Do nothing
}
}
}
return doc; return doc;
} }
@ -168,17 +195,18 @@ public final class SettingsFileUtil
Document doc = getSettingsDoc(settings); Document doc = getSettingsDoc(settings);
if (doc != null) if (doc != null)
{ {
FileOutputStream out = null;
try try
{ {
File f = new File(filePath); File f = new File(filePath);
boolean createStatus = f.createNewFile(); boolean createStatus = f.createNewFile();
if (createStatus == true) if (createStatus == true)
{ {
FileOutputStream out = new FileOutputStream(f); out = new FileOutputStream(f);
OutputFormat format = new OutputFormat(doc); OutputFormat format = new OutputFormat(doc);
XMLSerializer serializer = new XMLSerializer(out, format); XMLSerializer serializer = new XMLSerializer(out, format);
serializer.serialize(doc.getDocumentElement()); serializer.serialize(doc.getDocumentElement());
out.close();
opPerformed = true; opPerformed = true;
} }
@ -195,6 +223,21 @@ public final class SettingsFileUtil
{ {
System.out.println("SecurityException creating " + filePath); System.out.println("SecurityException creating " + filePath);
} }
finally
{
if (out != null)
{
try
{
out.flush();
out.close();
}
catch (IOException e)
{
// Do nothing
}
}
}
} }
return opPerformed; return opPerformed;
@ -307,6 +350,7 @@ public final class SettingsFileUtil
} }
// Update the file after removing the text nodes // Update the file after removing the text nodes
FileOutputStream out = null;
try try
{ {
// Remove text nodes // Remove text nodes
@ -323,11 +367,10 @@ public final class SettingsFileUtil
// Update file // Update file
File f = new File(filePath); File f = new File(filePath);
FileOutputStream out = new FileOutputStream(f); out = new FileOutputStream(f);
OutputFormat format = new OutputFormat(doc); OutputFormat format = new OutputFormat(doc);
XMLSerializer serializer = new XMLSerializer(out, format); XMLSerializer serializer = new XMLSerializer(out, format);
serializer.serialize(doc.getDocumentElement()); serializer.serialize(doc.getDocumentElement());
out.close();
opPerformed = true; opPerformed = true;
} }
@ -339,6 +382,21 @@ public final class SettingsFileUtil
{ {
System.out.println("SecurityException writting to file " + filePath); System.out.println("SecurityException writting to file " + filePath);
} }
finally
{
if (out != null)
{
try
{
out.flush();
out.close();
}
catch (IOException e)
{
// Do nothing
}
}
}
} }
} }
@ -384,6 +442,7 @@ public final class SettingsFileUtil
settingFound = true; settingFound = true;
// Update the file after removing the text nodes // Update the file after removing the text nodes
FileOutputStream out = null;
try try
{ {
// Remove text nodes // Remove text nodes
@ -400,11 +459,10 @@ public final class SettingsFileUtil
// Update file // Update file
File f = new File(filePath); File f = new File(filePath);
FileOutputStream out = new FileOutputStream(f); out = new FileOutputStream(f);
OutputFormat format = new OutputFormat(doc); OutputFormat format = new OutputFormat(doc);
XMLSerializer serializer = new XMLSerializer(out, format); XMLSerializer serializer = new XMLSerializer(out, format);
serializer.serialize(doc.getDocumentElement()); serializer.serialize(doc.getDocumentElement());
out.close();
opPerformed = true; opPerformed = true;
} }
@ -416,6 +474,21 @@ public final class SettingsFileUtil
{ {
System.out.println("SecurityException writting to file " + filePath); System.out.println("SecurityException writting to file " + filePath);
} }
finally
{
if (out != null)
{
try
{
out.flush();
out.close();
}
catch (IOException e)
{
// Do nothing
}
}
}
} }
} }

262
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/SvcConfig.java
View File

@ -63,158 +63,15 @@ public final class SvcConfig
public final static String DefaultSigningKeyAliasNameValue = "signingKey"; public final static String DefaultSigningKeyAliasNameValue = "signingKey";
public final static String DefaultSigningKeyPasswordValue = "secret"; public final static String DefaultSigningKeyPasswordValue = "secret";
// Minimum configuration values
private final static int MinimumTokenLifetimeValue = 360; // Seconds
private final static int MinimumLifetimeShorterValue = 5; // Seconds
private final static int MinimumLifetimeShorterDifferential = 15;
private final static int MinimumReconfigureIntervalValue = 30; // Seconds
private static final String m_svcSettingsFileName = "svc.settings"; private static final String m_svcSettingsFileName = "svc.settings";
private final Map<String,String> m_svcSettingsMap; private final Map<String,String> m_svcSettingsMap;
/**
* Class for handling Authentication Request parsing events.
*/
private static final class SAXHandler extends org.xml.sax.helpers.DefaultHandler
{
private final static int AWAITING_ROOT_ELEMENT_START = 0;
private final static int AWAITING_SETTING_ELEMENT_START = 1;
private final static int AWAITING_SETTING_ELEMENT_DATA = 2;
private final static int AWAITING_SETTING_ELEMENT_END = 3;
private final static int DONE_PARSING = 4;
private final static String m_rootElementName = "settings";
private final Map<String,String> m_keyMap;
private int m_state;
private String m_currentKey;
/**
* Constructor.
*
* @param keyMap Key/Value map.
*/
public SAXHandler(Map<String,String> keyMap)
{
super();
// Initialize our members
m_keyMap = keyMap;
m_state = AWAITING_ROOT_ELEMENT_START;
}
/**
* endDocument() implementation.
*
* @throws SAXException
*/
public final void endDocument () throws SAXException
{
// Verify that we are not in an invalid state
if (m_state != DONE_PARSING)
{
System.err.println("SvcConfig SAXHandler.endDocument()- Invalid state" + m_state);
throw new SAXException("Invalid state at endDocument");
}
}
/**
* startElement() implementation.
*
* @param uri Uri.
* @param name Local name.
* @param qName Qualified name.
* @param atts Attributes.
* @throws SAXException
*/
public final void startElement (String uri, String name, String qName, org.xml.sax.Attributes atts) throws SAXException
{
// Proceed based on our state
switch (m_state)
{
case AWAITING_ROOT_ELEMENT_START:
// Verify that we are processing the expected tag
if (m_rootElementName.equals(qName))
{
// Advance to the next state
m_state = AWAITING_SETTING_ELEMENT_START;
}
else
{
System.err.println("SvcConfig SAXHandler.startElement()- Un-expected element");
throw new SAXException("Un-expected element");
}
break;
case AWAITING_SETTING_ELEMENT_START:
// Keep track of the key name
m_currentKey = qName;
// Advance to the next state
m_state = AWAITING_SETTING_ELEMENT_DATA;
break;
default:
System.err.println("SvcConfig SAXHandler.startElement()- Invalid state " + m_state);
throw new SAXException("Invalid state at startElement");
}
}
/**
* endElement() implementation.
*
* @param uri Uri.
* @param name Local name.
* @param qName Qualified name.
* @throws SAXException
*/
public final void endElement (String uri, String name, String qName) throws SAXException
{
// Proceed based on our state
switch (m_state)
{
case AWAITING_SETTING_ELEMENT_DATA:
case AWAITING_SETTING_ELEMENT_END:
// Advance to the next state
m_state = AWAITING_SETTING_ELEMENT_START;
break;
case AWAITING_SETTING_ELEMENT_START:
// Verify that we are processing the expected tag
if (m_rootElementName.equals(qName))
{
// Advance to the next state
m_state = DONE_PARSING;
}
else
{
System.err.println("SvcConfig SAXHandler.endElement()- Un-expected element");
throw new SAXException("Un-expected element");
}
break;
default:
System.err.println("SvcConfig SAXHandler.endElement()- Invalid state " + m_state);
throw new SAXException("Invalid state at endElement");
}
}
/**
* character() implementation.
*
* @param ch Characters with element data.
* @param start Start position in the character array.
* @param length Number of characters to use in the array.
* @throws SAXException
*/
public final void characters (char ch[], int start, int length) throws SAXException
{
// Consume the data if in the right state
if (m_state == AWAITING_SETTING_ELEMENT_DATA)
{
// Consume the data and add the key to map
m_keyMap.put(m_currentKey, new String(ch, start, length));
// Advance to the next state
m_state = AWAITING_SETTING_ELEMENT_END;
}
}
}
/** /**
* Constructor. * Constructor.
* *
@ -231,25 +88,106 @@ public final class SvcConfig
// Create a map to keep track of the service settings // Create a map to keep track of the service settings
m_svcSettingsMap = new HashMap<String, String>(); m_svcSettingsMap = new HashMap<String, String>();
FileInputStream inStream = null;
try try
{ {
// Get an input stream to services settings file // Get an input stream to services settings file
File settingsFile = new File(svcConfigPath, m_svcSettingsFileName); File settingsFile = new File(svcConfigPath, m_svcSettingsFileName);
FileInputStream inStream = new FileInputStream(settingsFile); inStream = new FileInputStream(settingsFile);
// Parse the file // Parse the file
XMLReader xr = XMLReaderFactory.createXMLReader(); XMLReader xr = XMLReaderFactory.createXMLReader();
SAXHandler handler = new SAXHandler(m_svcSettingsMap); SettingsFileSAXHandler handler = new SettingsFileSAXHandler(m_svcSettingsMap);
xr.setContentHandler(handler); xr.setContentHandler(handler);
xr.setErrorHandler(handler); xr.setErrorHandler(handler);
InputSource source = new InputSource(inStream); InputSource source = new InputSource(inStream);
xr.parse(source); xr.parse(source);
inStream.close();
// Add the application and config folder path settings to our map // Add the application and config folder path settings to our map
m_svcSettingsMap.put(AppRootPath, appRootPath); m_svcSettingsMap.put(AppRootPath, appRootPath);
m_svcSettingsMap.put(ConfigFolderPath, svcConfigPath); m_svcSettingsMap.put(ConfigFolderPath, svcConfigPath);
// Do some sanity checking
int tokenLifetime;
try
{
tokenLifetime = Integer.valueOf(getSetting(SessionTokenLifetime)).intValue();
if (tokenLifetime < MinimumTokenLifetimeValue)
{
System.err.println("SvcConfig()- Configured token lifetime too small, defaulting to "
+ Integer.toString(MinimumTokenLifetimeValue) + " seconds");
tokenLifetime = MinimumTokenLifetimeValue;
// Update the map with the new value for the setting
m_svcSettingsMap.put(SessionTokenLifetime, Integer.toString(tokenLifetime));
}
}
catch (NumberFormatException e)
{
System.err.println("SvcConfig()- Invalid configured token lifetime value, defaulting to "
+ Integer.toString(MinimumTokenLifetimeValue) + " seconds");
tokenLifetime = MinimumTokenLifetimeValue;
// Update the map with the new value for the setting
m_svcSettingsMap.put(SessionTokenLifetime, Integer.toString(tokenLifetime));
}
int lifetimeShorter;
try
{
lifetimeShorter = Integer.valueOf(getSetting(LifetimeShorter)).intValue();
if (lifetimeShorter < MinimumLifetimeShorterValue)
{
System.err.println("SvcConfig()- Configured lifetime shorter too small, defaulting to "
+ Integer.toString(MinimumLifetimeShorterValue) + " seconds");
lifetimeShorter = MinimumLifetimeShorterValue;
// Update the map with the new value for the setting
m_svcSettingsMap.put(LifetimeShorter, Integer.toString(lifetimeShorter));
}
}
catch (NumberFormatException e)
{
System.err.println("SvcConfig()- Invalid configured lifetime shorter value, defaulting to "
+ Integer.toString(MinimumLifetimeShorterValue) + " seconds");
lifetimeShorter = MinimumLifetimeShorterValue;
// Update the map with the new value for the setting
m_svcSettingsMap.put(LifetimeShorter, Integer.toString(lifetimeShorter));
}
if (lifetimeShorter > tokenLifetime
|| (tokenLifetime - lifetimeShorter) < MinimumLifetimeShorterDifferential)
{
System.err.println("SvcConfig()- Invalid lifetime shorter value, defaulting to "
+ Integer.toString(MinimumLifetimeShorterValue) + " seconds");
// Update the map with the new value for the setting
m_svcSettingsMap.put(LifetimeShorter, Integer.toString(MinimumLifetimeShorterValue));
}
int reconfigureInterval;
try
{
reconfigureInterval = Integer.valueOf(getSetting(ReconfigureInterval)).intValue();
if (reconfigureInterval < MinimumReconfigureIntervalValue)
{
System.err.println("SvcConfig()- Configured reconfigure interval too small, defaulting to "
+ Integer.toString(MinimumReconfigureIntervalValue) + " seconds");
// Update the map with the new value for the setting
m_svcSettingsMap.put(ReconfigureInterval, Integer.toString(MinimumReconfigureIntervalValue));
}
}
catch (NumberFormatException e)
{
System.err.println("SvcConfig()- Invalid configured reconfigured interval value, defaulting to "
+ Integer.toString(MinimumReconfigureIntervalValue) + " seconds");
// Update the map with the new value for the setting
m_svcSettingsMap.put(ReconfigureInterval, Integer.toString(MinimumReconfigureIntervalValue));
}
} }
catch (SAXException e) catch (SAXException e)
{ {
@ -259,14 +197,31 @@ public final class SvcConfig
catch (SecurityException e) catch (SecurityException e)
{ {
System.err.println("SvcConfig()- SecurityException caught while accessing " + svcConfigPath + File.separator + m_svcSettingsFileName + " Exception=" + e.toString()); System.err.println("SvcConfig()- SecurityException caught while accessing " + svcConfigPath + File.separator + m_svcSettingsFileName + " Exception=" + e.toString());
throw new Exception("SvcConfig()- Not able to access file");
} }
catch (FileNotFoundException e) catch (FileNotFoundException e)
{ {
System.err.println("SvcConfig()- File " + svcConfigPath + File.separator + m_svcSettingsFileName + " not found"); System.err.println("SvcConfig()- File " + svcConfigPath + File.separator + m_svcSettingsFileName + " not found");
throw new Exception("SvcConfig()- File not found");
} }
catch (IOException e) catch (IOException e)
{ {
System.err.println("SvcConfig()- IOException caught while trying to read " + svcConfigPath + File.separator + m_svcSettingsFileName + " Exception=" + e.toString()); System.err.println("SvcConfig()- IOException caught while trying to read " + svcConfigPath + File.separator + m_svcSettingsFileName + " Exception=" + e.toString());
throw new Exception("SvcConfig()- Read error");
}
finally
{
if (inStream != null)
{
try
{
inStream.close();
}
catch (IOException e)
{
// Do nothing
}
}
} }
} }
@ -337,9 +292,6 @@ public final class SvcConfig
{ {
System.err.println("SvcConfig.getSetting()- Found setting " + settingName); System.err.println("SvcConfig.getSetting()- Found setting " + settingName);
System.err.println("SvcConfig.getSetting()- Setting value = " + value); System.err.println("SvcConfig.getSetting()- Setting value = " + value);
// Do some sanity checking
// tbd - Make sure that the token lifetime values are greater than the LifetimeShorter
} }
return value; return value;

27
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/WSSecurity.java
View File

@ -25,6 +25,7 @@
package com.novell.casa.authtoksvc; package com.novell.casa.authtoksvc;
import java.io.ByteArrayInputStream; import java.io.ByteArrayInputStream;
import java.io.IOException;
import org.apache.axis.Message; import org.apache.axis.Message;
import org.apache.axis.message.SOAPEnvelope; import org.apache.axis.message.SOAPEnvelope;
@ -65,12 +66,34 @@ public final class WSSecurity
* @throws Exception * @throws Exception
*/ */
private static Message toSOAPMessage(Document doc) throws Exception private static Message toSOAPMessage(Document doc) throws Exception
{
ByteArrayInputStream inStream = null;
Message msg = null;
try
{ {
Canonicalizer c14n = Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS); Canonicalizer c14n = Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS);
byte[] canonicalMessage = c14n.canonicalizeSubtree(doc); byte[] canonicalMessage = c14n.canonicalizeSubtree(doc);
ByteArrayInputStream in = new ByteArrayInputStream(canonicalMessage); inStream = new ByteArrayInputStream(canonicalMessage);
MessageFactory factory = MessageFactory.newInstance(); MessageFactory factory = MessageFactory.newInstance();
return (org.apache.axis.Message) factory.createMessage(null, in); msg = (org.apache.axis.Message) factory.createMessage(null, inStream);
}
finally
{
if (inStream != null)
{
try
{
inStream.close();
}
catch (IOException e)
{
// Do nothing
}
}
}
return msg;
} }
/** /**

6
CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Mon Jan 8 15:26:15 MST 2007 - jluciani@novell.com
- Applied changes to solve most issues found during my code
review of the components.
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Dec 13 10:18:25 MST 2006 - jluciani@novell.com Wed Dec 13 10:18:25 MST 2006 - jluciani@novell.com