Add IAuthToken implementation for external principals

Many parts of Dogtag expect an IAuthToken, which represents the authenticated user. The sole implementation, AuthToken, uses some concepts that do not carry across to externally authenticated principals, e.g. an external principal does not have an associated IAuthManager that was used to authenticate the principal. Therefore something different is needed. Implement ExternalAuthToken which wraps a GenericPrincipal and provides access to the data therein. Part of: https://pagure.io/dogtagpki/issue/1359
author: Fraser Tweedale <ftweedal@redhat.com> 2016-11-29 18:10:58 +1000
committer: Fraser Tweedale <ftweedal@redhat.com> 2017-03-16 17:46:18 +1000
commit: 433c7b70d7dd8609dea31b28aee042e48a41ac9f (patch)
tree: 88df87ac2dd8186439425160b0362c3087a93d22
parent: 00cf1cd2c6b9f5d8116921e4c3f1d07e7708388e (diff)
download: pki-433c7b70d7dd8609dea31b28aee042e48a41ac9f.tar.gz
pki-433c7b70d7dd8609dea31b28aee042e48a41ac9f.tar.xz
pki-433c7b70d7dd8609dea31b28aee042e48a41ac9f.zip
1 files changed, 154 insertions, 0 deletions
diff --git a/base/common/src/com/netscape/certsrv/authentication/ExternalAuthToken.java b/base/common/src/com/netscape/certsrv/authentication/ExternalAuthToken.java
new file mode 100644
index 000000000..07c09d140
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/authentication/ExternalAuthToken.java
@@ -0,0 +1,154 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2015 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+package com.netscape.certsrv.authentication;
+
+import java.math.BigInteger;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Date;
+import java.util.Enumeration;
+
+import org.apache.catalina.realm.GenericPrincipal;
+
+import netscape.security.x509.CertificateExtensions;
+import netscape.security.x509.X509CertImpl;
+
+import com.netscape.certsrv.usrgrp.Certificates;
+
+
+/**
+ * Authentication token that wraps an externally authenticated
+ * principal to return.
+ */
+public class ExternalAuthToken implements IAuthToken {
+
+    protected GenericPrincipal principal;
+
+    public ExternalAuthToken(GenericPrincipal principal) {
+        this.principal = principal;
+    }
+
+    public Principal getPrincipal() {
+        return principal;
+    }
+
+    public Enumeration<String> getElements() {
+        ArrayList<String> keys = new ArrayList<>();
+        keys.add(GROUPS);
+        keys.add(TOKEN_AUTHMGR_INST_NAME);
+        keys.add(UID);
+        keys.add(USER_ID);
+        return Collections.enumeration(keys);
+    }
+
+    public Object get(String k) {
+        return null;
+    }
+
+    public boolean set(String k, String v) {
+        return false;
+    }
+
+    public String getInString(String k) {
+        if (k == null)
+            return null;
+        if (k.equals(USER_ID) || k.equals(UID))
+            return principal.getName();
+        if (k.equals(TOKEN_AUTHMGR_INST_NAME))
+            return "external";
+        return null;
+    }
+
+    public boolean set(String k, byte[] v) {
+        return false;
+    }
+
+    public byte[] getInByteArray(String k) {
+        return null;
+    }
+
+    public boolean set(String k, Integer v) {
+        return false;
+    }
+
+    public Integer getInInteger(String k) {
+        return null;
+    }
+
+    public boolean set(String k, BigInteger[] v) {
+        return false;
+    }
+
+    public BigInteger[] getInBigIntegerArray(String k) {
+        return null;
+    }
+
+    public boolean set(String k, Date v) {
+        return false;
+    }
+
+    public Date getInDate(String k) {
+        return null;
+    }
+
+    public boolean set(String k, String[] v) {
+        return false;
+    }
+
+    public String[] getInStringArray(String k) {
+        if (k == null)
+            return null;
+        if (k.equals(GROUPS))
+            return principal.getRoles();
+        return null;
+    }
+
+    public boolean set(String k, X509CertImpl v) {
+        return false;
+    }
+
+    public X509CertImpl getInCert(String k) {
+        return null;
+    }
+
+    public boolean set(String k, CertificateExtensions v) {
+        return false;
+    }
+
+    public CertificateExtensions getInCertExts(String k) {
+        return null;
+    }
+
+    public boolean set(String k, Certificates v) {
+        return false;
+    }
+
+    public Certificates getInCertificates(String k) {
+        return null;
+    }
+
+    public boolean set(String k, byte[][] v) {
+        return false;
+    }
+
+    public byte[][] getInByteArrayArray(String k) {
+        return null;
+    }
+}
author	Fraser Tweedale <ftweedal@redhat.com>	2016-11-29 18:10:58 +1000
committer	Fraser Tweedale <ftweedal@redhat.com>	2017-03-16 17:46:18 +1000
commit	433c7b70d7dd8609dea31b28aee042e48a41ac9f (patch)
tree	88df87ac2dd8186439425160b0362c3087a93d22
parent	00cf1cd2c6b9f5d8116921e4c3f1d07e7708388e (diff)
download	pki-433c7b70d7dd8609dea31b28aee042e48a41ac9f.tar.gz pki-433c7b70d7dd8609dea31b28aee042e48a41ac9f.tar.xz pki-433c7b70d7dd8609dea31b28aee042e48a41ac9f.zip