diff options
author | Fraser Tweedale <ftweedal@redhat.com> | 2015-12-03 16:09:04 +1100 |
---|---|---|
committer | Fraser Tweedale <ftweedal@redhat.com> | 2016-01-21 19:59:17 +1000 |
commit | 67ac39227e5db83c7a4a7ad72364f3dcd30db05e (patch) | |
tree | 62fbd3b5a12f71d35676089f405b2d2e42285011 /base/server/tomcat/src | |
parent | cbcdeddc2e794be3955edf20ea1597e58c443ba6 (diff) | |
download | pki-67ac39227e5db83c7a4a7ad72364f3dcd30db05e.tar.gz pki-67ac39227e5db83c7a4a7ad72364f3dcd30db05e.tar.xz pki-67ac39227e5db83c7a4a7ad72364f3dcd30db05e.zip |
Extract common base class for SSLAuthenticatorWithFallback
Two Tomcat version-specific implementations of
SSLAuthenticatorWithFallback exist, with much duplicate code.
Extract an abstract base class 'AbstractPKIAuthenticator' and
implement just the unique bits in the concrete classes.
Part of: https://fedorahosted.org/pki/ticket/1359
Diffstat (limited to 'base/server/tomcat/src')
-rw-r--r-- | base/server/tomcat/src/com/netscape/cms/tomcat/AbstractPKIAuthenticator.java | 165 |
1 files changed, 165 insertions, 0 deletions
diff --git a/base/server/tomcat/src/com/netscape/cms/tomcat/AbstractPKIAuthenticator.java b/base/server/tomcat/src/com/netscape/cms/tomcat/AbstractPKIAuthenticator.java new file mode 100644 index 000000000..f98377dc2 --- /dev/null +++ b/base/server/tomcat/src/com/netscape/cms/tomcat/AbstractPKIAuthenticator.java @@ -0,0 +1,165 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2012 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +package com.netscape.cms.tomcat; + +import java.io.IOException; +import java.security.cert.X509Certificate; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpServletResponseWrapper; + +import org.apache.catalina.Container; +import org.apache.catalina.Globals; +import org.apache.catalina.LifecycleException; +import org.apache.catalina.Authenticator; +import org.apache.catalina.authenticator.AuthenticatorBase; +import org.apache.catalina.authenticator.BasicAuthenticator; +import org.apache.catalina.authenticator.FormAuthenticator; +import org.apache.catalina.authenticator.SSLAuthenticator; +import org.apache.catalina.connector.Request; + +/** + * @author Endi S. Dewata + */ +public abstract class AbstractPKIAuthenticator extends AuthenticatorBase { + + public final static String BASIC_AUTHENTICATOR = "BASIC"; + public final static String FORM_AUTHENTICATOR = "FORM"; + + String fallbackMethod = BASIC_AUTHENTICATOR; + + AuthenticatorBase sslAuthenticator = new SSLAuthenticator(); + AuthenticatorBase fallbackAuthenticator = new BasicAuthenticator(); + + public AbstractPKIAuthenticator() { + log("Creating SSL authenticator with fallback"); + } + + public String getFallbackMethod() { + return fallbackMethod; + } + + public void setFallbackMethod(String fallbackMethod) { + log("Fallback method: "+fallbackMethod); + this.fallbackMethod = fallbackMethod; + + if (BASIC_AUTHENTICATOR.equalsIgnoreCase(fallbackMethod)) { + fallbackAuthenticator = new BasicAuthenticator(); + + } else if (FORM_AUTHENTICATOR.equalsIgnoreCase(fallbackMethod)) { + fallbackAuthenticator = new FormAuthenticator(); + } + + } + + public boolean doAuthenticate(Request request, HttpServletResponse response) throws IOException { + X509Certificate certs[] = (X509Certificate[]) request.getAttribute(Globals.CERTIFICATES_ATTR); + boolean result; + + if (certs != null && certs.length > 0) { + log("Authenticate with client certificate authentication"); + HttpServletResponseWrapper wrapper = new HttpServletResponseWrapper(response) { + public void setHeader(String name, String value) { + log("SSL auth header: "+name+"="+value); + }; + public void sendError(int code) { + log("SSL auth return code: "+code); + } + }; + result = doSubAuthenticate(sslAuthenticator, request, wrapper); + + } else { + log("Authenticating with "+fallbackMethod+" authentication"); + HttpServletResponseWrapper wrapper = new HttpServletResponseWrapper(response) { + public void setHeader(String name, String value) { + log("Fallback auth header: "+name+"="+value); + }; + public void sendError(int code) { + log("Fallback auth return code: "+code); + } + }; + result = doSubAuthenticate(fallbackAuthenticator, request, wrapper); + } + + if (result) + return true; + + log("Result: "+result); + String realmName = doGetRealmName(request); + response.setHeader(AUTH_HEADER_NAME, + "Basic realm=\"" + (realmName == null ? REALM_NAME : realmName) + "\""); + response.sendError(HttpServletResponse.SC_UNAUTHORIZED); + + return false; + } + + public abstract boolean doSubAuthenticate( + Authenticator auth, Request req, HttpServletResponse resp) + throws IOException; + + public abstract String doGetRealmName(Request req); + + + @Override + protected String getAuthMethod() { + return HttpServletRequest.CLIENT_CERT_AUTH; + }; + + @Override + public void setContainer(Container container) { + log("Setting container"); + super.setContainer(container); + sslAuthenticator.setContainer(container); + fallbackAuthenticator.setContainer(container); + } + + @Override + protected void initInternal() throws LifecycleException { + log("Initializing authenticators"); + + super.initInternal(); + + sslAuthenticator.setAlwaysUseSession(alwaysUseSession); + sslAuthenticator.init(); + + fallbackAuthenticator.setAlwaysUseSession(alwaysUseSession); + fallbackAuthenticator.init(); + } + + @Override + public void startInternal() throws LifecycleException { + log("Starting authenticators"); + super.startInternal(); + sslAuthenticator.start(); + fallbackAuthenticator.start(); + } + + @Override + public void stopInternal() throws LifecycleException { + log("Stopping authenticators"); + super.stopInternal(); + sslAuthenticator.stop(); + fallbackAuthenticator.stop(); + } + + public void log(String message) { + System.out.println("SSLAuthenticatorWithFallback: "+message); + } +} |