diff options
author | Matthew Harmsen <mharmsen@redhat.com> | 2014-09-03 21:07:07 -0700 |
---|---|---|
committer | Matthew Harmsen <mharmsen@redhat.com> | 2014-09-03 21:07:07 -0700 |
commit | abaa8473f51a5c436a2952920625b7447e226b29 (patch) | |
tree | e9e731a6e4eb8be63f1a74fffad101332b060afe /base/tps/src/org/dogtagpki/server/tps/authentication | |
parent | 4dbec5fe960a89b7ced3028e000b5695b6d9aac7 (diff) | |
download | pki-abaa8473f51a5c436a2952920625b7447e226b29.tar.gz pki-abaa8473f51a5c436a2952920625b7447e226b29.tar.xz pki-abaa8473f51a5c436a2952920625b7447e226b29.zip |
Rename pki-tps-tomcat to pki-tps
* PKI TRAC Ticket #1017 - Rename pki-tps-tomcat to pki-tps
Diffstat (limited to 'base/tps/src/org/dogtagpki/server/tps/authentication')
3 files changed, 527 insertions, 0 deletions
diff --git a/base/tps/src/org/dogtagpki/server/tps/authentication/AuthUIParameter.java b/base/tps/src/org/dogtagpki/server/tps/authentication/AuthUIParameter.java new file mode 100644 index 000000000..16d57f948 --- /dev/null +++ b/base/tps/src/org/dogtagpki/server/tps/authentication/AuthUIParameter.java @@ -0,0 +1,92 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2014 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package org.dogtagpki.server.tps.authentication; + +import java.util.HashMap; + +import com.netscape.certsrv.base.EBaseException; + +/* + * AuthUIParameters is a class for per locale parameter sets + * + * @author cfu + */ +public class AuthUIParameter { + + private String paramId; + /* + * auths.instance.<authInst>.ui.id.<param>.name.<locale>=<name> + * auths.instance.<authInst>.ui.id.<param>.description.<locale>=<description> + * e.g. + * auths.instance.ldap1.ui.id.PASSWORD.description.en=LDAP Password + * auths.instance.ldap1.ui.id.PASSWORD.name.en=LDAP Password + * auths.instance.ldap1.ui.id.UID.description.en=LDAP User ID + * auths.instance.ldap1.ui.id.UID.name.en=LDAP User ID + * + * for each id param <locale, name> + */ + private HashMap<String, String> uiParamIdName; + private HashMap<String, String> uiParamIdDescription; + + public AuthUIParameter(String id) + throws EBaseException { + paramId = id; + uiParamIdName = new HashMap<String, String>(); + uiParamIdDescription = new HashMap<String, String>(); + } + + public void setParamName(String locale, String name) { + uiParamIdName.put(locale, name); + } + + public String getParamName(String locale) { + return uiParamIdName.get(locale); + } + + public void setParamDescription(String locale, String desc) { + uiParamIdDescription.put(locale, desc); + } + + public String getParamDescription(String locale) { + return uiParamIdDescription.get(locale); + } + + public String toString(String locale) { + String name = getParamName(locale); + if (name == null) + name = getParamName("en"); + + String desc = getParamDescription(locale); + if (desc == null) + desc = getParamDescription("en"); + + String typeValue = "string"; + + if(paramId.equals("PASSWORD")){ + typeValue = "password"; + } + + String string = + "id=" + paramId + + "&name=" + name + + "&desc=" + desc + + "&type=" + typeValue + + "&option="; + return string; + } +} diff --git a/base/tps/src/org/dogtagpki/server/tps/authentication/AuthenticationManager.java b/base/tps/src/org/dogtagpki/server/tps/authentication/AuthenticationManager.java new file mode 100644 index 000000000..e163bf6b1 --- /dev/null +++ b/base/tps/src/org/dogtagpki/server/tps/authentication/AuthenticationManager.java @@ -0,0 +1,287 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2014 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +package org.dogtagpki.server.tps.authentication; + +import java.util.Enumeration; +import java.util.Hashtable; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.IConfigStore; + +/** + * AuthenticationManager is a class for management of authentication + * instances + * + * @author cfu + */ +public class AuthenticationManager +{ + private Hashtable<String, TPSAuthenticator> authInstances; + + public AuthenticationManager() { + } + + /* + * initAuthInstances initializes authentication manager instances + * + * configuration e.g. + * + * auths.instance.ldap1.ui.description.en=This authenticates user against the LDAP directory. + * auths.instance.ldap1.ui.title.en=LDAP Authentication + * auths.instance.ldap1.ui.id.PASSWORD.description.en=LDAP Password + * auths.instance.ldap1.ui.id.PASSWORD.name.en=LDAP Password + * auths.instance.ldap1.ui.id.PASSWORD.credMap.authCred=pwd + * auths.instance.ldap1.ui.id.PASSWORD.credMap.msgCred.extlogin=PASSWORD + * auths.instance.ldap1.ui.id.PASSWORD.credMap.msgCred.login=password + * auths.instance.ldap1.ui.id.UID.description.en=LDAP User ID + * auths.instance.ldap1.ui.id.UID.name.en=LDAP User ID + * auths.instance.ldap1.ui.id.UID.credMap.authCred=uid + * auths.instance.ldap1.ui.id.UID.credMap.msgCred.extlogin=UID + * auths.instance.ldap1.ui.id.UID.credMap.msgCred.login=screen_name + * auths.instance.ldap1.ui.retries=1 + * + * # the following are handled by the IAuthManager itself + * auths.instance.ldap1.dnpattern= + * auths.instance.ldap1.ldap.basedn=dc=idm,dc=lab,dc=bos,dc=redhat,dc=com + * auths.instance.ldap1.ldap.ldapauth.authtype=BasicAuth + * auths.instance.ldap1.ldap.ldapauth.bindDN= + * auths.instance.ldap1.ldap.ldapauth.bindPWPrompt=ldap1 + * auths.instance.ldap1.ldap.ldapauth.clientCertNickname= + * auths.instance.ldap1.ldap.ldapconn.host=vm-060.idm.lab.bos.redhat.com + * auths.instance.ldap1.ldap.ldapconn.port=389 + * auths.instance.ldap1.ldap.ldapconn.secureConn=False + * auths.instance.ldap1.ldap.ldapconn.version=3 + * auths.instance.ldap1.ldap.maxConns=15 + * auths.instance.ldap1.ldap.minConns=3 + * auths.instance.ldap1.ldapByteAttributes= + * auths.instance.ldap1.ldapStringAttributes=mail,cn,uid + * auths.instance.ldap1.pluginName=UidPwdDirAuth + */ + public void initAuthInstances() throws EBaseException { + CMS.debug("AuthenticationManager: initAuthInstances(): begins."); + IConfigStore conf = CMS.getConfigStore(); + IConfigStore authInstSubstore = conf.getSubStore("auths.instance"); + Enumeration<String> auth_enu = authInstSubstore.getSubStoreNames(); + authInstances = new Hashtable<String, TPSAuthenticator>(); + while (auth_enu.hasMoreElements()) { + String authInstID = auth_enu.nextElement(); + CMS.debug("AuthenticationManager: initAuthInstances(): initializing authentication instance " + authInstID); + IConfigStore authInstSub = + authInstSubstore.getSubStore(authInstID); + TPSAuthenticator authInst = + createAuthentication(authInstSub, authInstID); + authInstances.put(authInstID, authInst); + CMS.debug("AuthenticationManager: initAuthInstances(): authentication instance " + + authInstID + + " initialized."); + } + CMS.debug("AuthenticationManager: initAuthInstances(): ends."); + } + + /* + * createAuthentication creates and returns an Authenticaiton + * + * @param conf config store of the authentication instance + * @return Authentication the authentication instance + */ + private TPSAuthenticator createAuthentication(IConfigStore conf, String authInstID) + throws EBaseException { + + CMS.debug("AuthenticationManager: createAuthentication(): begins for " + + authInstID); + + if (conf == null || conf.size() <= 0) { + CMS.debug("AuthenticationManager: createAuthentication(): conf null or empty."); + throw new EBaseException("called with null config store"); + } + + TPSAuthenticator auth = new TPSAuthenticator(authInstID); + + IConfigStore uiSub = conf.getSubStore("ui"); + if (uiSub == null) { + CMS.debug("AuthenticationManager: createAuthentication(): conf " + + conf.getName() + ".ui" + " null or empty."); + throw new EBaseException("config " + conf.getName() + ".ui" + " not found"); + } + + // init ui title + IConfigStore uiTitleSub = uiSub.getSubStore("title"); + if (uiTitleSub == null) { + CMS.debug("AuthenticationManager: createAuthentication(): conf " + + uiSub.getName() + ".title" + " null or empty."); + throw new EBaseException("config " + uiSub.getName() + ".title" + " not found"); + } + + Enumeration<String> uiTitle_enu = uiTitleSub.getPropertyNames(); + + while (uiTitle_enu.hasMoreElements()) { + String locale = uiTitle_enu.nextElement(); + String title = uiTitleSub.getString(locale); + if (title.isEmpty()) { + CMS.debug("AuthenticationManager: createAuthentication(): title for locale " + + locale + " not found"); + continue; + } + auth.setUiTitle(locale, title); + CMS.debug("AuthenticationManager: createAuthentication(): added title=" + + title + ", locale= " + locale); + } + + // init ui description + IConfigStore uiDescSub = uiSub.getSubStore("description"); + if (uiDescSub == null) { + CMS.debug("AuthenticationManager: createAuthentication(): conf " + + uiSub.getName() + ".description" + " null or empty."); + throw new EBaseException("config " + uiSub.getName() + ".description" + " not found"); + } + Enumeration<String> uiDesc_enu = uiDescSub.getPropertyNames(); + + while (uiDesc_enu.hasMoreElements()) { + String locale = uiDesc_enu.nextElement(); + String description = uiDescSub.getString(locale); + if (description.isEmpty()) { + CMS.debug("AuthenticationManager: createAuthentication(): description for locale " + + locale + " not found"); + continue; + } + auth.setUiDescription(locale, description); + CMS.debug("AuthenticationManager: createAuthentication(): added description=" + + description + ", locale= " + locale); + } + + // init ui parameters + IConfigStore uiParamSub = uiSub.getSubStore("id"); + if (uiParamSub == null) { + CMS.debug("AuthenticationManager: createAuthentication(): conf " + + uiSub.getName() + ".id" + " null or empty."); + throw new EBaseException("config " + uiSub.getName() + ".id" + " not found"); + } + Enumeration<String> uiParam_enu = uiParamSub.getSubStoreNames(); + while (uiParam_enu.hasMoreElements()) { + String id = uiParam_enu.nextElement(); + CMS.debug("AuthenticationManager: createAuthentication(): id param=" + + id); + IConfigStore idNameSub = uiParamSub.getSubStore(id + ".name"); + if (idNameSub == null) { + CMS.debug("AuthenticationManager: createAuthentication(): conf " + + uiParamSub.getName() + ".name" + " null or empty."); + continue; + } + + AuthUIParameter up = new AuthUIParameter(id); + Enumeration<String> idName_enu = idNameSub.getPropertyNames(); + while (idName_enu.hasMoreElements()) { + String locale = idName_enu.nextElement(); + String name = idNameSub.getString(locale); + if (name.isEmpty()) { + CMS.debug("AuthenticationManager: createAuthentication(): name for locale " + + locale + " not found"); + continue; + } + CMS.debug("AuthenticationManager: createAuthentication(): name =" + + name + " for locale " + locale); + up.setParamName(locale, name); + } + + IConfigStore idDescSub = uiParamSub.getSubStore(id + ".description"); + if (idDescSub == null) { + CMS.debug("AuthenticationManager: createAuthentication(): conf " + + uiParamSub.getName() + ".description" + " null or empty."); + continue; + } + Enumeration<String> idDesc_enu = idDescSub.getPropertyNames(); + while (idDesc_enu.hasMoreElements()) { + String locale = idDesc_enu.nextElement(); + String desc = idDescSub.getString(locale); + if (desc.isEmpty()) { + CMS.debug("AuthenticationManager: createAuthentication(): description for locale " + + locale + " not found"); + continue; + } + CMS.debug("AuthenticationManager: createAuthentication(): desc =" + + desc); + up.setParamDescription(locale, desc); + } + + auth.setUiParam(id, up); + CMS.debug("AuthenticationManager: createAuthentication(): added param=" + + id); + + // map the auth mgr required cred to cred name in request message + IConfigStore credMapSub = uiParamSub.getSubStore(id + ".credMap"); + if (credMapSub == null) { + CMS.debug("AuthenticationManager: createAuthentication(): conf " + + uiParamSub.getName() + ".credMap" + " null or empty."); + continue; + } + String authCred = credMapSub.getString("authCred"); + if (authCred.isEmpty()) { + CMS.debug("AuthenticationManager: createAuthentication(): conf " + + credMapSub.getName() + ".authCred" + " null or empty."); + continue; + } + + IConfigStore msgCredSub = credMapSub.getSubStore("msgCred"); + if (msgCredSub == null) { + CMS.debug("AuthenticationManager: createAuthentication(): conf " + + uiParamSub.getName() + ".msgCred" + " null or empty."); + continue; + } + + String msgCred_login = msgCredSub.getString("login"); + if (msgCred_login.isEmpty()) { + CMS.debug("AuthenticationManager: createAuthentication(): conf " + + msgCredSub.getName() + ".login" + " null or empty."); + continue; + } + auth.setCredMap(authCred, msgCred_login, + false /* not extendedLogin*/); + CMS.debug("AuthenticationManager: createAuthentication(): added cred map_login=" + + authCred + ":" + msgCred_login); + + String msgCred_extlogin = msgCredSub.getString("extlogin"); + if (msgCred_extlogin.isEmpty()) { + CMS.debug("AuthenticationManager: createAuthentication(): conf " + + msgCredSub.getName() + ".extlogin" + " null or empty."); + continue; + } + + auth.setCredMap(authCred, msgCred_extlogin, + true /* extendedLogin*/); + CMS.debug("AuthenticationManager: createAuthentication(): added cred map_extlogin=" + + authCred + ":" + msgCred_extlogin); + + } + + Integer retries = uiSub.getInteger("retries", 1); + auth.setNumOfRetries(retries.intValue()); + + CMS.debug("AuthenticationManager: createAuthentication(): completed for " + + authInstID); + return auth; + } + + /* + * gets an established Authentication instance + */ + public TPSAuthenticator getAuthInstance(String id) { + return authInstances.get(id); + } +} diff --git a/base/tps/src/org/dogtagpki/server/tps/authentication/TPSAuthenticator.java b/base/tps/src/org/dogtagpki/server/tps/authentication/TPSAuthenticator.java new file mode 100644 index 000000000..8d84cf5f6 --- /dev/null +++ b/base/tps/src/org/dogtagpki/server/tps/authentication/TPSAuthenticator.java @@ -0,0 +1,148 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2014 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package org.dogtagpki.server.tps.authentication; + +import java.util.HashMap; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.authentication.IAuthManager; +import com.netscape.certsrv.authentication.IAuthSubsystem; +import com.netscape.certsrv.base.EBaseException; + +/** + * Authentication is a class for an authentication instance + * + * @author cfu + */ +public class TPSAuthenticator { + private String id; + private IAuthManager authManager; + + /* + * for auths instance ui <locale, value> + * e.g. + * auths.instance.ldap1.ui.description.en= + * This authenticates user against the LDAP directory. + * auths.instance.ldap1.ui.title.en=LDAP Authentication + */ + private HashMap<String, String> uiTitle; + private HashMap<String, String> uiDescription; + + private HashMap<String, AuthUIParameter> uiParameters; + /* + * credMap is for authentication manager required + * credential names (authCred) mapping to the + * client message credentail names (msgCred) + * e.g. + * auths.instance.ldap1.ui.id.UID.credMap.authCred=uid + * auths.instance.ldap1.ui.id.UID.credMap.msgCred=screen_name + * auths.instance.ldap1.ui.id.PASSWORD.credMap.authCred=pwd + * auths.instance.ldap1.ui.id.PASSWORD.credMap.msgCred=password + */ + private HashMap<String, String> credMap_login; + private HashMap<String, String> credMap_extlogin; + + // retries if the user entered the wrong password/securid + private int maxLoginRetries = 1; + + private String authCredName; + + /* + * Authentication constructor + * @param authId authentication instance id + */ + public TPSAuthenticator(String authId) + throws EBaseException { + id = authId; + // retrieves and set authentication manager + IAuthSubsystem authSub = + (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); + authManager = authSub.getAuthManager(authId); + uiTitle = new HashMap<String, String>(); + uiDescription = new HashMap<String, String>(); + uiParameters = new HashMap<String, AuthUIParameter>(); + credMap_login = new HashMap<String, String>(); + credMap_extlogin = new HashMap<String, String>(); + } + + public String getID() { + return id; + } + + public IAuthManager getAuthManager() { + return authManager; + } + + public void setUiTitle(String locale, String title) { + uiTitle.put(locale, title); + } + + public String getUiTitle(String locale) { + return uiTitle.get(locale); + } + + public void setUiDescription(String locale, String desc) { + uiDescription.put(locale, desc); + } + + public String getUiDescription(String locale) { + return uiDescription.get(locale); + } + + public void setUiParam(String id, AuthUIParameter up) { + uiParameters.put(id, up); + } + + public AuthUIParameter getUiParam(String id) { + return uiParameters.get(id); + } + + public HashMap<String, AuthUIParameter> getUiParamSet() { + return uiParameters; + } + + public void setCredMap(String authCred, String msgCred, boolean extLogin) { + if (extLogin) + credMap_extlogin.put(authCred, msgCred); + else + credMap_login.put(authCred, msgCred); + } + + public String getCredMap(String authCred, boolean extLogin) { + if (extLogin) + return credMap_extlogin.get(authCred); + else + return credMap_login.get(authCred); + } + + public int getNumOfRetries() { + return maxLoginRetries; + } + + public void setNumOfRetries(int num) { + maxLoginRetries = num; + } + + public String getAuthCredName() { + return authCredName; + } + + public void setAuthCredName(String authCredName) { + this.authCredName = authCredName; + } +} |