1 files changed, 290 insertions, 0 deletions

diff --git a/pki/base/common/src/com/netscape/cms/authentication/HashAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/HashAuthentication.java
new file mode 100644
index 000000000..12ea8f041
--- /dev/null
+++ b/pki/base/common/src/com/netscape/cms/authentication/HashAuthentication.java
@@ -0,0 +1,290 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.cms.authentication;
+
+
+// ldap java sdk
+import netscape.ldap.*;
+
+// cert server imports.
+import com.netscape.certsrv.apps.*;
+import com.netscape.certsrv.base.IConfigStore;
+import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.base.IExtendedPluginInfo;
+import com.netscape.certsrv.ldap.ELdapException;
+import com.netscape.certsrv.ldap.LdapResources;
+import com.netscape.certsrv.logging.ILogger;
+import com.netscape.certsrv.authentication.*;
+import com.netscape.cmsutil.util.*;
+
+// cert server x509 imports
+import netscape.security.x509.*;
+import java.security.cert.*;
+import java.security.*;
+
+// java sdk imports.
+import java.util.*;
+import java.io.IOException;
+
+
+/**
+ * Hash uid/pwd directory based authentication manager
+ * <P>
+ *
+ * @version $Revision$, $Date$
+ */
+public class HashAuthentication implements IAuthManager, IExtendedPluginInfo {
+
+    public static final String SALT = "lala123";
+    public static final String CRED_UID = "uid";
+    public static final String CRED_FINGERPRINT = "fingerprint";
+    public static final String CRED_PAGEID = "pageID";
+    public static final String CRED_HOST = "hostname";
+    protected static String[] mRequiredCreds = { CRED_UID,
+            CRED_PAGEID, CRED_FINGERPRINT, CRED_HOST };
+    public static final long DEFAULT_TIMEOUT = 600000;
+    private boolean mEnable = false;
+    private long mTimeout = DEFAULT_TIMEOUT; // in milliseconds
+    private String mSecret;
+    private int mPageID;
+    private String mHost;
+    private long mLastLogin = 0;
+    private MessageDigest mSHADigest = null;
+    private Hashtable mData = null;
+    private IConfigStore mConfig;
+    private String mName = null;
+    private String mImplName = null;
+    private ILogger mLogger = CMS.getLogger();
+    private static Vector mExtendedPluginInfo = null;
+    private HashAuthData mHosts = null;
+   
+    static String[] mConfigParams =
+        new String[] {};
+
+    static {
+        mExtendedPluginInfo = new Vector();
+        mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TEXT +
+            ";Authenticate the username and password provided " +
+            "by the user against an LDAP directory. Works with the " +
+            "Dir Based Enrollment HTML form");
+        mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TOKEN +
+            ";configuration-authrules-uidpwddirauth");
+    };
+
+    /**
+     * Default constructor, initialization must follow.
+     */
+    public HashAuthentication() {
+    }
+
+    public void init(String name, String implName, IConfigStore config)  
+        throws EBaseException {
+        mName = name;
+        mImplName = implName;
+        mConfig = config;
+        mData = new Hashtable();
+        mHosts = new HashAuthData();
+
+        try {
+            mSHADigest = MessageDigest.getInstance("SHA1");
+        } catch (NoSuchAlgorithmException e) {
+            throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.getMessage()));
+        }
+
+    }
+
+    public IAuthToken getAuthToken(String key) {
+        return (IAuthToken) mData.remove(key);
+    }
+
+    public void addAuthToken(String pageID, IAuthToken token) {
+        mData.put(pageID, token);
+    }
+
+    public void deleteToken(String pageID) {
+        IAuthToken token = (IAuthToken) mData.remove(pageID);
+    }
+
+    public HashAuthData getData() {
+        return mHosts;
+    }
+
+    public void createEntry(String host, String dn, long timeout,
+        String secret, long lastLogin) {
+        Vector v = new Vector();
+
+        v.addElement(dn);
+        v.addElement(Long.valueOf(timeout));
+        v.addElement(secret);
+        v.addElement(Long.valueOf(lastLogin));
+        mHosts.put(host, v);
+    }
+
+    public void disable(String hostname) {
+        mHosts.remove(hostname);
+    }
+
+    public String getAgentName(String hostname) {
+        return mHosts.getAgentName(hostname);
+    }
+    
+    public void setAgentName(String hostname, String agentName) {
+        mHosts.setAgentName(hostname, agentName);
+    }
+
+    public boolean isEnable(String hostname) {
+        return mHosts.containsKey(hostname);
+    }
+
+    public long getTimeout(String hostname) {
+        return mHosts.getTimeout(hostname);
+    }
+
+    public void setTimeout(String hostname, long timeout) {
+        mHosts.setTimeout(hostname, timeout);
+    }
+
+    public String getSecret(String hostname) {
+        return mHosts.getSecret(hostname);
+    }
+
+    public void setSecret(String hostname, String secret) {
+        mHosts.setSecret(hostname, secret);
+    }
+
+    public long getLastLogin(String hostname) {
+        return mHosts.getLastLogin(hostname);
+    }
+
+    public void setLastLogin(String hostname, long lastlogin) {
+        mHosts.setLastLogin(hostname, lastlogin);
+    }
+
+    public long getPageID() {
+        Date date = new Date();
+
+        return date.getTime();
+    }
+
+    public void log(int level, String msg) {
+        if (mLogger == null)
+            return;
+        mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION,
+            level, msg);
+    }
+
+    public boolean validFingerprint(String host, String pageID, String uid, String fingerprint) {
+        String val = hashFingerprint(host, pageID, uid);
+
+        if (val.equals(fingerprint))
+            return true;
+        return false; 
+    }
+
+    public Enumeration getHosts() {
+        return mHosts.keys();
+    }
+
+    public String hashFingerprint(String host, String pageID, String uid) {
+        byte[] hash = 
+            mSHADigest.digest((SALT + pageID + getSecret(host) + uid).getBytes());        
+        String b64E = com.netscape.osutil.OSUtil.BtoA(hash);
+
+        return "{SHA}" + b64E;
+    }
+
+    public void shutdown() {
+    }
+
+    /**
+     * Authenticates a user based on uid, pwd in the directory.
+     * 
+     * @param authCreds The authentication credentials.
+     * @return The user's ldap entry dn.
+     * @exception EInvalidCredentials If the uid and password are not valid
+     * @exception EBaseException If an internal error occurs. 
+     */
+    public IAuthToken authenticate(IAuthCredentials authCreds)
+        throws EBaseException {
+        AuthToken token = new AuthToken(this);
+        String fingerprint = (String) authCreds.get(CRED_FINGERPRINT);
+        String pageID = (String) authCreds.get(CRED_PAGEID);
+        String uid = (String) authCreds.get(CRED_UID);
+        String host = (String) authCreds.get(CRED_HOST);
+
+        if (fingerprint.equals("") || 
+            !validFingerprint(host, pageID, uid, fingerprint)) {
+            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_INVALID_FINGER_PRINT"));
+            throw new EAuthException("Invalid Fingerprint");
+        }
+
+        // set uid in the token.
+        token.set(CRED_UID, uid);
+
+        return token;
+    }
+
+    /**
+     * Returns array of required credentials for this authentication manager.
+     * @return Array of required credentials.
+     */
+    public String[] getRequiredCreds() {
+        return mRequiredCreds;
+    }
+
+    /**
+     * Gets the configuration substore used by this authentication manager
+     * @return configuration store
+     */
+    public IConfigStore getConfigStore() {
+        return mConfig;
+    }
+
+    /**
+     * gets the name of this authentication manager instance
+     */
+    public String getName() {
+        return mName;
+    }
+
+    /**
+     * gets the plugin name of this authentication manager.
+     */
+    public String getImplName() {
+        return mImplName;
+    }
+
+    public String[] getExtendedPluginInfo(Locale locale) {
+        String[] s = Utils.getStringArrayFromVector(mExtendedPluginInfo);
+
+        return s;
+
+    }
+
+    /**
+     * Returns a list of configuration parameter names. 
+     * The list is passed to the configuration console so instances of 
+     * this implementation can be configured through the console.
+     *
+     * @return String array of configuration parameter names.
+     */
+    public String[] getConfigParams() {
+        return (mConfigParams);
+    }
+}
+